logo.png
WEBSITE SECURITY HEALTH CHECK

Foregenix Blog

Jake Dennys

Foregenix Launch New Webscan Service!

Externally Scan Your Site For Free Now

Recently our security experts have been busy overhauling our free external scanning tool. Having done some fine tuning, added a plethora of new scanning capabilities and given it a lick of new paint, it's now ready for the public! 

Those of you familiar with our older scanning tool will notice a big difference. The traffic light risk system has been expanded to include a score as well as a new graph so that you can track your results over time (or, have one of our security team email results to you weekly, at no cost). Our scanner is now able to present even more information about Magento based websites, making it - we believe - the most comprehensive Magento malware scanner available. It also checks for valid SSL certificates; if a website isn't 'https' it's flagged as unsafe.

 

Alongside changes to the initial results, we've also added some handy tabs underneath the results so that you can gain a deeper insight into any potential vulnerabilities the scanner may flag up.

 

 

As industry leaders in cybersecurity, we take an active interest in the threat landscape. In a bid to learn more about what the current state of play was for Magento, we put our new scanner to good use.  We ran it against 217,946 Magento websites and found that 5% were hacked and harbouring credit card harvesting malware, subsequently leaking cardholder data to third party attackers.
Read More

Facebook Ads Extension for Magento Leaking Magento Version

When looking for new websites to target, a typical hacker will try to find sites which will require as little effort as possible for them to breach. Ideally they are looking for sites that are running outdated versions of frameworks such as Magento and WordPress, which may be missing critical security patches. Once they have identified a site like this they can usually use a pre-made exploit instead of having to craft their own code to gain access to the server.

Read More
Alex Constantinou

New malware affecting Zend Framework.

New forms of malware are being created and identified every day; discovering and exploiting vulnerabilities can be a lucrative business. 2014 saw 317 million new pieces of malware, equating to nearly 1 million new threats being released each day according to the Symantec Threat Report.  

Read More
Mike Hinton

Is My Hosting Provider Protecting My Website?

Recently, it was discovered that over 14 million Verizon customers data, including PIN’s, had been exposed on an unprotected web server.  Three million WWE fan’s personal information was left exposed when it was discovered to be on an unprotected web server.  Both of these took place in the same month.  It happens more often than you’d think and the solution can be as simple as talking to your hosting provider.

Read More
Ewan Gardner

Anatomy Of A Magento Attack: Froghopper

 

Magento is the most popular eCommerce web application in the world, with an estimated 236,000 live websites using the Content Management System (CMS)[1]. Available in both paid-for “enterprise” versions and free “community” versions, it powers some of the world's most popular websites including Huawai[2], Land Rover[3] and Helly Hansen[4]. However, common eCommerce platforms make popular targets for hackers and thieves looking to steal payment card information.

Like any web application, attackers will always look to exploit vulnerabilities in the underlying code before researchers can identify them and developers can fix them, but even an up-to-date and fully patched system can be left vulnerable if it is not configured properly or merchants do not follow information security best practice.

Read More
Jake Dennys

Foregenix Launch New Webscan Service!

Externally Scan Your Site For Free Now

Recently our security experts have been busy overhauling our free external scanning tool. Having done some fine tuning, added a plethora of new scanning capabilities and given it a lick of new paint, it's now ready for the public! 

Those of you familiar with our older scanning tool will notice a big difference. The traffic light risk system has been expanded to include a score as well as a new graph so that you can track your results over time (or, have one of our security team email results to you weekly, at no cost). Our scanner is now able to present even more information about Magento based websites, making it - we believe - the most comprehensive Magento malware scanner available. It also checks for valid SSL certificates; if a website isn't 'https' it's flagged as unsafe.

 

Alongside changes to the initial results, we've also added some handy tabs underneath the results so that you can gain a deeper insight into any potential vulnerabilities the scanner may flag up.

 

 

As industry leaders in cybersecurity, we take an active interest in the threat landscape. In a bid to learn more about what the current state of play was for Magento, we put our new scanner to good use.  We ran it against 217,946 Magento websites and found that 5% were hacked and harbouring credit card harvesting malware, subsequently leaking cardholder data to third party attackers.
Read More

Facebook Ads Extension for Magento Leaking Magento Version

When looking for new websites to target, a typical hacker will try to find sites which will require as little effort as possible for them to breach. Ideally they are looking for sites that are running outdated versions of frameworks such as Magento and WordPress, which may be missing critical security patches. Once they have identified a site like this they can usually use a pre-made exploit instead of having to craft their own code to gain access to the server.

Read More
Alex Constantinou

New malware affecting Zend Framework.

New forms of malware are being created and identified every day; discovering and exploiting vulnerabilities can be a lucrative business. 2014 saw 317 million new pieces of malware, equating to nearly 1 million new threats being released each day according to the Symantec Threat Report.  

Read More
Mike Hinton

Is My Hosting Provider Protecting My Website?

Recently, it was discovered that over 14 million Verizon customers data, including PIN’s, had been exposed on an unprotected web server.  Three million WWE fan’s personal information was left exposed when it was discovered to be on an unprotected web server.  Both of these took place in the same month.  It happens more often than you’d think and the solution can be as simple as talking to your hosting provider.

Read More
Ewan Gardner

Anatomy Of A Magento Attack: Froghopper

 

Magento is the most popular eCommerce web application in the world, with an estimated 236,000 live websites using the Content Management System (CMS)[1]. Available in both paid-for “enterprise” versions and free “community” versions, it powers some of the world's most popular websites including Huawai[2], Land Rover[3] and Helly Hansen[4]. However, common eCommerce platforms make popular targets for hackers and thieves looking to steal payment card information.

Like any web application, attackers will always look to exploit vulnerabilities in the underlying code before researchers can identify them and developers can fix them, but even an up-to-date and fully patched system can be left vulnerable if it is not configured properly or merchants do not follow information security best practice.

Read More

Cyber Security Insights

Jake Dennys
10/08/18 09:17

Foregenix Launch New Webscan Service!

Recently our security experts have been busy overhauling our free external scanning tool. Having done some fine tuning, added a plethora of new ...

Read More

Jake Dennys
09/08/18 11:49

P2PE: How, what and why – The PCI SSC Latin America Forum.

We’re excited to be showcasing a Point-to-Point-Encryption led presentation at the PCI SSC Latin America Forum on August 15th. As industry leaders ...

Read More

Jake Dennys
16/07/18 11:38

Stronger and more frequent Brute Force Attacks are now the norm

Brute force attacks have plagued the internet for years. It’s a fairly simple concept; attempt every combination of words/numbers until the right one ...

Read More

Jake Dennys
11/07/18 10:31

Foregenix Place #4 In The Growth 100!

It’s been an exciting year for us, awarded consultancy practice of the year and best tech security; then named in the Sunday Times Export Track 100 ...

Read More

Jake Dennys
09/07/18 09:47

Digital Forensics in the Asia-Pacific region

As a global cybersecurity company, we are constantly striving to provide a better service for our clients. We are happy to report that our Digital ...

Read More