Wednesday, July 31, 2019

Former AWS engineer charged in Capital One customer data breach

Security Digest
Information security news and advice from TechTarget's network | July 31, 2019
TechTarget
FEATURED STORY
FBI charges former AWS engineer in Capital One breach
by Rob Wright, News Director
The FBI arrested a former AWS engineer who allegedly stole data for more than 100 million Capital One customers and credit card applications, thanks to a misconfigured firewall. (SearchSecurity.com)
Advertisement
NEWS
 
2019 data breach disclosures: 10 of the biggest -- so far
Enterprises have disclosed a number of significant data breaches in the first half of 2019. Here's a look at some of the biggest and most notable breaches so far this year. (SearchSecurity.com)
 
Citrix breach blamed on poor password security
An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen. (SearchSecurity.com)
 
Untangling GDPR fines with Synopsys' Tim Mackey
Tim Mackey of Synopsys tries to clear up some of the mystery around how GDPR regulators determine the fines levied on companies for major data breaches or privacy violations. (SearchSecurity.com)
 
AT&T introduces managed threat detection and response service
Using AlienVault threat intelligence, AT&T Cybersecurity's Managed Threat Detection and Response service intends to identify and contain cybersecurity threats sooner to reduce data breaches. (SearchSecurity.com)
 
Immunity selling new BlueKeep exploit, defends decision
Immunity CEO Dave Aitel defended his company's decision to sell a full RCE BlueKeep exploit as part of a pen testing tool, saying the exploit is necessary to demonstrate risk. (SearchSecurity.com)
 
URGENT/11 VxWorks vulnerabilities affect millions of devices
Researchers and developer Wind River disagree over how many devices and users are at risk from the URGENT/11 vulnerabilities in the VxWorks real-time operating system. (SearchSecurity.com)
 
Financial services top cyber attack target
Financial services are among the most attractive targets for cyber attackers, security researchers reveal, with phishing and credential stuffing among the top threats. (ComputerWeekly.com)
 
D3 Security's Attackbot integrates Mitre ATT&CK in SOAR 2.0
With the Mitre ATT&CK framework, D3's SOAR 2.0 platform can identify and map security events, predict the kill chain and trigger automated responses to remediate threats. (SearchSecurity.com)
EXPERT ADVICE
 
IoT Cybersecurity Improvement Act calls for deployment standards

The new IoT bill would require development of security standards and guidelines for federal IoT devices, but CISOs in the private sector could also benefit. (SearchSecurity.com)

 
How can endpoint security features help combat modern threats?
The antivirus of yesteryear isn't a strong enough competitor to beat modern enterprise threats. Learn about the endpoint security features ready to tackle these battles head-on. (SearchSecurity.com)
 
Latest news from the Black Hat 2019 conference
Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics. (SearchSecurity.com)
 
What are the pros and cons of outsourcing IT security?
Companies are facing increased costs when maintaining an internal security group. Outsourcing IT security has its advantages, but there are some challenges to keep in mind. (SearchSecurity.com)
 
Digital transformation redefines cybersecurity skills, careers
The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think. (SearchSecurity.com)
 
How to pass the CISSP exam on your first try: Tips to get a good score
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more. (SearchSecurity.com)
 
Which is better: anomaly-based IDS or signature-based IDS?
Even as vendors improve IDS by incorporating both anomaly-based IDS and signature-based IDS, understanding the difference will aid intrusion protection decisions. (SearchSecurity.com)
 
3 ways to shore up third-party risk management programs
A new Nemertes research study shows enterprises need to adopt third-party risk management programs that jettison manual checklists in favor of automated tools, hands-on risk assessments and dedicated risk teams. (SearchSecurity.com)
 
SD-WAN security benefits go beyond the obvious
SD-WAN does more than extend corporate networks. Key SD-WAN security benefits that capitalize on the technique's architecture could change the face of SD-WAN in the enterprise. (SearchSecurity.com)
 
Quantum computers mean cryptography needs to change, and soon
As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront. (SearchSecurity.com)
 
Tackling IT security awareness training with a county CISO
A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. (SearchSecurity.com)
 
What are cloud containers and how do they work?
Containers in cloud computing have evolved from a security buzzword. Deployment of the technology is an essential element of IT infrastructure protection. (SearchCloudSecurity.com)
About This E-Newsletter
This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for.

TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com

Copyright 2019 TechTarget. All rights reserved.
TechTarget

No comments: