On Friday, the 16th of July, Microsoft has released a security advisory (2286198) that addresses a new vulnerability (CVE-2010-2568). This vulnerability enables attackers to automatically run arbitrary files on Windows operating systems. The vulnerability is located in the Windows Shell component that is responsible for parsing shortcut files which attackers can exploit by crafting a special shortcut file. Shortcut files are handled automatically and do not require any user interaction, it will suffice that a user is located in the same directory as a malicious shortcut. This vulnerability is significant because disabling AutoPlay will not affect successful exploitation.

The vulnerability presents a new malware autorun technique that does not rely on Autorun.inf capabilities and which is more serious. We can expect significant activity with malware that uses this vulnerability to spread and infect end users.

INFIGO IS suggests that all readers apply security recommendations suggested in Microsoft’s advisory.

It is our pleasure to announce that Agrokor's Konzum Internet online shop has been ISO/IEC 27001 certified. Agrokor is the biggest company in Croatia and regional leader. INFIGO IS offered consulting during implementation of the Information Security Management System (ISMS) of the Konzum Internet shop.

Since 2006 INFIGO IS has been engaged by Agrokor on various projects that helped implement and maintain a high level of security for its information system.

Although ISO/IEC 27001 certification of such huge and complex information systems such as Agrokor's is often deemed impossible, this project showed that good planning, addiction to the project and a team of experts can achieve success.

During this project, INFIGO IS' consultants were fully supported by Agrokor's management and employees, which was a critical factor for the project's success.

More information about the certification, problems and challenges of implementation of an ISMS in Agrokor is available in the latest edition of magazine "Mreža", where interviews with Agrokor's CISO, Mr. Ivo Pejaković and INFIGO IS's consultant Ivana Marijanović are available as well.

On Tuesday, 13th of January, Google announced that their security experts detected targeted attacks on Google's employees. The attackers successfully gained access to sensitive data about certain users of the Gmail service provided by Google. The attacks were carried out in second half of December last year and, according to a report by iDefense, attackers used malicious PDF documents to exploit client machines. The malicious PDF documents were sent as e-mail attachments.

Exploitation of vulnerabilities in the Adobe Reader and Acrobat applications became very common in last couple of years due to a high number of identified vulnerabilities in these products. Infigo's security researcher Bojan Ždrnja published several analysis of malicious PDF documents on SANS' Internet Storm Center website; the analysis can be seen at the following URLs: http://isc.sans.org/diary.html?storyid=7867 and http://isc.sans.org/diary.html?storyid=7984. It is assumed that similar malicious PDF documents were used in published attacks.

Google also announced that they detected attacks on over 30 other companies and that the attackers, which are suspected to come from China, managed to gain access to sensitive intellectual property such as application source code. INFIGO IS is urging customers to install the latest available patches for the Adobe Reader and Acrobat applications and to disable JavaScript in these applications as well.

The Hacking vs Business conference, organized by Algebra, is taking place from 1th to 3rd of December. Besides being a conference partner, INFIGO IS will hold two presentations on the last business/technology conference day in the Regent Esplanade Zagreb hotel.

Bojan Ždrnja will deliver a presentation titled "Internet banking attacks", where he will analyze the latest techniques used by online criminals to attack Internet banking systems, including those used by banks in Croatia.

Hrvoje Šegudović will deliver a case study titled "Efficient information system security and availability monitoring". Together with the guest lecturer Mr. Robert Ilijaš, IT director of VABA d.d. bank Varaždin, Hrvoje will present the solution implemented by INFIGO IS for the VABA bank, which allows the bank's IT staff to monitoring the whole information system and manage log files from all servers. The case study will also introduce new managed security services offered by INFIGO IS, as well as Splunk 4, which is the leading log management application. INFIGO IS will also announce its partnership with Splunk.

INFIGO IS'  information security expert Bojan Zdrnja held from the 19^th to 22^nd of October the "Reverse engineering malicious code" course in Kuala Lumpur, Malaysia. The course was directed to network administrators, auditors, information security consultants and personnel responsible for protecting organizations as well as CERT team members.

During 4 days, the students were introduced to various types of malicious programs as well as techniques for analyzing them. The students were also introduced to methods and techniques used by criminal organizations.

Due to high interest in the course, INFIGO IS will also organize it in Croatia and the region; our clients will be notified when the course is available.