Saturday, May 21, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Cloudflare unveils Page Shield to prevent Magecart-style attacks

Cloudflare unveils Page Shield to prevent Magecart-style attacks

The web performance and security company Cloudflare has unveiled new web security offering to prevent Magecart-style attacks.

Seda Nur Cinar by Seda Nur Cinar
March 26, 2021
in Cybersecurity
2 min read
0 0
0
Cloudflare unveils Page Shield to prevent Magecart-style attacks
0
SHARES
10
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

The web performance and security company Cloudflare has unveiled new web security offering to prevent Magecart-style attacks. Page Shield is a client-side security product customers can use to detect attacks in end-user browsers.

Earlier this week, the company introduced Remote Browser Isolation for all as a way to mitigate client-side attacks in companies’ employee’s browsers. Page Shield is continuing Cloudflare’s push into client-side security by helping mitigate attacks aimed at your customers.

What is Magecart?

A Magecart-style attack is a type of software supply chain attack carried out in a user’s browser. Attackers target the hosts of third-party JavaScript dependencies and gain control over the source code served to browsers. When the infected code executes, it often attempts to steal sensitive data that end-users enter into the site, such as credit card details during a checkout flow.

Magecart-style attacks are challenging to detect because many application owners trust third-party JavaScript to function as intended. Generally, Magecart attacks have lasted months before detection.

How to defend against Magecart-style attacks?

Existing browser technologies such as Content Security Policy (CSP) and Subresource Integrity (SRI) provide some protection against client-side threats, but have some drawbacks.

CSP enables application owners to send an allowlist to the browser, preventing any resource outside of those listed from executing. SRI enables application owners to specify an expected file hash for JavaScript and other resources. If the fetched file doesn’t match the soup, it is blocked from executing.

“They’ve also found that JavaScript vendors will sometimes serve versioned files with different hashes to end-users due to small differences such as spacing. This could result in SRI blocking legitimate files by no fault of the application owner,” Cloudflare said.

Script Monitor is the first Page Shield feature

Script Monitor is the beginning of Cloudflare’s ambition for Page Shield. When JavaScript files attempt to execute on the page, browsers will send a report back to Cloudflare. As we are using a report-only header, there’s no requirement for application owners to maintain allowlists for relevant insights.

See more Cyber Security News


Tags: Cloudflare
ShareTweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

AWS launches Red Hat OpenShift Service on AWS (ROSA)

Next Post

93% of consumers concern about data security when filling out online forms

Seda Nur Cinar

Seda Nur Cinar

Seda Nur Cinar is the news editor of the Cloud7 News. With more than 8 years of Linux and cloud experience, Seda is a Linux and opensource enthusiast, security researcher and a web application developer.

Related News

Microsoft SQL Servers Are Targeted With Brute - Force Attacks

Microsoft SQL servers are targeted with brute-force attacks

May 20, 2022 3:45 pm
Google OAuth client library for Java had a high severity flaw

Google OAuth client library for Java had a high severity flaw

May 20, 2022 2:45 pm
The Linux Malware XOR DDoS Is On The Rise Again

The Linux malware XOR DDoS is on the rise again

May 20, 2022 1:50 pm
Conti ransomware group is shut down

Conti ransomware group is shut down

May 20, 2022 12:10 pm
Next Post
93% of consumers concern about data security when filling out online forms

93% of consumers concern about data security when filling out online forms

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Advertisement

Recent News

  • Oracle Linux 8.6 is ready to download
  • Imunify Security has announced Dashboard PRO
  • Microsoft SQL servers are targeted with brute-force attacks
  • Google OAuth client library for Java had a high severity flaw
  • The Linux malware XOR DDoS is on the rise again

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.