New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS
by Source Defense The Source Defense Research team has uncovered another active eSkimming campaign which demonstrates the use of novel techniques, and an increasing adversarial
PCI Dream Team Webinar - February 15th 2024
People who watched this webinar were also interested in
PCI DSS v4.0 6.4.3 and 11.6.1 Resources
The Payment Card Industry (PCI) has given serious thought to payment page guidance in DSS v4.0. New sections including 6.4.3 and 11.6.1 indicate the seriousness of this problem. These guidelines inform organizations of the necessity to make changes now. In this guide, we dive deep into PCI DSS v.4.0 and specifically:
- New guidance, PCI 6.4.3 and 11.6.1
- The solutions to addressing this new guidance
- The role of proprietary script or tag-management systems
- Why PCI made these updates in the first place
Other things you might be interested in
What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how
Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Health Data Through Web Analytics Configuration
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare
New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style
