Foregenix Blog

Kirsty Trainer

Marketing Manager & Design-fiend at Foregenix

Recent Posts

Foregenix named as rising Cyber Security export star in the Sunday Times SME Export Track 100

Posted by Kirsty Trainer on 27/02/17 17:02

We're over the moon to announce that Foregenix has been placed at No 59 in the 3rd annual Sunday Times Lloyds SME Export Track 100! Our fantastic clients and talented team were instrumental in helping us achieve this recognition. We are delighted, so thank you to all. This was published in the Business section on Sunday, as well as on the Sunday Times tablet edition and online.

Read More

Topics: web security, GDPR

Questions for a Point-to-Point Encryption (P2PE) Consultant

Posted by Kirsty Trainer on 26/09/16 13:24

As it stands, Foregenix have certified 70% of the current P2PE Applications and 40% of P2PE Solutions globally - so we have our fair share of experience and knowledge in a relatively new market. We asked one of our leading Consultants, Paolo Basilio, a few questions that frequently crop up during the process. 

1.     The growth of interest in Point-to-Point Encryption (P2PE) has been exponential in the last year and a half. What do you think has influenced this growth?

Read More

Topics: PCI, PA-DSS and P2PE

Hacked eCommerce Websites and Self-Notification

Posted by Kirsty Trainer on 15/07/16 11:19

The number of hacked websites losing payment card data is rising rapidly - and the attacks are becoming more sophisticated, stealthy and continue to remain very lucrative for criminals.  You've all probably heard this before and are tired of the rhetoric.  What you may not have heard before is what it means for your online business if your website gets hacked and loses payment card data.  What are the potential liabilities and what is the industry doing to try to curb the loss of payment card data?

Read More

Topics: web security

Between 35,000 and 40,000 credit cards exposed to hackers after coding errors led to SQL Injection.

Posted by Kirsty Trainer on 25/05/16 15:00

The Forensic team at Foregenix are used to getting cases involving SQL Injections through the door – in fact, not only is SQLi one of the ‘oldest’ tricks in the book, it is still one of the most common attacks seen.

Read More

Magento Security Advisory: CVE-2016-4010

Posted by Kirsty Trainer on 19/05/16 15:46

An exploit targeting a critical vulnerability (CVE-2016-4010) which is affecting all Magento Versions up to and including 2.0.6 was published on May 18th 2016. The sole prerequisite for a site to be vulnerable is to allow guest checkout, i.e. shopping by customers without an account on the site.

Read More

IT Web Security Summit 2016 - Bryanston, South Africa

Posted by Kirsty Trainer on 18/05/16 08:50

The ITWeb Security Summit 2016 is well underway with the workshop currently taking place at The Forum, Bryanston.

Read More

Cyber Security News - May Update

Posted by Kirsty Trainer on 17/05/16 09:57

Read More

Topics: web security

PCI Compliance, SAQ A & the Hacked Website. Does tick box compliance ensure security?

Posted by Kirsty Trainer on 30/03/16 12:47

With the vast majority of online businesses being classified within the small to medium sized category and the huge growth in eCommerce, the Payment Card Industry (PCI) came to the realisation that one of the industry’s greatest exposures lies with the tens of thousands of small to medium sized eCommerce businesses potentially not protecting their client payment data effectively.

Read More

Topics: PCI, PA-DSS and P2PE, web security

An introduction to PCI assessments in the cloud - Amazon Web Services

Posted by Kirsty Trainer on 29/02/16 17:59

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix

Amazon Web Services and Microsoft Azure are the two most common cloud services used in practice. While many people will be familiar with Microsoft language for Active Directory users and groups, Group Policies, virtual machines, IIS webservers and SQL databases, the language used by AWS and the services provided are quite different in many cases. Reflecting this in practice is Microsoft’s support of the hybrid cloud whereas moving to AWS is typically a more complete migration or separation.

Read More

Malware Alert: iFrame Interception attack affecting websites with outsourced payment models

Posted by Kirsty Trainer on 29/02/16 15:21

For those unfamiliar with the concept of outsourced payment models, it is essentially the adoption and implementation of eCommerce payment services from commercial Payment Service Providers (PSP) rather than merchants handling the payments themselves. You have probably experienced the concept when you suddenly get whisked off to a different site to present your payment details and then revert back to the eCommerce website once payment has been made. The idea of this being to make sure payment details pass directly from the consumer to the payment service provider who has had their operational security reviewed and certified as PCI DSS compliant. 

Read More

Topics: web security, Indicators of compromise