Security News > 2020
British regulators have fined Dixons Carphone, a large electronics and phone retailer, £500,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. In January 2018, the ICO fined it £400,000 for a 2015 breach of its Carphone Warehouse subsidiary after an attacker exploited an outdated WordPress installation.
Attackers are using a serious bug in Citrix products to scan the internet for weaknesses, according to experts. The flaw, CVE-2019-19781, affects the company's NetScaler ADC Application Delivery Controller and its Citrix Gateway.
The latest example of this involves Office 365 users being directed to phishing and malicious pages hosted on Office Sway, a web application for content creation that's part of Microsoft Office. "The Sway page will include trusted brand names. Most commonly, the spoofed brands are Microsoft-affiliated, just like the SharePoint logo shown in the example above," Avanan explained.
First, the bad: over the holiday break, crooks who are so morally bankrupt that they target the organizations that serve children pounced on schools in the US city of Pittsburg, California. On Monday, the superintendent of Pittsburg Unified School District, Janet Schulze, put up a message about the ransomware attack on the district's Facebook page.
You guys are hosting a thriving marketplace for shills, charlatans and sockpuppets, the UK's watchdog told Facebook and eBay in June 2019, after finding over 100 eBay listings selling fake reviews and 26 Facebook groups offering to buy or sell them. Specifically, Facebook has booted 188 groups and yanked 24 user accounts, while eBay has permanently banned 140 users.
The advent of the CCPA and other similar regulations marks a sea change in how companies need to manage data and consumer privacy. In 2018, the General Data Protection Regulation, the biggest remake of data privacy rules affecting European citizens in more than 20 years, required similar actions.
Weeks after Citrix revealed a critical vulnerability impacting its Application Delivery Controller and Gateway products, hackers have started to scan the Internet for vulnerable systems, security researchers report. Now, only three weeks later, security researchers are already observing online scans for vulnerable systems, as well as exploitation attempts targeting CVE-2019-19781.
The January 2020 Patch Tuesday will provide us with the last free update of Windows 7 and Server 2008/2008 R2. We've talked about it for the last several months and it is finally here. Microsoft may have 'saved up' other updates for January Patch Tuesday, but I suspect not.
Arlo SmartCloud is a fully managed global platform built for security, scalability and reliability that can be deployed as part of subscription services for hardware companies, automotive companies, service providers, insurance companies, home builders, smart communities, smart cities, traditional security companies, and other related verticals. TP-Link HomeCare Pro: A smart home IoT security solution powered by Avira.
Only 32% of students agree they are aware of how their institution handles their personal data, compared to 45% who disagree and 22% who neither agree nor disagree, according to a Higher Education Policy Institute survey of over 1,000 full-time undergraduate students. When students were asked whether they are concerned about rumors of university data security issues, 69% of students stated they are concerned.