Foregenix Blog

New survey shows 78% of eCommerce websites at risk

Posted by Kirsty Trainer on 11/04/17 12:03

  • 47,000 out of 60,000 websites missing critical security patches
  • Over 3,000 are already hacked and losing customer data now

External security scans performed on 60,000 Magento websites show that 78% are missing critical security patches, while 5% are confirmed to have payment card data harvesting malware stealing their customer details. 

Read More

Topics: Forensics and Incident Response

Malware Alert: New POS Malware - TinyPOS

Posted by Benjamin Hosack on 01/04/16 07:00

In the UK we don’t often come across brand new POS malware, presumably as we are in a Chip & PIN market, so the “return” for attackers on deploying such technology is limited. Last week, though, we did come across what appears to be a new sample that we’re calling TinyPOS.

Read More

Topics: Forensics and Incident Response

Malware Alert: Asymmetric Crypto Malware Dropper

Posted by Kirsty Trainer on 29/01/16 11:55

In a previous article (Mage.jpg Malware Derivative) we discussed an interesting evolution we were seeing in the eCommerce security arena, that of asymmetric encryption techniques being used to obfuscate harvested payment card data. This is something that became prevalent many years prior with binary malware created for brick and mortar compromises.

The use of asymmetric encryption techniques makes the role of a digital forensic analyst somewhat tricker as we cannot (generally) provide any empirical insight into the contents of the harvest files. As such, the details of the exposure have to take a "worst case" approach which generally impacts the victim's organisation detrimentally.

Read More

Topics: Forensics and Incident Response

Magento Malware Alert: Malicious Client Side Javascript

Posted by Kirsty Trainer on 02/12/15 16:55

Much has been made of the Magento Shoplift vulnerability and we have certainly seen a notable uplift in Magento related investigations on the back of it. A trend that we have observed involves a variation to the Shoplift attacks, designed to steal payment card data from outsourced payment models - such as iframes as provided by all major payment processors.

Read More

Topics: Forensics and Incident Response, web security, Magento

Magento Malware Alert: Mage.jpg Malware Derivative

Posted by Kirsty Trainer on 30/11/15 16:11

Recent forensic investigation case work being managed by our team has identified a growing e-commerce threat a new breed of malware being used to compromise online businesses and steal their customers’ personal data – especially focusing on payment card data.   

Read More

Topics: Forensics and Incident Response

Magento Malware: Credit Card Hijack – Malicious Javascript Alert

Posted by Benjamin Hosack on 23/11/15 16:39

Our forensic team have just wrapped up a forensic investigation on an e-commerce business that has had a considerable number of customer data stolen – including credit card data. This latest Magento malware attack involved a malicious Javascript – recently announced by Magento on the 16th November 2015.

Read More

Topics: Forensics and Incident Response, web security, Magento

New Magento Patch: SUPEE-6788

Posted by Kirsty Trainer on 10/11/15 10:54

Magento Update: Magento has announced a new patch available for Magento Community versions older than 1.9.2.2 and Magento Enterprise versions older than 1.14.2.2.

Read More

Topics: Forensics and Incident Response, web security, Magento

Build a Cyber Security Starter Kit

Posted by Anthony Cacchio on 09/11/15 08:44

As a qualified PFI with the largest Forensic team in Europe, we are continually honing our skills and expertise in tackling the ever-evolving cybercrime world on the front line. Cybercrime heavily affects everyone involved, be it the company getting hacked or the user’s details being stolen.

Read More

Topics: Forensics and Incident Response

Top 5 Questions about FGX-Web and Website Security

Posted by Benjamin Hosack on 12/10/15 12:11

In our day-to-day deployments of FGX-Web Alert and FGX-Web Protect we often get questions from the website developers about the functionality and capabilities of FGX-Web. We’ve summarized the top 5 questions and answers for you:

Read More

Topics: Forensics and Incident Response, web security

Magento Malware Alert: Is your website being Brute Force Attacked?

Posted by Benjamin Hosack on 15/09/15 12:04

Magento Security: The Forensic Team at Foregenix has identified a number of cases concerning the same method of Brute Force attack.

Attackers were able to gain access to the Magento Connect Manager of multiple Magento websites, through Brute Force Attack, due to a combination of weak passwords, open access to the website’s Magento extension download page (www./downloader/.cache/community), and open access to the Magento Connect Manager login page itself (www./downloader/index.php), neither of which should be publicly available.

Read More

Topics: Forensics and Incident Response, web security, Magento