

Mike Bittner
Associate Director of Digital Security and Operationsfeature_status*/ ?>
The Media Trust
Comments Dotted :
17
March 20, 2020
What started as a few dozen scam campaigns quickly multiplied to hundreds within days.
It’s difficult to police digital advertising, when billions of ads are served every minute to individuals accessing content from around the world via different devices and behavioral profiles. The challenge is defining what is a scam or bad ad, and then using defined characteristics to identify and terminate violations from the digital ecosystem. What started as a few dozen scam campaigns quickly multiplied to hundreds within days. To avoid being accused of profiting off the misfortune of.....Read More

March 12, 2020
As a result, this unmanaged code can easily perform additional actions outside the delivery of an ad.
Ads provide a very important function in the digital economy: they enable access to a free service. While most people approach this adware as a user annoyance with little actual harm to the user this usually isn't the case. The issue lies in what additional code ads bring to the device, most of which is unknown to the app creator or advertiser. As a result, this unmanaged code can easily perform additional actions outside the delivery of an ad. It's these surreptitious actions that lead to.....Read More

January 28, 2020
In the post-CCPA/GDPR world, tech companies are paying greater attention to the risks that software poses to users.
In the post-CCPA/GDPR world, tech companies are paying greater attention to the risks that software poses to users. Much of the risks stem from having no control over what impact code will have on the security and privacy of user personal data. Until tech companies know who's running what code in the various components that make up extensions and other forms of software, the risk of fraud and theft will remain high, as will the risk of running afoul of these new privacy laws.

January 24, 2020
While this arrangement may have worked in the past, the passage of the CCPA has shaken up the industry.
Campaigns that redirect users of legitimate sites to scam sites underscore the problems with relying on digital third-parties. While digital third-parties provide much needed support to websites that must meet the growing demands of website users, they also expose site owners and users to security and privacy risks. The code they run on today's websites lie outside the website owners' perimeter. As a result, owners don't know who's running what code on their sites, and what impact this might.....Read More

January 22, 2020
By doing so, they will address not only security risk, but also quality and performance risks.
We need to call these attacks what they are: digital supply chain attacks. Some attacks use the same or similar code as Magecart, but a far greater number use a wide array of advanced techniques to redirect online shoppers and readers.
Until companies take the insecurity of their digital supply chains seriously and monitor the code that runs on their sites, these attacks will continue. There's no other way to prevent these attacks than to allow only trusted digital vendors to run code on your .....Read More

January 07, 2020
Users will want to keep their data private and protect information on their activities from public exposure.
An aggregator like HappyHotel is not your average hotel booking site--it's neither for family vacations or for business trips. Users will want to keep their data private and protect information on their activities from public exposure. Apart from exploiting data for identity theft or various other forms of fraud, bad actors can extort money from users and cause irreparable damage to their private and public lives. Site owners that facilitate sensitive activities that users wouldn't want made.....Read More

December 20, 2019
Bad actors know they can count on many site operators to leave open the same entry points.
While digital skimmers have been around for years, the customized use of skimmers in attacks that target large e-commerce businesses is more recent. But what remains the same is what bad actors exploit: website design and operations processes that pay insufficient attention to insecure or unauthorized third-party code. Bad actors know they can count on many site operators to leave open the same entry points either through bad configuration, poor security measures, or both. Until businesses take .....Read More

November 26, 2019
Nearly all websites today are hosted by cloud service providers (CSP).
Digital supply chain attacks are mounting because they give bad actors a nice return for their investment. By targeting one provider, bad actors gain access to the data of several, if not many. Nearly all websites today are hosted by cloud service providers (CSP), who are rarely held to account for any malicious attacks that break out across their platforms. And even if businesses show their CSP concrete evidence that an attack was traced to their platform, chances are small that the CSP would.....Read More

November 20, 2019
Treat everyone else as a potential threat.
The challenge with preventing cross-site scripting attacks is identifying which code should be running on a site, which ones shouldn't. Until site owners know all the domains that are called by code on their site, they won't be able to distinguish who's authorized to be there, and who isn't. If they have an inventory of allowed digital vendors, they'll be able to root out unauthorized actors like those behind barn-x.com. They need to take a left of left-of-breach approach. Only allow code from.....Read More

November 19, 2019
Data encryption alone will not prevent bad actors from accessing personal information from site users.
TLS certificates were developed to protect communications between a server hosting a site and a browser. Designed to protect legitimate business, this security measure is now being abused by bad actors exploiting hurried consumers' tendency to pay little attention to details like the URLs of sites they visit. The current push towards universal encryption will worsen this problem, making it difficult to catch bad actors behind website spoofing or typosquatting schemes. Data encryption alone will .....Read More
