Blog

The Key Threats and Risks That Third-Parties Create to Websites
August 15, 2019

The Key Threats and Risks That Third-Parties Create to Websites

The Key Threats and Risks That Third-Parties Create to Websites Third-party apps on websites present potential threats and risks that may affect the security and privacy posture of your website. For your customers, your website is the front end of your organization. In today’s digitally connected world, websites play a ...

Updates from the web – August 2019
August 11, 2019

Updates from the web – August 2019

From around the web Tracking information is not always an easy task. But our news radar is always on. Our team picked three important news and research highlights, just for you. 

Magecart Executed Their Recent Attacks On The Amazon S3 Bucket: Why Do You Need To Worry If Your Website Uses Web-Third-Party Components?
July 21, 2019

Magecart Executed Their Recent Attacks On The Amazon S3 Bucket: Why Do You Need To Worry If Your Website Uses Web-Third-Party Components?

Magecart, a well-known hacking group was behind some of the highly targeted attacks on websites using web-third-party component; Know why do you need to be on high alert if your website or web app uses web-third-party components   About The Attack Magecart is a well-known hacking group that had mainly ...

The Cybersecurity Effects of Fourth-Parties on websites
July 17, 2019

The Cybersecurity Effects of Fourth-Parties on websites

A web fourth-party is an entity, a tool or a feature that is outsourced by a vendor you use on your website. Four-parties and beyond them, refer to the vendors of your official and unofficial service providers. In this article, we will refer to fourth-parties and what’s beyond them on ...

British-Airways Magecart Third-party Breach Leads to a $230 Million GDPR Fine
July 9, 2019

British-Airways Magecart Third-party Breach Leads to a $230 Million GDPR Fine

According to the Information Commissioner Office in the UK (ICO) a notice has been issued to British-Airways of its intention to fine airliner $230 million (£183.39M) for “infringements of the General Data Protection Regulation (GDPR)”. The reason for the planned penalty is last year’s BA data breach of around 500 ...

Magecart Hacked Thousands of Websites Simultaneously via Picreel third-party JavaScript.
May 19, 2019

Magecart Hacked Thousands of Websites Simultaneously via Picreel third-party JavaScript.

In May of 2019, the Magecart group attacked again.  Like previous events, the group used third-party tools to attack thousands of websites simultaneously.  One of the compromised tools was Picreel, a premier Conversion Rate Optimization tool.  This incident highlights a risk many websites face today: third and fourth-party hacks lead ...

Third-Party Impacts on Financial Websites: Insights and Data
May 13, 2019

Third-Party Impacts on Financial Websites: Insights and Data

Third-Party Impacts on Financial Websites: Insights and Data Reflectiz has been active for the last couple of years in the landscape of cyber-security and, particularly web third-party components risk mitigation. Our solution uses machine-learning platform, based on a propriety browser with dedicated profiling and unique analysis methodology. These capabilities allow ...

What really happens when your accessibility extension becomes an immediate suspect that is threatening your site?
April 21, 2019

What really happens when your accessibility extension becomes an immediate suspect that is threatening your site?

What really happens when your accessibility extension becomes an immediate suspect that is threatening your site? In early April a group of cyber researchers issued a security warning regarding a third-party accessibility supplement called “Negishim”. The warning was referring to a series of suspicious actions allegedly made by “Negishim” and ...

Defacement Attack by Anonymous through malicious intervention in websites supply chain
March 3, 2019

Defacement Attack by Anonymous through malicious intervention in websites supply chain

On March 2nd a severe defacement attack hit dozens of Israel’s leading sites, leaving them with a new main featured headline: “Jerusalem is the capital of Palestine”. The long list of affected websites including Ynet, Calcalist, Ivrit, Makor Rishon and dozens of others that also suffered identical web-page damages.