Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Capital One Breach Affects 100M US Citizens, 6M Canadians
Newest First  |  Oldest First  |  Threaded View
Quaker69
50%
50%
Quaker69,
User Rank: Apprentice
8/6/2019 | 12:57:25 PM
Re: Cost Aptly put, but I would say instead
"Who's in your wallet?"
tdsan
50%
50%
tdsan,
User Rank: Ninja
8/1/2019 | 7:58:53 AM
Re: Sophisticated?
Man I agree with you, they saw a firewall rule on the ACL list that pointed to a TOR site. I mean how obvious can it be. In addition, she was an ex programmer who was directly involved with the project. All you have to do is whittle it down, who worked on the project, who left, who was disgruntled and who had full access to the private/secret keys? There you go - Paige Thompson.

The Geek wire stated this:
100 million people in the U.S. and 6 million people in Canada were affected in total.

 I do understand Canada was affected, but we are talking apples to oranges here when we look at the sheer number, this is astounding.

This is what CapitalOne said:
Capital One said it is "unlikely that the information was used for fraud or disseminated by this individual." No credit card account numbers or log-in credentials were compromised.

To your point, this is "Hog Wash", lol. The marketing team is working their hardest to try and clean this up, but seriously, whoever has this data and this data was on a TOR site, they are looking for "black market" purchasers to buy this data, it may not be now, but it is a matter of time, she is just the fall person.

By the way, this is what she said (Dummy):




Soper did a great job in reporting - CapitalOne Reporting

But to your point, people talk too much, she was over her head.

T
lunny
50%
50%
lunny,
User Rank: Strategist
7/31/2019 | 6:36:30 PM
Sophisticated?
Capital One says "a highly sophisticated individual was able to exploit a specific configuration vulnerability in our infrastructure." - Horse waste!!!  The attacker was a rank amateur.  She didn't cover her tracks well at all, despite using tools designed to do just that.  Capital One was clueless until they received an email from a good guy.  How many bad guys copied the data from this woman's trove on Github in the meantime?  She made no secret of having it and there were likely many opportunities for bad guys who are better/smarter/faster to get at the data.  Capital One would still be bleeding today and have no idea it was happening had this been an attacker with real skill who could keep his or her mouth shut.

As to the cost, I think Capital One is going to find the fines and costs they can expect to pay will exceed those of Equifax.  People, and politicians, are getting real tired of this.  And while Canadians are real nice folks, they get pretty riled up about this kind of thing.  They'll be fining the undershorts off of Capitol One too.

Manage your privileged account passwords, folks.  And use MFA.  This is so freaking simple.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/31/2019 | 9:20:54 AM
Re: Cost
In a nutshell:  What's in your wallet?  (Nothing after I get through with it) 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/30/2019 | 9:58:51 PM
Cost
Capital One estimates this data breach will cost about $100 million to $150 million in 2019, with costs primarily driven by customer notifications, credit monitoring, technology, and legal support. This means victims are really not getting anything.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/30/2019 | 9:57:43 PM
Cloud providers
stronger security into their offerings, it's still the business's responsibility to handle risk management, monitoring, That is true, cloud provides should still provide standard security measures.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/30/2019 | 9:56:13 PM
Re: So ..... the discovery was ....
---- nope, somebody totally outside the firm noticed data and was kind enough to make a phone call Yes, there still some of us care about security and pricing and report anything that looked suspicious.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/30/2019 | 9:54:34 PM
Re: So ..... the discovery was ....
A git-hub user. Not in Cap One, not in their staff I agree this is really interesting. Users are still the weakes links.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/30/2019 | 9:53:00 PM
Capital One And Equifax
So capital one did not hear Equifax yet? Unbelievable how they cannot understand what is happening out there.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
7/30/2019 | 2:18:42 PM
So ..... the discovery was ....
A git-hub user.  Not in Cap One, not in their staff ---- nope, somebody totally outside the firm noticed data and was kind enough to make a phone call.  Gee, isn't that special as THE CHURCH LADY used to say.  Of course the thief also bragged about it on social media - also stupid.  But plenty of that at Cap One apparently.  NOBODY NOTICED?????


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...