Profile

Cover photo
Benj Hosack
Works at Foregenix
Attended University of Cape Town
162 followers|155,067 views
AboutPostsPhotosYouTube+1's

Stream

Benj Hosack

Shared publicly  - 
 
Anyone looking for PCI help?  Try our PCI Surgery!
We've seen an increasing number of businesses, from e-commerce, hospitality and Mail Order Telephone Order (MOTO) spaces, falling victim to malicious attacks. We understand the challenges that organisations face in becoming PCI DSS Compliant and we want to help.
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
 
Top 10% of Hubspot Customers Convert 90.57% Of Their Leads To Customers

It’s interesting to take note of the 5000 +HubSpot conversions metrics: 

**
Top 10% of HubSpot Customers get's 148,240 visits, 7.6% visitors convert to leads, they have 11,262 inbound leads, lead to customer conversion is 90.57% with 10,200 monthly customers. 

*The top 50% convert more than 427 customers from 33 978 web visitors. See the results from Hubspot below. *


+HubSpot is the solution provider | recommend for the marketing agency business plan I am busy with.
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
 
5% of Magento websites scanned at www.Foregenix.com/magento have been hacked and compromised

With hundreds of Magento-hosted e-businesses at risk from fraudulent hackers through the use of rogue plug-ins, an online website security scanner has confirmed 5% of 350 websites tested have been compromised. 

Following an investigation into breached ecommerce merchants, Foregenix identified the fake plug-ins running on the Magento platform, posing a threat of data compromise to ecommerce businesses. 

Read more http://foregenix.com/news-article-11.php

#Magento   #malware   #cyber   #security  
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
Latest alert out of +Foregenix
 
Hundreds of Magento-Hosted Businesses Have Used Foregenix's Scanner to Identify Rogue Plug-Ins

With hundreds of Magento-hosted e-businesses at risk from fraudulent hackers through the use of rogue plug-ins, an online website security scanner has confirmed 5% of 350 websites tested have been compromised. 

Following an investigation into breached ecommerce merchants, Foregenix identified the fake plug-ins running on the Magento platform, posing a threat of data compromise to ecommerce businesses. 

Read more http://foregenix.com/news-article-11.php
Foregenix is an independent, specialised information security business
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
 
EU Data Protection Compliance

Interesting article and info graphic from +Trend Micro on the EU Data Protection Directive.  Not many businesses seem to be aware of (and much less prepared for) the EU Data Protection Directive.  Worth reading and analysing how it could affect your business. 

http://www.trendmicro.com/vinfo/us/security/news/online-privacy/a-visual-guide-to-the-eu-data-protection-law?utm_source=GoSocial%20Trend%20Micro&utm_medium=MTI&utm_campaign=GoSocial%20Trend%20Micro 
1
Add a comment...
Have him in circles
162 people
Alentejo Cottage Rental - Portugal's profile photo
Ira Hz's profile photo
Colleen Hanmer's profile photo
Harriet Rochester's profile photo
peter “Pete” magazine's profile photo
Explore Azerbaijan's profile photo
Dan Tallant (Dime)'s profile photo
Richard E's profile photo
Paul Morrison's profile photo

Benj Hosack

Shared publicly  - 
 
A great deal has been discussed about the security benefits of using a hosted payment page - or a re-direct payment page - and it is the recommended approach from the industry leaders to small-to-medium sized businesses looking for a secure way to transact online.
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
Foregenix offer for Magento websites looking for ways to secure their online business!
 
Magento websites offered protection from web attacks

5% of websites scanning themselves using the free scanner at Foregenix.com/magento have been compromised by rogue modules. With the number of websites scanning themselves growing rapidly, so too are the numbers of compromised websites.

e-Commerce businesses are seeing a significant increase in traffic and the resulting business - with Christmas around the corner, the numbers are about to grow even quicker (all being well!).  

This is great news for the industry; however, on the flip side of the coin, forensic businesses like Foregenix are seeing growing numbers of SME businesses getting hacked and having their data stolen – a nightmare scenario for any SME (think reputation damage, legal and compliance costs, card scheme fines, fraud liabilities etc).

Deploying effective security on a website will deter over 95% of the most prevalent attacks, making business online safer and far more profitable.

The kind of security controls that websites should have to protect their business, their client personal data and their client payment data are:
 *- Advanced Web Application Firewall* – properly configured and managed, a web application firewall will deter the vast majority of website attacks.
 *- File Change Monitoring* – changes made to a website are ok if they are made by you/your developer. Changes are NOT ok if neither of you made them.  You need to know when something changes on your website.
 *- Log monitoring* – storing a log of all activity on your website is key to detecting attacks and enabling you to defend. 
 *- Cardholder data scans* – any sign of unprotected credit or debit cardholder data on your website is a strong sign of problems. A cardholder data scan will pick up issues quickly so that they can be dealt with before you have a bigger problem of data theft to deal with.
 *- Malware Protection* – you invest a lot time and money in getting your SEO working as well as possible.  With your high visitor numbers, your’re a perfect target for criminals to use to distribute malware. If this happens, you will very quickly find that all your SEO efforts and investment will amount to nothing as your site gets blacklisted by the search engines. You need to protect your website (and your visitors) from this threat.

Foregenix provides all of this protection and more with our Web Shield solution – in a simple to deploy package that our support team are on standby to help you with.

We’re making Web Shield – eStore Protect (our top end solution) FREE for all Magento websites to use for 30 days – there is no obligation at all (no credit card needed).

Web Shield is simple to deploy (and remove if you’re not satisfied with it!) and provides enterprise-grade security for small to medium sized businesses – security that most small to medium sized businesses do not have.  

Within hours of having Web Shield deployed, you will become aware of the threats that your website faces daily.  As an example, we have found that the average time between deploying Web Shield and having it block an attack is under 1 hour.   

To take advantage of this offer, please email support@foregenix.com with subject  “Web Shield For Magento” and we’ll get you protected.  (Or reply to this post on Google+)

This offer is available until 31 December 2014.

For information on Web Shield – eStore Protect
http://www.foregenix.com/security-essentials-web-shield-comparison.php

To scan your Magento website for rogue modules
www.foregenix.com/magento

#magento     #cybersecurity   #websecurity  
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
 
e-Commerce Fraud in the UK jumps 23% in comparison with 2013 data.  With 74% of Britons spending online, British e-Comm businesses are seeing a boom.  But evidently so are hackers - SMB businesses need to harness the boom times with a secure website!

Interesting read: 
http://www.msn.com/en-gb/money/personalfinance/card-fraud-hits-record-£1745m/ar-BB3mOVn 

For enterprise-grade website protection and monitoring for SMB e-Commerce Businesses, go to Foregenix Web Shield:
http://foregenix.com/security-essentials-web-shield.php

#cybersecurity   #ecommerce   #fraud  
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
If you have a magento-based website, get it scanned at www.foregenix.com/magento to see if it has been hacked using rogue modules.
 
5% of Magento websites scanned at www.Foregenix.com/magento have been hacked and compromised

With hundreds of Magento-hosted e-businesses at risk from fraudulent hackers through the use of rogue plug-ins, an online website security scanner has confirmed 5% of 350 websites tested have been compromised. 

Following an investigation into breached ecommerce merchants, Foregenix identified the fake plug-ins running on the Magento platform, posing a threat of data compromise to ecommerce businesses. 

Read more http://foregenix.com/news-article-11.php

#Magento   #malware   #cyber   #security  
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
 
Malware Breach - are you the next to be hit?

Retailers have good reason to be concerned that their business systems are becoming the focus of the cyber criminal community efforts.  After all, +Target, +Staples, +Kmart , +Dairy Queen, +The Home Depot and many other high profile businesses have recently been compromised, resulting in huge volumes of customer data being stolen.  You may be thinking ‘They are all in the US and we’re not, so we’re aren’t at risk…” If so, you’re missing very clear warning signals - and you're wrong.  

These attacks ARE happening in other markets - we have seen similar attacks in South Africa and the UK in recent weeks.

Foregenix is a forensic specialist and we encounter businesses on a daily basis that have had their customer data stolen.  Increasingly the attacking trend is to compromise the perimeter defenses, identify the assets (cardholder data in the payments industry), deploy custom-written malware to harvest the data and get rich quick by selling the proceeds.

It sounds easy doesn’t it?  That’s because it is!  Retailers are only the tip of the iceberg and certainly not the only type of organisation that we have seen being targeted. Payment service providers, acquiring banks and issuing banks all fall victim to compromises too, often through exceedingly clever means, with increasingly complex and targeted malware – the kind that your anti-virus and anti-malware solutions do not detect.

Using a retail environment as an example (but you could apply this equally across hospitality, travel, financial services and so on), the target organisation is usually operating a distributed, complex environment with multiple services running across the organisation – one of which is payments.  Often there will be out-dated systems within the environment, flat networks to deal with, minimal or no information security expertise and a very tight IT security budget to put towards defending the company assets. All of these challenges cumulate to create an inadequately defended environment which therefore serves as a perfect target against which to launch an attack.  

This is a pattern which has been consistently spotted by our forensic practice. Unfortunately, by the time we get called to investigate, the crime has already been committed, the loot sold, leaving the victim to clean up the mess and face the liabilities that come from losing their client data.

We’re facing an increasingly intelligent adversary and our tactics need to improve if we are to be successful in defending our businesses.  

As can be seen in our recent talks on the forensic case we performed in South Africa – the cyber criminals perfected their attack methodology and malware in a coordinated attack against a few hundred South African businesses before going on to attack and compromise Target.  Yes, the malware and attack vectors were very similar with what information we have gleaned on the Target breach.  We believe that we will be seeing a lot more compromises like these.

How do you defend against these cyber criminals?

The simple answer is by having great security in place.

The PCI DSS provides a prescriptive guide on what should be in place, at a minimum, to be running an effective security operation.  Defence in depth will enable organisations to identify “problems” early on, enabling them to shut down the attack quickly.  This requires technology and people who know what they are doing.

For organisations who are some way off getting the right kind of controls in place and are worried about the fidelity of their customer data, Foregenix can help – we developed Serengeti to identify, report and manage indicators of compromise, with custom-malware detection, monitoring and mitigation being one of core components . Serengeti is utilised to great effect by our forensic team (and clients) to rapidly mitigate attacks – both proactively and reactively.  

You can find out more at : http://foregenix.com/serengeti.php 

The potential costs of a breach - great info graphic on the +Target  breach: http://uk.pinterest.com/pin/412642384581827846/

This article outlines some of the malware we're fighting: http://www.wired.com/2014/09/ram-scrapers-how-they-work/ 

Please get in touch with us if you're concerned your business systems may be under attack.  We are one of the leading forensic teams globally and have a fantastic team on standby.
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
 
Drupal Website Vulnerability Alert - if you have a Drupal website, read this alert NOW!

Drupal has recently made two announcements regarding the security of their version 7 platform that Drupal users NEED to be aware of. 

The first announcement was that a CRITICAL SQL Injection vulnerability was identified in Drupal 7. This announcement prompted systematic attacks against Drupal websites by criminals hoping to exploit the vulnerability to steal sensitive data from the website owners, including:

 - Usernames
 - Passwords
 - Customer personal data
 - Credit and debit cardholder data
 - Anything else that could be stored within the website’s SQL databases

Read more at: http://foregenix.com/drupal

#websecurity   #drupal  
1
Add a comment...

Benj Hosack

Shared publicly  - 
 
 
Malware Breach - are you the next to be hit?

Retailers have good reason to be concerned that their business systems are becoming the focus of the cyber criminal community efforts.  After all, +Target, +Staples, +Kmart , +Dairy Queen, +The Home Depot and many other high profile businesses have recently been compromised, resulting in huge volumes of customer data being stolen.  You may be thinking ‘They are all in the US and we’re not, so we’re aren’t at risk…” If so, you’re missing very clear warning signals - and you're wrong.  

These attacks ARE happening in other markets - we have seen similar attacks in South Africa and the UK in recent weeks.

Foregenix is a forensic specialist and we encounter businesses on a daily basis that have had their customer data stolen.  Increasingly the attacking trend is to compromise the perimeter defenses, identify the assets (cardholder data in the payments industry), deploy custom-written malware to harvest the data and get rich quick by selling the proceeds.

It sounds easy doesn’t it?  That’s because it is!  Retailers are only the tip of the iceberg and certainly not the only type of organisation that we have seen being targeted. Payment service providers, acquiring banks and issuing banks all fall victim to compromises too, often through exceedingly clever means, with increasingly complex and targeted malware – the kind that your anti-virus and anti-malware solutions do not detect.

Using a retail environment as an example (but you could apply this equally across hospitality, travel, financial services and so on), the target organisation is usually operating a distributed, complex environment with multiple services running across the organisation – one of which is payments.  Often there will be out-dated systems within the environment, flat networks to deal with, minimal or no information security expertise and a very tight IT security budget to put towards defending the company assets. All of these challenges cumulate to create an inadequately defended environment which therefore serves as a perfect target against which to launch an attack.  

This is a pattern which has been consistently spotted by our forensic practice. Unfortunately, by the time we get called to investigate, the crime has already been committed, the loot sold, leaving the victim to clean up the mess and face the liabilities that come from losing their client data.

We’re facing an increasingly intelligent adversary and our tactics need to improve if we are to be successful in defending our businesses.  

As can be seen in our recent talks on the forensic case we performed in South Africa – the cyber criminals perfected their attack methodology and malware in a coordinated attack against a few hundred South African businesses before going on to attack and compromise Target.  Yes, the malware and attack vectors were very similar with what information we have gleaned on the Target breach.  We believe that we will be seeing a lot more compromises like these.

How do you defend against these cyber criminals?

The simple answer is by having great security in place.

The PCI DSS provides a prescriptive guide on what should be in place, at a minimum, to be running an effective security operation.  Defence in depth will enable organisations to identify “problems” early on, enabling them to shut down the attack quickly.  This requires technology and people who know what they are doing.

For organisations who are some way off getting the right kind of controls in place and are worried about the fidelity of their customer data, Foregenix can help – we developed Serengeti to identify, report and manage indicators of compromise, with custom-malware detection, monitoring and mitigation being one of core components . Serengeti is utilised to great effect by our forensic team (and clients) to rapidly mitigate attacks – both proactively and reactively.  

You can find out more at : http://foregenix.com/serengeti.php 

The potential costs of a breach - great info graphic on the +Target  breach: http://uk.pinterest.com/pin/412642384581827846/

This article outlines some of the malware we're fighting: http://www.wired.com/2014/09/ram-scrapers-how-they-work/ 

Please get in touch with us if you're concerned your business systems may be under attack.  We are one of the leading forensic teams globally and have a fantastic team on standby.
1
Add a comment...
People
Have him in circles
162 people
Alentejo Cottage Rental - Portugal's profile photo
Ira Hz's profile photo
Colleen Hanmer's profile photo
Harriet Rochester's profile photo
peter “Pete” magazine's profile photo
Explore Azerbaijan's profile photo
Dan Tallant (Dime)'s profile photo
Richard E's profile photo
Paul Morrison's profile photo
Work
Occupation
Co-founder of Foregenix
Employment
  • Foregenix
    Co-Founder & Director, 2009 - present
  • Trustwave
    2007 - 2009
  • One-SEC
    2004 - 2007
  • Dimension Data Holdings
    1999 - 2003
Basic Information
Gender
Male
Story
Tagline
Love Family | Love Friends | Love Business | Love Sport
Education
  • University of Cape Town
    Economics, 1996 - 1998
  • Peterhouse, Zimbabwe
    High School, 1989 - 1994
Benj Hosack's +1's are the things they like, agree with, or want to recommend.
New Foregenix PCI Surgery Initiative
blog.foregenix.com

We've seen an increasing number of businesses, from e-commerce, hospitality and Mail Order Telephone Order (MOTO) spaces, falling victim to

Website Re-Direct Payments... Secure or Not?
blog.foregenix.com

A great deal has been discussed about the security benefits of using a hosted payment page - or a re-direct payment page - and it is the rec

Retailers…How Secure Is Your Data?
blog.foregenix.com

Retailers have good reason to be concerned that their business systems are becoming the focus of cyber criminal community efforts. After all

Strava Cycling
market.android.com

Track your progress and challenge your friendsRecord all your rides, analyze your performance and see how you stack up against friends and l

TripIt Travel Organizer Free
market.android.com

TripIt is the world’s easiest way to organize and share your travel plans. No more searching through your inbox to find your airline reserva

The Making of a 20-Something Multimillionaire Serial Entrepreneur | Entr...
www.entrepreneur.com

Gurbaksh Chahal shares insight on staying competitive and why his $300 million sale to Yahoo wasn't what changed his outlook on business and

YouTube - One Million Heineken Hugs
www.youtube.com

Create AccountSign In. Home. BrowseFilmsUpload. Hey there, this is not a commercial interruption. You're using an outdated browser, whic

G+Decoded: Google+ Marketing Made Easy
plus.google.com

Google Plus Marketing | Google Plus Business Services | Google Plus Personal Branding

Foregenix - specialist in Credit Card Account Data Discovery, QSA and QF...
www.foregenix.com

Foregenix is an independent, specialist information security business.

Foregenix - specialist in Credit Card Account Data Discovery, QSA and PF...
www.foregenix.com

Foregenix is a specialist, independent, QSA and PFI specialising in assisting acquirers, service providers, application providers and mercha

Foregenix - specialist in Credit Card Account Data Discovery, QSA and PF...
www.foregenix.com

Point-to-point encryption (P2PE) certification services to assist P2PE solution providers.

Forensic Investigations and Incident Response
www.foregenix.com

Foregenix has one of most experienced forensic teams globally and has carried out numerous Account Data Compromise investigations across the

Federer fights back to beat Benneteau in five set thriller to keep title...
www.dailymail.co.uk

Perhaps it was the Centre Court roof being closed, perhaps it was just the refusal of Roger Federer to give in, but it seems lightning canno

PCI Forensics
www.foregenix.com

Foregenix Forensics Update. Latest information being seen by our Forensic Team.

Foregenix Newsletter: Focus on CSR
us2.campaign-archive2.com

Charity of the year. Based on the most popular vote amongst the Foregenix team, we will be supporting The Multiple Sclerosis Society in 2012

Foregenix Security Training Courses
www.foregenix.com

We provide customisable training on PCI DSS, PA-DSS and general information security.

Barclays: 97 percent of data breaches still due to SQL injection
www.itworld.com

SQL injection attacks have been around for more than ten years, and security professionals are more than capable of protecting against them;

21 Steps to Awesomeness
tombasson.wordpress.com

As I was checking out my blog stats the other day I realised that many of my most popular posts all have something in common: NUMBERS. Check

Colin's IT Technology Blog » 7 Things Highly Productive People Do
www.colins-it.co.uk

thanks to Inc. for sharing this. Here are some awesome tips for staying productive. Work backwards from goals to milestones to tasks. Writin