The Gocgle Malicious Campaign

The Gocgle Malicious Campaign

Can You Spot the Difference Between Gocgle and the Real Thing? Read our special report about Gocgle malicious campaign.  A new web skimming campaign, starting from the end of 2019, is impersonating Google web products in order to collect sensitive information from users on eCommerce websites. During the last few ...

3 Web Third-Party Related Events You Don’t Want to Miss from early 2020

3 Web Third-Party Related Events You Don’t Want to Miss from early 2020

Welcome to Reflectiz’ news picks from the first four months of 2020. The outbreak of Covid-19 is undoubtedly one of the most dramatic events in modern history. Unsurprisingly, this global crisis and even the universal solidarity, hasn’t stopped hackers and threat actors. Over this period, we have seen increased malicious ...

The Risks of Ex-Domain Re-use on Websites and How to Stay Protected Against It
April 20, 2020

The Risks of Ex-Domain Re-use on Websites and How to Stay Protected Against It

This article seeks to address a serious issue that has been detected by our platform, including in major enterprises. It concerns the risk of using an undetected “Ex-Domain” (expired domain) on websites, demonstrating the many threats that lurk as a result of this situation. The Challenges of Using Third-Party Domains ...

The Coronavirus Impacts on Cybersecurity

The Coronavirus Impacts on Cybersecurity

Protecting Your Website Against Major Threats, Supply-Chain Attacks and Client’s Side Risks During Coronavirus Times The Coronavirus (Covid-19) outbreak has now officially been declared a global pandemic by the World Health Organization (WHO). As well as causing unexpected health problems, it is also impacting the economies. Hackers are already knocking ...

Pipka: A New Breed of Anti-Forensic Malicious JavaScript
December 23, 2019

Pipka: A New Breed of Anti-Forensic Malicious JavaScript

Pipka is one of the most interesting and notorious types of JavaScript skimmers we’ve seen so far. It brings higher level of sophistication, creativity and boldness like never before, as well as putting harder challenges to website security practices. In November 2019 the Visa Payment Fraud Disruption (PFD) team exposed ...

Magecart Hacking Groups: How They Are Expanding Their Limits Beyond the “Regular” E-Commerce Websites
September 15, 2019

Magecart Hacking Groups: How They Are Expanding Their Limits Beyond the “Regular” E-Commerce Websites

Magecart, the notorious e-commerce hacking group, has lately started targeting many other forms of online services and businesses. The adversaries have developed sophisticated tools and techniques, and are constantly evolving new and innovative ways to target business enterprises.   Magecart – The Notorious Skimming Groups Magecart today is a well-known ...

Magecart Executed Their Recent Attacks On The Amazon S3 Bucket: Why Do You Need To Worry If Your Website Uses Web-Third-Party Components?
July 21, 2019

Magecart Executed Their Recent Attacks On The Amazon S3 Bucket: Why Do You Need To Worry If Your Website Uses Web-Third-Party Components?

Magecart, a well-known hacking group was behind some of the highly targeted attacks on websites using web-third-party component; Know why do you need to be on high alert if your website or web app uses web-third-party components   About The Attack Magecart is a well-known hacking group that had mainly ...

British-Airways Magecart Third-party Breach Leads to a $230 Million GDPR Fine
July 9, 2019

British-Airways Magecart Third-party Breach Leads to a $230 Million GDPR Fine

According to the Information Commissioner Office in the UK (ICO) a notice has been issued to British-Airways of its intention to fine airliner $230 million (£183.39M) for “infringements of the General Data Protection Regulation (GDPR)”. The reason for the planned penalty is last year’s BA data breach of around 500 ...

Magecart Hacked Thousands of Websites Simultaneously via Picreel third-party JavaScript.
May 19, 2019

Magecart Hacked Thousands of Websites Simultaneously via Picreel third-party JavaScript.

In May of 2019, the Magecart group attacked again.  Like previous events, the group used third-party tools to attack thousands of websites simultaneously.  One of the compromised tools was Picreel, a premier Conversion Rate Optimization tool.  This incident highlights a risk many websites face today: third and fourth-party hacks lead ...