Why and How are Enterprise Companies, Like eBay, Actively Port-scanning End-users’ Computers From Their Websites
August 31, 2020

Why and How are Enterprise Companies, Like eBay, Actively Port-scanning End-users’ Computers From Their Websites

You might have recently heard that eBay is performing port scanning, while online shoppers are visiting their website. At first glance, it will probably sound a bit strange, as port scanning is an internal network action. As such, it is designed to detect services and should not be related to ...

Taking Third-Party Application Security to the Next Level: Version 2.8’s Multiple Website Dashboard
August 19, 2020

Taking Third-Party Application Security to the Next Level: Version 2.8’s Multiple Website Dashboard

Version 2.8 Goes LIVE!  Almost any organization today uses dozens of websites and subdomains. Each provides essential functions and uses dozens of third-party apps and tags to produce its capabilities. Those assets are managed by multiple teams on the enterprise level and medium-large organizations, requiring different conduct and high-level attention. ...

The Cybersecurity Effects of Fourth-Parties on Websites

The Cybersecurity Effects of Fourth-Parties on Websites

Fourth party apps on websites are commonly referred to as “the vendor’s vendor code”. Fourth-party apps may offer additional benefits, but at the same time they also carry a set of threats while running on your websites. For your users, they are all, first-parties. In this article, we will refer ...

Introducing the new Application Owner Alerts Workflow Tool!
July 1, 2020

Introducing the new Application Owner Alerts Workflow Tool!

One of the biggest challenges we face while helping our customers mitigate third-party risks, is that not all incidents are clear cut, as in not everything is “good vs. evil”. Some vendors should have access to users’ data, while some should not. Some applications are managed by the marketing department, ...

The Gocgle Malicious Campaign

The Gocgle Malicious Campaign

Can You Spot the Difference Between Gocgle and the Real Thing? Read our special report about Gocgle malicious campaign.  A new web skimming campaign, starting from the end of 2019, is impersonating Google web products in order to collect sensitive information from users on eCommerce websites. During the last few ...

Compliance for Third-Party scripts on your website and how to ensure it

Compliance for Third-Party scripts on your website and how to ensure it

A guest whitepaper publication by Reflectiz’ Dutch partner Cert2Connect It has been our privilege to partner with Cert2Connect over the last 12 months. We have discovered that they are one of the most proficient organizations in the cyber-security market. So, it didn’t come to us as a surprise that they ...

The New Privacy Dashboard Version 2.5 is LIVE!
April 27, 2020

The New Privacy Dashboard Version 2.5 is LIVE!

Worried about regulation demands? Meet your new privacy dashboard!   With privacy breaches and regulation demands on the rise, third-parties on websites get more and more attention. Today organizations, and technology owners in particular, are required to provide a whole set of privacy related actions to comply with regulations. Similar to ...

The Risks of Ex-Domain Re-use on Websites and How to Stay Protected Against It

The Risks of Ex-Domain Re-use on Websites and How to Stay Protected Against It

This article seeks to address a serious issue that has been detected by our platform, including in major enterprises. It concerns the risk of using an undetected “Ex-Domain” (expired domain) on websites, demonstrating the many threats that lurk as a result of this situation. The Challenges of Using Third-Party Domains ...

Pipka: A New Breed of Anti-Forensic Malicious JavaScript

Pipka: A New Breed of Anti-Forensic Malicious JavaScript

Pipka is one of the most interesting and notorious types of JavaScript skimmers we’ve seen so far. It brings higher level of sophistication, creativity and boldness like never before, as well as putting harder challenges to website security practices. In November 2019 the Visa Payment Fraud Disruption (PFD) team exposed ...