First Horizon Bank in Memphis, Tenn., has disclosed that a number of online customer bank accounts were targeted by a data security breach. The $87.5 billion-asset company said that an unauthorized party obtained login credentials from an unknown source and exploited a vulnerability in third-party security software to gain access to less than 200 accounts, obtaining “less than $1 million” from some of the accounts.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<div>The recent First Horizon data breach is a good reminder that cyber attacks are getting more sophisticated and often target more than one vulnerability combined to pull off the breach. </div> <div> </div> <div>In this case, using both stolen credentials and a vulnerability together points to the need for multiple levels of security in any organization. Training users on security, such as recognizing phishing and fake websites are a start, but not enough. </div> <div> </div> <div>Organizations also need network, system, and application security to protect their assets. Application security adds the final layer, protecting applications that may have unknown or unpatched vulnerabilities. In support of the importance of adding application security, the new NIST Security and Privacy Framework now include IAST and RASP technology; these tools improve application security during development and in production.</div>