Source Defense

09/07/2024

https://hubs.li/Q02F8q_Z0
Join VikingCloud and Source Defense on Thursday, July 25th at 11:00 a.m. EDT for an in-depth discussion on all things PCI DSS v4.0 req. 6.4.3 and 11.6.1. Get the guidance you need from the world's most renowned Qualified Security Assessor-Company (QSA-C) firm, VikingCloud, and hear from Source Defense related to its unique, pioneering approach to solving the problem.

09/07/2024

https://hubs.li/Q02F8SnL0
Join Tevora - one of the world's foremost PCI QSACs, and Source Defense - the pioneer in eSkimming security for an in-depth discussion that will put an end to any confusion, provide guidance on roles and responsibilities, and give you an actionable roadmap for success that will help you quickly and easily address these new requirements.

16/07/2022

Will your current security measures live up to the new PCI DSS v4.0 guidance in 6.4.3 and 11.6.1?

Discover the details of the new standard (+ solutions to adopt!) in the guide. 👉 https://hubs.li/Q01gWHvV0

04/07/2022

Happy 4th of July from our team to yours! Have a fantastic day with your friends and family today.

21/06/2022

Kicking off the summer at the NCAA Men's College World Series in Omaha! On Friday, June 17, we celebrated family, summer, and baseball with Nick Sellinger from Source Defense and Amy Walker from Fastly!

Want to learn more about what Fastly and Source Defense can do for the data privacy of your customers and their families? Contact our reps to get more info!

05/06/2022

Happy Shavuot to all those who celebrate from the Source Defense team - Chag Sameach!

May these days bring you happiness, family, and abundant blessings.

25/05/2022

Web properties have their own digital supply chain - and this supply chain is introducing security and compliance risks that most organizations are overlooking. You have no visibility into the code your partners are running, yet you let it load in every user session. Are there security gaps? Are data privacy mandates being violated?

To get a grasp on the scope of the problem, we performed an analysis of 4,300 websites to find answers to questions like:

- How vast is the digital supply chain? How many partners are involved in the average website?
- Are these partners opening the door to attacks and breaches? Are they skimming data by design and violating compliance requirements?
- What are the types of attacks that you might be exposed to? How can our adversaries take advantage of the vast digital supply chain?

Learn more about third-party digital supply chain risk with our State of the Industry report: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper

15/04/2022

This Passover, the Source Defense family wishes you a kosher and joyous festival - chag Pesach samech!

May these days bring you happiness, family, and abundant blessings!

12/04/2022

The issue of 3rd party risk became one of utmost importance when SolarWinds was hacked in 2020. Within that area of concern, the 3rd party risk in your website supply chain is often neglected, but poses an inherent material risk on your business.

Read this article in SC Media , penned by Source Defense co-founder and CTO Hadar Blutrich on the inner workings of client-side attacks and the potential damage they can cause to your website’s digital supply chain: https://www.scmagazine.com/perspective/third-party-risk/website-security-and-the-overlooked-third-party-supply-chain-risk%ef%bf%bc

Companies need to pay attention to how JavaScript-based attacks can bypass traditional server-side security.

08/04/2022

What is the shadow code lurking on your website?

You might not even know it, but you have dozens of 3rd party partners on your website. The JavaScript inside your 3rd party plug-ins is effectively ‘shadow code’ - unvetted and unseen by your security teams. It is a favored attack vector of the adversary - with compromises occurring by the hundreds a day. This shadow code is putting your organization at risk of material impact and your customers’ data in the open for the taking.

Read the article on SC Media about how this shadow code presents a 3rd party blind spot on your website: https://www.scmagazine.com/perspective/asset-management/shadow-code-a-third-party-blind-spot.

Third-party relationships have expanded exponentially as companies seek outsourced services and software to perform optimally and backfill talent amid the ongoing pandemic. That expansion touches internal systems and also extends to the external web properties that drive revenue and client interacti...

25/02/2022

🔥Hot read🔥: Adobe’s Magento platform has recently been the target of an RCE attack (CVE-2022-24086) forcing Adobe to release an emergency patch. Attackers exploited the lack of input validation to achieve RCE from an unauthenticated user.

To learn the technical ins and outs of this kind of attack and to learn how to prevent this from happening to your Magento platform, read our blog:
https://sourcedefense.com/resources/blog/working-remotely-not-the-good-kind/.

No, this is not a blog about remote working, working from home, or telecommuting. This is not a blog that will discuss the work/life balance benefits of working from home, though there are many, and this will not talk about how building out our internet infrastructure benefits businesses and employe...

23/02/2022

Client-side website attacks like the recent ones on the Magento platforms make one think that breaches like these are like an everlasting gobstopper - they're always there and never seem to get any smaller. But there IS a way to make the gobstopper disappear and it's through web application client-side protection.

Read our latest blog post to get more information on Source Defense's easy, hands-off solution for client-side security: https://sourcedefense.com/resources/blog/retail-breaches-the-everlasting-gobstopper-in-cyber/

“Fantastic invention,” says W***y Wonka, as portrayed by Gene Wilder. “Revolutionize the industry. You can suck ‘em and suck ‘em and suck ‘em, and they’ll never get any smaller. Never. At least, I don’t think they do.” We couldn’t help thinking about W***y Wonka’s Everlasting G...