logo.png
Guided Website Threat Review

Foregenix Blog

Duncan Slater

“Mind the Gap” – As a Small eCommerce Business, Who is Responsible for Your Security?

 

Major corporations spend hundreds of thousands of pounds and in some cases employ teams of people dedicated to manage and ensure the security of their environment.  But as a small eCommerce merchant, who is responsible for the security of your environment?  In most cases, small eCommerce businesses elect to outsource all of their website’s development to professionals specialising in eCommerce environments, but should the developers be responsible for the cybersecurity as well as the development and management of the environment? 

Read More
Kirsty Trainer

New survey shows 78% of eCommerce websites at risk

  • 47,000 out of 60,000 websites missing critical security patches
  • Over 3,000 are already hacked and losing customer data now

External security scans performed on 60,000 Magento websites show that 78% are missing critical security patches, while 5% are confirmed to have payment card data harvesting malware stealing their customer details. 

Read More
Benjamin Hosack

Malware Alert: New POS Malware - TinyPOS

In the UK we don’t often come across brand new POS malware, presumably as we are in a Chip & PIN market, so the “return” for attackers on deploying such technology is limited. Last week, though, we did come across what appears to be a new sample that we’re calling TinyPOS.

Read More
Kirsty Trainer

Malware Alert: Asymmetric Crypto Malware Dropper

In a previous article (Mage.jpg Malware Derivative) we discussed an interesting evolution we were seeing in the eCommerce security arena, that of asymmetric encryption techniques being used to obfuscate harvested payment card data. This is something that became prevalent many years prior with binary malware created for brick and mortar compromises.

The use of asymmetric encryption techniques makes the role of a digital forensic analyst somewhat tricker as we cannot (generally) provide any empirical insight into the contents of the harvest files. As such, the details of the exposure have to take a "worst case" approach which generally impacts the victim's organisation detrimentally.

Read More
Kirsty Trainer

Magento Malware Alert: Malicious Client Side Javascript

Much has been made of the Magento Shoplift vulnerability and we have certainly seen a notable uplift in Magento related investigations on the back of it. A trend that we have observed involves a variation to the Shoplift attacks, designed to steal payment card data from outsourced payment models - such as iframes as provided by all major payment processors.

Read More
Duncan Slater

“Mind the Gap” – As a Small eCommerce Business, Who is Responsible for Your Security?

 

Major corporations spend hundreds of thousands of pounds and in some cases employ teams of people dedicated to manage and ensure the security of their environment.  But as a small eCommerce merchant, who is responsible for the security of your environment?  In most cases, small eCommerce businesses elect to outsource all of their website’s development to professionals specialising in eCommerce environments, but should the developers be responsible for the cybersecurity as well as the development and management of the environment? 

Read More
Kirsty Trainer

New survey shows 78% of eCommerce websites at risk

  • 47,000 out of 60,000 websites missing critical security patches
  • Over 3,000 are already hacked and losing customer data now

External security scans performed on 60,000 Magento websites show that 78% are missing critical security patches, while 5% are confirmed to have payment card data harvesting malware stealing their customer details. 

Read More
Benjamin Hosack

Malware Alert: New POS Malware - TinyPOS

In the UK we don’t often come across brand new POS malware, presumably as we are in a Chip & PIN market, so the “return” for attackers on deploying such technology is limited. Last week, though, we did come across what appears to be a new sample that we’re calling TinyPOS.

Read More
Kirsty Trainer

Malware Alert: Asymmetric Crypto Malware Dropper

In a previous article (Mage.jpg Malware Derivative) we discussed an interesting evolution we were seeing in the eCommerce security arena, that of asymmetric encryption techniques being used to obfuscate harvested payment card data. This is something that became prevalent many years prior with binary malware created for brick and mortar compromises.

The use of asymmetric encryption techniques makes the role of a digital forensic analyst somewhat tricker as we cannot (generally) provide any empirical insight into the contents of the harvest files. As such, the details of the exposure have to take a "worst case" approach which generally impacts the victim's organisation detrimentally.

Read More
Kirsty Trainer

Magento Malware Alert: Malicious Client Side Javascript

Much has been made of the Magento Shoplift vulnerability and we have certainly seen a notable uplift in Magento related investigations on the back of it. A trend that we have observed involves a variation to the Shoplift attacks, designed to steal payment card data from outsourced payment models - such as iframes as provided by all major payment processors.

Read More

Cyber Security Insights

Duncan Slater
26/05/17 14:08

“Mind the Gap” – As a Small eCommerce Business, Who is Responsible for Your Security?

  Major corporations spend hundreds of thousands of pounds and in some cases employ teams of people dedicated to manage and ensure the security of ...

Read More

Kirsty Trainer
23/05/17 10:48

8 Critical Steps to Reduce the Risk of Ransomware Infection

The WannaCry ransomware infestation is a wake-up call for all entities connected to public networks, such as the internet, to recognise ...

Read More

Mike Hinton
16/05/17 17:24

Foregenix announce new partnership with Juno Web Design

We’re delighted to announce a new partnership between ourselves and Nottinghamshire based agency ‘Juno’. With the rapidly increasing threat to ...

Read More

Kirsty Trainer
05/05/17 09:42

Foregenix choose Australia as launch pad for Asia Pacific expansion

Foregenix are setting-up a new base in Australia, targetting the Asia Pacific region for growth. The new office in Sydney will open in May and be ...

Read More

Kirsty Trainer
11/04/17 12:03

New survey shows 78% of eCommerce websites at risk

47,000 out of 60,000 websites missing critical security patches Over 3,000 are already hacked and losing customer data now External security scans ...

Read More