Customer Detailed Report Mfa Mayoreo Ferreteria y Acabados 2023-10-18

Security report for MFA
Mayoreo Ferreteria y
Acabados
This report provides a detailed overview of key factors of MFA Mayoreo
Ferreteria y Acabados's overall security posture.
Date Report for Issued by
Oct 18, 2023 MFA Mayoreo Ferreteria y ITX Latam - MSSP Account
Acabados
This report has been generated using UpGuard. If you have any questions, please contact support@upguard.com.
Security report for MFA Mayoreo Ferreteria y Acabados MFA Mayoreo Ferreteria y Acabados (mfamayoreo.com)
Intr
Introduction
oduction
UpGuard continuously monitors the security posture of MFA Mayoreo Ferreteria y Acabados using open-source, commercial, and proprietary
threat intelligence feeds. Our analysis is centered on objective, externally verifiable information.
This report provides rich context for each identified risk, enabling you to make better decisions faster. We do this by intelligently grouping risks
into one of five categories: website security, brand & reputation risk, network security, email security, and phishing & malware. Each identified
risk is given a severity, name, risk type, and the number of domains impacted. By default, findings are sorted by severity, with the highest
critical severity items at the top.
The results outlined below are based on our assessment on Oct 18, 2023 and are intended to provide an overview of MFA Mayoreo Ferreteria y
Acabados’s externally visible attack surface. The results are summarized into a security rating which provides a quantitative measure of MFA
Mayoreo Ferreteria y Acabados’s security posture.
In addition to this PDF report, you can find an always up to-date assessment of MFA Mayoreo Ferreteria y Acabados on the UpGuard platform
where additional information, our knowledge base, and other tools are available. To obtain online access to your UpGuard account, please
contact your account administrator or reach out to us at support@upguard.com.
Security report for MFA Mayoreo Ferreteria y Acabados | upguard.com Page 2/13
Ho
Howw ar
aree UpGuar
UpGuard's
d's security rratings
atings calculat
calculated?
ed?
UpGuard uses advanced algorithms to determine the security Our security ratings range from A to F:
posture of millions of organizations every day. As noted above, we
use threat signals gathered from trusted commercial, open-source, 801-950
and proprietary sources. We also support the use of targeted Organization has a robust security posture and good attack
security questionnaires to more deeply assess the posture of your surface management.
customers. These signals are grouped together to identify threats
and issues in an attack surface that could result in a security 601-800
incident. Signals we pay attention to include things like open ports, Organization has basic security controls in place but could have
DNS configuration, known data breaches, and hundreds of other large gaps in their security posture.
vectors including:
401-600
Susceptibility to man-in-the-middle attacks
Organization has poor security controls and has serious issues
Insecure SSL/TLS certificates that need to be addressed.
SPF, DKIM and DMARC settings 201-400

Organization has severe security issues and should not
HTTP Strict Transport Security (HSTS) process any sensitive data.
Email spoofing and phishing risk 0-200

Organization has not invested in basic security controls and
Vulnerabilities should not be used.
Malware susceptibility
Any risks we find are given a severity rating from low to critical:
Open admin, database, and file sharing ports
Critical risks
Exposure to known data breaches and data leaks Critical risks or vulnerabilities that place the business at
immediate risk of data breaches.
Secure cookie configuration
High risks
Our ability to combine these signals in real-time is what makes
Severe risks that should be addressed immediately to protect
UpGuard so effective: cybersecurity is a domain where small
the business.
improvements can make a big difference. By following our
suggestions you can reduce the risk of sensitive data exposures,
leaked credentials, and other security incidents. Medium risks
Unnecessary security risks that could lead to more serious
When assessing your security performance, we recommend vulnerabilities.
beginning with your overall security rating. As a general rule of
thumb, here is how our A-F ratings correspond to your security Low risks
posture: Areas of improvement to reduce risks and improve the
business’ security rating.
Compan
Companyy pr
profile
ofile
Name MFA Mayoreo Ferreteria y Acabados
Primar
Primaryy domain mfamayoreo.com
Tier Untiered
Por
ortf
tfolios
olios Customers
Assessment summar
summaryy
Overall security rating
OVERALL SECURITY RATING
740 / 950
MFA Mayoreo Ferreteria y Acabados has basic security controls in place but could have large gaps in their security posture.
Security rating by category
Website Security Email Security Network Security Phishing & Malware Brand & Reputation
Risk
718 534 908 950 950
Security rating (last 12 months)
Your rating
Risk count by severity

CATEGORY Brand & Reputation
Website Security Email Security Network Security Phishing & Malware
SEVERITY Risk
Critical 0 - - - - -
High 1 - 1 - - -
Medium 3 3 - - - -
Low 2 1 - 1 - -
Risk category breakdown
Websit
ebsitee security
Website security identifies potential attack vectors like vulnerabilities, cross-site scripting,
CURRENT RISKS BY SEVERITY
susceptibility to man-in- the-middle attacks, and other exploits. Any successful exploit can
Critical Risk High Risk Medium Risk Low Risk
impact business, customers, and regulatory compliance.
0 0 3 1
CATEGORY RATING
718 / 950
Website security risk breakdown

Risk Affected Over view Recommendation
HTTP Strict Transport Security 1 asset Websites are not enforcing HTTP Strict Transport Configure the website to enforce HSTS by setting up
(HSTS) not enforced Security (HSTS). Without enforcing HSTS, visitors the Strict-Transport-Security header, which ensures
are susceptible to certain man-in-the-middle browsers will only communicate over HTTPS.
attacks.
X-Frame-Options is not deny or 1 asset Impacted domains allow browsers to display their The website needs to set the X-Frame-Options
sameorigin content in frames. This can lead to clickjacking header to deny or sameorigin. Alternatively,
attacks. configure a Content Security Policy with the frame-
ancestors directive. This will prevent browsers from
displaying the website's content in frames.
CSP is not implemented 1 asset Impacted domains do not have a valid Content A Content Security Policy for this website should be
Security Policy implemented. This increases the designed and implemented.
risk of XSS and clickjacking attacks.
X-Content-Type-Options is not 1 asset Impacted domains are not preventing MIME The website needs to set the X-Content-Type-
nosniff sniffing by setting the X-Content-Type-Options Options header to nosniff. This will prevent browsers
header to nosniff. This can lead to MIME confusion from interpreting files as a different MIME type than
attacks. what is specified in the Content-Type HTTP Header.
CAA not enabled 1 asset The domain does not contain a valid CAA record. Where possible, specify the Certificate Authorities
that are authorized to issue certificates for this
domain in a CAA DNS record.
Weak cipher suites supported in 1 asset The impacted domains support weak cipher suites Ensure only secure ciphers are supported by the
TLS 1.2 in TLS 1.2. server.
Email security
Email security is an important part of enterprise risk management. Email is a popular
medium for spreading malware and conducting social engineering attacks. Inadequate
email security makes it easy for attackers to send malicious email on a domain’s behalf,
increasing the efficacy of phishing and other business email compromise attacks. 0 1 0 0
CATEGORY RATING
534 / 950
Email security risk breakdown

DMARC policy not found 1 asset We didn't find a DMARC policy associated with The domain owner needs to add a DMARC policy to
some domains. The purpose and primary outcome these domains. This will provide a mechanism to
of implementing DMARC is to protect a domain authenticate the domain in the From header based
from being used in business email compromise on their SPF and DKIM records.
(BEC) attacks, phishing emails, email scams and
other email threats.
Netw
Network
ork security
Network security identifies externally-facing, insecure network settings that can enable
man-in-the-middle attacks, and aid in the spread of self-replicating computer worms such
as WannaCry. These worms exploit known vulnerabilities in the services that run behind
open ports to spread. By fixing network issues, there is reduced risk of successful 0 0 0 1
exploitation and spread.
CATEGORY RATING
908 / 950
Network security risk breakdown

DNSSEC not enabled 1 asset We've detected that DNSSEC is missing from The domain owner should turn on DNSSEC for all
some domains. DNSSEC provides DNS resolvers domains. This can generally be done at their domain
origin authentication of DNS data, authenticated name registrar.
denial of existence and data integrity but not
availability or confidentiality.
Phishing & malwar

malwaree
Phishing & malware outlines websites that are suspected of hosting malware, unwanted
software, or phishing pages. Left unchecked these pages damage your brand, infect
customers, and lead to costly data breaches.
0 0 0 0
CATEGORY RATING
950 / 950
Phishing & malware risk breakdown
No risks detected in this category.
Br
Brand
and & rreputation
eputation risk
Brand protection highlights situations where a domain could be hijacked, expired, or
deleted at the domain name registrar or domain name registry. By fixing these issues, there
is a reduced risk of domains being tampered with via social engineering and other cyber
attacks. 0 0 0 0
CATEGORY RATING
950 / 950
Brand & reputation risk risk breakdown
No risks detected in this category.
Geolocation
This geographical overview lets you discover the locations that your or your customers'
HOSTING COUNTRIES IP ADDRESSES
infrastructure is operating in. Monitoring geolocation risk is a great way to understand
whether your data is being hosted in different countries that may have different data and 1 1
privacy laws protecting it.
Countr y No. IP addresses Percentage Ser vices
Costa Rica 1 100%
Evidence used tto

o gener
generat
ate
e tthis
his rrepor
eportt
Automated scanning
ACTIVE DOMAINS & IPS INACTIVE DOMAINS & IPS TOTAL DOMAINS & IPS SCANNED
This report includes analysis performed on the following
domains and IPs as of Oct 18, 2023. If risk assessments 1 0 1
are included, automated scanning is based on the last
available data.

Customer Detailed Report Mfa Mayoreo Ferreteria y Acabados 2023-10-18

Uploaded by

Copyright:

Available Formats

You might also like

Customer Detailed Report Mfa Mayoreo Ferreteria y Acabados 2023-10-18

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Customer Detailed Report Mfa Mayoreo Ferreteria y Acabados 2023-10-18

Uploaded by

Copyright:

Available Formats

Security report for MFA

Date Report for Issued by

SPF, DKIM and DMARC settings 201-400

Email spoofing and phishing risk 0-200

Name MFA Mayoreo Ferreteria y Acabados

Overall security rating

OVERALL SECURITY RATING

Security rating by category

718 534 908 950 950

Security rating (last 12 months)

Risk count by severity

Risk category breakdown

Website security risk breakdown

Risk category breakdown

Email security risk breakdown

Risk category breakdown

exploitation and spread.

Network security risk breakdown

Risk category breakdown

Phishing & malwar

Phishing & malware risk breakdown

No risks detected in this category.

Risk category breakdown

Brand & reputation risk risk breakdown

No risks detected in this category.

Countr y No. IP addresses Percentage Ser vices

Costa Rica 1 100%

Evidence used tto

You might also like