logo.png
WEBSITE SECURITY HEALTH CHECK

Foregenix Blog

Jake Dennys

Foregenix Launch New Webscan Service!

Externally Scan Your Site For Free Now

Recently our security experts have been busy overhauling our free external scanning tool. Having done some fine tuning, added a plethora of new scanning capabilities and given it a lick of new paint, it's now ready for the public! 

Those of you familiar with our older scanning tool will notice a big difference. The traffic light risk system has been expanded to include a score as well as a new graph so that you can track your results over time (or, have one of our security team email results to you weekly, at no cost). Our scanner is now able to present even more information about Magento based websites, making it - we believe - the most comprehensive Magento malware scanner available. It also checks for valid SSL certificates; if a website isn't 'https' it's flagged as unsafe.

scanshot

 

Alongside changes to the initial results, we've also added some handy tabs underneath the results so that you can gain a deeper insight into any potential vulnerabilities the scanner may flag up.

 

scanshot2

 

As industry leaders in cybersecurity, we take an active interest in the threat landscape. In a bid to learn more about what the current state of play was for Magento, we put our new scanner to good use.  We ran it against 217,946 Magento websites and found that 5% were hacked and harbouring credit card harvesting malware, subsequently leaking cardholder data to third party attackers.

The most staggering result of the scan was that 86% of Magento websites were running out of date (unpatched) software. If they’re not already on a list of websites waiting to be hacked, they soon will be (our researchers believe that most of these sites could be hacked in under an hour).

Keeping your software up to date with the latest versions is probably the cheapest way to help your business remain free of unwanted/criminal activity. Patches are released every few months and so keeping an eye on the Magento Security Centre for updates will benefit you. The security centre also provides you with Magento security news, best practices and the option to report any security issues you may find.

Patching isn’t always the easiest of feats, but the security benefits speak for themselves. Would you rather be forced to conduct a forensic investigation, pay for breach costs/liabilities, fines and deal with unhappy customers, or take the steps necessary to patch your environment? The average penalty for losing card data is £36,500.

Our research shows the majority of issues among hacked websites are:

  • Out of date (unpatched) software
  • Websites with default settings
  • Lack of security monitoring
  • Weak passwords

You’d expect the issues to be a little more complex but hackers target the weak. Why would they waste their time spending months cracking into big multi-national companies when they can take control of a multitude of small businesses easily?

View FGX-Web

The above problems can be solved without a huge amount of know-how and can subsequently save you a lot of hassle and money.

Our scanner checks for a multitude of vulnerabilities and is regularly used by businesses of all sizes. We really care about security and we wanted to give people the opportunity to make sure their environment is safe. Some of the issues/vulnerabilities we check for include:

  • Credit card hijack
  • Cloud harvester malware
  • Unprotected version control
  • Outdated software
  • Default/admin location
  • Magento shoplift
  • Magmi vulnerability
  • Exposed development files
  • Exposed API
  • Ransomware
  • GuruInc JavaScript
  • Magento backdoor trojan module
  • Security patch 6285 (XSS, RSS)
  • Security patch 6482 (XSS)
  • Security patch 6788 (secrets leak)
  • Security patch 7405 (admin takeover)
  • Security patch 5994 (admin disclosure)
  • Malware scanning

If you’re concerned about whether your website is running out of date software, harbouring malware or vulnerable to any of the above attack vectors, please try our scanner for free. No download required, just type in the URL and away you go. Find the link below.

Free Webscan

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Jake Dennys
10/08/18 09:17

Foregenix Launch New Webscan Service!

Recently our security experts have been busy overhauling our free external scanning tool. Having done some fine tuning, added a plethora of new ...

Read More

Jake Dennys
09/08/18 11:49

P2PE: How, what and why – The PCI SSC Latin America Forum.

We’re excited to be showcasing a Point-to-Point-Encryption led presentation at the PCI SSC Latin America Forum on August 15th. As industry leaders ...

Read More

Jake Dennys
16/07/18 11:38

Stronger and more frequent Brute Force Attacks are now the norm

Brute force attacks have plagued the internet for years. It’s a fairly simple concept; attempt every combination of words/numbers until the right one ...

Read More

Jake Dennys
11/07/18 10:31

Foregenix Place #4 In The Growth 100!

It’s been an exciting year for us, awarded consultancy practice of the year and best tech security; then named in the Sunday Times Export Track 100 ...

Read More

Jake Dennys
09/07/18 09:47

Digital Forensics in the Asia-Pacific region

As a global cybersecurity company, we are constantly striving to provide a better service for our clients. We are happy to report that our Digital ...

Read More