logo.png
GET GDPR READY

Foregenix Blog

Duncan Slater

Reducing the Impact of a Breach Through Early Detection (Part 1)

How you respond to any incident can have a dramatic effect on the overall outcome and its potential on going impact.  Over this two-part series Foregenix will look to answer the question – “How well will you respond when it really matters?” covering Incident Response and the often-overlooked gap that is ‘Intrusion detection’ or as we like to call it ‘Incident Readiness.’

Read More
David Kirkpatrick

You are the Weakest Link … Goodbye!

Historically, customers have used penetration testing to test the security of their infrastructure from an external or internal perspective. For a long time, this has been the ‘de facto’ standard to test for security vulnerabilities. However, we (penetration testers), have been aware for quite some time that this is not the full story.

Read More
Jake Dennys

Identifying a Social Engineering Attack

To defend against most online threats, you need to invest heavily in third party software to keep your eCommerce environment on lock down. You can have the best security systems in the world, but one well placed social engineering attack can undo all of your hard work and render your investment useless. Being aware of what social engineering is and the potential impact it can have on your business is critical to keeping your customers safe. 

Read More
Paul Taylor

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM

Part 1 of 2 – Introduction and Background

NfSen is an open source netflow data capture and analysis module which can be used as a standalone product, and is also integrated into AlienVault’s USM/OSSIM security monitoring software.

During a penetration testing engagement for one of our clients, Foregenix discovered a zero-day vulnerability in NfSen. The zero-day allowed remote code execution as root, resulting in a total server compromise.

Read More
Duncan Slater

Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method.  The attack specifically targeted the iFrame of a popular UK Payment Service Provider (PSP). We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

Read More
Duncan Slater

Reducing the Impact of a Breach Through Early Detection (Part 1)

How you respond to any incident can have a dramatic effect on the overall outcome and its potential on going impact.  Over this two-part series Foregenix will look to answer the question – “How well will you respond when it really matters?” covering Incident Response and the often-overlooked gap that is ‘Intrusion detection’ or as we like to call it ‘Incident Readiness.’

Read More
David Kirkpatrick

You are the Weakest Link … Goodbye!

Historically, customers have used penetration testing to test the security of their infrastructure from an external or internal perspective. For a long time, this has been the ‘de facto’ standard to test for security vulnerabilities. However, we (penetration testers), have been aware for quite some time that this is not the full story.

Read More
Jake Dennys

Identifying a Social Engineering Attack

To defend against most online threats, you need to invest heavily in third party software to keep your eCommerce environment on lock down. You can have the best security systems in the world, but one well placed social engineering attack can undo all of your hard work and render your investment useless. Being aware of what social engineering is and the potential impact it can have on your business is critical to keeping your customers safe. 

Read More
Paul Taylor

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM

Part 1 of 2 – Introduction and Background

NfSen is an open source netflow data capture and analysis module which can be used as a standalone product, and is also integrated into AlienVault’s USM/OSSIM security monitoring software.

During a penetration testing engagement for one of our clients, Foregenix discovered a zero-day vulnerability in NfSen. The zero-day allowed remote code execution as root, resulting in a total server compromise.

Read More
Duncan Slater

Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle attack that we had seen executed against an iFrame redirected payment method.  The attack specifically targeted the iFrame of a popular UK Payment Service Provider (PSP). We have received numerous requests for more detailed information around how the attack was orchestrated – principally as outsourced payment models were considered largely secure – and in that light we present the details of how the attack was accomplished.

Read More

Cyber Security Insights

Jake Dennys
18/04/18 15:02

Foregenix named as finalists in The Techies 2018!

The Techie Awards 2018 are a Business Exchange initiative to celebrate the innovation and entrepreneurship of the IT community in Swindon & ...

Read More

Duncan Slater
18/04/18 10:57

Reducing the Impact of a Breach Through Early Detection (Part 2) - Incident Response vs Incident Readiness

This two-part series is focused on reducing the impact of a breach through early detection. In part one we looked at the change in mindset from ...

Read More

Paul Taylor
17/04/18 15:43

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM (Part 2)

Part 2 of 2 – Vulnerability details This is the second and final post in our series about zero-day vulnerabilities we discovered in NfSen and ...

Read More

Duncan Slater
12/04/18 13:30

Embrace Failure To Improve Your Security

Like many others this week, I have been glued to the amazing action coming from the Gold Coast, Australia, as many of the world’s top athletes ...

Read More

Duncan Slater
09/04/18 11:53

Reducing the Impact of a Breach Through Early Detection (Part 1)

How you respond to any incident can have a dramatic effect on the overall outcome and its potential on going impact.  Over this two-part series ...

Read More