Saturday, June 12, 2021

Cloudflare launches Page Shield For Magecart card skimming attacks

Must Read

Cybersecurity firm Kaspersky Reports shows Brazil Top’s in phishing attacks

Brazil Tops the list published by cybersecurity company Kaspersky. According to research, Brazil is a world leader in phishing...

This new Version could be the Upcoming Big malware threat to Your Business

A new sort of ransomware is growing more and more successful as cybercriminals turn into it as a favorite...

WAPDropper malware abuses Android devices for WAP fraud

New WAPDropper malware signals users up to premium services supplied from telecoms from Thailand and Malaysia. Security researchers have discovered...

Cloudflare has launched new web security service to prevent Magecart-style attacks.

Magecart is an umbrella term used to describe attacks based on JavaScript, which are card-based. Shopping websites and e-commerce platforms that contain vulnerabilities – such as in the case of background content management (CMS) or third-party script dependencies – are exploited, JavaScript code embedded in e-commerce related pages, and any payment card details posted on these pages are harvested. sent to attackers.

Many companies have, and continue to do, fall victim to the Magecart attacks. Past victims include British Airways, Ticketmaster, Newegg, and Boom! Mobile.

“This attack is difficult to detect because many application owners rely on third-party JavaScript to work as intended,” Cloudflare said. “As a result of this trust, third-party code is not normally tested by the application owner. In most cases, the Magecart attack took months before its acquisition.”

To combat the issue, on Thursday, Cloudflare launched Page Shield, a customer security solution.

The Script Monitor feature, embedded in Page Shield, checks third-party JavaScript dependencies and records any new additions over time.

Script Monitor, currently in Beta and available under the Firewall section of the customer dashboard, also adds Content-Policy-Report-Only content to content passing through the Cloudflare network.

When JavaScript attempts to do so, browsers will send reports to the target company to see if there are any new changes – and then customers are warned so that customers can “investigate and determine if a change is expected,” Cloudflare said.

Cloudflare launches Page Shield For Magecart card skimming attacks
Image:Cloudflare

The company also collaborates with cybersecurity partners to obtain Magecart JavaScript samples. Ultimately, it is hoped that Page Shield will be accurate enough to notify clients when dependency appears negative.

Business and Enterprise customers can now sign up to access closed beta Shield for Page Shield.

Earlier this week, the company introduced Cloudflare Browser Isolate, a zero-trust protection program to protect remote employees – and organizations they work for – from threats by creating a gap between active browsing times and end tools.

The page shield is currently in Beta Version But, all Business and Enterprise customers can sign up here to join the closed beta for Page Shield. By joining the beta, customers will be able to activate Script Monitor and begin monitoring their site’s JavaScript.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This