Ten Things To Know About Javascript Skimmers

The past few years have seen the emergence and rapid growth of a new threat to websites: Javascript skimmers, also called Javascript sniffers. We shall cover some more general observations about Javascript skimmers and get into a bit more detail about what Trusted Knight has seen in the course of our research.

Zero Trust - The Secret To Security Is Trust No-One

As I've written before, web applications are usually the most visible part of the business and are often the focus of cyber-attacks. But there are many advantages to an attacker targeting individual end-users instead of a company's website. End users, especially unmanaged end users (those who are not on devices owned by the company), are usually much softer targets. They typically have fewer defenses – at best simply using a traditional signature-based antivirus solution (which is more than likely not up-to-date), at worst running no security software. Their computers are also much more likely to be behind in applying software patches to address vulnerabilities than the server running the web application. In addition, users visit a wide range of sites, most of which are non-business-related, and they are likely to click links, get fooled by pop-ups or phishing emails, or visit websites that distribute malware.

Endpoint Security: EPP Vs FTSP

As I've written before, web applications are usually the most visible part of the business and are often the focus of cyber-attacks. But there are many advantages to an attacker targeting individual end-users instead of a company's website. End users, especially unmanaged end users (those who are not on devices owned by the company), are usually much softer targets. They typically have fewer defenses – at best simply using a traditional signature-based antivirus solution (which is more than likely not up-to-date), at worst running no security software. Their computers are also much more likely to be behind in applying software patches to address vulnerabilities than the server running the web application. In addition, users visit a wide range of sites, most of which are non-business-related, and they are likely to click links, get fooled by pop-ups or phishing emails, or visit websites that distribute malware.

Web Application Security: WAF Vs. FTSP

For most organizations, web applications are not just the most visible part of the business, but also a critical method for customers to access private information and engage in sensitive transactions. As such, organizations should ensure that it provides a safe, reliable, and secure environment for their customers. However, in practice, many businesses fail to consider the full scope of the application environment when evaluating threats and security measures, or they take a piecemeal approach, combining multiple solutions with each only having limited visibility into the application environment.

Prevent Fraud And Cyber Attacks For Online Banking

The Wall Street Journal reported previously that banks closed more than 1,700 branches across America in a single 12-month period, the largest decline on record. According to the paper, a lot of these closures happened in big cities and the surrounding suburbs because foot traffic has significantly declined. Where once almost all banking was conducted in branches, today it's increasingly moving online. An American Bankers Association (ABA) past survey found that for 40 percent of people, the primary method of banking is a laptop or PC, followed by mobile (26 percent) and then branches (18 percent). This shift to digital banking means that branches are simply not as profitable with fewer and fewer customers to service in person.

Cyber Darwinism: Why Data Security Shouldn't Be Survival Of The Savvy

The internet is a dangerous place and we've reached a point where simply going about our online business is fraught with risks. You just don't know what's lying behind a link, or which advertisements popping up across web pages are potentially malicious. Security experts have recited the same advice for years - don't open attachments from people you don't know, choose complicated passwords, don't use unsecured public WiFi - the list goes on. But, in reality, how much does this go in one ear and out the other of the average person? The vast majority of people are not security savvy and yet are expected to fend for themselves in the wild west of the internet.

How Technology-Enabled Generational Shifts In Banking Behavior Could Play Into Attackers' Hands

If there is one thing the tech world is good at, it's disruption. Over the last twenty years or so, as microprocessors have become smaller and more effective and fast connection speeds ubiquitous, technology has eaten the foundations of many traditional business models. Some have toppled, many others are fighting for survival and most, if not all, have been forced to adapt.

WordPress Security Shouldn't Be A Full-Time Job

This past year WordPress released a new version as a security update for fixes to several moderate-risk vulnerabilities. This is standard practice for the most widely used content management system for websites and blogs that rely heavily on third-party plugins and widgets.

Community Banks: 3 Common Online Threats

Community banks are a common target for attacks by cybercriminals. With the number of attacks to be watchful of, it's easy to understand why Community Banks with smaller staffs and budgets are an easy target.

The Growing Strategic Threat Of The Cyber Criminal

In my last blog, I talked about the importance of a company having the right cyber strategic plan. I now want to kick it up a couple of levels and make the case for the right strategic planning (and leadership) within governments to address the criminal elements that are becoming an increasing threat to our economy. While the private sector will always play a key leadership role in fighting cybercrime, it's time that governments do more to support and enhance private sector capabilities in this fight.

Why Planning Your Cyber Strategy Pays Long-Term Dividends

A common trend in website hosting is to use a conventional CDN hosting provider that offers high-availability and improved performance by storing cached content in proxy servers in the cloud. These CDN solutions are effective in offloading much of the traffic from the original website. Where many CDN solutions fall short is in providing advanced security against web threats.

Think Your CDN Is Protecting You? Think Again...

A common trend in website hosting is to use a conventional CDN hosting provider that offers high-availability and improved performance by storing cached content in proxy servers in the cloud. These CDN solutions are effective in offloading much of the traffic from the original website. Where many CDN solutions fall short is in providing advanced security against web threats.

Combining Website Security And Optimization

Page loading time is a critical element of any website application. As more websites become globally distributed load time has become increasingly important to user experience, brand perception, and search engine optimization. As important as page loading time is to the development and marketing team behind a web application, so is the security to the infoSec team tasked with preventing cybercriminals from gaining unauthorized access to web systems.