Capital One Attacker Exploited Misconfigured AWS Databases

After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty. [TechWeb]( Follow Dark Reading: [RSS]( June 21, 2022 LATEST SECURITY NEWS & COMMENTARY [Capital One Attacker Exploited Misconfigured AWS Databases]( After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty. [DeadBolt Ransomware Actively Targets QNAP NAS Devices — Again]( The QNAP network-connected devices, used to store video surveillance footage, are a juicy target for attackers, experts warn. [Open Source Software Security Begins to Mature]( Only about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks, but those that do exhibit better security. [The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive]( Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box. [Name That Toon: Cuter Than a June Bug]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [(Sponsored Article) Two Platforms to Rule Them All: CNAPP and SASE]( As the public cloud matures, enterprises are converging on two platforms that meet their workload protection needs via a strategy based on zero-trust security. [Feds Take Down Russian 'RSOCKS' Botnet]( RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic. [DDoS Attacks Delay Putin Speech at Russian Economic Forum]( A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far]( Username and password combinations offered for sale on the Dark Web by criminals has increased 65% since 2020. [Internet Explorer Now Retired but Still an Attacker Target]( Though the once-popular browser is officially now history as far as Microsoft support goes, adversaries won't stop attacking it, security experts say. [Can We Make a Global Agreement to Halt Attacks on Our Energy Infrastructure?]( The energy sector remains susceptible to both espionage between nation-states and cybercrime, and recent developments keep pointing toward more attacks. [MORE]( EDITORS' CHOICE [Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware]( Most of the attacks involve the use of automated exploits, security vendor says. LATEST FROM THE EDGE [EU Debates AI Act to Protect Human Rights, Define High-Risk Uses]( The commission argues that legislative action is needed to ensure a well-functioning market for AI systems that balances benefits and risks. LATEST FROM DR TECHNOLOGY [Security Lessons From Protecting Live Events]( Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always. WEBINARS - [Using Threat Modeling to Improve Enterprise Cyber Defenses]( As enterprises deal with multiple threats coming in different forms, security teams are shifting to a risk-based security to handle these challenges. One of the key tools is threat modeling, a process intended to help identify potential weaknesses and prioritize ... - [Vendors as Your Largest BEC Threat]( The tactics that worked for your business five years ago likely aren't still working today, and cybercrime is no different. The CEO fraud that dominated the last few years is not nearly as successful as it used to be, partially ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Five Best Practices for AWS Security Monitoring]( - [AppSec Considerations For Modern Application Development]( - [The Many Risks of Modern Application Development]( - [The Many Facets of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Optimizing Endpoint Protection]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield]( [Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration]( [Corel Acquires Awingu]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Improving Enterprise Cybersecurity With XDR]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)