The IT Nerd

Jscrambler today announces expansions to its Executive Leadership team with the appointment of Mukesh Sharman as COO and Tyson Whitten as VP of Global Marketing. These appointments will accelerate Jscrambler’s mission to foster secure digital innovation for the world’s online businesses, safeguarding them against financial and reputational risks associated with client-side cybersecurity threats, data breaches, intellectual property theft, and compliance violations. 

Mukesh Sharma, with over two decades of technology and cybersecurity leadership, has a proven track record of scaling operations and teams at both startups and multi-billion dollar organizations. Focused on prioritizing a customer-centric approach and ensuring operational efficiency, Mukesh is dedicated to aligning strategy with execution. His leadership spans various high-paced and innovative companies, including notable roles at VMware (Broadcom), Puppet (Perforce), Sumo Logic, and Atos. 

Tyson Whitten is a seasoned executive boasting over 20 years of building and scaling marketing at venture-funded cybersecurity companies. Whitten joins Jscrambler on the heels of his four-year tenure with ReversingLabs, where he served as Vice President of Global Marketing, elevating the company’s brand as a software supply chain security leader, while leading product marketing, demand generation, content, and sales enablement. Whitten also held various leadership positions at cybersecurity companies, CA Technologies (Broadcom), SecureWorks, and Guardent (Verisign). 

Both executives will drive Jscrambler’s continued growth in client-side protection and compliance within the application security market. Sharma will be responsible for Jscrambler’s global go-to-market, sales, marketing, partner, and finance operations. Whitten will lead all aspects of brand, messaging, product marketing, demand generation, field marketing, content marketing, and sales enablement. 

Jscrambler, the pioneering platform for client-side protection, today announces it has been named a winner in the 2024 BIG Innovation Awards presented by the Business Intelligence Group for the second consecutive year. Jscrambler’s Client-Side Protection Platform has been recognized amongst global technology organizations whose innovative approach and platform have caused market disruption.  

Jscrambler was the first to merge advanced polymorphic JavaScript obfuscation with fine-grained third-party tag protection in a unified Client-Side Protection and Compliance Platform. Its integrated solution ensures a robust defense against current and emerging client-side cyber threats, data leaks, and IP theft, empowering software development and digital teams to innovate securely. With Jscrambler, businesses adopt a unified, future-proof client-side security policy all while achieving compliance with emerging security standards including PCI DSS v4.0. 

Organizations from across the globe submitted their recent innovations for consideration in the BIG Innovation Awards. Nominations were then judged by a select group of business leaders and executives who volunteer their time and expertise to score submissions. 

Pedro Fortuna, CTO and Co-Founder, Jscrambler has shared with me his predictions for 2024. He’s got three of them to share:

JavaScript Targeted Attacks Accelerates

“In 2024, we predict organizations will encounter persistent challenges concerning their JavaScript and its associated cybersecurity vulnerabilities. Driven by Large Language Models (LLMs), attacks will become more advanced and written with higher levels of speed and sophistication, enabling accelerated learning and control circumvention. Companies will have to evolve their security strategies and implement measures, such as JavaScript code protection, that prevent LLM-powered threats from leveraging early automated learning steps.”

3rd-Party Tag Leakage Fueled by LLM

“Additionally, we anticipate an exponential increase in the leakage and misuse of consumer data collected by 3rd-party tags. Marketing, analytics and payment tag vendors pressured to compete in the market will utilize LLM to improve customer experiences and differentiate services. This will require an increased amount of consumer PII data to be collected which will often go uncontrolled and unmonitored. This collection and processing of more consumer data will have direct and negative consequences on consumer privacy. Therefore, it is imperative for web owners to proactively prepare themselves for this shift and safeguard consumer data through the implementation of 3rd-party script and tag controls. Without proper controls on the collection of consumer data by LLM, it may be too late to prevent the data from being used to train the LLM models, resulting in irreversible consequences. Once done, there’s a risk of potential data leaks by the LLM, as the security of LLMs is still in its infancy.”

PCI v4.0 Moves to Action

“With the increase in JavaScript abuses and e-skimming attacks, we saw the evolution of standards including PCI v4.0 to improve payment page security. While 2023 was the year of preparation for the new PCI v4.0 requirements, 2024 will transition from education to action, as it brings us closer to PCI v4.0 taking mandatory effect in 2025. Companies will quickly move from standards research to vendor research, selection and implementation to effectively prepare for the new 6.4.3 and 11.6.1 payment page security requirements. The best-prepared companies will assess current 3rd-party tag usage and business authorization processes before implementing new technology.”

Jscrambler today announces it has been assessed as compliant with PCI DSS v4.0  following an external assessment by Advantio, a leading Qualified Security Assessor (QSA), signifying the high-security standards Jscrambler’s platform and environment meets. This achievement, ahead of the April 1st, 2024 deadline for meeting the new standard underpins Jscrambler’s dedication to protecting its customers’ sensitive data and ensuring the security of their financial transactions. 

To be assessed as compliant with PCI DSS, companies must demonstrate the ability to protect both their assets and their clients. While Jscrambler does not store, process, or transmit cardholder data, Jscrambler does provide an agent that is present on customer payment pages. Service providers that can affect the security of cardholder data are considered in the scope of PCI DSS v4.0. 

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard that provides a set of requirements for protecting Cardholder Data. Version 4.0 represents the state of the art in terms of cyber security and demonstrates a commitment to ensuring the protection of customer’s data. The requirements listed in PCI DSS v4.0 will mandate that the businesses that handle (store, process or transmit) or who could affect the security of payment data implement a set of controls (technical, physical and human) to protect such data. PCI DSS compliance must be renewed annually to ensure continued compliance with the security standard. This is an ongoing commitment that reflects dedication to data protection and transaction security. 

New PCI DSS v4.0 Requirements Attempt to Mitigate Expanding Surface Area Risk

JavaScript has become the building block of nearly every modern-day web page. While it can serve many purposes, it can also deliver unprecedented and sometimes unseen security risks that last for months, should it not be monitored properly. The introduction and widespread use of third-party JavaScript is one example, as online businesses increasingly struggle to maintain complete visibility and control over these scripts. Earlier this year, Jscrambler found that 80% of the 20 most highly trafficked US  e-commerce websites had an average of 148 JavaScripts on their payment pages. For these reasons and more, PCI DSS has included specific requirements (6.4.3 and 11.6.1) designed to minimize this increasing attack surface area, manage all JavaScript executing on payment pages, and detect any tampering or unauthorized changes to the payment page that can result in leaking of the cardholder data. 

Jscrambler is fully committed to PCI DSS, with its Co-founder and CTO, Pedro Fortuna, serving as a member of the PCI SSC Board of Advisors and recently having been added as a Principal Participating Organization. With Jscrambler having been externally assessed as compliant with PCI DSS v4.0, clients of Jscrambler can reliably utilize the Jscrambler Client-Side Protection Platform to both protect cardholder data that is entered into a customer’s web page from skimming attacks and to meet the PCI-DSS v4.0 requirements 6.4.3 and 11.6.1. These new requirements are currently considered ‘best practice’ until April 2025 when they become mandatory. Implementing the new requirements will ensure that merchants can prevent and detect unauthorized changes to JavaScript code. For this reason, service providers and merchants must prepare for PCI DSS v4.0 as they can impact the security of the cardholder data environment (CDE). 

To find out more about the potential impacts of first and third-party JavaScript on payment pages, read Jscrambler’s most recent blog post, Are Non-PCI Compliant Scripts Putting Your Business at Risk?

Customers, prospects, and partners may receive the Jscrambler Attestation of Compliance (AOC) report upon request by contacting their account manager.

The QSA company in charge of this project has been Advantio, an Integrity360 company, with over ten years of experience providing PCI consultancy and formal validation services worldwide via a large team of multilingual subject matter experts.

 Jscrambler, a leading solution for JavaScript protection and real-time webpage monitoring, today announces the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and simple compliance coupled with proactive security measures to prevent web skimming and Magecart attacks. 

Jscrambler is a PCI Security Standards Council Principal Participating Organization, and Pedro Fortuna, Jscrambler’s CTO and co-founder, was recently elected a member of the PCI SSC Board of Advisors attesting the relevance of Jscrambler’s 13+ years’ work on client-side security and its importance to the payment industry.  

Jscrambler’s team of JavaScript experts has worked to create a solution that will directly ensure compliance with requirements 6.4.3 and 11.6.1 of PCI DSS v4.0. With the new PCI DSS v4.0 requirements already in the public domain, organizations need to prioritize this transition while simultaneously adopting proactive measures to protect their customer’s payment card information. Although the new requirements in PCI DSS are not mandatory until April 2025, they are indicated as “best practices” until this date. Combining the trifecta of technology, people, and processes, Jscrambler’s solution provides teams with the flexibility and agility they require to meet these deadlines without compromising other priorities.

To meet the new anti-skimming requirements of PCI DSS v4.0, which includes ensuring script integrity, maintaining an up-to-date inventory of payment/parent pages’ scripts, and alerts for any tampering attempts, Jscrambler’s new tool offers advanced visibility to easily monitor and authorize vendors and scripts, while providing effortless and detailed reporting logs to demonstrate compliance to PCI Security Assessors (ISAs and QSAs) and internal compliance teams. 

Web skimming attacks continue to plague organizations that have an e-commerce store, with attackers launching campaigns to hit as many targets as possible by injecting malicious code into websites via third-party providers. Jscrambler’s research has shown that in recent months the modus operandi for three of the most prolific cybercriminal groups has evolved as they seek more innovative ways to compromise targets. As a result, and if successful, these attacks can go undetected for months, potentially resulting in reputation damage and heavy fines.

Working with Jscrambler, organizations get peace of mind as security teams can configure and manage multiple websites and payment pages in one place, further streamlining compliance visibility and reporting. To stay one step ahead, and ensure that organizations maintain a secure environment, teams can react promptly due to immediate alerts on any modifications to HTTP headers, integrity breaches or adding of new vendors. 

To find out more about Jscrambler’s Free PCI DSS JavaScript Compliance Tool, please click HERE.

Jscrambler, a leading solution for JavaScript protection and real-time webpage monitoring, is pleased to announce that its Chief Technology Officer and Cofounder, Pedro Fortuna, has been appointed to the 2023-2025 PCI Security Standards Council Board of Advisors. 

The Board of Advisors represents PCI SSC Participating Organizations worldwide to ensure global industry involvement in the development of PCI Security Standards and programs. Jscrambler’s own Pedro Fortuna is one of 52 board members to join the PCI Security Standards Council in its efforts to secure payment data globally. As strategic partners, board members bring industry, geographical and technical insight to PCI SSC plans and projects. 

The PCI Security Standards Council is a global organization responsible for developing and maintaining the Payment Card Industry Data Security Standard (PCI DSS) and other important payment security standards. The Council’s Board of Advisors is comprised of individuals with extensive expertise in payment security and related fields, and who are committed to advancing the Council’s mission of protecting payment card data worldwide.

Pedro Fortuna has over 20 years of experience in the security industry, including software design and engineering and penetration testing. Fortuna has served as the CTO of Jscrambler since 2014, where he has been consistently at the helm of the company’s technical wing as well as participating in key business management decisions as a member of the board. 

For more information regarding Jscrambler, visit: https://jscrambler.com/

Jscrambler, a leading solution for JavaScript protection and real-time webpage monitoring, is proud to announce it has won the following award(s) from Cyber Defense Magazine(CDM), the industry’s leading electronic information security magazine:

• Most Comprehensive for Third-Party Cyber Risk
• Editor’s Choice for Web Application Security

Jscambler is thrilled to be a member on this coveted group of winners, located here:  http://www.cyberdefenseawards.com/

Please join them at the #RSAC RSA Conference 2023, https://www.rsaconference.com/usa today, as they share their red carpet experience and proudly display their trophy online at their website, their blog and their social media channels.

Jscrambler, a leading solution for JavaScript protection and real-time webpage monitoring, today announces the integration of Jscrambler to the GitHub Marketplace. This integration will make it easier and more intuitive than ever for GitHub users to include Code Integrity protection in their build pipeline.  

Having Jscrambler’s Code Integrity Action ready on the GitHub Marketplace means only having to adjust a few parameters before deployment, saving users time and resources. Users will no longer have to customize GitHub actions from scratch or including calls to Jscrambler CLI when setting up the pipeline, for the Action will already available in the GitHub Marketplace and available for integration into projects with just a few clicks.   

GitHub is one of the largest online collaborative work platforms in the world with unparalleled popularity. It is an essential tool for software engineers as they can share their projects, and people anywhere in the world can work on them in parallel. According to most recent data, it currently accommodates more than 84 million users, with 200 million repositories hosted.  

Jscrambler’s Code Integrity offers several features such as code obfuscation, anti-tampering, and self-defensive capabilities. These features help to protect applications against reverse engineering, code tampering, and other attacks. Jscrambler’s Code Integrity is trusted by some of the world’s largest companies and is used to protect millions of lines of code. 

Jscrambler, the leading solution for JavaScript protection and real-time webpage monitoring, today announces the integration of Jscrambler’s Threat Monitoring to the Splunk marketplace. Through a partnership between Jscrambler and Splunk, organizations can now integrate Jscrambler’s code integrity solution into their Splunk instance, providing them with more visibility into their web applications’ code integrity and a powerful tool to help them stay ahead of potential client-side cyber threats. 

Splunk is a leading data analytics and visualization platform that helps organizations monitor, analyze and visualize their machine data. Splunk’s customers include some of the world’s largest and most complex organizations, spanning a wide range of industries, including healthcare, finance and government. 

Jscrambler’s code integrity solution provides an effective way to protect web and mobile applications against tampering, reverse engineering and code injection attacks. By integrating Jscrambler into a Splunk instance, organizations can monitor the security of their applications in real-time and quickly identify any suspicious activity that may be indicative of a potential client-side  attack. The Jscrambler Threat Monitoring Splunk app enables real-time notifications for any code tampering, reverse engineering or code injection attacks detected by Jscrambler, helping organizations stay one step ahead of potential threats. 

Find out more at: https://jscrambler.com/ or check out their listing on the GitHub Marketplace.

Jscrambler today announced it received Gold Place in Client-Side Security in the Cybersecurity Excellence Awards.  

Jscrambler’s Webpage Integrity (WPI) offers a large set of functionalities aimed at protecting customers against sensitive data leaks and unwanted changes which may harm their company’s reputation and business. This is especially important as more commerce is conducted online than ever before. Two global e-commerce brands that rely on Jscrambler to protect their payment pages saw significant activity during Q4 2022. Webpage Integrity monitored a combined 40.3 million user sessions and blocked over 60.2 million data access attempts by third-party vendors. The continuous monitoring and proactive blocking of JavaScript running in the browser prevent these vendors from potentially accessing sensitive credit card data.   

WPI allows organizations to understand all the scripts that are being loaded onto each of their websites, as well as the potential risk associated. WPI provides rich information and insights to assist in mitigating any potential threats. Considering that vulnerabilities in third-party software account for 13% of all data breaches’ initial attack vectors with an average cost of $4.55M per data breach, it is fundamental for companies to have total visibility and control on their websites. 

Jscrambler  is a leading authority in client-side security software. Its solution defends enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Jscrambler makes first-party code that is resilient to tampering and prevents interference with third-party code. The solution works continuously, keeping organizations protected regardless of how frequently things change. From code to runtime, Jscrambler has companies covered with a level of visibility and control that supports business innovation. Jscrambler’s customers include the FORTUNE 500, retailers, airlines, banks and other enterprises whose success depends on safely engaging with their customers online. Jscrambler keeps these interactions secure so they can continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance.

Find out more at: https://jscrambler.com/