logo.png
GET GDPR READY

Foregenix Blog

Paul Taylor

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM

Part 1 of 2 – Introduction and Background

NfSen is an open source netflow data capture and analysis module which can be used as a standalone product, and is also integrated into AlienVault’s USM/OSSIM security monitoring software.

During a penetration testing engagement for one of our clients, Foregenix discovered a zero-day vulnerability in NfSen. The zero-day allowed remote code execution as root, resulting in a total server compromise.

Read More
Duncan Slater

Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method.  The attack specifically targeted the iFrame of a popular UK Payment Service Provider (PSP). We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

Read More
Benjamin Hosack

TeamViewer Used to Attack Leading Footwear Retailer

Indicators of compromise

,10/06/16 09:26

TeamViewer has been all over the news in the last few days with “significant” numbers of  TeamViewer clients expressing/venting on Reddit, Twitter and other social media channels.  TeamViewer has denied that there has been a breach of their systems and instead has pointed to “mega-breaches” of social networks and users using the same account credentials across multiple platforms.  Coincidentally, Foregenix has recently completed a case study involving compromised TeamViewer credentials.

Read More
Kirsty Trainer

Malware Alert: iFrame Interception attack affecting websites with outsourced payment models

For those unfamiliar with the concept of outsourced payment models, it is essentially the adoption and implementation of eCommerce payment services from commercial Payment Service Providers (PSP) rather than merchants handling the payments themselves. You have probably experienced the concept when you suddenly get whisked off to a different site to present your payment details and then revert back to the eCommerce website once payment has been made. The idea of this being to make sure payment details pass directly from the consumer to the payment service provider who has had their operational security reviewed and certified as PCI DSS compliant. 

Read More

Data Compromise and PCI Compliance


The South African fast food industry experienced a massive data compromise back in 2013 – as a result Foregenix was called in to investigate and find out exactly how the hackers managed to get in, how much they stole, when they stole the data and how did they go undetected for so long.

Read More
Paul Taylor

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM

Part 1 of 2 – Introduction and Background

NfSen is an open source netflow data capture and analysis module which can be used as a standalone product, and is also integrated into AlienVault’s USM/OSSIM security monitoring software.

During a penetration testing engagement for one of our clients, Foregenix discovered a zero-day vulnerability in NfSen. The zero-day allowed remote code execution as root, resulting in a total server compromise.

Read More
Duncan Slater

Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method.  The attack specifically targeted the iFrame of a popular UK Payment Service Provider (PSP). We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

Read More
Benjamin Hosack

TeamViewer Used to Attack Leading Footwear Retailer

Indicators of compromise

,10/06/16 09:26

TeamViewer has been all over the news in the last few days with “significant” numbers of  TeamViewer clients expressing/venting on Reddit, Twitter and other social media channels.  TeamViewer has denied that there has been a breach of their systems and instead has pointed to “mega-breaches” of social networks and users using the same account credentials across multiple platforms.  Coincidentally, Foregenix has recently completed a case study involving compromised TeamViewer credentials.

Read More
Kirsty Trainer

Malware Alert: iFrame Interception attack affecting websites with outsourced payment models

For those unfamiliar with the concept of outsourced payment models, it is essentially the adoption and implementation of eCommerce payment services from commercial Payment Service Providers (PSP) rather than merchants handling the payments themselves. You have probably experienced the concept when you suddenly get whisked off to a different site to present your payment details and then revert back to the eCommerce website once payment has been made. The idea of this being to make sure payment details pass directly from the consumer to the payment service provider who has had their operational security reviewed and certified as PCI DSS compliant. 

Read More

Data Compromise and PCI Compliance


The South African fast food industry experienced a massive data compromise back in 2013 – as a result Foregenix was called in to investigate and find out exactly how the hackers managed to get in, how much they stole, when they stole the data and how did they go undetected for so long.

Read More

Cyber Security Insights

Richard Jones
17/11/17 09:39

Successfully implementing GDPR: Compliance and Awareness

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used ...

Read More

Richard Jones
02/11/17 10:33

GDPR – Keeping things simple.

  Type GDPR into Google and you will get just shy of 6 million results. Factor in the complexity of each and every article and it’s easy to see why ...

Read More

Richard Jones
31/10/17 10:27

Data Discovery: The only place to start with GDPR

To those new to GDPR, it may appear like a complex task for which there are so many actions it’s almost impossible to know where to start. I would ...

Read More

Kirsty Trainer
26/10/17 15:02

Improving Cybersecurity in the Contact Center: How to Reduce the Risk of a Breach  [Webinar]

  The negative impact of a data breach has wide reaching consequences, it’s not something that can be solved with a “Sorry” and a slap on the wrist. ...

Read More

Richard Jones
25/10/17 16:52

Five reasons why GDPR isn’t all about fines.

  Most conversations about GDPR gravitate towards the subject of fines. There are two camps; those who contend they’re a hollow threat and those who ...

Read More