Researchers discovered a new Magecart crusade on Monday that has reached at least 44 e-commerce sites.
In a blog post, Jscrambler researchers said the incident highlights how dangerous client-side security can be if the network’s source chain is not controlled. have taken control of an old network domain that once housed a JavaScript library that was dismantled in December 2014.
The researchers said that corporations running JavaScript did not remove it from their websites, most likely due to a lack of visibility of third-party scripts and/or poor security policies. This attack has been ongoing since December 20, 2021 and uses a loading script that resembles Google Analytics, a common JavaScript included in many websites. Another edit purports to look like Google Tag Manager, the researchers said, only for deceptive purposes, since the actual endpoint to tap is encrypted or scrambled.
“Our discovery of this internet theft attack underscores the importance of practicing intelligent client-side security hygiene,” the researchers said. This third-party code runs on your website: they don’t know if it’s behaving as it should, if it’s misbehaving, or if it’s malicious. This protection blind spot can create a false sense of confidence in your threat assessment.
Magecart’s skimming attacks are another break in the history of the software’s chain of origin, said Scott Gerlach, co-founder and CSO of StackHawk. Gerlach said developers are starting to secure their apps and APIs by actively checking the packages and public repositories they use.
“But that can only take you here with limited visibility into how third-party code works,” Gerlach said. “We want to spend more time and money maintaining packet control facilities if we expect the source chain of the software to be more secure. “
December 8, 2022
SC StaffDecember 29, 2022
The United States.
Consider those 4 to mitigate DDoS attacks.
By clicking the Subscribe button below, you agree to SC Media’s terms and privacy policy.