Capital One's reputation and stock price have taken a hit from the data breach the financial services company disclosed this week, the Wall Street Journal reports. Another Journal headline calls the incident an example of the "insider threat," but it seems instead to be a familiar case of misconfiguration allowing unauthorized access to data in the cloud. The accused hacker, Paige Thompson, seems to have had the technical wherewithal to pull the caper off, but in other respects seems to struggle with problems with living (again, as reported by the Wall Street Journal). And as WIRED notes she didn't cover her tracks particularly effectively. Forbes says that Thompson may be under investigation in connection with other incidents.
SecurityWeek has an account of Google's discovery of five iOS vulnerabilities.
CISA has distributed a warning about vulnerabilities in small aircraft CAN buses. "An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment." It would be possible to deliver false instrument readings to the pilot, and that could cause the pilot to lose control of the aircraft. The immediate recommendation for mitigation is to restrict physical access to aircraft. The warning is based on research by Rapid7; their report includes a lucid overview of what the CAN bus is.