Client-Side News

Hi! Welcome to Jscrambler’s monthly newsletter, your go-to source for comprehensive coverage of client-side security news from the team that pioneered client-side protection and compliance. ??????

1. Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Over 110,000 websites using the Polyfill.io service have been compromised after a Chinese company acquired the domain and altered its JavaScript library to redirect users to malicious sites. Google and other security firms have issued warnings and provided mitigation steps, while the original creator urged users to remove the library.

"As businesses increasingly rely on client-side JavaScript development, JavaScript's weaknesses and client-side blind spots will continue to be exploited," said Jscrambler 's CTO and co-founder Pedro Fortuna .

Read the full article at The Hacker News ???

2. MediSecure declares insolvency following massive data breach

MediSecure, an Australian e-prescription service, has declared insolvency after a data breach in May exposed 6.5 terabytes of sensitive information. FTI Consulting has been appointed to manage the company's administration and liquidation, and they are working with government authorities on the investigation and response. The breach involved the sale of data on a hacking forum, prompting criticism over MediSecure's slow reporting.

Read the full article at Cyber Daily ???

3. Mount Kisco Surgery data breach impacted over 21,000 patients

Mount Kisco Surgery in New York experienced a data breach affecting over 21,000 patients. The incident compromised sensitive personal information, including names, addresses, dates of birth, and medical details. The organization is working with cybersecurity experts and has notified affected individuals about the breach.

Read the full article at Teiss ???

Jscrambler's News

1. Jscrambler Delivers Comprehensive Approach to Payment Page Security and PCI DSS v4 Requirements According to Coalfire

Jscrambler has introduced a comprehensive solution for payment page security that aligns with PCI DSS v4.0 requirements, as confirmed by Coalfire's independent assessment. This solution addresses JavaScript vulnerabilities and helps businesses comply with PCI DSS v4.0 by providing robust protections against threats like digital skimming and Magecart attacks.

Read the complete article at Jscrambler's Blog ??

2. PCI DSS 4.0.1 Released: Changes to Requirements 6.4.3 and 11.6.1

PCI DSS 4.0.1 introduces updates to requirements 6.4.3 and 11.6.1, emphasizing the necessity of business or technical justifications for scripts and addressing the authorization of third-party scripts. It also clarifies the responsibilities of entities using embedded payment pages/forms from third-party service providers.

Read the full insights by Jscrambler's Security Advisor John Elliott on Jscrambler's Blog ??

3. New feature in Jscrambler's Code Integrity 8.4: Collaborative Workspace

Our latest version introduces the Collaborative Workspace, enabling multiple users to seamlessly work on the same app project. ?

With Collaborative Workspace, teams can now:

?? Work together on protecting apps.

?? Easily track all the changes and history of protections.

?? Maintain the highest standards of security.

Learn more about the new version on Jscrambler's Blog ??

?? Did you miss our latest webinar? ?? Coalfire reviews the Jscrambler platform in meeting PCI DSS requirements 6.4.3 and 11.6.1.

Register at https://js.jscrambler.com/webinars/jscrambler-coalfire to receive it??

?? Don't miss Jscrambler's team at Black Hat USA at booth #3145??