logo.png
GET GDPR READY

Foregenix Blog

David Kirkpatrick

Know Your Attack Surfaces

During our engagements, we sometimes find customers have difficulty in determining what hosts they own and if they are live on the Internet. This can easily happen when you have a high turnover of networking staff, where the knowledge is not passed on, or you have a large infrastructure presence that can make it difficult to constantly manage/monitor. In a worst-case scenario, this can lead to compromise of data and possible exploitation of your internal network where ‘forgotten’ hosts are left unpatched and unmanaged.

Read More
Zacharias Pigadas

Purple Teaming, here's what you need to know.

Information security is infatuated with colours. It started with the blue boxing that allowed anyone to make free calls, then moved to black hats, white hats, grey hats (to denote attackers), then off to black box, grey box and white box testing to define the type of testing. The latest trend in colours reference red teaming, blue teaming and purple teaming. We will deal with the last one in the remainder of this blog.

Read More

Facebook Ads Extension for Magento Leaking Magento Version

When looking for new websites to target, a typical hacker will try to find sites which will require as little effort as possible for them to breach. Ideally they are looking for sites that are running outdated versions of frameworks such as Magento and WordPress, which may be missing critical security patches. Once they have identified a site like this they can usually use a pre-made exploit instead of having to craft their own code to gain access to the server.

Read More
Jake Dennys

Foregenix named as finalists in The Techies 2018!

Cybersecurity

,18/04/18 15:02

The Techie Awards 2018 are a Business Exchange initiative to celebrate the innovation and entrepreneurship of the IT community in Swindon & Wiltshire. We’re delighted to have been named as finalists in the inaugural awards alongside 12 other companies!

Read More
Duncan Slater

Reducing the Impact of a Breach Through Early Detection (Part 2) - Incident Response vs Incident Readiness

This two-part series is focused on reducing the impact of a breach through early detection. In part one we looked at the change in mindset from purely preventative measures, to implementing effective detection methods within your environment; and the positive impact that this could have.  In this article we will look at bridging the gap between the initial point of intrusion and instigation of an effective incident response plan.

80% of businesses do not have an incident response plan, 15% have a documented plan but lack the foundation to provide an efficient or effective response, leaving only 5% [1] of business with an actionable incident response plan in place.  In this, the second part of our IR series we are going to look at the need for an effective and functional Incident Response plan.

Read More
David Kirkpatrick

Know Your Attack Surfaces

During our engagements, we sometimes find customers have difficulty in determining what hosts they own and if they are live on the Internet. This can easily happen when you have a high turnover of networking staff, where the knowledge is not passed on, or you have a large infrastructure presence that can make it difficult to constantly manage/monitor. In a worst-case scenario, this can lead to compromise of data and possible exploitation of your internal network where ‘forgotten’ hosts are left unpatched and unmanaged.

Read More
Zacharias Pigadas

Purple Teaming, here's what you need to know.

Information security is infatuated with colours. It started with the blue boxing that allowed anyone to make free calls, then moved to black hats, white hats, grey hats (to denote attackers), then off to black box, grey box and white box testing to define the type of testing. The latest trend in colours reference red teaming, blue teaming and purple teaming. We will deal with the last one in the remainder of this blog.

Read More

Facebook Ads Extension for Magento Leaking Magento Version

When looking for new websites to target, a typical hacker will try to find sites which will require as little effort as possible for them to breach. Ideally they are looking for sites that are running outdated versions of frameworks such as Magento and WordPress, which may be missing critical security patches. Once they have identified a site like this they can usually use a pre-made exploit instead of having to craft their own code to gain access to the server.

Read More
Jake Dennys

Foregenix named as finalists in The Techies 2018!

Cybersecurity

,18/04/18 15:02

The Techie Awards 2018 are a Business Exchange initiative to celebrate the innovation and entrepreneurship of the IT community in Swindon & Wiltshire. We’re delighted to have been named as finalists in the inaugural awards alongside 12 other companies!

Read More
Duncan Slater

Reducing the Impact of a Breach Through Early Detection (Part 2) - Incident Response vs Incident Readiness

This two-part series is focused on reducing the impact of a breach through early detection. In part one we looked at the change in mindset from purely preventative measures, to implementing effective detection methods within your environment; and the positive impact that this could have.  In this article we will look at bridging the gap between the initial point of intrusion and instigation of an effective incident response plan.

80% of businesses do not have an incident response plan, 15% have a documented plan but lack the foundation to provide an efficient or effective response, leaving only 5% [1] of business with an actionable incident response plan in place.  In this, the second part of our IR series we are going to look at the need for an effective and functional Incident Response plan.

Read More

Cyber Security Insights

Ray Simpson
19/06/18 13:48

Getting to Grips With the Australian Notifiable Data Breaches Scheme.

In light of the Notifiable Data Breaches (NDB) scheme which came into effect in Australia on 22nd February 2018, Foregenix has launched three service ...

Read More

Paul Taylor
21/05/18 09:14

Foregenix Identify Multiple Dell EMC RecoverPoint Zero-Day Vulnerabilities

Foregenix is disclosing six vulnerabilities which were identified in Dell EMC RecoverPoint products during a recent engagement. In the course of the ...

Read More

Andrew McKenna
17/05/18 14:26

Risk & Privacy: What are the board level considerations?

Problem: You’re on the board of a business and want to verify the business is implementing appropriate measures to adhere to security and privacy ...

Read More

Benjamin Hosack
16/05/18 12:30

New Services to Secure Blockchain & Cryptocurrency

Foregenix is proud to announce the launch of its Blockchain & Cryptocurrency Security Practice. Building upon years of experience in the Payment Card ...

Read More

Jake Dennys
14/05/18 15:42

Foregenix Take Best Security at The Techies 2018!

The Techie Awards 2018 are a Business Exchange initiative, created to celebrate the innovation and entrepreneurship of the IT community in Swindon & ...

Read More