A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Well, the New Year didn’t get off to a good start for some. The most visible of them being Travelex as a result of an unpatched VPN solution. From there things have rapidly fallen apart, and it ain’t over yet…
Not only have Global banks stopped customers transacting or ordering currency from Travelex, many have stopped transactions with third party currency providers altogether. Lloyd’s, Royal Bank of Scotland, Tesco and Sainsbury’s all receive their currency from Travelex. It has been reported by Travelex that no customer data has been compromised although no report has been publicly provided to explain how this has been determined.
With the advancements in technology, our businesses heavily rely on the computers, internet and transfer of massive amounts of data. We communicate via internet, store data on cloud systems, or even conduct our business off-site with the help of internet technologies. As an unavoidable result, the sensitive information regarding our customers and organizations are exposed to cyber threats including hackers, data breaches and more.
This blog post provides an overview of the AT&T Alien Labs™ technical analysis of the common malicious implants used by threat actors targeting vulnerable Exim, Confluence, and WebLogic servers. Upon exploitation, malicious implants are deployed on the compromised machine. While most of the attacks described below are historical, we at Alien Labs are continuing to see new attacks, which can be further researched on the Alien Labs Open Threat Exchange™ (OTX).
The Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais or LGPD) is a new law that was passed by the National Congress of Brazil on August 14, 2018 and comes into effect on August 15, 2020. The LGPD creates a legal framework for the use of personal data of individuals in Brazil, regardless of where the data processor is located.
Digital payments are the future of commerce, but security concerns have created a major barrier to their popularity. A study of businesses conducted by the influential PCI Security Standards Council found that 67% of respondents cited a lack of visible security options as a reason for not adopting a digital payments service.
Vulnerability management is the process of identifying, evaluating, prioritizing, remediating and reporting on security vulnerabilities in web applications, computers, mobile devices and software.
Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wave of alarming headlines about “80,000 firms” being exposed to hacking due to this flaw.
