26.5 million Comcast Xfinity customers had their partial home addresses and SSNs exposed

A note to all Comcast customers – this vulnerability appears to have been addressed and corrected fairly quickly, but be diligent and keep your eyes open for identity related fraud.

https://www.tripwire.com/state-of-security/featured/comcast-xfinity-customers-home-addresses-ssns-exposed/

Advertisements

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

This is a great read for anyone dealing with the complexity associated with PCI compliance and how to navigate from “finding” to “control in place”.  Enjoy!

https://www.tripwire.com/state-of-security/regulatory-compliance/pci/how-the-cis-controls-can-help-you-achieve-pci-dss-3-2-compliance/

Breached Virginia Bank Struggles to Recover Losses – Hit Twice in 8 Months

This is an interesting case, and many will be very interested to see how this plays out in the legal system.  It is also a great example of the potential pitfalls of relying on cyber insurance to “protect” against cyber crime.  It is unknown how much effort and expense the bank has invested in cyber protections, so it is unfair to judge the overall outcome of this breach.  A big thank you to Mr. Krebs and the team at KnowBe4 for covering this story and sharing their insights.

https://krebsonsecurity.com/2018/07/hackers-breached-virginia-bank-twice-in-eight-months-stole-2-4m/

https://blog.knowbe4.com/breach-you-once-shame-on-you.-breach-you-twice-still..-shame-on-you

Apple releases iOS 11.4.1 and blocks passcode cracking tools

This is an important update from Apple and a solid step toward better security for iOS devices.  Much is made of this update relative to the actions of law enforcement agencies in obtaining information from seized devices.  That is not the only story or the only reason this update is relevant.  It is a genuine protection against sidejacking and other malicious intrusions that can occur from many others outside of the realm of the FBI or your local police department.

Review your devices and patch accordingly.

https://www.theverge.com/2018/7/9/17549538/apple-ios-11-4-1-blocks-police-passcode-cracking-tools