by Source Defense The Source Defense Research team has uncovered another active eSkimming campaign which demonstrates the use of novel techniques, and an increasing adversarial focus on attacking websites with techniques that bypass eSkimming security controls which focus solely on protecting payment pages. This indicates an evolution on the part of our adversaries in terms The post New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS appeared first on Source Defense.| Source Defense
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a frank, practical, and sometimes surprising conversation about merchant eligibility, the limits of iframe protection, and what compliance now looks like in an eSkimming-threatened The post What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls appeared first o...| Source Defense
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed a significant data breach affecting 4.7 million members, stemming from a misconfiguration of Google Analytics on their web properties between April 2021 and The post Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Heal...| Source Defense
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style eSkimming attack targeting a major UK-based online homeware retailer among a list of others. This campaign employs the same technique we observed earlier this year on another UK site, and The post New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack appeared first on Source Defense.| Source Defense
With the introduction of PCI DSS 4.0, merchants are now grappling with new requirements that aim to enhance the security of cardholder data. At a recent roundtable hosted by Source Defense, industry veterans gathered to dissect these changes and their implications for businesses of all sizes. The post Polyfill – Additional Analysis and Discovery: Signs of PII and Credential Harvesting, Broad Exposure through Digital Supply Chain appeared first on Source Defense.| Source Defense
eSkimming is a growing threat to businesses of all sizes. This type of attack involves injecting malicious code into a website to steal credit card data as it is entered by customers. eSkimming attacks can be difficult to detect and prevent, but there are a number of steps that businesses can take to protect themselves. The post [Recording] Cyber Academy Learning Session 1 of 3 appeared first on Source Defense.| Source Defense
With the introduction of PCI DSS 4.0, merchants are now grappling with new requirements that aim to enhance the security of cardholder data. At a recent roundtable hosted by Source Defense, industry veterans gathered to dissect these changes and their implications for businesses of all sizes.| Source Defense
The latest version of PCI DSS just dropped and it's really awesome to see that one of the most notorious threats that we face online when it comes to payment card data is now being directly addressed. Magecart has wreaked havoc on some really large brands and well known organisations| Scott Helme
Summary of changes in the Alexa Top 1M since February of 2018|
Continual improvement in the Alexa Top 1 Million sites|
Just how bad is security in the top one million sites? Better!|
Just how bad is security in the top one million sites? Better!|
Just how bad is security in the top one million sites? Very bad.| grayduck.mn