by Dawn Dunkerley
Contributing Editor

Is AWS Liable in Capital One Breach? Threatpost

Senators penned a letter to the FTC urging it to investigate whether Amazon is to blame for the massive Capital One data breach disclosed earlier this year. Amazon is at least partly to blame for the massive 2019 Capital One breach that impacted more than 100 million customers, senators are alleging.  

Editor’s note: This particular quote should bring pause to anyone who hands over their cyber security responsibility and visibility to a cloud provider – “Amazon knew, or should have known, that AWS was vulnerable to server-side request forgery [SSRF] attacks,” the senators wrote on Thursday. “Although Amazon’s competitors addressed the threat of SSRF attacks several years ago, Amazon continues to sell defective cloud computing services to businesses, government agencies, and to the general public. As such, Amazon shares some responsibility for the theft of data on 100 million Capital One customers.” 

Arguments exist for blame to be placed across the spectrum, but the key takeaway is that the blind trust and assumptions often put in their managed service providers need a relook. 


Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users – The Hacker News

The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records’ database belonging to the company’s popular Creative Cloud service.  

Editor’s note: Another month, another rash of Adobe issues. 


5 Things the Hoodie & the Hard Hat Need to Know About Each Other  Dark Reading

Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.  

Editor’s Note: A great article comparing and contrasting Information Technology and Operational Technology environments; I particularly like the point that OT personnel are being pushed to innovate by outside forces that often don’t understand the OT environment. The challenge is aligning this innovation with cybersecurity in a balanced approach. 


Cybercriminals Impersonate Russian APT ‘Fancy Bear’ to Launch DDoS Attacks – Threatpost 

Attacks are targeting international companies in the financial sector, demanding that victims pay ransom in Bitcoin. Cybercriminals posing as the Russian APT group Fancy Bear have been launching DDoS attacks against companies in the financial sector and demanding ransom payments, according to a new report.  

Editor’s Note: This is a great example of why it’s important to understand threat actors and how they work; copycats often steal their methodologies, even their names. 


The scariest hacks and vulnerabilities of 2019 – ZDNet 

Yes, this is one of those end-of-year summaries. And it’s a long one, since 2019 has been a disaster in terms of cybersecurity news, with one or more major stories breaking on a weekly basis.  

Editor’s Note: A bold move to put out an “end-of-year” summary in October! That being said, a good summary of the year’s events, and very interesting to see how varied the affected industries have become. 


Leave a Reply

Your email address will not be published. Required fields are marked *