Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Feroot

Pixels/Trackers transfer data to foreign locations around the globe - including nation states of concern

By analyzing over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) across 6 sectors, it was determined that pixels/Trackers transfer data to almost 100 countries around the globe. Table 1 shows the top 40 destinations of data being transferred by pixels/trackers collecting data from the analyzed websites – all of which were US-based.

Pixels & trackers are present on mission-critical webpages and thereby increasing the likelihood of risks

In an analysis of over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) found pixels/trackers on 95% of their websites. Each website in the study corresponds to an unique organization (company, non-profit, or government agency). The high 95% reflects the extent of data harvesting that is done by marketing, advertising, and performance platforms today.

Pixels/Trackers Can Collect & Transfer Data Without Consent

Analysis on 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) revealed that pixels/trackers are collecting and/or transferring data prior to the explicit consent (e.g., cookie acceptance) of a website user. (While some do not require actual consent for one reason or another, the consent is not explicitly made.) Table 1 shows the degree to which some pixels/trackers were present on the analyzed websites.

TikTok Trackers Can Still Be Present Regardless of TikTok App Installation

In an analysis of over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) across 6 sectors, it was discovered that TikTok pixels/trackers were present on 7.41% of the analyzed websites (shown in Table 1). Here, TikTok pixels/trackers were within the code of the web pages that load into a user’s browser from those websites.

Independent of their Apps, bad actors banned by various executive orders have pixels/trackers on everyday websites

“ manipulate content, and if they want to, to use it for influence operations” – FBI Director Chris Wray “To maintain the security of data owned by the state of Nebraska, and to safeguard against the intrusive cyber activities of China’s communist government, we’ve made the decision to ban TikTok on state devices.” – NB Governor Pete Ricketts “Protecting citizens’ data is our top priority, and our IT professionals have determined, in consultat

Why Pixels/Trackers are Common and Abundant

As part of a detailed study of pixels/trackers, an analysis of over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) found pixels/trackers on 95% of their websites. Each website in the study corresponds to an unique organization (company, non-profit, or government agency). The high 95% reflects the extent of data harvesting that is done by marketing, advertising, and performance platforms today.

The Risks of Using ChatGPT to Write Client-Side Code

Since OpenAI released its AI chatbot software ChatGPT in November of 2022, people from all over the internet have been vocal about this program recently. Whether you love this software or despise it, the bottom line on it seems to be that the technology behind ChapGPT isn’t going anywhere. At least not in the near-to-distant future, it seems. Those who have been curious can try out this enhanced conversational AI software, have found that their results are often varied when using ChatGPT.

Reducing the Noise: Why Vulnerability Types Matter

Most application security testing focuses on server-side vulnerabilities. While vulnerability management alerts are necessary within today’s threat landscape for increased security, your teams can quickly become overwhelmed by them. These alerts can create a lot of noise for your development teams, other IT staff, and even your business operations.

Data Asset Classification: Why it's Important for Client-Side Protection

Web technologies are continuously evolving; both through growth and modernization. Modern web applications are becoming a must in enabling businesses to be able to sell online, acquire customers, and deliver the digital experiences today’s users want. Companies from various industries are increasingly relying on transacting sensitive Personal Identifiable Information (PII) digitally.

Magecart Attack: Hacker steals credit card info from Canada's largest alcohol retailer

The LCBO, a major Canadian retailer, recently experienced a cybersecurity breach that compromised the personal information of thousands of customers. The incident, which was discovered on January 10th, affected the client-side of the company’s website through which LCBO conducts online sales. It resulted in the unauthorized access of sensitive information such as names, addresses, email addresses, LCBO.com account passwords, Aeroplan numbers, and credit card information.