Linkedin Tag

Blog

Industry News, Insights and Resources

The latest industry news, interviews, technologies, and resources.

Featured blog posts

The title of this article on a blue background with the site on the malicious domain shining through

Featured

More than 490k websites targeted in web supply chain attack

The cdn.polyfill.io domain is currently being used in a web supply chain attack. It used to host a service for adding JavaScript polyfills to websites, but is now inserting malicious code in scripts served to end-users.

A person making an online payment, and the logo of the PCI Security Standards Council

Featured

PCI DSS 4.0 complete guide and steps

PCI DSS 4.0 is built on six foundational principles aimed at fostering a secure environment for people making (and those facilitating) online transactions. Let's dive into all of them and see how you can be fully compliant.

What is an attack vector and what are hidden ones

An attack vector in cyber security is the way an attacker takes advantage of security weaknesses. Some are more obscure than others. One that’s been our focus, is third party JavaScript. Since these scripts are installed by the website owner yet executed in the visitors' browsers, they're in a unique ...

Read More

Web supply chain attack through trojanized jQuery on npm, GitHub and CDNs

Attacks have been found in trojanized jQuery on GitHub, npm and jsDelivr in a new web supply chain attack. Each package had a copy of jQuery with one small change: the ‘end’ function . This is part of the jQuery prototype, and was modified to include additional malicious code. In ...

Read More

How expired domains lead to cyber attacks

This is a multifaceted issue. Simply buying an expired domain isn't illegal. However, if a domain name is trademarked, then purchasing it (known as cybersquatting) could potentially breach copyright laws. But this of course will not defer attackers who usually remain anonymous and unnoticed.

Read More

The Polyfill attack explained

Recently over 490,000 websites were targeted in a web supply chain attack. We were amongst the first to report on this . NOTE: If a website is referencing the domains polyfill[.]io bootcss[.​]com bootcdn[.]​net or staticfile[.]​org today, they are still open to this attack. What was the Polyfill service project? Polyfill ...

Read More

What is the browser supply chain?

C/side is a cyber security product that lives in the browser supply chain space. We and other vendors operating here, like to talk about that supply chain . But what do we mean by it exactly? The browser supply chain is the different components and processes that come together to ...

Read More

More than 490k websites targeted in web supply chain attack

The cdn.polyfill.io domain is currently being used in a web supply chain attack. It used to host a service for adding JavaScript polyfills to websites, but is now inserting malicious code in scripts served to end-users.

Read More

Why you can trust c/side

Script security is our bread and butter. For lots of vendors, serving the script is just a part of their product. We put every care and attention to detail in how we proxy, store and process scripts. We work to cover the blind spots that others might have missed.

Read More

The BrowseAloud Supply-Chain Attack: A Case Study in Cryptojacking

In February 2018, over 4,000 websites, including high-profile government bodies like the UK's Information Commissioner’s Office (ICO), fell victim to the BrowseAloud attack . This was not just another cybersecurity breach; it was a potent reminder of the hidden dangers of third-party scripts in our increasingly interconnected digital ecosystems. notionvc: ...

Read More

Why CSPs Are Not Enough

Content Security Policies (CSPs), scoped and promoted by the W3C , offer a browser-side feature designed to enhance web security. If implemented correctly, with specific rules per page, they can provide substantial security benefits. However, in practice, they tend to be cumbersome to set up, frequently break during local development, ...

Read More

Ticketmaster Data Breach Déjà Vu: What You Need to Know

Yesterday on May 29, 2024, news broke of an alleged data breach involving Ticketmaster , a prominent ticket sales and distribution company. The breach, reportedly executed by ShinyHunters , is claimed to have exposed the personal information of over 500 million customers. This breach includes sensitive data such as emails, ...

Read More

Supply Chain Risk Doesn’t End At NPM

Supply Chain attacks are a top of mind problem today. The number of these attacks in the US increased by 115% between 2022 and 2023, according to Statista . Tools like Socket and Coana detect harmful code in registries like NPM. But the supply chain risk doesn’t end there. However, ...

Read More

Kaiser Permanente Data Leak: A Case of Miscommunication and Inadequate Disclosure

On April 29th, healthcare giant Kaiser Permanente disclosed a data leak impacting 13.4 million current and former insurance members . The incident was rooted in improperly managed 3rd party scripts. The Incident Kaiser Permanente used tracking codes to monitor how its members navigated through its website and mobile applications. Some ...

Read More

Introducing c/side free tier BETA

We’re excited to announce the launch of c/side. Monitoring, Securing and Optimizing 3rd Party Scripts . In today's digital landscape, third-party scripts are a key part of the supply chain. Yet it is often forgotten about and therefore presents a threat. Browser Supply Chain Risks are an age old and ...

Read More

Cloudflare Page Shield vs c/side

This article takes an honest look at the features of Cloudflare Page Shield vs c/side.

Read More

Threat Feeds In The AI Era

Here’s what threat feeds are, and why it’s only a small cog in the cyber security machine in 2024. We also share the more complete solution to protect yourself from cyber attacks.

Read More

Jscrambler Webpage Integrity vs c/side

Other than other competitors providing a form of browser-side security almost as an afterthought, Jscrambler’s focus is similar to ours at c/side.

Read More

Akamai Page Integrity Manager vs c/side

Akamai Page Integrity Manager vs c/side. Which is better?

Read More

Imperva Client-side Protection vs c/side

Let’s take an honest look at the features of Imperva’s Client-side Protection product vs c/side.

Read More

The 2021 cdnjs Vulnerability in Detail

Checking 3rd party scripts sources is great, but not enough. That’s what the world learned in 2021, when a massive vulnerability in Cloudlfare’s cdnjs got noticed. Here’s the rundown of what, and how, it happened. Cdnjs is one of the most commonly used JavaScript Content Delivery Networks (CDNs) of today. ...

Read More

The risk of only protecting your payment portals from 3rd party javascript attacks

At this time, only payment portals are required to have a system to keep 3rd party JavaScript in check. But, there’s still a data breach risk if you don’t secure all pages.

Read More

PCI DSS 4.0 complete guide and steps

PCI DSS 4.0 is built on six foundational principles aimed at fostering a secure environment for people making (and those facilitating) online transactions. Let's dive into all of them and see how you can be fully compliant.

Read More

Get Started Today

Start monitoring and securing 3rd party scripts on your websites today.