Web skimming attacks are essentially software supply chain attacks that can reach hundreds or thousands of websites using the exploited third-party web application.

Since third-party HTML/JavaScript code is delivered to the website from a completely different repository that the website owner does not have any control over (and can’t possibly monitor directly), hackers target these very third-party web servers. This gives the attacker unauthorized access to all third-party libraries. It’s then all about injecting the skimming code into one of the existing JavaScript files and hiding it.

Before we dive into the specifics of tackling web skimming threats, it’s important to know what they actually are. Web Skimming is a hacking technique where the attacker breaches the payment or checkout page of websites by injecting a malicious script or malware via the third-party apps that are being used by the website. Credit card information and personal information is harvested, often without being detected.

Web skimming, also known as digital skimming, is a hacking technique that targets digital businesses by manipulating unmonitored and compromised client side web applications. Usually, these attacks are initiated by placing malicious JavaScript (JS) code strategically on payment and checkout pages of the website where unsuspecting users fill in their personal and financial details. Although commonly found on eCommerce websites, banking, finance, healthcare, tourism, and other eService platforms are also being targeted today.

A Watering Hole attack is a method in which the attacker seeks to compromise a specific group of end users either by creating new sites that would attract them or by infecting existing websites that members of that group are known to visit. The attacks have been adopted by criminals, APT groups and nation states alike and we see the amounts rising. The goal is to swipe username and password combinations hoping the victim reuses them, or infect a victim's computer and gain access to the network within the victim's place of employment. Many conclude that these attacks are an alternative to Spear Phishing but are quite different. Watering Hole attacks are still targeted attacks, but they cast a wider net and trap more victims than the attacker’s original objective.  

It's no secret that companies are increasingly relying on third parties for their product and services that they use in their operations. As a result, companies often have to share confidential information with these third parties and vendors.

This makes third-party risk assessment crucial for any business. In other words, it should be one of its top priorities. It's simple, when companies share their confidential information with third parties, they open themselves to the risk of data breaches and a variety of other cyber security risks.

Assessment fatigue is a term that originates from the medical world. It describes the false symptoms someone may show when they’re exposed to too much diagnostic testing. In other words, a patient may experience symptoms of a disease if they’re constantly tested for it, even though they don't have the disease.

For many organizations, the automation of thorough security testing is yet another challenge. During this interactive webinar, we show you how you can boost your DevOps and CI / CD process with AppSec automation. Would you like to know what the latest generation Dynamic Application Security Testing improves for you?

WordPress has many advantages and is not without reason the most popular way to build a website, with 60% of pages on the web based on it. Unfortunately, it is this popularity that makes WordPress a juicy target for malicious users. Every year hundreds of thousands of WordPress and ecommerce sites get hacked.

So, is WordPress secure?

Attackers don’t get in thanks to security flaws in WordPress’s latest core software. Rather, most hacks can be easily prevented by taking simple steps like keeping things updated and securing passwords.

One of cyber security professionals' biggest fears is not knowing what they don't know. Even with the most comprehensive security controls and processes in place, it's difficult to know if they're working as expected. That's why many organizations are using blue team and red team exercises for security control validation.

Third-party apps on websites present potential threats and risks that may affect the security and privacy posture of your website. For your customers, your website is the front end of your organization.

In today’s digitally connected world, websites play a major part in almost every company’s success, and yours is no different. Websites often integrate third-party tools to make themselves more dynamic and interactive, and for offering smooth connectivity to their customers.