Skip to content
Search AI Powered
Human content, AI powered search.

Latest Stories

Press releases are provided by companies as is and have not been edited or checked for accuracy. Any queries should be directed to the company issuing the release.

RiskIQ launches JavaScript threats solution amidst surge in attacks on e-commerce web assets

DC Velocity Staff
By DC Velocity StaffAug 02, 2019
DC Velocity Staff
See Full Bio

August 2, 2019 - RiskIQ, the global leader in attack surface management, today announced the launch of RiskIQ JavaScript Threats Module to ensure customer trust in e-commerce by protecting organisations' high-traffic payment pages from JavaScript attacks. The module is part of a comprehensive platform for reducing threats to organisations' internet attack surfaces. JavaScript Threats is the only enterprise-scale product trusted by the largest financial and e-commerce companies and powered by the threat intelligence of industry-leading experts on Magecart JavaScript attacks.

JavaScript Threats leverages RiskIQ's proprietary global discovery infrastructure to build complete, dynamic inventories of organisations' websites, including critical e-commerce assets with their own and third-party JavaScript. It then monitors the web assets and JS resources, creating alerts for malicious and suspicious changes so organisations can quickly detect JavaScript attacks.

Magecart cybercriminals inject malicious JavaScript code into web pages once every five minutes, according to RiskIQ threat research group's detection data. These attacks can be direct compromises or supply-chain compromises. Supply chain attacks target third-party JavaScript resources, such as analytics trackers, website optimisation tools, and chat plugins, and give threat actors massive reach by multiplying their attack across potentially thousands of websites. Businesses incur reputational and financial damages such as loss of customer trust and market share, lawsuits, and punitive regulatory fines.

The damages caused by JavaScript attacks came into sharp focus earlier this month when the UK Information Commissioner's Office proposed a £183 million ($224 million) fine on British Airways. The JavaScript attack on its website resulted in the theft of credit card data for almost 500,000 customers. This proposed fine represents 1.5% of British Airways 2017 revenues and could have been as high as 4% of revenues, or £489 million ($598 million). The breach, analysed by RiskIQ threat research group in September 2018, was carried out by one of the most sophisticated Magecart cybercriminal groups.

"Many organisations have almost no visibility into their web assets, third-party web resources, and the way their customers and employees interact with them," said Elias Manousos, RiskIQ CEO and co-founder. "Because of this, JavaScript attacks have become the go-to method for threat actors to target digital businesses, their customers, and their employees in a stealthy manner."

The 2019 Verizon Data Breach Investigations Report: Executive Summary substantiates the prevalence of JavaScript attacks. The report highlights that malicious code designed to capture data entered into web forms is the primary attack pattern for breaches in the Retail, Professional Services, Finance, and Manufacturing industries. The Verizon report also states: "Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches. Data from one of our contributors, the National Cyber-Forensics and Training Alliance (NCFTA), substantiates this shift appears to have already occurred, and our larger data set is also trending that way."

Magecart JavaScript attacks are likely to increase, as they have been highly successful. RiskIQ threat research group has pointed out previously that Magecart is an active threat that operates at a scale and breadth that rivals, or may even surpass, the compromises of retail giants such as Home Depot and Target. The Magecart actors have been active since 2015 and have never retreated from their chosen criminal activity. Instead, they have continually refined their tactics and targets to maximise the return on their efforts. Cybercriminal syndicates have created entire economies around JavaScript attacks with vibrant, lucrative markets emerging for stolen data, web skimmers, and compromised websites.

"Actors like Magecart are responsible for some of the most high-profile breaches in recent history, and thousands of businesses have been targeted with stealthy attacks on their e-commerce web assets," Manousos said. "With JavaScript attacks poised to carve out a significant portion of the threat landscape for years to come, businesses will be forced to evaluate their security strategy and investments to address them."

Company: RiskIQ

Company URL: https://www.realwire.com/releases/RiskIQ-launches-JavaScript-threats-solution-amidst-surge-in-attacks

ProductsSC Services
riskiq
ProductsSC Services
riskiq

The Latest

everstream chart of number of containerships off east coast ports
Article

East Coast ports work through hefty backlog of containers

chip cooling plate from Mikros Technologies
Article

Jabil says acquisition cools off the hot chips behind cloud and AI

Logistics activity expanded in September
Featured

Logistics activity expanded in September

logo images of ILA union and USMX dockworkers ports
Article

Strike ends: East Coast dockworkers return to work

More Stories

AML launches StrikerX mobile computer

AML launches StrikerX mobile computer

Richland Hills, Texas, September 12, 2024. AML, a U.S-based manufacturer of barcode data collection products, announces the launch of its latest Android® product, the StrikerX mobile computer.

StrikerX is the evolution of its predecessor, the Striker, but comes equipped with the most powerful processing architecture available for devices in its class, the Qualcomm® QCS6490 processor running Android 13 at 2.7 GHz. Building on the success of the Striker, the new StrikerX maintains the same lightweight and compact form factor but makes a quantum leap in processing power.

Keep ReadingShow less

Featured

PMA Screen Shot 2023-04-07 at 4.41.00 PM.png
Article

Ports of Los Angeles and Long Beach close in flashback to 2015 dockworker strike

Survey: In-store shopping sentiment up 21%
Featured

Survey: In-store shopping sentiment up 21%

20240903stuck_in_neutral.jpg
Article

Stuck in neutral: Stubborn freight recession has truckers searching for an upshift

Hamilton Caster Appoints Andrew D. Stamp as Director of Sales

Hamilton Caster Appoints Andrew D. Stamp as Director of Sales

Hamilton Caster & Mfg. Co., a 117-year-old industry leader in heavy-duty industrial casters, proudly announces the enhancement of its legacy Super Endurance Caster (SEC) series, now rebranded as the Spinfinity® Super Endurance Caster (ZFSEC) series. In addition, Hamilton is introducing the all-new Spinfinity® Super Endurance Dual Caster (ZFSEC2) series, both of which feature a new heavy-duty 'V-Style' seal designed to elevate performance in the most demanding environments.
The Spinfinity® Super Endurance Caster (ZFSEC) series replaces Hamilton’s legacy SEC series, setting a new benchmark for kingpinless caster design in extra heavy-duty applications. Central to this upgrade is the heavy-duty 'V-Style' seal, which offers protection against dirt, debris, and moisture. This advanced sealing technology ensures consistent performance and extends the life of the caster, making it the ideal choice for environments where reliability is critical.
"With the introduction of the V-Style seal, the ZFSEC series is engineered to withstand the harshest conditions while providing zero-fix, 100% maintenance-free operation," said Mark Lippert, president of Hamilton Caster. "This enhancement allows our customers to minimize maintenance costs and downtime, further solidifying Hamilton’s reputation for durability and dependability."
The ZFSEC series retains the robust construction that Hamilton is known for, including a swivel top plate and inner raceway made from forged steel, providing superior strength for shock conditions. Sealed precision ball bearings are also now standard in all wheels, contributing to the maintenance-free performance of the series. Notably, the zerk fittings have been eliminated, as the new design makes them unnecessary.
Complementing the ZFSEC series, Hamilton introduces the all-new Spinfinity® Super Endurance Dual Wheel Caster (ZFSEC2) series. This dual wheel series is engineered for extra heavy-duty applications where stability, durability, and maintenance-free operation are paramount. Like its counterpart, the ZFSEC2 series leverages the new 'V-Style' seal, ensuring that each caster is fully protected against contaminants that could compromise performance.
Combined with sealed precision ball wheel bearings, this caster series ensures zero-fix, 100% maintenance-free performance. The dual-wheel configuration enhances stability and allows for a lower overall height, offering a perfect blend of strength and maneuverability.
Casters in both series are finished in a durable HAA polyester platinum powder coat and are available in a wide variety of wheel types, allowing for customization based on application needs. For complete wheel specs and product details check out the Spinfinity® Super Endurance Caster Landing Page and all-new Spinfinity® Super Endurance Dual Caster Landing Page.

https://www.hamiltoncaster.com/Top-Menu/Resources/New-Products/hamilton-enhances-spinfinity-casters-launches-new-dual-wheel-caster-series

New Horizon Releases Innovative Functionality for Optimizing Inbound Logistics Scheduling at DCs

ACTON, Massachusetts – September 3, 2024 – New Horizon Soft, LLC (https://www.newhorizon.ai), a global leader in AI-powered supply chain planning software, announced today the release of a new version of its Buyers Workbench procurement planning software. The latest version includes the ability to optimally schedule inbound deliveries, taking into account distribution center (DC) receiving capacity, thus minimizing receiving bottlenecks and lowering inbound logistics costs. A research paper describing the innovative methodology and its deployment at an iconic $10B+ U.S. quick-service restaurant chain was recently published in the peer-reviewed academic journal, the International Journal of Operations Research and Information Systems.

Supply chain organizations typically plan purchase orders without regard to DC receiving capacity. This leads to bottlenecks on some days and underutilized staff on others. New Horizon’s methodology, called Master Purchasing Receipt Scheduling (MPRS), uses a novel algorithm to automatically and optimally schedule deliveries. The algorithm plans deliveries at the time of purchase order creation and results in a steady volume of deliveries and lower planning and logistics costs. While first deployed at a restaurant chain, the methodology is applicable to any manufacturer, wholesaler, retailer, or foodservice company operating high-velocity DCs.

Keep ReadingShow less
Thinkink Packaging Launches New Line of Custom Frozen Food Boxes to Enhance Product Freshness

Thinkink Packaging Launches New Line of Custom Frozen Food Boxes to Enhance Product Freshness

Pennsylvania, United States – August 2024 – Thinkink Packaging, a leader in innovative packaging solutions, is excited to announce the launch of its new line of Custom Frozen Food Boxes. Designed to meet the growing demand for sustainable and durable packaging in the frozen food industry, these new boxes offer a perfect blend of functionality, quality, and eco-friendliness.

The frozen food market is rapidly expanding, with consumers increasingly seeking convenient, ready-to-eat meals that maintain freshness and quality. Thinkink Packaging’s Custom Frozen Food Boxes are specially engineered to meet these needs, offering superior insulation to preserve product integrity from production to the consumer's freezer.

Keep ReadingShow less
Unlimited Service Group Launches New Repair and Maintenance Management Platform, USG Connect

Unlimited Service Group Launches New Repair and Maintenance Management Platform, USG Connect

ADDISON, Ill.--(BUSINESS WIRE)--Unlimited Service Group, a group of local foodservice equipment repair providers, today announced the launch of USG Connect, an innovative new repair and maintenance management platform designed to streamline and simplify the repair and maintenance of commercial kitchen equipment.

USG Connect provides commercial kitchens with a one-stop solution for hassle-free and scalable equipment service. The exclusive platform offers a user-friendly digital experience that allows restaurants, hospitals, hotels and more, to consolidate and manage their service requests into a single maintenance management system. No matter the size of the organization, USG Connect brings the power of 35+ trusted local service brands with more than 125 locations into a consistent service experience for our customers, ensuring seamless and effective management of all foodservice equipment service requests in one, easy-to-use online platform.

Keep ReadingShow less
Copyright ©2024.