logo.png
Guided Website Threat Review

Foregenix Blog

Duncan Slater

Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method.  The attack specifically targeted the iFrame of a popular UK Payment Service Provider (PSP). We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

Read More
Benjamin Hosack

TeamViewer Used to Attack Leading Footwear Retailer

Indicators of compromise

,10/06/16 09:26

TeamViewer has been all over the news in the last few days with “significant” numbers of  TeamViewer clients expressing/venting on Reddit, Twitter and other social media channels.  TeamViewer has denied that there has been a breach of their systems and instead has pointed to “mega-breaches” of social networks and users using the same account credentials across multiple platforms.  Coincidentally, Foregenix has recently completed a case study involving compromised TeamViewer credentials.

Read More
Kirsty Trainer

Malware Alert: iFrame Interception attack affecting websites with outsourced payment models

For those unfamiliar with the concept of outsourced payment models, it is essentially the adoption and implementation of eCommerce payment services from commercial Payment Service Providers (PSP) rather than merchants handling the payments themselves. You have probably experienced the concept when you suddenly get whisked off to a different site to present your payment details and then revert back to the eCommerce website once payment has been made. The idea of this being to make sure payment details pass directly from the consumer to the payment service provider who has had their operational security reviewed and certified as PCI DSS compliant. 

Read More

Data Compromise and PCI Compliance


The South African fast food industry experienced a massive data compromise back in 2013 – as a result Foregenix was called in to investigate and find out exactly how the hackers managed to get in, how much they stole, when they stole the data and how did they go undetected for so long.

Read More
Richard Jones

Space Tourism: What Can The Payment Industry learn?


Space Tourism and Payments

The loss of the Virgin Galactic Space Capsule will go down in history as one of many tragic accidents that have resulted from man’s desire to push the boundaries of flight. If any industry possesses ‘bounce-back-ability’ then it’s aerospace. Indeed there is a lot that the Payments industry can learn from aviation when it comes avoiding the same mistakes being made twice.

Read More
Duncan Slater

Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method.  The attack specifically targeted the iFrame of a popular UK Payment Service Provider (PSP). We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

Read More
Benjamin Hosack

TeamViewer Used to Attack Leading Footwear Retailer

Indicators of compromise

,10/06/16 09:26

TeamViewer has been all over the news in the last few days with “significant” numbers of  TeamViewer clients expressing/venting on Reddit, Twitter and other social media channels.  TeamViewer has denied that there has been a breach of their systems and instead has pointed to “mega-breaches” of social networks and users using the same account credentials across multiple platforms.  Coincidentally, Foregenix has recently completed a case study involving compromised TeamViewer credentials.

Read More
Kirsty Trainer

Malware Alert: iFrame Interception attack affecting websites with outsourced payment models

For those unfamiliar with the concept of outsourced payment models, it is essentially the adoption and implementation of eCommerce payment services from commercial Payment Service Providers (PSP) rather than merchants handling the payments themselves. You have probably experienced the concept when you suddenly get whisked off to a different site to present your payment details and then revert back to the eCommerce website once payment has been made. The idea of this being to make sure payment details pass directly from the consumer to the payment service provider who has had their operational security reviewed and certified as PCI DSS compliant. 

Read More

Data Compromise and PCI Compliance


The South African fast food industry experienced a massive data compromise back in 2013 – as a result Foregenix was called in to investigate and find out exactly how the hackers managed to get in, how much they stole, when they stole the data and how did they go undetected for so long.

Read More
Richard Jones

Space Tourism: What Can The Payment Industry learn?


Space Tourism and Payments

The loss of the Virgin Galactic Space Capsule will go down in history as one of many tragic accidents that have resulted from man’s desire to push the boundaries of flight. If any industry possesses ‘bounce-back-ability’ then it’s aerospace. Indeed there is a lot that the Payments industry can learn from aviation when it comes avoiding the same mistakes being made twice.

Read More

Cyber Security Insights

Duncan Slater
26/05/17 14:08

“Mind the Gap” – As a Small eCommerce Business, Who is Responsible for Your Security?

  Major corporations spend hundreds of thousands of pounds and in some cases employ teams of people dedicated to manage and ensure the security of ...

Read More

Kirsty Trainer
23/05/17 10:48

8 Critical Steps to Reduce the Risk of Ransomware Infection

The WannaCry ransomware infestation is a wake-up call for all entities connected to public networks, such as the internet, to recognise ...

Read More

Mike Hinton
16/05/17 17:24

Foregenix announce new partnership with Juno Web Design

We’re delighted to announce a new partnership between ourselves and Nottinghamshire based agency ‘Juno’. With the rapidly increasing threat to ...

Read More

Kirsty Trainer
05/05/17 09:42

Foregenix choose Australia as launch pad for Asia Pacific expansion

Foregenix are setting-up a new base in Australia, targetting the Asia Pacific region for growth. The new office in Sydney will open in May and be ...

Read More

Kirsty Trainer
11/04/17 12:03

New survey shows 78% of eCommerce websites at risk

47,000 out of 60,000 websites missing critical security patches Over 3,000 are already hacked and losing customer data now External security scans ...

Read More