Client-Side News #August
Hi! Welcome to Jscrambler’s monthly newsletter, your go-to source for comprehensive coverage of client-side security news from the team that pioneered client-side protection and compliance. ??????
1. Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
Hundreds of Large Language Model (LLM) servers were found exposing sensitive corporate, health, and other personal data online. These servers, often used for AI applications, were left publicly accessible due to misconfigurations, allowing unauthorized access to potentially sensitive information. The exposure underscores the risks of inadequate security measures for AI infrastructure and highlights the need for stricter controls and monitoring to protect against data breaches in such systems.
Read the full article at Dark Reading ???
2. Oregon Zoo Ticketing Service Hack Impacts 118,000
The Oregon Zoo's ticketing service was hacked, affecting over 118,000 customers. The breach exposed personal information, including names, payment card details, and email addresses. The compromised service was managed by Aluvii, a vendor providing ticketing systems. The zoo has since notified affected individuals and is offering credit monitoring services. The breach highlights the importance of securing third-party services that handle sensitive customer data.
Read the full article at Security Week ???
3. Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
Thousands of Oracle NetSuite websites are vulnerable to a security flaw that could allow attackers to take control of the sites. The vulnerability is due to a misconfiguration in the Oracle NetSuite platform, which exposes sensitive administrative controls to unauthorized users. This flaw could enable attackers to execute malicious scripts, alter data, or disrupt services. Organizations using Oracle NetSuite are urged to review their security configurations and apply necessary patches to protect against potential exploits.
Read the full article at The Hacker News ???
Jscrambler's News
1. Jscrambler Introduces the PCI DSS Quick Start Program ??
?? As the deadline for PCI DSS v4 compliance is approaching, companies that rely on online payment pages to bring in revenue start to feel the pressure of finding a solution quickly and fulfilling compliance requirements 6.4.3 and 11.6.1 without expending internal resources.?
With simplicity and efficiency in mind, Jscrambler developed a PCI DSS Quick Program aimed at removing obstacles to PCI DSS compliance for Merchants and removing the stress of finding an appropriate solution that is reliable and cost-effective. The changes in version 4.0.1 of the Standard only confirmed the necessity of keeping a close eye on the vendor inventory and having an alert mechanism in place for monitoring changes.?
Read more about the program announcement at Jscrambler's Blog ??
2. Reflecting on the CrowdStrike Incident: It’s Not Them, It’s Us
???? The now infamous CrowdStrike incident was accidental rather than an intentional attack. A misconstructed "content" update was distributed, automatically updating thousands of Windows servers and computers with CrowdStrike’s Falcon sensor installed. The situation has since been resolved, as 99% of all servers are back online, but it’s important to reflect on the incident and understand what it means. A lot of the discussion is focusing on the vendor angle, and what they could have done to prevent this. I believe it’s equally important to reflect on what companies could’ve done better.
Read the complete insights by Jscrambler's CTO and co-founder Pedro Fortuna at Jscrambler's Blog ??
3. Hot Topics from Black Hat 2024
?? In this blog post, we dive into the hot topics and key takeaways from Black Hat 2024 —and what they mean for the future of cybersecurity ?? ?
Read the full article at Jscrambler's Blog ??
?? Don't miss Jscrambler's team at the PCI SSC North America Community Meeting at booth #19?? PCI Security Standards Council ?? Looking forward to scheduling a meeting with the team? You can do it here ??