CyberNews Briefs

98 percent of top US websites not prepared against attacks

A new report by Tala Security warns that the vast majority of Alexa top 1000 websites are vulnerable to advanced client-side attacks such as those falling under the Magecart umbrella. In a Magecart attack, hackers inject the checkout page of an otherwise legitimate website with malicious code that enables them to steal the payment card information of visitors.

The study found that on average, a single website currently relies on 31 third-parties, and close to two in three (63 percent) websites use JavaScript code that is written and/or managed by third-parties. This extensive reliance on third-parties puts organizations at risk, since it means that attackers aiming to compromise a single website can target dozens of organizations and only one of those attacks needs to be successful for them to achieve their goal. Data breaches are also more likely because form data, including Personally Identifiable Information (PII) and financial data sent to websites by users, is exposed to an average of 15.7 third-party domains.

Read more: 98 percent of top US websites not prepared against attacks

Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes and Bob is the author of the book The Cyber Threat. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.