by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed a significant data breach affecting 4.7 million members, stemming from a misconfiguration of Google Analytics on their web properties between April 2021 and…
Category: csp
Blog, csp, eskimming, Global Security News, Magecart, Resources, Security Bloggers Network, SRI
CSP FY: A Magecart Attack That Dodges Policy—and Makes a Joke While Doing It
by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data—they’re mocking your defenses. In a recent attack spotted by the Source Defense Cyber Research team, a compromised first-party script on a payment page stored sensitive data in a cookie named csp_f_y. The exfiltration didn’t happen…
Application Security, Client-Side Protection, csp, Global Security News, imperva, PCI 4.0, PCI Compliance, Security Bloggers Network
How to Comply with PCI DSS 4.0 Requirements 6.4.3 and 11.6.1
The countdown to compliance is in its final stretch. With the third and final phase of PCI DSS 4.0 requirements taking effect on March 31, 2025, organizations are under increasing pressure to ensure their client-side security measures meet the new requirements. At Imperva, we’re committed to helping our customers navigate these challenges confidently and efficiently.…