Client-Side News #September

Hi! Welcome to Jscrambler’s monthly newsletter, your go-to source for comprehensive coverage of client-side security news from the team that pioneered client-side protection and compliance. ??????

1. Payment gateway data breach affects 1.7 million credit card owners

A data breach at Slim CD, a payment gateway provider, exposed credit card and personal details of nearly 1.7 million individuals. Hackers accessed the company's network for almost a year, from August 2023 to June 2024. They obtained information like full names, physical addresses, credit card numbers, and expiration dates. While CVV codes weren't exposed, affected individuals still face a heightened risk of fraud. Slim CD has since improved its security and urges customers to monitor their accounts for suspicious activity.

Read the full article at Bleeping Computer ???

2. 300K Victims' Data Compromised in Avis Car Rental Breach

Avis Car Rental recently disclosed a significant data breach affecting nearly 300,000 customers. The breach, which occurred between August 3 and August 6, 2024, compromised personal information such as names, addresses, driver's license numbers, and financial details including credit card information. Avis discovered the breach on August 5 and has since taken steps to secure its systems, notifying affected customers and offering one year of free credit monitoring services through Equifax.

Read the full article at Dark Reading ???

3. Hackers inject malicious JS in Cisco store to steal credit cards, credentials

Hackers compromised Cisco’s online merchandise store by injecting malicious JavaScript that collected sensitive information, such as credit card details, postal addresses, and login credentials during the checkout process. The attack, attributed to the "CosmicSting" vulnerability affecting the Magento platform, caused Cisco to take the store offline while addressing the issue.

Read the full article at Bleeping Computer ???

Jscrambler's News

1. Generative AI revolution: controlling convenience with client-side protection and compliance

????Is Generative AI (GenAI) a victim of its success?

???♂??? This consumer-friendly subset of AI has quickly become embedded in our daily lives. Amid this uptake, and subsequent expansion of the cyberattack surface, the GenAI revolution demands increased client-side protection and compliance to mitigate a common trend: cybercriminals’ determination to target successful new technologies that present fresh vulnerabilities.

In this blog post, we dive into:

??Generative AI: The Benefits - For Business & Consumers

?? Generative AI: The Security Risks

??GenAI and Client-side Protection

??GenAI and Client-side Compliance

??Comprehensive GenAI security and defense strategy

Read the complete insights at Jscrambler's Blog ??

2. [Upcoming webinar] PCI DSS Expert Panel: Accelerating Compliance Ahead of March 31, 2025 Deadline ??

Join us on Oct 17th at 2 PM ET / 11 AM PT for a Jscrambler and Tevora panel discussion focused on the necessary steps merchants and PSPs must go through to quickly comply with the impending deadlines of PCI DSS requirements 6.4.3 and 11.6.1.

?? Expert Speakers: Ashli Pfeiffer | John Elliott | Pedro Fortuna | Mikayla Bartell | Jeffrey Cleveland

Register now here ??

3. Understanding Generator Function in Javascript

?? The generator function has been a special function in Javascript since 2015, but developers have overlooked or rarely used it,? perhaps due to its infrequent utilization or lack of familiarity. These special functions, capable of pausing and restarting execution, make handling async iteration and sequence easier. From lazy loading to custom iterables, animation to the beloved await keyword in asynchronous programming, generators are advanced concepts made simple.

This article will introduce beginners to generator functions, explain their importance, and explore how they streamline complex tasks like lazy evaluation and creating custom iterables.?

Read the full article at Jscrambler's Blog ??

?? Don't miss Jscrambler's team at the PCI SSC Europe Community Meeting at booth #7?? PCI Security Standards Council ?? Looking forward to scheduling a meeting with the team? You can do it here ??