Where Are Your Hackers Located?

Interestingly it doesn’t really matter. The thing to know is that they’re not located anywhere in particular. Or rather, wherever they are based geographically doesn’t matter, because they can appear to come from anywhere on the internet. And because that’s true for the attackers, it is also true for your pen testers. Although we’re based [...]

2024-05-16T12:54:29+12:0016 May 2024|

Do You Test Pens?

Do You Test Pens? “Literally, what do you do all day?” That’s a question we get from time to time, perhaps because what we do is not well understood. Well, we do pen testing. “OK, but what is that?  Do you test pens?  That sounds boring.” Yes, that would probably be boring. But no, we [...]

2024-04-03T18:30:39+12:003 April 2024|

Why caring is important in security

Why caring is important in security When I started phew, I had very clear intentions about building a solid reputation for caring. “Caring” might seem like a strange word to use when you think of tech. But when you pair it with “security”, it suddenly makes a lot of sense, and even more when you [...]

2024-03-12T08:34:36+12:0012 March 2024|

The phew Top Ten Greatest Hits (…Of Vulnerabilities)

First Up, The OWASP Top 10 Many of you who work or have backgrounds in web application development or cyber security will be familiar with the OWASP Top 10 project. The OWASP Top 10 is a standard awareness document for developers and web application security, which represents a broad consensus about the most critical security [...]

2023-05-20T08:34:32+12:0018 October 2022|

phew joins Government Marketplace for Information Security Professional Services

We are delighted to announce that phew has been recognised as an approved supplier of security services on the New Zealand Government's Marketplace, through a Collaborative Marketplace Agreement. phew has joined the Information Security Professional Services Panel alongside other approved suppliers to the Government, listed on MBIE's procurement platform, Marketplace, under the 'Source Code, Application [...]

2023-05-20T08:35:13+12:006 September 2022|

CERT NZ Quarterly Update Q1 2022

The Latest from CERT NZ What's New? CERT NZ is a central organisation that receives cyber incident reports from both individuals and businesses. It tracks attacks and incidents, and provides advice and alerts. The quarterly updates from CERT provide a valuable snapshot of what's going on with cyber security in NZ, and give us a [...]

2023-05-20T08:36:03+12:0030 May 2022|

Discovering and Patching Vulnerabilities

Background Software is constantly changing. Application and package authors tweak and update existing code more or less continually to provide features, improvements, fixes and workarounds. Also, most software is constructed, at least in part, from third party or open source components or packages, such that large parts of the code are integrated by, but not [...]

2022-03-17T11:47:50+12:0017 March 2022|

Was Kaseya A Supply-Chain Attack, And Why Does It Matter?

If the Kaseya attack was a "supply-chain attack" in terms of the industry accepted definition then it is a stretch of that definition. The distinction is important, because software supply-chain compromises are harder for customers of software solutions to detect using usual defensive measures, and generally involve exploitation techniques that fall outside the scope of [...]

2021-08-11T09:46:09+12:0010 August 2021|

Cert NZ Quarterly Update Q1 2021

What's New? Cert NZ has released its first quarterly report for 2021. The Cert NZ reports provide an interesting snapshot of recent cyber security incidents reported by both individuals and organisations in New Zealand. The latest report shows that a total of 1,431 incident reports were made to CERT NZ in the first quarter of [...]

2021-06-19T08:32:45+12:008 June 2021|

Pen-testing: The What, Why and How

Online Security Online apps and tools have become an integral part of how we live and work. If you own or run one of these systems, you will be aware of the constant threat of a cyberattack, and the risks this poses to your business. If you use cloud services you should also be aware [...]

2021-03-24T14:10:10+12:0024 March 2021|
phew cyber security sorted

We’d love to hear from you