Third-Party Features Leave Websites More Vulnerable to Attack

In an effort to make websites attractive and easy to use for their customers, companies have also made them attractive targets for criminals. That's one of the broad conclusions in a new report that points out where the companies with the largest Web presence have introduced vulnerabilities to go along with their ease of use.

One of the major threats described in Tala's "2019 State of the Web Report" is credential theft via attacks like Magecart. The report, based on surveys of American companies in the Alexa 1000 list of firms with the largest Web presences, shows that more than 60% of the websites use dynamic JavaScript loaded by static JavaScript — a significant potential attack surface. And the websites analyzed used an average of 31 third-party features, apps, or services.

The data collected by the websites is exposed to an average of 15.7 third-party domains, which the report points out are 15.7 opportunities for an attacker to attempt to steal data. According to the report, the threat prompted the PCI Security Standards Council and the Retail & Hospitality ISAC to issue a joint bulletin in August warning of the danger.

For more, read here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Phishers' Latest Tricks for Reeling in New Victims."