https://community.sophos.com/utm-firewall/f/web-server-security/114465/responding-to-the-capital-one-security-breachAccording to KrebsOnSecurity.com (8/2/2019 blog post), the massive Capital One security breach started with a misconfigured WAF site running ModSecurity, which was running on Amazon Web Services. My summary of his report: An AWS employee exploiteden-USTelligent Community 12https://community.sophos.com/thread/411465?ContentTypeID=1Thu, 08 Aug 2019 19:07:31 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:0e279b8a-a0a4-4b46-a9a4-e80a728c9cc3DouglasFoster<p>I try to avoid including non-Sophos links in my posts, partly as a courtesy and partly because I thought the moderation rules restricted doing so.&nbsp; &nbsp; Based on some of the spam entries I have encountered, it appears that such a restriction is not actually in place, but perhaps badly needed.&nbsp; &nbsp;However, since you asked, this is the link to the full article.</p> <p><a href="https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/#more-48424">https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/#more-48424</a></p> <p>I read Krebs intermittently, but I have found his blog to be well informed.&nbsp; &nbsp;The website has ads, but I have not detected threat content in any of the ads.</p> <p>&nbsp;</p> <p>&nbsp;</p><div style="clear:both;"></div>https://community.sophos.com/thread/411292?ContentTypeID=1Wed, 07 Aug 2019 03:15:53 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:bd44e4f2-af61-479f-a90b-c4c93b56d489Jaydeep<p>Hi <a href="/members/douglasfoster">DouglasFoster</a>&nbsp;</p> <p>Do you have the link of that article? For any official word or guide, you would require to create a case with <a href="https://secure2.sophos.com/en-us/support/open-a-support-case.aspx" target="_blank">Sophos Support</a> and get that information.&nbsp;I will check with our team and see if there&#39;s anything we need to take care of in regards to this issue.</p><div style="clear:both;"></div>