Investigation into the possibility that the alleged Capital One hacker hit other enterprises continues. According to Computing, however, Amazon says it's found no evidence that the organizations mentioned by Paige Thompson, nom-de-hack "erratic," were actually compromised. The FBI is sorting it out, the Wall Street Journal reports. Not all the possible victims are in the US.
Discussing the Capital One breach, Duo Security says that people should not draw the conclusion that the cloud is somehow inherently less secure. Regular, reliable patching and updating alone represent an advantage, as does the broad view of threat activity cloud providers offer. But moving to the cloud does involve change, and that inevitably involves rethinking security. Old processes and protocols can't simply be assumed adequate to their new environment.
In an unrelated compromise, an unsecured Honda Motors database has been found by Cloudflare researchers, BleepingComputer reports.
The Straits Times discusses what appears to be a major breach at beauty retailer Sephora. Group-IB has found two databases circulating in dark web markets. Combined, the two databases hold about 3.7 million records. These don't contain either payment information or plaintext passwords, but Group-IB says the compromised data could be exploited for social engineering.
Carbon Black announces what they call "the cognitive attack loop." At each step of an attack, they argue, cyber criminals exhibit characteristic cognitive behavior. Understanding that gives the defender an edge.
Akamai's latest State of the Internet report concludes that phishing remains the biggest threat to financial services firms and their customers.