Infigo - News

INFIGO Security Day

Sat, 18 Jun 2011 21:14:53 +0200

Each day we witness how information systems are becoming more vulnerable to various information security threats and cyber-attacks. Recent examples of attacks on companies like Sony or RSA Security are good examples which demonstrate that companies, even the biggest ones, are usually not well prepared to properly answer and deal with such attacks.

That was the main topic at INFIGO Security Day Conference, held in Skopje, Macedonia on the 9th of June which was entirely dedicated to information security and security measures which allow companies to raise the security level of their information systems.

INFIGO IS experts, Bojan Ždrnja, Saša Jušić and Hrvoje Šegudović for the first time in Macedonia presented products in the field of information security – Splunk, Rapid7, Nagios and Sourcefire. Special focus was placed on recent security incidents, as well as advanced persistent threats and security challenges companies are facing today. Besides our experts, the conference was also attended by Mr. Michael Ceklarz, representative of Sourcefire and Jana Damevska, representative of INFIGO IS Macedonia.

Interest and feedback given by participants, clearly indicates that information security topics are one of the hottest areas in information technology market, especially for bigger companies whose business heavily depends on information technologies and Internet presence.

INFIGO IS released Windows Security Operations Center Splunk application

Tue, 17 May 2011 12:38:40 +0200

INFIGO IS has released the Windows Security Operations Center Splunk application that allows Windows security administrators easy access, monitoring and overview of all security relevant information in their Windows environments. The application has been carefully developed so both Windows 2003 and Windows 2008 Event Log records are supported, no matter that the format and Event ID's were changed between these versions by Microsoft.

Besides this, the application uses some advanced features of Splunk such as transactions, that allow accurate visualization and summarization of security events on Windows servers. This is especially useful for monitoring of login/authentication events since Windows systems usually log generate several log events for such activities. The Windows Security Operations Center application correctly interprets and visualizes such events in your Windows environment.

The Windows Security Operations Center Splunk application can be freely downloaded off Splunk's web pages here.

New Sourcefire Product Announcements

Tue, 26 Apr 2011 13:20:44 +0200

Sourcefire is pleased to announce the following new Sourcefire products to meet the intrusion prevention needs of today’s most demanding enterprises:

New Sourcefire 3D8000 Series with FirePOWER™ – Featuring a flexible, modular, and scalable design, Sourcefire now offers IPS models with up to 40Gbps of throughput to meet the requirements of today’s largest enterprises. Featuring innovative new FirePOWER technology, Sourcefire sets new standards for IPS performance, cost effectiveness, and energy efficiency.
New Sourcefire Defense Centers ® – Sourcefire has increased the memory and disk capacity of its existing Defense Center management console appliances, offering superior scalability to support the Next-Generation IPS (NGIPS) solution.
New Sourcefire IPSx™ Solution – Designed for organizations without dedicated network security personnel, Sourcefire IPSx offers a simpler, streamlined interface for defending against the latest threats and achieving regulatory compliance.

Rapid7® releases NeXpose® 4.10.4. version

Mon, 28 Feb 2011 09:42:57 +0100

This version features Flash 8 support, better Web scanning, updated checks and better experience with managing vulnerability exceptions.

What’s new?

- Flash 8 scanning - Web scanning expands with detection of vulnerabilities in Adobe Flash 8 content hosted on target servers,

- Correlation of WMware checks - with correlated VMware checks, verification of a VMware patch version supersedes checks for non-VMware issues that affect VMware, so that you can consistently collect the most relevant and accurate data about VMware targets,

- Bi-monthly vulnerability check update - new vulnerability and patch checks bring coverage up to date for different operating systems and applications, and these are only few of them: Adobe Flash, Adobe Reader, Apache, Mozilla Firefox, PHP, etc.,

- More accurate detection of ‘browsable’ Web directory flaw - the check for the "browsable" Web directory vulnerability on Web sites is more accurate, improving visibility into this security flaw

Hackers attack Canadian government computers

Wed, 23 Feb 2011 12:07:21 +0100

According to CBC News, hackers penetrated the computer systems of the Canadian federal government. The attack was detected last month and they hit both the Finance Department and the Treasury Board. Although the government said that there was an attempt to access, this apparently isn’t true since some CBC’s sources confirm that the hackers were able to remotely control computers of senior government executives, hoping to unlock the entire government systems. Immediately after the attack, government security officials shut down all Internet access in both departments to determine how much information was stolen and who stole it.

Sources say the hackers used a spear-phishing attack: using servers located in China, the hackers first gained control of Canadian officials’ government computers, posed as executives, and sent out e-mails to technical staff from the departments to trick them to release key passwords that would give the hackers access to several government networks. The hackers also sent other employees malware that hunted down specific classified government information and sent it back over to the hackers.

Sourcefire among the 25 fastest growing technology companies in the U.S.

Tue, 22 Feb 2011 09:58:38 +0100

Sourcefire, founded in 2001, last year made its way into the 25 fastest growing technology companies in the U.S. Sourcefire provides intelligent security infrastructure for the most efficient and effective risk management. It has become the world leader in real-time adaptive network security, giving organizations maximum knowledge to protect against attacks. Its founder, Martin Roesch is the author of open source Snort® which is the most downloaded intrusion detection application with nearly 4 million downloads to date.

Sourcefire has a strong partner network and has over 180 active partners. One of them is INFIGO IS as the leading information security company in Croatia. Since December 2009 INFIGO IS has been offering Sourcefire products to help clients detect and prevent unauthorized activities, or block unwanted network traffic such as Peer To Peer (P2P) or Instant Messaging (IM) network traffic.

More about Sourcefire’s products offered by INFIGO IS is available at http://www.infigo.hr/sourcefire_en.php.

Nasdaq Network repeatedly attacked by hackers

Fri, 18 Feb 2011 11:07:59 +0100

During the last year Nasdaq has been repeatedly attacked by hackers. At the beginning of February 2011 information about some successful attacks on Nasdaq was leaked into media. According to the Wall Street Journal, the United States Secret Service and the FBI are investigating who is responsible for the attack and their motives. So far it seems that the perpetrators haven't gained any financial benefit nor they came in possession of any confidential information. The attackers gained access to the Director's Desk web service which is, according to available information, used by CEO's of companies listed on Nasdaq.

Some evidence points to Russia, but so far it isn't clear whether the hackers were Russian or if they were only using Russian computers as proxies. Stock exchanges are often targeted by hackers but one of the few confirmed breakthroughs was in 2006 when the Russian Trading System was compromised.

INFIGO IS at the 27C3 conference

Sun, 26 Dec 2010 10:45:45 +0100

The 27th Chaos Communication Congress (27C3) is the annual four-day conference organized by the Chaos Computer Club (CCC) from December 27th to 30th, 2010. It takes place at the bcc Berliner Congress Center in Berlin, Germany.

Branko Spasojević will give a presentation titled "Code deobfuscation by optimization" in which he will describe implementation of code deobfuscation and binary rewriting plugin developed for IDA Pro disassembler. This tool is aimed for malware analysts and reverse engineers who encounter obfuscated code on daily basis.

Security vulnerability in shortcut files on Windows operating systems

Mon, 19 Jul 2010 15:11:11 +0200

2010-07-19

On Friday, the 16th of July, Microsoft has released a security advisory (2286198) that addresses a new vulnerability (CVE-2010-2568). This vulnerability enables attackers to automatically run arbitrary files on Windows operating systems. The vulnerability is located in the Windows Shell component that is responsible for parsing shortcut files which attackers can exploit by crafting a special shortcut file. Shortcut files are handled automatically and do not require any user interaction, it will suffice that a user is located in the same directory as a malicious shortcut. This vulnerability is significant because disabling AutoPlay will not affect successful exploitation.

The vulnerability presents a new malware autorun technique that does not rely on Autorun.inf capabilities and which is more serious. We can expect significant activity with malware that uses this vulnerability to spread and infect end users.

INFIGO IS suggests that all readers apply security recommendations suggested in Microsoft’s advisory.

Konzum webshop - ISO 27001 certified

Fri, 19 Feb 2010 16:55:38 +0100

2010-02-19

It is our pleasure to announce that Agrokor's Konzum Internet online shop has been ISO/IEC 27001 certified. Agrokor is the biggest company in Croatia and regional leader. INFIGO IS offered consulting during implementation of the Information Security Management System (ISMS) of the Konzum Internet shop.

Since 2006 INFIGO IS has been engaged by Agrokor on various projects that helped implement and maintain a high level of security for its information system.

Although ISO/IEC 27001 certification of such huge and complex information systems such as Agrokor's is often deemed impossible, this project showed that good planning, addiction to the project and a team of experts can achieve success.

During this project, INFIGO IS' consultants were fully supported by Agrokor's management and employees, which was a critical factor for the project's success.

More information about the certification, problems and challenges of implementation of an ISMS in Agrokor is available in the latest edition of magazine "Mreža", where interviews with Agrokor's CISO, Mr. Ivo Pejaković and INFIGO IS's consultant Ivana Marijanović are available as well.

Targeted attacks on Google, Yahoo, Adobe and other companies

Thu, 14 Jan 2010 12:10:26 +0100

2010-01-14

On Tuesday, 13th of January, Google announced that their security experts detected targeted attacks on Google's employees. The attackers successfully gained access to sensitive data about certain users of the Gmail service provided by Google. The attacks were carried out in second half of December last year and, according to a report by iDefense, attackers used malicious PDF documents to exploit client machines. The malicious PDF documents were sent as e-mail attachments.

Exploitation of vulnerabilities in the Adobe Reader and Acrobat applications became very common in last couple of years due to a high number of identified vulnerabilities in these products. Infigo's security researcher Bojan Ždrnja published several analysis of malicious PDF documents on SANS' Internet Storm Center website; the analysis can be seen at the following URLs: http://isc.sans.org/diary.html?storyid=7867 and http://isc.sans.org/diary.html?storyid=7984. It is assumed that similar malicious PDF documents were used in published attacks.

Google also announced that they detected attacks on over 30 other companies and that the attackers, which are suspected to come from China, managed to gain access to sensitive intellectual property such as application source code. INFIGO IS is urging customers to install the latest available patches for the Adobe Reader and Acrobat applications and to disable JavaScript in these applications as well.

Hacking vs Business conference

Wed, 02 Dec 2009 09:28:31 +0100

2009-12-02

The Hacking vs Business conference, organized by Algebra, is taking place from 1th to 3rd of December. Besides being a conference partner, INFIGO IS will hold two presentations on the last business/technology conference day in the Regent Esplanade Zagreb hotel.

Bojan Ždrnja will deliver a presentation titled "Internet banking attacks", where he will analyze the latest techniques used by online criminals to attack Internet banking systems, including those used by banks in Croatia.

Hrvoje Šegudović will deliver a case study titled "Efficient information system security and availability monitoring". Together with the guest lecturer Mr. Robert Ilijaš, IT director of VABA d.d. bank Varaždin, Hrvoje will present the solution implemented by INFIGO IS for the VABA bank, which allows the bank's IT staff to monitoring the whole information system and manage log files from all servers. The case study will also introduce new managed security services offered by INFIGO IS, as well as Splunk 4, which is the leading log management application. INFIGO IS will also announce its partnership with Splunk.

Reverse engineering malicious code course

Mon, 26 Oct 2009 11:38:37 +0100

2009-10-26

INFIGO IS' information security expert Bojan Zdrnja held from the 19^th to 22^nd of October the "Reverse engineering malicious code" course in Kuala Lumpur, Malaysia. The course was directed to network administrators, auditors, information security consultants and personnel responsible for protecting organizations as well as CERT team members.

During 4 days, the students were introduced to various types of malicious programs as well as techniques for analyzing them. The students were also introduced to methods and techniques used by criminal organizations.

Due to high interest in the course, INFIGO IS will also organize it in Croatia and the region; our clients will be notified when the course is available.

Critical security vulnerability in Microsoft Windows Vista, 7 and 2008 Server operating systems

Thu, 10 Sep 2009 15:07:36 +0200

2009-09-10
	An exploit that abuses a critical security vulnerability on Microsoft Windows Vista, 7 and 2008 Server operating systems has been published. The vulnerability allows an attacker to carry out Denial of Service attacks on affected systems. The exploit just requires a connection to the SMB (445 TCP) port; no authentication is required.
Since Microsoft has not released a patch yet, and considering that exploit is publically available, INFIGO IS recommends that network traffic to the TCP port 445 is limited, even in internal networks. Users of IDS systems should add specific signatures for this exploit. Clients using INFIGO IS managed security services have been already updated.

SANSFIRE 2009 presentation

Wed, 17 Jun 2009 10:56:50 +0200

2009-06-17
	From the 13th to 22nd of June SANSFIRE 2009 is taking place in Baltimore, USA. SANSFIRE is the largest educational event from SANS. During the day, over 30 SANS' top-rated courses will be delivered. Evening hours are dedicated to a special event, SANS@Night where the Internet Storm Center handlers will deliver presentations about current information security issues.
On the 15th of June, INFIGO IS' security expert Bojan Ždrnja delivered a presentation about passive DNS data replication. The presentation covered the passive DNS replication system Bojan designed and implemented. The system has been in production since 2006 and is already used by many security researchers around the world.