Interestingly it doesn’t really matter. The thing to know is that they’re not located anywhere in particular. Or rather, wherever they are based geographically doesn’t matter, because they can appear to come from anywhere on the internet. And because that’s true for the attackers, it is also true for your pen testers. Although we’re based [...]

Do You Test Pens? “Literally, what do you do all day?” That’s a question we get from time to time, perhaps because what we do is not well understood. Well, we do pen testing. “OK, but what is that?  Do you test pens?  That sounds boring.” Yes, that would probably be boring. But no, we [...]

Why caring is important in security When I started phew, I had very clear intentions about building a solid reputation for caring. “Caring” might seem like a strange word to use when you think of tech. But when you pair it with “security”, it suddenly makes a lot of sense, and even more when you [...]

First Up, The OWASP Top 10 Many of you who work or have backgrounds in web application development or cyber security will be familiar with the OWASP Top 10 project. The OWASP Top 10 is a standard awareness document for developers and web application security, which represents a broad consensus about the most critical security [...]

We are delighted to announce that phew has been recognised as an approved supplier of security services on the New Zealand Government's Marketplace, through a Collaborative Marketplace Agreement. phew has joined the Information Security Professional Services Panel alongside other approved suppliers to the Government, listed on MBIE's procurement platform, Marketplace, under the 'Source Code, Application [...]

The Latest from CERT NZ What's New? CERT NZ is a central organisation that receives cyber incident reports from both individuals and businesses. It tracks attacks and incidents, and provides advice and alerts. The quarterly updates from CERT provide a valuable snapshot of what's going on with cyber security in NZ, and give us a [...]

Background Software is constantly changing. Application and package authors tweak and update existing code more or less continually to provide features, improvements, fixes and workarounds. Also, most software is constructed, at least in part, from third party or open source components or packages, such that large parts of the code are integrated by, but not [...]

If the Kaseya attack was a "supply-chain attack" in terms of the industry accepted definition then it is a stretch of that definition. The distinction is important, because software supply-chain compromises are harder for customers of software solutions to detect using usual defensive measures, and generally involve exploitation techniques that fall outside the scope of [...]

What's New? Cert NZ has released its first quarterly report for 2021. The Cert NZ reports provide an interesting snapshot of recent cyber security incidents reported by both individuals and organisations in New Zealand. The latest report shows that a total of 1,431 incident reports were made to CERT NZ in the first quarter of [...]