Learn more about the comprehensive history of technology and how it has directly shaped the realm of investing. ...
本网站使用cookie,以确保我们给您最好的用户体验. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our 隐私政策.
Barely a week after the Equifax data breach was settled for nearly $650 million dollars, there appears to be news of an almost equally large mega-breach which was announced today by Capital One. Capital One said in a statement that this breach has affected approximately 100 million individuals in the United States and approximately 6 million in Canada. This breach appears to be largely related to credit card application data as the statement notes “The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019.”
根据 已记录投诉资料 在华盛顿西区的联邦检察官办公室工作, 从西雅图的软件工程师变成了黑客, 佩吉·汤普森(又名“古怪”), is being charged for involvement in the unlawful access and exfiltration of this data under the Computer Fraud and Abuse Act (CFAA).
On July 17, 2019, Capital One was notified of the potential breach through an email address ((电子邮件保护)) which it uses to solicit disclosures of actual or potential vulnerabilities in its computer systems. 下面显示的屏幕截图来自投诉文档, 您可以看到它注意到存在潜在的“泄露的s3数据”.”
The moniker “s3” stands for Simple Storage Service and it is a service hosted by Amazon Web bet9平台游戏 (AWS). 也是根据投诉, a firewall misconfiguration was to blame for the initial allowed interaction between the hacker and the system.
There are a few extraordinary circumstances surrounding this case that are unusual for cybercrime/breach issues that have really piqued my interest:
While there is undoubtedly much more to come on this event, the initial details are very interesting. From a business standpoint, there are many lessons learned that can be gleaned from this event. 定期对所有资产进行安全审计和渗透测试, 包括云基础设施, is a highly recommended and valuable exercise that can bring serious issues that can lead to events like these to light. 除了安全审计和渗透测试之外, 有几个应该被记录的不良活动的迹象被遗漏了, 识别并提醒. 例如, 投诉提到了在日志中发现的以下不良活动, 来自IPredator匿名bet9平台游戏的VPN连接, TOR出口节点连接, 以及很少使用的账户的异常行为. Be sure to learn from others’ mistakes to strengthen your own environment and help avoid issues like this.
Tips like these and others are mentioned in a recent white paper that I authored with along with our Incident Response Leader, 大卫·墨菲, 可以在这里找到: http://945996.com/10-things-companies-wish-they-did-before-a-breach
Learn more about the comprehensive history of technology and how it has directly shaped the realm of investing. ...
Learn more about the top five new artificial intelligence features of wave one of the 2024 release of Dynamics 365 Business Central. ...