<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/23/2019



One Day, Three Credit Card Data Breach Notifications

On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data. In all three cases, malware designed to collect magnetic stripe data was discovered on payment processing servers for card transactions.


PayPal Phishing Attack Promises to Secure Accounts, Steals Everything

An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as 'unusual activity' alerts warning them of suspicious logins from unknown devices and attempting to squeeze them dry of all their credentials and financial info. As the ESET researchers that spotted these attacks discovered, the phishers are attempting "to trick users into handing over considerably more than ‘only’ their access credentials to the payment service."


Citrix Vulnerability Leaves 80,000 Companies at Risk

A critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) could allow criminal access to the networks of 80,000 companies in 158 countries. The countries most at risk are the U.S. (with 38% of the vulnerable networks), the UK, Germany, the Netherlands, and Australia. The vulnerability (CVE-2019-19781), described as 'critical' although not yet assigned a CVSS severity rating, was discovered by Positive Technologies.

Hackers Continue to Exploit Cisco ASA Vulnerability Patched Last Year

Cisco has warned customers that a vulnerability patched last year in its Adaptive Security Appliance (ASA) and Firepower Appliance products continues to be targeted by hackers. The vulnerability, tracked as CVE-2018-0296, allows a remote, unauthenticated attacker to gain access to sensitive information through directory traversal techniques. It can also be exploited for denial-of-service (DoS) attacks.


How to secure your digital Christmas presents

It’s that time of year again, and chances are that new tech will be one of the gifts tucked under your Christmas tree. Whether it’s a smartphone, laptop or, say, an Internet-of-Things (IoT) gadget, there’s a number of things you should consider even before you begin to use your new device. Ensuring that your new tech is properly secured is more important than ever. Here are a couple of questions you should answer.