Client-Side News #July

Hi! Welcome to Jscrambler’s monthly newsletter, your go-to source for comprehensive coverage of client-side security news from the team that pioneered client-side protection and compliance. ??????

1. Buggy CrowdStrike EDR Update Crashes Windows Systems Worldwide

CrowdStrike recently experienced a significant global outage due to a faulty software update that affected numerous Windows systems worldwide. The issue, which started on July 18, caused crashes on affected systems by triggering a logic error in the Falcon sensor for Windows, leading to widespread disruptions across various sectors, including banking and airlines.

CrowdStrike has since issued an apology, implemented a fix, and outlined measures to prevent future occurrences, such as improving their deployment processes and adding additional validation checks.

Read the full article at Dark Reading ???

2. Google announces to retain third-party cookies in Chrome

Google announced it will retain third-party cookies in Chrome instead of phasing them out, as previously planned. The company will introduce a new Chrome experience allowing users to make and adjust informed choices about their web browsing privacy. This decision acknowledges the advertising industry's concerns and aims to develop a balanced approach between privacy and the functionality of online advertising

Read the full article at afaqs! ???

3. Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Hackers are targeting Magento sites with a sophisticated credit card skimmer, using swap files to evade detection and persist through cleanups. This malware captures payment details entered on checkout pages and sends them to a domain mimicking Amazon Analytics. The attackers exploit swap files created during SSH sessions to load malicious code while keeping the original files intact.

Site owners are advised to restrict SSH access, update systems and plugins, and implement additional security measures like two-factor authentication and firewalls

Read the full article at The Hacker News ???

Jscrambler's News

1. Jscrambler Launches QSA Alliance Program to Help Organizations Achieve Zero Friction Compliance with PCI DSS v4 Requirements ??

?? In support of Jscrambler's Zero Friction Compliance vision, today we announced our new QSA Alliance Program which provides training, marketing, product, and expert resources to PCI Qualified Security Assessors (QSA) to help their end customers expedite compliance with PCI DSS v4 requirements 6.4.3 and 11.6.1.

Read more about the program announcement at Jscrambler's Blog ??

2. Digital Skimming: The Definitive Guide for 2024

?? Card skimming when criminals install devices on physical card terminals or ATMs to steal card data has gone digital. With the global e-commerce market set to exceed $4 trillion in 2024, digital skimming has considerable headroom for growth.

Get the complete guide at Jscrambler's Blog ??

3. 6 Tips to Fully Use Your Client-Side Risk Assessment

?? Cyber threats lurk around every corner, and safeguarding client-side assets has become paramount for businesses of all sizes and industries. Client-side risk assessment is a crucial (free) tool and security measure to detect and defend from client-side attacks that should be used to build a digital fortress against malicious actors.?

Continuous risk assessment provides ongoing vigilance and a dynamic approach to identifying, evaluating, and mitigating risks. Here are six key value areas where continuous risk assessment outperforms a one-time assessment.

Read the full article at Jscrambler's Blog ??

?? Don't miss Jscrambler's team at Black Hat USA at booth #3145??Looking forward to scheduling a meeting with the team? You can do it here https://js.jscrambler.com/blackhat2024 ??

?? Register now for our upcoming webinar: 5 Simple Steps to Zero Friction PCI DSS Compliance ?? August 1st ?? 11am ET / 4pm GMT ?? Register here ??