Suspect in Capital One breach may have targeted other businesses

Security Digest Information security news and advice from TechTarget's network |August 7, 2019 FEATURED STORY Capital One breach suspect may have hit other companies by Michael Heller, Senior Reporter History from a Slack channel run by the Capital One data breach suspect points to data stolen from more organizations, but no evidence of other attacks has been found yet. (SearchSecurity.com) Advertisement NEWS   Project Zero drops six iOS vulnerabilities ahead of Black Hat Google Project Zero researchers disclosed six iOS vulnerabilities, including proof-of-concept code that could allow for attacks requiring no user interaction. (SearchSecurity.com)   Qualys IOC 2.0 update improves threat detection and response Qualys IOC 2.0 comes with increased threat detection and response capabilities designed to more accurately detect indicators of compromise and potential cyberattacks. (SearchSecurity.com)   CloudKnox Security adds privileged access features to platform CloudKnox Security updated its Cloud Security Platform with features such as Privilege-on-Demand, Auto-Remediation for Machine Identities and Anomaly Detection. (SearchSecurity.com)   LogicHub introduces automation updates to its SOAR platform Security vendor LogicHub introduced new features to its SOAR platform that intend to automate tedious threat detection and response processes and save security teams time. (SearchSecurity.com)   Capital One hack highlights SSRF concerns for AWS Infosec pros warn of server-side request forgery vulnerabilities in AWS following the Capital One data breach, which may have revealed an issue regarding the AWS metadata service. (SearchSecurity.com)   SafeBreach launches new platform to prioritize, mitigate security gaps SafeBreach has launched SafeBreach GRID, a breach and attack simulation application that helps security teams decide which security gaps to address first. (SearchSecurity.com)   New features added to Juniper Networks security platform New features include containerized firewalls and the incorporation of SecIntel into MX Series routers as part of Juniper Networks' effort to provide security throughout a network. (SearchSecurity.com)   BlackBerry Intelligent Security enables flexible security policy BlackBerry launched a new unified endpoint management platform, BlackBerry Intelligent Security, which changes security policies by calculating user risk. (SearchSecurity.com) EXPERT ADVICE   Lack of cybersecurity skills fuels workforce shortage Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk. (SearchSecurity.com)   How to start building a DevSecOps model To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams. (SearchSecurity.com)   Is your identity management up to the task? IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle. (SearchSecurity.com)   What are the pros and cons of outsourcing IT security? Companies are facing increased costs when maintaining an internal security group. Outsourcing IT security has its advantages, but there are some challenges to keep in mind. (SearchSecurity.com)   For board of directors, cybersecurity literacy is essential For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way. (SearchSecurity.com)   5 email security appliance comparison criteria to consider Identifying the best email security appliance on the market can be hard. This article discusses the criteria to consider when choosing one for your organization. (SearchSecurity.com)   Why is third-party risk management essential to cybersecurity? Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. (SearchSecurity.com)   What secure email gateways can do for your enterprise Discover email security gateways in this buyer's guide that outlines architecture, cost and uses of email security products. (SearchSecurity.com)   Fitting cybersecurity frameworks into your security strategy Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication. (SearchSecurity.com)   IoT cybersecurity: Do third parties leave you exposed? IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues. (SearchSecurity.com)   The must-have skills for cybersecurity aren't what you think The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change. (SearchSecurity.com)   Enhancing business purpose with privacy compliance Computer Weekly looks at the importance of building on basic GDPR compliance and making privacy a key foundation of business culture. (ComputerWeekly.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2019 TechTarget. All rights reserved.