Search results for: Magecart

week in review

Week in review: RCE bug in GitLab patched, phishing PyPI users, Escanor malware in MS Office docs

Thoma Bravo: Securing digital identities has become a major priority In this Help Net Security interview, Andrew Almeida, Partner on the Flagship team at Thoma Bravo, talks about the firm’s recent acquisition of SailPoint, and about innovation in the enterprise identity space. Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884) GitLab has fixed a remote code execution vulnerability (CVE-2022-2884) affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins … More

tools

Lean security 101: 3 tips for building your framework

Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it’s hard to keep track. Until they infiltrate your system. But you know what’s even more overwhelming than rampant cybercrime? Building your organization’s security framework. CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and control to a tee, you still couldn’t keep your company from getting caught up … More

week in review

Week in review: Apple fixes exploited zero-days, 1,900 Signal users exposed, Amazon Ring app vuln

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Tackling the dangers of internal communications: What can companies do? In this interview for Help Net Security, Devin Redmond, CEO at Theta Lake, talks about the risk of internal communications and what companies can do to keep themselves safe. How government CISOs tackle digital transformation initiatives In this interview for Help Net Security, Dan Tucker, Senior VP at Booz Allen, … More

attacks

How merchants can defend themselves against Magecart attacks

In this Help Net Security video, Angel Grant, VP of Security, F5, explains what Magecart attacks are and how they have evolved over the years. Grant illustrates how cybercriminals are leveraging such attacks, and offers defense tips.

security platform

F5 adds new capabilities to provide customers with more control over modern application architectures

F5 announced enhancements to F5 Distributed Cloud Services to help customers safeguard and deliver the digital experiences that have become vital to everyday life in the ways we interact, seek out entertainment, and purchase goods and services. Introduced earlier this year, F5 Distributed Cloud Services provide a SaaS-based, platform-driven approach to secure the essential elements of connected experiences through a comprehensive set of web, mobile app, and API protections. This announcement expands these capabilities with … More

security platform

SecurityMetrics Pulse helps businesses detect and monitor cyber threats

One problem many SMBs face is having adequate resources to manage and maintain good security practices. To help augment IT teams, SecurityMetrics created Pulse, a platform that provides SMBs with tools, training, and support to fight threat actors and provide needed network threat visibility. The Pulse Security Platform helps businesses with both ecommerce and business location network security. The Pulse Security Operations Service (SOS) helps IT teams strapped for resources to get crucial threat visibility. … More

security platform

Barracuda Cloud Application Protection enhancements improve web application and API security

Barracuda Networks announced the expansion of Barracuda Cloud Application Protection, its platform for Web Application and API Protection (WAAP). This new release adds powerful new automated API Discovery and GraphQL security capabilities, augments Account Takeover Protection capabilities, and enhances the client-side protection feature set. Additionally, the integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform adds the ability to continually automate machine identity management for TLS certificates to stop outages and make it … More

ecommerce

CMS-based sites under attack: The latest threats and trends

Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, Sucuri’s latest research report has revealed. “Unlike most compromises we see, skimming attacks are more often targeted rather than opportunistic,” the company added, and said that they expect skimmers to play an even larger role in website infections in 2022. Also, while payment card stealers were previously found predominantly in Magento-based … More

Vitaliy Lim

JavaScript security: The importance of prioritizing the client side

In this interview with Help Net Security, Vitaliy Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, and the importance of JavaScript security in the development process. We’re hearing a lot of JavaScript threats in the news these days. Can you tell us a little bit about these threats and why they’re so dangerous? JavaScript is a really easy programming language to hack. Hackers and … More

week in review

Week in review: The secret to app security, new issue of (IN)SECURE Magazine

Here’s an overview of some of last week’s most interesting news, articles and interviews: (IN)SECURE Magazine issue 71 released (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 71 has been released today. It’s a free download, no registration required. Financially motivated threat actors willing to go after Russian targets As Ukrainian organizations are getting hit with yet another data-wiping malware, financially motivated threat actors are choosing … More

code

Take a walk on the client side: The importance of front-end JavaScript security assessments

As e-skimming, Magecart, and other types of front-end attacks grow in frequency and severity, businesses are faced with finding ways to protect the front-end (i.e., client side) web applications and websites. JavaScript—which drives core functionality in approximately 98% of the global websites—contains bugs and vulnerabilities. These JavaScript vulnerabilities represent a significant portion of the most common attack paths. To protect their customers from client-side attacks, businesses need to consider the application of traditional testing methodologies … More

lock

The ripple effect: Why protection against supply chain attacks is a must

The SolarWinds attack continues to send ripples across the world of cybersecurity. For the uninitiated, this form of cyber attack was like a gradual spread of poison, and its fallout proved to be massive – starting with national (US) security concerns that Russia might have been involved and ending up with President Biden issuing an Executive Order on improving the nation’s cybersecurity, followed closely by similar efforts by the UK government. Whether or not it … More