Capital One | Breaking Cybersecurity News | The Hacker News

A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the  2019 Capital One breach . Paige Thompson , who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The seven-day trial saw the jury acquitted her of other charges, including access device fraud and aggravated identity theft. She is scheduled for sentencing on September 15, 2022. Cumulatively, the offenses are punishable by up to 25 years in prison. "Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,"  said  U.S. Attorney Nick Brown. "Far from being an ethical hacker trying to help companies with their computer s...

Former Amazon employee Paige Thompson , who was arrested last month in relation to the Capital One data breach , has been accused of hacking not only the U.S. credit card issuer, but also more than 30 other companies. An indictment unsealed on Wednesday revealed that Thompson not just stole data from misconfigured servers hosted with a cloud-computing company, but also used the computing power of hacked servers to mine for cryptocurrency, a practice commonly known as " Cryptojacking ." Thompson, known online as "erratic," was arrested by the FBI on July 29 concerning a massive breach in Capital One Financial Corp that exposed the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The stolen data included approximately 140,000 Social Security numbers and 80,000 bank account numbers linked to United States customers, and 1 million Social Insurance numbers belonged to Canadian citizens, along wit...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...