by Source Defense Even with the PCI DSS 4.0 deadline now behind us, many organizations are still exposed to costly eSkimming threats and compliance gaps. Source Defense recently hosted a webinar to explore how compliance actually drives better business outcomes – as seen through the lens of the positive bottom line impacts of implementing PCI The post eSkimming Security – Driving Bottom Line Results through Fraud Reduction and Revenue Maximization appeared first on Source Defense.| Source Defense
by Source Defense Don’t Trust Your Online Revenue Channel to Sub-par Solutions for eSkimming Security (Beware the big box “me too” solutions) As PCI DSS 4.0.1 enforcement has driven demand for eSkimming security and compliance controls (also known as client-side protection), several big-box CDN and “swiss army knife” security vendors have rushed to capitalize – The post Revenue Risk Hidden in Fly by Night New eSkimming Tools appeared first on Source Defense.| Source Defense
by Source Defense The Source Defense Research team has uncovered another active eSkimming campaign which demonstrates the use of novel techniques, and an increasing adversarial focus on attacking websites with techniques that bypass eSkimming security controls which focus solely on protecting payment pages. This indicates an evolution on the part of our adversaries in terms The post New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS appeared first on Source Defense.| Source Defense
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a frank, practical, and sometimes surprising conversation about merchant eligibility, the limits of iframe protection, and what compliance now looks like in an eSkimming-threatened The post What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls appeared first o...| Source Defense
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed a significant data breach affecting 4.7 million members, stemming from a misconfiguration of Google Analytics on their web properties between April 2021 and The post Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Heal...| Source Defense
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style eSkimming attack targeting a major UK-based online homeware retailer among a list of others. This campaign employs the same technique we observed earlier this year on another UK site, and The post New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack appeared first on Source Defense.| Source Defense
by Source Defense A newly discovered payment card skimming campaign has emerged exhibiting a concerning level of sophistication and leveraging unique tactics that make detection highly challenging. The attack, identified by Source Defense researchers, employs an innovative technique that exploits Stripe’s deprecated API to verify card details before exfiltration – ensuring that only valid payment The post Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe AP...| Source Defense
by Source Defense The PCI Council’s recent update to SAQ-A merchant requirements will spark questions and confusion across the eCommerce ecosystem. Under the changes, SAQ-A merchants will no longer have to specifically follow requirements 6.4.3 and 11.6.1 – but in order TO BE SAQ-A eligible, they must still have eSkimming security solutions in place. A The post Next Steps from the PCI Council’s SAQ-A Update: Critical Responsibilities and Opportunities for PSPs appeared first on Source D...| Source Defense
by Source Defense The PCI Security Standards Council’s recent update to SAQ-A merchant eligibility and compliance requirements introduces significant changes with just weeks to go before the March 31st deadline for 6.4.3 and 11.6.1…shocker. The TL:DR? Under the changes, SAQ-A merchants will no longer have to specifically follow requirements 6.4.3 and 11.6.1 – but they The post Assessing the New SAQ-A Changes: Insights for QSAs appeared first on Source Defense.| Source Defense
by Source Defense Implications to 6.4.3 and 11.6.1 and What It Means for PSPs, Merchants, and QSAs. On January 30, 2025 the PCI Security Standards Council announced changes to eligibility requirements for any merchant trying to demonstrate compliance under a SAQ-A. Under the changes, SAQ-A merchants will no longer have to specifically follow requirements 6.4.3 The post Cheat Sheet and Action Plan: The PCI Council’s SAQ-A Eligibility Update appeared first on Source Defense.| Source Defense
by Source Defense Ensuring compliance with PCI DSS 4.0, specifically requirements 6.4.3 and 11.6.1, is not just about meeting regulations—it’s about securing your customers’ trust and protecting your brand from emerging threats like Magecart and eSkimming. Achieving this requires more than just technology; it requires a trusted partner who can navigate the complexities of compliance. The post Finding the Right Partner for PCI DSS 4.0.1 Compliance: Requirements 6.4.3 and 11.6.1 appeared ...| Source Defense
by Source Defense In 2024, Magecart attacks reached new levels of sophistication, targeting thousands of e-commerce websites worldwide. At Source Defense Research, we tracked dozens of campaigns leveraging advanced techniques, from exploiting Google Tag Manager to innovative uses of WebSockets and payment form forgeries. These attacks highlight the adaptability of attackers in the face of The post Unveiling 2024’s Attack Trends: Insights from Source Defense Research appeared first on Source...| Source Defense
by Source Defense A new report by Recorded Future’s Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate. The post Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace appeared first on ...| Source Defense
Learn about the recent discovery of a sophisticated series of Magecart attacks by the Source Defense research team and how cybercriminals are targeting online payment data. Discover attack vectors and potential prevention strategies to protect your business from similar threats. The post Source Defense Research Uncovers a Series of Sophisticated Magecart Attacks appeared first on Source Defense.| Source Defense
In 2022, a staggering 60 million payment card records were put up for sale on the dark web. Of these, 45.6 million were obtained through card-not-present transactions, meaning they were stolen during online purchases. The post How to Stop Magecart Attacks and Save Your Business appeared first on Source Defense.| Source Defense
Nearly 75% of fraud and data breach cases involve eCommerce and retail merchants, according to the latest Visa Biannual Threats Report. Digital skimming attacks targeting eCommerce platforms and third-party code integrations are common. The post Protecting eCommerce & Retail Sites from Client-Side Attacks appeared first on Source Defense.| Source Defense
The theft of payment card data from retail organizations is on the rise, with 18 percent of breaches attributable to Magecart attacks, according to Verizon's 2023 Data Breach Investigations Report (DBIR) released June 6. The post Latest Verizon Data Breach Report: Retail is an Easy Target for Web Application Attacks appeared first on Source Defense.| Source Defense
Almost all eCommerce websites leverage a dozen or more 3rd and 4th party digital supply chain partners that are beyond the reach of their security and compliance teams. Every day, that digital partner ecosystem puts eCommerce organizations at risk of both data leakage and data theft. The post Protecting eCommerce & Retail Sites from Client-Side Attacks appeared first on Source Defense.| Source Defense
The Kritec skimmer operates by intercepting the checkout process during online purchases. After a customer enters their payment details, the skimmer simulates a fake payment dialog, giving the impression that the payment has been processed. It then displays a fake error message, redirecting the victim to the actual payment page. During this process, the skimmer steals the customer's payment card details. The post Magecart/eSkimming Attack Using Kritec Skimmer Creates the Perfectly Hijacked Ch...| Source Defense
Retail stores often have visible security measures in place, such as security cameras and personnel monitoring. However, online stores have a security gap as they are vulnerable to cyberattacks, data breaches, and fraud. This security gap poses a significant challenge to e-commerce companies and requires robust cybersecurity measures to ensure customer data and financial transactions are secure. The post In-Store Versus Online: How Well Do You Know Your Security? appeared first on Source Defe...| Source Defense
The Liquor Control Board of Ontario (LCBO), Canada’s largest alcoholic beverage retailer, revealed last week that hackers had injected malicious code into its website to steal customer and credit card data. This represents another in a growing line of disclosures related to Digital Skimming attacks. The post Canada’s Largest Alcohol Retailer Hit by Magecart Attack appeared first on Source Defense.| Source Defense
In a Magecart attack, threat actors compromise e-commerce websites and inject card skimming scripts to steal customer payment information.| Feroot Security
A new report by Recorded Future's Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.| Source Defense
A new report by Recorded Future's Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.| Source Defense
A new report by Recorded Future's Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.| Source Defense
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
There aren’t many small problems in cybersecurity. Most of them are big. Things like client-side attacks, ransomware, denial of service, zero-days and phishing cause you long days, sleepless nights and represent major risks to your organization. And when you set out to protect your organization from attacks, you discover that there aren’t many small solutions| Source Defense
The latest version of PCI DSS just dropped and it's really awesome to see that one of the most notorious threats that we face online when it comes to payment card data is now being directly addressed. Magecart has wreaked havoc on some really large brands and well known organisations| Scott Helme