POPULARITY
C'est une attaque aussi discrète qu'ingénieuse, et elle remet en cause l'un des derniers réflexes de confiance qu'il nous reste en ligne : celui d'un lien affichant “google.com”. On le sait, les campagnes de phishing sont souvent repérables : une faute d'orthographe, un nom de domaine douteux – “lap0ste.net” ou “facebok.com” font tiquer les plus attentifs. Mais que faire quand le lien vient directement de google.com ?C'est ce que révèle une enquête publiée par le magazine C/Side. Des cybercriminels ont utilisé une URL parfaitement légitime de Google OAuth — ce système d'identification bien connu — pour lancer une attaque ciblée sur un site e-commerce fonctionnant sous Magento. L'adresse en question semble anodine, mais elle contient un paramètre “callback” détourné pour exécuter un code JavaScript caché. Ce code, encodé en base64, passe inaperçu pour les antivirus et les pare-feux.Le pire ? Ce script ouvre une connexion WebSocket, une sorte de canal permanent entre votre navigateur et le serveur de l'attaquant. Résultat : dès que vous accédez à une page contenant “checkout” dans l'URL — donc au moment de payer — le pirate prend le contrôle. Il peut injecter des formulaires frauduleux, intercepter vos données bancaires, voire modifier ce que vous voyez à l'écran sans recharger la page. Et comme l'attaque s'appuie sur un domaine Google, elle échappe à la plupart des systèmes de sécurité, qui considèrent ce nom comme fiable par défaut. Les utilisateurs de solutions Google et les e-commerçants sont particulièrement vulnérables à ce type de détournement. Le conseil, ici, est simple mais précieux : affichez l'URL complète dans votre navigateur. Un clic droit sur la barre d'adresse suffit pour activer cette option. Dans un monde où même les liens les plus familiers peuvent cacher des pièges, la vigilance reste notre meilleure défense. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
In which the Unreliable Narrators discuss two stories that Gene Wolfe declared the "Worst Werewolf Story" and "The Worst Miracle Story".
false no
Grabs 142 Charlotte County, FL (9/27/2024)Grant speaks with Shawn and Dennis about a grab they made on a fire while being deployed on Hurricane Helene.Engineer Dennis Kerr-North Collier FireCaptain Shawn Robinson-South Trail FireFLUSAR TF6While out doing area surveys/rescue a fire was in there area.Responded on side by side in USAR gear, no fire gear. Arrived before engine.Manufactured home with heavy fire in carport, extending into house.PD with wife stating everyone was out, neighbor stating husband went back in.With no PPE Dennis and Shawn went in from C side, smoke banked halfway down. Victim found by carport door.Dirty drag to bring victim out C-Side and then around to front. Ended up taking victim to awaiting rescue in side by side.Don't listen to bystander reports…even from cops.
false no 0:00
In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
false no 0:00
false no 0:00
false no