What the incident means for organizations
It’s a visibility issue
What happens to the scripts that no one is using any more? Or the apps running on long-forgotten landing pages? When multiple different teams, with multiple different goals and skills are each working on the same websites and applications, it’s hardly surprising that they could be out of step. It’s safe to assume that there’s a lot of untrusted, untested code running on enterprise websites that no one knows is there – and that’s the kind of place client-side attackers thrive in.
What can you do about it?
Imperva customers utilizing Client-Side Protection in its blocking mode are protected from any data transfers to new third-party domains.
Client-Side Protection is a part of Imperva’s Application Security Suite. Start your Application Security free trial today.
The post Recent NPM package hack is an alarming reminder of the risks of website supply-chain fraud appeared first on Blog.
*** This is a Security Bloggers Network syndicated blog from Blog authored by Erez Hasson. Read the original post at: https://www.imperva.com/blog/recent-npm-package-hack-is-an-alarming-reminder-of-the-risks-of-website-supply-chain-fraud/