Cybersecurity Insights

Kirsty Trainer

Why Your Business Should Deploy File Integrity Monitoring

19/11/18 15:32

File integrity monitoring (FIM) systems are an important part of your website security's immune system. If you want to find and destroy malicious code, you’ll need to know where it is and where it’s come from. FIM systems will log changes made to your website, where they’ve come from and when they were made. Utilising a FIM system in your security strategy will help provide you with up to date knowledge of the inner workings of your website.

Read More
Jake Dennys

Increased card usage across the payment landscape

22/10/18 10:44

Increased support for contactless payments, digital wallets and mobile payments are making paying for things even more convenient than ever before. 2017 saw some interesting payment statistics, most notably; in the UK, debit cards have surpassed cash for the first time.

Read More
David Kirkpatrick

Testing Problematic Authorisation Tokens With Burp

05/10/18 15:36

Every so often a web application comes along where a bit of customization is required in your testing strategy to test it properly. The Burp Suite proxy tool is probably one of the most used tools by penetration testers to test web applications. When a situation comes along where its normal customization menu options isn’t sufficient (e.g. using Burp Macros) we can include a custom written Burp Extension to do what we want.

Read More
Kirsty Trainer

The payment industry is stepping up the fight against fraud with P2PE

26/09/18 13:38

P2PE (Point-to-Point-Encryption)  is a standard that is quickly becoming the preferred way for acquirers and merchants to secure customer cardholder data. The industry is ramping up P2PE efforts to combat fraud. The number of payment card P2PE systems, which meet the new industry standard has passed 200 for the first time, highlighting the growing worldwide emphasis on security.

Read More
Jake Dennys

Foregenix Live Hack taking centre stage at Mastercard Innovation Forum

25/09/18 13:38

Hollywood has painted the world of hacking as a slick, complex, world of nation state attackers using undetectable, 0-day attacks against large corporate organisations. Whilst sometimes that's exactly the case, most of the time it's not like that at all. We’re seeing focused and organised criminal groups performing exploits of often very old vulnerabilities against smaller companies and merchants. Most of the entities being breached never gain media attention and small/medium sized businesses are being decimated by hackers every day.

The problem is; most of these breaches are avoidable. Regular patching and updates to Internet exposed websites would dramatically reduce the likelihood of being hacked. Yet our research confirms the bulk of ecommerce merchants are not doing this!

Read More
Kirsty Trainer

Why Your Business Should Deploy File Integrity Monitoring

19/11/18 15:32

File integrity monitoring (FIM) systems are an important part of your website security's immune system. If you want to find and destroy malicious code, you’ll need to know where it is and where it’s come from. FIM systems will log changes made to your website, where they’ve come from and when they were made. Utilising a FIM system in your security strategy will help provide you with up to date knowledge of the inner workings of your website.

Read More
Jake Dennys

Increased card usage across the payment landscape

22/10/18 10:44

Increased support for contactless payments, digital wallets and mobile payments are making paying for things even more convenient than ever before. 2017 saw some interesting payment statistics, most notably; in the UK, debit cards have surpassed cash for the first time.

Read More
David Kirkpatrick

Testing Problematic Authorisation Tokens With Burp

05/10/18 15:36

Every so often a web application comes along where a bit of customization is required in your testing strategy to test it properly. The Burp Suite proxy tool is probably one of the most used tools by penetration testers to test web applications. When a situation comes along where its normal customization menu options isn’t sufficient (e.g. using Burp Macros) we can include a custom written Burp Extension to do what we want.

Read More
Kirsty Trainer

The payment industry is stepping up the fight against fraud with P2PE

26/09/18 13:38

P2PE (Point-to-Point-Encryption)  is a standard that is quickly becoming the preferred way for acquirers and merchants to secure customer cardholder data. The industry is ramping up P2PE efforts to combat fraud. The number of payment card P2PE systems, which meet the new industry standard has passed 200 for the first time, highlighting the growing worldwide emphasis on security.

Read More
Jake Dennys

Foregenix Live Hack taking centre stage at Mastercard Innovation Forum

25/09/18 13:38

Hollywood has painted the world of hacking as a slick, complex, world of nation state attackers using undetectable, 0-day attacks against large corporate organisations. Whilst sometimes that's exactly the case, most of the time it's not like that at all. We’re seeing focused and organised criminal groups performing exploits of often very old vulnerabilities against smaller companies and merchants. Most of the entities being breached never gain media attention and small/medium sized businesses are being decimated by hackers every day.

The problem is; most of these breaches are avoidable. Regular patching and updates to Internet exposed websites would dramatically reduce the likelihood of being hacked. Yet our research confirms the bulk of ecommerce merchants are not doing this!

Read More