Friday, September 24, 2021

Cloudflare launches Page Shield For Magecart card skimming attacks

Must Read

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to...

The Growing Threat of DDoS Attacks and Defending Against Them

The incidence and sophistication of distributed denial of service (DDoS) attacks have increased significantly this season, and this tendency...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Cloudflare has launched new web security service to prevent Magecart-style attacks.

Magecart is an umbrella term used to describe attacks based on JavaScript, which are card-based. Shopping websites and e-commerce platforms that contain vulnerabilities – such as in the case of background content management (CMS) or third-party script dependencies – are exploited, JavaScript code embedded in e-commerce related pages, and any payment card details posted on these pages are harvested. sent to attackers.

Many companies have, and continue to do, fall victim to the Magecart attacks. Past victims include British Airways, Ticketmaster, Newegg, and Boom! Mobile.

“This attack is difficult to detect because many application owners rely on third-party JavaScript to work as intended,” Cloudflare said. “As a result of this trust, third-party code is not normally tested by the application owner. In most cases, the Magecart attack took months before its acquisition.”

To combat the issue, on Thursday, Cloudflare launched Page Shield, a customer security solution.

The Script Monitor feature, embedded in Page Shield, checks third-party JavaScript dependencies and records any new additions over time.

Script Monitor, currently in Beta and available under the Firewall section of the customer dashboard, also adds Content-Policy-Report-Only content to content passing through the Cloudflare network.

When JavaScript attempts to do so, browsers will send reports to the target company to see if there are any new changes – and then customers are warned so that customers can “investigate and determine if a change is expected,” Cloudflare said.

Cloudflare launches Page Shield For Magecart card skimming attacks
Image:Cloudflare

The company also collaborates with cybersecurity partners to obtain Magecart JavaScript samples. Ultimately, it is hoped that Page Shield will be accurate enough to notify clients when dependency appears negative.

Business and Enterprise customers can now sign up to access closed beta Shield for Page Shield.

Earlier this week, the company introduced Cloudflare Browser Isolate, a zero-trust protection program to protect remote employees – and organizations they work for – from threats by creating a gap between active browsing times and end tools.

The page shield is currently in Beta Version But, all Business and Enterprise customers can sign up here to join the closed beta for Page Shield. By joining the beta, customers will be able to activate Script Monitor and begin monitoring their site’s JavaScript.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This