Third-party programs such as Google Analytics and other plug-ins expose websites to Magecart, formjacking, cross-site scripting, and credit-card skimming, and other attacks, new research shows.
A report released today by Tala Security found that these kind of attacks exploit vulnerable JavaScript integrations that run on some 99% of the world’s websites. And while 30% of the websites analyzed implemented new security policies – a 10% increase over 2019 – only 1.1% of websites were found to have effective security in place, an 11% decline from 2019.
“This indicates that while deployment volume went up, effectiveness declined steeply,” says Aanand Krishnan, founder and CEO of Tala Security. “The attackers have the upper hand largely because we are not playing effective defense.”
