Client-Side News
Hi! Welcome to Jscrambler’s monthly newsletter, your go-to source for comprehensive coverage of client-side security news from the team that pioneered client-side protection and compliance. ??????
1. Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
The Ebury botnet has infected over 400,000 Linux servers since 2009, stealing SSH credentials and enabling spam, web traffic redirection, and cryptocurrency theft. Despite mitigation efforts, more than 100,000 servers were still compromised by late 2023. Attackers exploit stolen SSH keys and zero-day vulnerabilities to spread Ebury, demonstrating the urgent need for heightened security measures.
Read the full article at ARS Technica ???
2. New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
Cybercriminals are using Cloudflare Workers and HTML smuggling to launch sophisticated phishing attacks targeting credentials from services like Microsoft and Gmail. These techniques involve using reverse proxy servers and client-side JavaScript to evade detection and steal sensitive data. Attackers also use generative AI to craft convincing phishing emails and bypass traditional defenses.
Read the full article at The Hacker News ???
3. WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
Threat actors are exploiting the Dessky Snippets WordPress plugin to steal credit card data from e-commerce sites. The attackers insert malicious PHP code into compromised sites, modifying the WooCommerce checkout process to capture and exfiltrate sensitive financial information like credit card details to a malicious URL.
This campaign, discovered by Sucuri, highlights the importance of securing WordPress sites by keeping plugins updated, using strong passwords, and regularly auditing for unauthorized changes to prevent such malicious activities
Read the full article at The Hacker News ???
Jscrambler's News
领英推荐
1. RSAC 2024 Wrap-Up: Securing Software Supply Chain & Other Cybersecurity Hot Topics
The RSA Conference 2024, themed "The Art of Possible," emphasized how companies can leverage artificial intelligence (AI) to enhance cybersecurity, showcasing AI's potential to drive innovative security solutions even beyond the organizers' original vision. ?????
?? In this wrap-up blog post, we will explore some of the most discussed themes during the hundreds of RSAC talks, with Jscrambler 's focus on JavaScript security and web application protection with other relevant topics from the event.
Read our exclusive coverage of the event at Jscrambler's Blog ??
2. Tracking the growth of healthcare data breaches
There is a worrying symptom of the healthcare industry’s universal adoption of electronic health record systems: the exposure of sensitive patient information through healthcare data breaches. ????
?? The benefits of making healthcare data more digitized, distributed, and mobile – including enhanced patient care, patient cooperation, improved disease diagnosis, practice efficiency, and consistently accessible information – are being eroded by a surge in the unauthorized transfer of sensitive data to third parties, or healthcare data breaches.
Read the full article on Jscrambler's Blog ??
3. Jscrambler Named Hot Company for Client-Side Protection at 2024 Global InfoSec Awards
Jscrambler, the pioneering platform for client-side protection, today announced that it has been named a Hot Company for Client-Side Protection by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. Jscrambler will showcase its award-winning technology at booth #4404 at this week’s RSA Conference.
Read the full insights on Jscrambler's Blog ??
?? Don't miss our upcoming webinar: Coalfire reviews the Jscrambler platform in meeting PCI DSS requirements 6.4.3 and 11.6.1. Register now at https://js.jscrambler.com/webinars/jscrambler-coalfire ??
?? Don't miss Jscrambler's team at Black Hat USA at booth #3145??