Attacks

Why Your Web Application Firewall (WAF) Will Not Help Against Third-Party Website Attacks?
September 18, 2019

Why Your Web Application Firewall (WAF) Will Not Help Against Third-Party Website Attacks?

Why Your Web Application Firewall (WAF) Will Not Help Against Third-Party Website Attacks? In spite of having the best web application firewall (WAF) system securing your website, the risk of a third-party web breach is all over   An interactive, dynamic website is the ‘online’ face of your business. It ...

Magecart Hacking Groups: How They Are Expanding Their Limits Beyond the “Regular” E-Commerce Websites
September 15, 2019

Magecart Hacking Groups: How They Are Expanding Their Limits Beyond the “Regular” E-Commerce Websites

Magecart, the notorious e-commerce hacking group, has lately started targeting many other forms of online services and businesses. The adversaries have developed sophisticated tools and techniques, and are constantly evolving new and innovative ways to target business enterprises.   Magecart – The Notorious Skimming Groups Magecart today is a well-known ...

3 Web Third-Party Related Events from the Web You Don’t Want to Miss – September 2019
September 13, 2019

3 Web Third-Party Related Events from the Web You Don’t Want to Miss – September 2019

Welcome to Reflectiz team news pick for September 2019. Our team of editors highlighted three important events that concerns cybersecurity and third-party risks in particular.  Garmin South-African Shopping Portal Breach Leads to Theft of Payment Data Garmin’s South African Director recently announced that the company had discovered theft of customer ...

Magecart Executed Their Recent Attacks On The Amazon S3 Bucket: Why Do You Need To Worry If Your Website Uses Web-Third-Party Components?
July 21, 2019

Magecart Executed Their Recent Attacks On The Amazon S3 Bucket: Why Do You Need To Worry If Your Website Uses Web-Third-Party Components?

Magecart, a well-known hacking group was behind some of the highly targeted attacks on websites using web-third-party component; Know why do you need to be on high alert if your website or web app uses web-third-party components   About The Attack Magecart is a well-known hacking group that had mainly ...

British-Airways Magecart Third-party Breach Leads to a $230 Million GDPR Fine
July 9, 2019

British-Airways Magecart Third-party Breach Leads to a $230 Million GDPR Fine

According to the Information Commissioner Office in the UK (ICO) a notice has been issued to British-Airways of its intention to fine airliner $230 million (£183.39M) for “infringements of the General Data Protection Regulation (GDPR)”. The reason for the planned penalty is last year’s BA data breach of around 500 ...

Magecart Hacked Thousands of Websites Simultaneously via Picreel third-party JavaScript.
May 19, 2019

Magecart Hacked Thousands of Websites Simultaneously via Picreel third-party JavaScript.

In May of 2019, the Magecart group attacked again.  Like previous events, the group used third-party tools to attack thousands of websites simultaneously.  One of the compromised tools was Picreel, a premier Conversion Rate Optimization tool.  This incident highlights a risk many websites face today: third and fourth-party hacks lead ...

What really happens when your accessibility extension becomes an immediate suspect that is threatening your site?
April 21, 2019

What really happens when your accessibility extension becomes an immediate suspect that is threatening your site?

What really happens when your accessibility extension becomes an immediate suspect that is threatening your site? In early April a group of cyber researchers issued a security warning regarding a third-party accessibility supplement called “Negishim”. The warning was referring to a series of suspicious actions allegedly made by “Negishim” and ...

Defacement Attack by Anonymous through malicious intervention in websites supply chain
March 3, 2019

Defacement Attack by Anonymous through malicious intervention in websites supply chain

On March 2nd a severe defacement attack hit dozens of Israel’s leading sites, leaving them with a new main featured headline: “Jerusalem is the capital of Palestine”. The long list of affected websites including Ynet, Calcalist, Ivrit, Makor Rishon and dozens of others that also suffered identical web-page damages.