News | Infigo

home

services

products

in focus

Critical security vulnerability in Microsoft Windows Vista, 7 and 2008 Server operating systems

2009-09-10
	An exploit that abuses a critical security vulnerability on Microsoft Windows Vista, 7 and 2008 Server operating systems has been published. The vulnerability allows an attacker to carry out Denial of Service attacks on affected systems. The exploit just requires a connection to the SMB (445 TCP) port; no authentication is required.
Since Microsoft has not released a patch yet, and considering that exploit is publically available, INFIGO IS recommends that network traffic to the TCP port 445 is limited, even in internal networks. Users of IDS systems should add specific signatures for this exploit. Clients using INFIGO IS managed security services have been already updated.

SANSFIRE 2009 presentation

2009-06-17
	From the 13th to 22nd of June SANSFIRE 2009 is taking place in Baltimore, USA. SANSFIRE is the largest educational event from SANS. During the day, over 30 SANS' top-rated courses will be delivered. Evening hours are dedicated to a special event, SANS@Night where the Internet Storm Center handlers will deliver presentations about current information security issues.
On the 15th of June, INFIGO IS' security expert Bojan Ždrnja delivered a presentation about passive DNS data replication. The presentation covered the passive DNS replication system Bojan designed and implemented. The system has been in production since 2006 and is already used by many security researchers around the world.

International Conference on Information Systems Supervision

2009-06-02

International Conference on Information Systems Supervision is taking place in Zagreb from the 31st of May to 3rd of June 2009. The Conference with participation of information technology (IT) supervisors of regulatory and supervisory institutions from twenty-five European countries is organized by Croatian National Bank.

Penetration testing experts from INFIGO IS will give guest presentations concerning Internet banking systems security.

Saša Jušić will give a presentation on "Internet banking security risks - Server side attacks", while Bojan Ždrnja will elaborate on attacks coming from the client side, "Internet banking security risks - Client side attacks".

In addition to analysis of the current threats and security risks, presentations will also demonstrate some of the techniques which are used by hackers to penetrate the Internet banking systems.

INFIGO IS granted ISO 27001 certification

2009-04-17

On the 19th of March, INFIGO IS was granted the ISO/IEC 27001:2005 certificate by SGS. The certificate confirms successful implementation of information security management system which covers INFIGO IS' complete business operations.

The implemented information security management system ensures not only that the company implemented related IT safeguards, but also that the company provides a process which encompasses risk management, risk control and continuous improvement of information security practices in order to protect its business processes as well as client's information.

This certification, along with the existing ISO 9001 certified QMS, honors the requirements and expectations of our clients, and ensure first-class protection of all client information.

Infigo IS at the E-Biz 2009 conference and 2nd International Conference on Corporative Security

2009-04-07

Last week Infigo IS’ employees participated at two conferences and held three noticed presentations.

The 8th E-biz conference took place in Opatija from the 30th of March to 1st of April 2009.

Ivana Marijanović gave a presentation covering the topic “ISO 27001 certification – our experience” and described the way INFIGO IS implemented and certified its information security management system according to the ISO 27001 standard.

At the same conference, Bojan Ždrnja gave a presentation titled “Corporative (in)security in Croatia”, where he analysed recent security threats that Croatian companies faced in the first three months of this year.

On the 2nd of April, the 2nd International Conference on Corporative Security took place in Zagreb.

In his presentation, Hrvoje Šegudović discussed deficiencies in implementation of standards and regulatory requirements, impact of the financial crisis and gave an overview of numerous security incidents that occurred since the beginning of 2009.

Three days before, at the semi-annual ITIC meeting in Barcelona, Hrvoje gave a presentation titled “Financial crisis – opportunities for information security consulting companies“ where he furthermore discussed impacts of the financial crisis to the information security.