In a recent attack spotted by the Source Defense Cyber Research team, a compromised first-party script on a payment page stored sensitive data in a cookie named csp_f_y. The exfiltration didn’t happen immediately—it was triggered on the next page load using location.href, slipping past content security policies (CSP) that would have otherwise blocked malicious outbound requests.| Source Defense
Payment Card Industry Data Security Standard PCI DSS v4.0 6.4.3 and 11.6.1 Resources In March 2022, the Payment Card Industry Security Standards Council released a revised version of its Data Security Standard, commonly known as PCI DSS v4.0. In this revised version are two new sections, 6.4.3 and 11.6.1 which offer guidance regarding 3rd, 4th,| Source Defense
CoalFire Provides Guidance on PCI DSS 6.4.3 and 11.6.1 A Holistic Approach to Protecting Credit Card Payment Flows Guidance from CoalFire on the eSkimming Security requirements found in PCI DSS 4.0 The most talked about and concerning new requirements in PCI DSS 4.0 fall under sections 6.4.3 and 11.6.1. For the first time, merchants are| Source Defense
