fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cloudflare Page Shield: Early Warning System For Malicious Scripts

Cloudflare Page Shield: Early Warning System For Malicious Scripts

Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks.

A typical cyberattack is introducing malicious JavaScript onto a website to redirect visitors to malicious sites, display phishing forms, exploit vulnerabilities, and steal submitted payment information.

To introduce malicious scripts on a website, threat actors will commonly add the malicious inline JavaScript to the web page, add an external malicious JavaScript dependency file under their control, or compromise an existing third-party script in a supply-chain attack.

When JavaScript is loaded from an external location as a dependency, in many cases, they go unnoticed for a long time, especially when there is no outward change in a site’s user experience.

For example, Magecart attacks are conducted by introducing malicious JavaScript that steals credit card information submitted on a website. As this data is quietly transmitted to a remote location and purchases continue, as usual, users will not notice anything strange that they should report to the site.

Due to this, Magecart attacks can quietly steal credit cards from visitors for many months, if not years, before they are detected and resolved.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

Page Shield to protect against malicious scripts

Today, Cloudflare announced a new security feature called Page Shield that will detect attacks in end-user browsers caused by malicious JavaScript dependencies.

“Our mission is to help build a better Internet. This extends to end-user browsers, where we’ve seen an alarming increase in attacks over the past several years. With Page Shield, we will help applications detect and mitigate these elusive attacks to keep their user’s sensitive information safe,” Cloudflare announced today.

With today’s unveiling of Page Shield, Cloudflare is starting with a ‘Script Monitor’ tool that will report to Cloudflare every time a visitor on a protected site executes a JavaScript dependency file in their browser.

Using these reports, Cloudflare will build a history of known scripts utilized on the site. When a new one is detected, alert the website administrator so they can investigate further.

Script monitor detecting new JavaScript dependencies
Script monitor detecting new JavaScript dependencies

Using the Script Monitor, web admins can spot suspicious JavaScript files being loaded by visitors on their sites and quickly investigate whether they are malicious.

While a good start, this does not protect visitors from existing JavaScript dependencies that have been modified in a supply-chain attack.

For example, if a site has historically loaded a JavaScript file from https://www.example.com/js/harmless.js and a threat actor modified that file on example.com, Script Monitor would not detect the change, and the malicious code would be allowed to execute in a supply-chain attack.

In the future, Cloudflare states that they plan on adding additional features that will issue alerts when the content of a script has changed of contains malicious signatures.

Overall, this is an exciting tool for Cloudflare users to help detect if your site has been hacked to load malicious JavaScript files.

However, this feature is only coming to Business and Enterprise subscriptions, and those in the Pro or Free services levels will not be able to benefit from the service.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

If you are interested in testing the new Page Shield feature, you can signup to join Cloudflare’s beta test.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us