Search results for: Magecart

risk

Most Fortune 500 companies’ external IT infrastructure considered at risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, a Cyberpion research reveals. External IT infrastructure and assets at risk 73% of Fortune 500 companies’ total IT infrastructure is external to the organization, of which 24% is considered at risk or has a known vulnerability The total IT … More

Magento

Adobe fixes security holes in Magento, most of which are critical

Adobe has released security updates to address vulnerabilities in Magento and Adobe Connect. Magento August 2021 security updates Magento is a popular open-source e-commerce platform. Websites underpinned by Magento are infamously targeted by the (collectively named) Magecart cyber criminal groups, compromised and equipped with payment card skimmers. Adobe has released updates for Magento Commerce and Magento Open Source editions, fixing 26 CVE-numbered vulnerabilities, most of which are critical. Among these are a number of bugs … More

red

Where does the SME fit into a supply chain attack?

“No business is an island, entire of itself” (with apologies to John Donne). Businesses have connections to other businesses, who supply them with goods, and whom they supply with goods – both parts and software. These connections are known as the supply chain. It can be long and convoluted and has become a favoured attack vector for cybercriminals. In many cases, a company has its own supply chain while simultaneously being part of the supply … More

healthcare

Hackers are leveling up and catching healthcare off-guard

Remember when ransomware operators promised last year not to attack hospitals under siege from COVID-19? Unfortunately, that didn’t happen: hospitality, entertainment, and retail locations were all shut down as COVID-19 spread, leaving ne’er-do-wells to look at industries that were still open for business. When attacking the healthcare industry, hackers are going beyond focusing on data exfiltration or leaking patient records. The focus is to totally disrupt health systems operations with ransomware that locks up electronic … More

Source Defense colloborate with Prevalent to mitigate third-party risks to client-side web applications

Source Defense announced its partnership with Prevalent to identify threats and protect online businesses against automated and client-side attacks exploiting third-party code and website access. Prevalent and Source Defense’s joint solution offers deeper visibility on the true array of code and vendor relationships powering websites, with automated policy enforcement and remediation features to defeat malicious activity and prove regulatory compliance. As client-side threats such as Magecart and formjacking attacks continue to victimize websites across industries, … More

week in review

Week in review: PHP supply chain attack, common zero trust traps, hardening CI/CD pipelines

Here’s an overview of some of last week’s most interesting news and articles: Attackers tried to insert backdoor into PHP source code The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. The growing threat to CI/CD pipelines By hardening CI/CD pipelines and addressing security early in the development process, developers can deliver software faster and more securely. DDoS attacks in 2021: What to … More

lock

Mobile providers exposing sensitive data to leakage and theft

Data exposure is a significant, unaddressed problem for Europe’s top mobile providers and, by extension, more than 253 million customers who sign up for their services and share sensitive personal data, according to research by Tala Security. Mobile providers are exposing sensitive data Sensitive data is at significant risk via form data exposure: Forms used to capture credentials, banking details, passport numbers, etc., are exposed to an average of 19 third-parties. Without control, this sensitive … More

fill online form

93% of consumers concerned about data security when filling out online forms

Source Defense provides in-depth analysis of the client-side threat landscape and specific attacks like formjacking, Magecart and web browser threats. The research offers a rare window on web security sentiments for a population relying almost exclusively on websites for all manner of shopping, healthcare, financial services and other essential needs during the pandemic. Key findings 93% of consumers are concerned about data security when filling out online forms 91% said that brands requiring consumers to … More

Tala Detect platform ensures data privacy violation monitoring

Numerous third-party integrations power the website supply chain. These integrations have access to critical and sensitive data and have become one of enterprise’s most glaring supply chain blind-spots. Tala Security announce Tala Detect, platform solution specifically designed to secure and control critical, sensitive web data and enable compliance/risk management. With the onset of regulations and the need for complete visibility, verification and control of private customer and business sensitive data, Tala Detect tracks data across … More

patch

February 2021 Patch Tuesday: Microsoft and Adobe fix exploited zero-days

On this February 2021 Patch Tuesday: Adobe has fixed a Reader flaw used in limited attacks, as well as delivered security updates for a variety of products, including Acrobat and Reader, Dreamweaver, and Magento Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw SAP has released 7 new security notes and updated 6 previously released ones Mozilla has fixed a critical vulnerability affecting Firefox and Firefox ESR on Windows Adobe updates … More

SASE

How to take SASE from a buzzword to a plan

Whether you are talking to your leadership or external auditors, it’s always best to be able to explain that your cybersecurity program is based on a framework utilizing industry best practices. A recent framework by Gartner is one that I recommend having as part of your toolkit: Secure Access Service Edge (SASE), as outlined in their November 2019 “The Future of Network Security is in the Cloud” report. The idea was to develop a single … More