by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed a significant data breach affecting 4.7 million members, stemming from a misconfiguration of Google Analytics on their web properties between April 2021 and…
Category: Magecart
Blog, csp, eskimming, Global Security News, Magecart, Resources, Security Bloggers Network, SRI
CSP FY: A Magecart Attack That Dodges Policy—and Makes a Joke While Doing It
by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data—they’re mocking your defenses. In a recent attack spotted by the Source Defense Cyber Research team, a compromised first-party script on a payment page stored sensitive data in a cookie named csp_f_y. The exfiltration didn’t happen…
Blog, eskimming, Europe, Global Security News, Magecart, QSA, Resources, Security Bloggers Network
Holiday Shopping Meets Cyber Threats: How Source Defense Detected the ESA Store Attack
by Source Defense In a recent high-profile incident covered by Forbes, our Source Defense Research team identified a sophisticated Magecart attack targeting the European Space Agency’s online store. This case study demonstrates why leading organizations worldwide trust Source Defense to protect their client-side security. In the December 2024 incident, Forbes reported what it called “one…
Blog, eskimming, Global Security News, Magecart, QSA, Resources, Security Bloggers Network
Navigating the New PCI DSS 4.0 Requirements: Key Takeaways from Industry Experts
by Source Defense With the introduction of PCI DSS 4.0, merchants are now grappling with new requirements that aim to enhance the security of cardholder data. At a QSA roundtable hosted by Source Defense, industry veterans gathered to dissect these changes and their implications for businesses of all sizes. Understanding the New Requirements PCI DSS…