Collaborate Disseminate
In episode 134 for August 17th 2020: Details on new critical vulnerabilities found in Amazon Echo devices, what the end of the Privacy Shield framework means EU citizens personal data, and new data breach fines issued to Capital One and Twitter by the … Continue reading Amazon Echo Exploit, Privacy Shield, Capital One Data Breach Update
Stacklet co-founders Travis Stanfield and Kapil Thangavelu met while both were working at Capital One several years ago. Thangavelu helped create the Cloud Custodian open source cloud governance project. The two eventually got together and decided to build a startup based on that project and today the company launched out of stealth with a $4.4 […] Continue reading Stacklet launches cloud governance platform with $4.4M seed investment
A U.S. financial regulator has fined Capital One $80 million in connection with the 2019 data breach that compromised details on approximately 106 million people. The Office of the Comptroller of the Currency, a bureau within the Department of Treasury, announced the penalty over the bank’s failure “to establish effective risk assessment processes” before moving “significant information technology operations” to the cloud. OCC also flagged the bank for not correcting “deficiencies in a timely manner.” The bank also is required to improve its data security practices and update its approach to risk management as part of a consent decree with the OCC. Capital One reported $28.6 billion in total revenue in 2019. The McLean, Va.-based bank announced in July 2019 that a hacker had accessed information about 100 million credit card customers and applicants in the U.S., and another 6 million people in Canada. Customer addresses, income figures, birth dates […]
The post US financial regulator fines Capital One $80 million over data breach appeared first on CyberScoop.
Continue reading US financial regulator fines Capital One $80 million over data breach
Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weafer
https://medium.com/media/d9752cdc858ba8e31c8a1e8e4b8dba93/href
Vincent Weafer, SVP Security Engineering at Capital One in a convers… Continue reading Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weafer
When a judge ruled last month that Capital One must provide outsiders with a third-party incident response report detailing the circumstances around the bank’s massive data breach, the cybersecurity world took notice. The surprise decision, in effect, determined that Capital One would need to provide the forensic details — warts and all — about the hack to attorneys representing a group of customers suing the bank. It’s the kind of report that, if made public, could highlight technical and procedural failures that made it possible for a single suspect to allegedly collect gigabytes of data about 100 million people from a bank with $28 billion in revenue. Typically, hacked organizations are able to keep incident response reports private and avoid costly suits by shielding the details under attorney-client privilege. Not under this decision. U.S. Magistrate Judge John Anderson of the Eastern District of Virginia ruled that Capital One must provide a […]
The post Here’s what that Capital One court decision means for corporate cybersecurity appeared first on CyberScoop.
Continue reading Here’s what that Capital One court decision means for corporate cybersecurity
A court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. A judge in the U.S. District Court for the Eastern District of Virginia ruled Tuesday that attorneys suing Capital One on behalf of customers could review a copy of an incident response report to prepare for a possible trial. The Virginia-based bank had sought to keep the report private on the grounds that it was protected under legal doctrine. Yet U.S. Magistrate Judge John Anderson said the report, prepared by Mandiant, was the result of a business agreement, and that the legal doctrine argument was “unpersuasive.” It’s a significant ruling which effectively affords the attorneys suing Capital One with a breakdown of which bank behaviors were successful, and which failed. It’s common for Fortune 500 […]
The post Judge rules Capital One must hand over Mandiant’s forensic data breach report appeared first on CyberScoop.
Continue reading Judge rules Capital One must hand over Mandiant’s forensic data breach report
2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here’s the Threatpost Top 10 for data-breach news of the year, featuring all the low-lights. Continue reading Top 10 Breaches and Leaky Server Screw Ups of 2019
In this sponsored podcast, Threatpost sits down with Arctic Wolf’s Matt Duench to discuss the lessons learned from this year’s top data breaches. Continue reading Podcast: What We’ve Learned from the Year of the Breach
Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries. Leaked records and data breaches in the finan… Continue reading Hacking and malware cause 75% of all data breaches in the financial services industry
Survey reveals that skepticism towards privacy issues remain at an all-time high. Continue reading Americans Concerned, Confused Over Privacy, Survey Reveals