Infigo - News

Security vulnerability in shortcut files on Windows operating systems

Mon, 19 Jul 2010 15:11:11 +0200

2010-07-19

On Friday, the 16th of July, Microsoft has released a security advisory (2286198) that addresses a new vulnerability (CVE-2010-2568). This vulnerability enables attackers to automatically run arbitrary files on Windows operating systems. The vulnerability is located in the Windows Shell component that is responsible for parsing shortcut files which attackers can exploit by crafting a special shortcut file. Shortcut files are handled automatically and do not require any user interaction, it will suffice that a user is located in the same directory as a malicious shortcut. This vulnerability is significant because disabling AutoPlay will not affect successful exploitation.

The vulnerability presents a new malware autorun technique that does not rely on Autorun.inf capabilities and which is more serious. We can expect significant activity with malware that uses this vulnerability to spread and infect end users.

INFIGO IS suggests that all readers apply security recommendations suggested in Microsoft’s advisory.

Konzum webshop - ISO 27001 certified

Fri, 19 Feb 2010 16:55:38 +0100

2010-02-19

It is our pleasure to announce that Agrokor's Konzum Internet online shop has been ISO/IEC 27001 certified. Agrokor is the biggest company in Croatia and regional leader. INFIGO IS offered consulting during implementation of the Information Security Management System (ISMS) of the Konzum Internet shop.

Since 2006 INFIGO IS has been engaged by Agrokor on various projects that helped implement and maintain a high level of security for its information system.

Although ISO/IEC 27001 certification of such huge and complex information systems such as Agrokor's is often deemed impossible, this project showed that good planning, addiction to the project and a team of experts can achieve success.

During this project, INFIGO IS' consultants were fully supported by Agrokor's management and employees, which was a critical factor for the project's success.

More information about the certification, problems and challenges of implementation of an ISMS in Agrokor is available in the latest edition of magazine "Mreža", where interviews with Agrokor's CISO, Mr. Ivo Pejaković and INFIGO IS's consultant Ivana Marijanović are available as well.

Targeted attacks on Google, Yahoo, Adobe and other companies

Thu, 14 Jan 2010 12:10:26 +0100

2010-01-14

On Tuesday, 13th of January, Google announced that their security experts detected targeted attacks on Google's employees. The attackers successfully gained access to sensitive data about certain users of the Gmail service provided by Google. The attacks were carried out in second half of December last year and, according to a report by iDefense, attackers used malicious PDF documents to exploit client machines. The malicious PDF documents were sent as e-mail attachments.

Exploitation of vulnerabilities in the Adobe Reader and Acrobat applications became very common in last couple of years due to a high number of identified vulnerabilities in these products. Infigo's security researcher Bojan Ždrnja published several analysis of malicious PDF documents on SANS' Internet Storm Center website; the analysis can be seen at the following URLs: http://isc.sans.org/diary.html?storyid=7867 and http://isc.sans.org/diary.html?storyid=7984. It is assumed that similar malicious PDF documents were used in published attacks.

Google also announced that they detected attacks on over 30 other companies and that the attackers, which are suspected to come from China, managed to gain access to sensitive intellectual property such as application source code. INFIGO IS is urging customers to install the latest available patches for the Adobe Reader and Acrobat applications and to disable JavaScript in these applications as well.

Hacking vs Business conference

Wed, 02 Dec 2009 09:28:31 +0100

2009-12-02

The Hacking vs Business conference, organized by Algebra, is taking place from 1th to 3rd of December. Besides being a conference partner, INFIGO IS will hold two presentations on the last business/technology conference day in the Regent Esplanade Zagreb hotel.

Bojan Ždrnja will deliver a presentation titled "Internet banking attacks", where he will analyze the latest techniques used by online criminals to attack Internet banking systems, including those used by banks in Croatia.

Hrvoje Šegudović will deliver a case study titled "Efficient information system security and availability monitoring". Together with the guest lecturer Mr. Robert Ilijaš, IT director of VABA d.d. bank Varaždin, Hrvoje will present the solution implemented by INFIGO IS for the VABA bank, which allows the bank's IT staff to monitoring the whole information system and manage log files from all servers. The case study will also introduce new managed security services offered by INFIGO IS, as well as Splunk 4, which is the leading log management application. INFIGO IS will also announce its partnership with Splunk.

Reverse engineering malicious code course

Mon, 26 Oct 2009 11:38:37 +0100

2009-10-26

INFIGO IS' information security expert Bojan Zdrnja held from the 19^th to 22^nd of October the "Reverse engineering malicious code" course in Kuala Lumpur, Malaysia. The course was directed to network administrators, auditors, information security consultants and personnel responsible for protecting organizations as well as CERT team members.

During 4 days, the students were introduced to various types of malicious programs as well as techniques for analyzing them. The students were also introduced to methods and techniques used by criminal organizations.

Due to high interest in the course, INFIGO IS will also organize it in Croatia and the region; our clients will be notified when the course is available.

Critical security vulnerability in Microsoft Windows Vista, 7 and 2008 Server operating systems

Thu, 10 Sep 2009 15:07:36 +0200

2009-09-10
	An exploit that abuses a critical security vulnerability on Microsoft Windows Vista, 7 and 2008 Server operating systems has been published. The vulnerability allows an attacker to carry out Denial of Service attacks on affected systems. The exploit just requires a connection to the SMB (445 TCP) port; no authentication is required.
Since Microsoft has not released a patch yet, and considering that exploit is publically available, INFIGO IS recommends that network traffic to the TCP port 445 is limited, even in internal networks. Users of IDS systems should add specific signatures for this exploit. Clients using INFIGO IS managed security services have been already updated.

SANSFIRE 2009 presentation

Wed, 17 Jun 2009 10:56:50 +0200

2009-06-17
	From the 13th to 22nd of June SANSFIRE 2009 is taking place in Baltimore, USA. SANSFIRE is the largest educational event from SANS. During the day, over 30 SANS' top-rated courses will be delivered. Evening hours are dedicated to a special event, SANS@Night where the Internet Storm Center handlers will deliver presentations about current information security issues.
On the 15th of June, INFIGO IS' security expert Bojan Ždrnja delivered a presentation about passive DNS data replication. The presentation covered the passive DNS replication system Bojan designed and implemented. The system has been in production since 2006 and is already used by many security researchers around the world.

International Conference on Information Systems Supervision

Tue, 02 Jun 2009 13:43:32 +0200

2009-06-02

International Conference on Information Systems Supervision is taking place in Zagreb from the 31st of May to 3rd of June 2009. The Conference with participation of information technology (IT) supervisors of regulatory and supervisory institutions from twenty-five European countries is organized by Croatian National Bank.

Penetration testing experts from INFIGO IS will give guest presentations concerning Internet banking systems security.

Saša Jušić will give a presentation on "Internet banking security risks - Server side attacks", while Bojan Ždrnja will elaborate on attacks coming from the client side, "Internet banking security risks - Client side attacks".

In addition to analysis of the current threats and security risks, presentations will also demonstrate some of the techniques which are used by hackers to penetrate the Internet banking systems.

INFIGO IS granted ISO 27001 certification

Fri, 17 Apr 2009 16:01:42 +0200

2009-04-17

On the 19th of March, INFIGO IS was granted the ISO/IEC 27001:2005 certificate by SGS. The certificate confirms successful implementation of information security management system which covers INFIGO IS' complete business operations.

The implemented information security management system ensures not only that the company implemented related IT safeguards, but also that the company provides a process which encompasses risk management, risk control and continuous improvement of information security practices in order to protect its business processes as well as client's information.

This certification, along with the existing ISO 9001 certified QMS, honors the requirements and expectations of our clients, and ensure first-class protection of all client information.

Infigo IS at the E-Biz 2009 conference and 2nd International Conference on Corporative Security

Tue, 07 Apr 2009 12:01:35 +0200

2009-04-07

Last week Infigo IS’ employees participated at two conferences and held three noticed presentations.

The 8th E-biz conference took place in Opatija from the 30th of March to 1st of April 2009.

Ivana Marijanović gave a presentation covering the topic “ISO 27001 certification – our experience” and described the way INFIGO IS implemented and certified its information security management system according to the ISO 27001 standard.

At the same conference, Bojan Ždrnja gave a presentation titled “Corporative (in)security in Croatia”, where he analysed recent security threats that Croatian companies faced in the first three months of this year.

On the 2nd of April, the 2nd International Conference on Corporative Security took place in Zagreb.

In his presentation, Hrvoje Šegudović discussed deficiencies in implementation of standards and regulatory requirements, impact of the financial crisis and gave an overview of numerous security incidents that occurred since the beginning of 2009.

Three days before, at the semi-annual ITIC meeting in Barcelona, Hrvoje gave a presentation titled “Financial crisis – opportunities for information security consulting companies“ where he furthermore discussed impacts of the financial crisis to the information security.

Success with the SEC 504 course in Zagreb, Croatia

Tue, 31 Mar 2009 17:16:57 +0200

2009-03-31

From the 23th to 28th of March, SANS together with INFIGO IS held the SEC 504 (Hacker Techniques, Exploits and Incident Handling) course in Zagreb, Croatia. SANS is the most trusted and by far the largest source for information security training, certification and research in the world.

This is the first time that a SANS course was held in Croatian.

The instructor was Bojan Ždrnja, an expert with more than ten years of experience in information security and an employee of Infigo IS.

SEC 504 is the most popular SANS course that provides experience in finding security vulnerabilities and flaws, discovering attacks and intrusions and protecting information systems to the attendants.

This course is aimed for information security specialists, general security practitioners, system administrators, security architects and anyone who will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

During five days, the students learned about various tools and attack methodologies employed by attackers. Finally, on the sixth day of the course, the students had an opportunity to test everything they learned in a Capture the Flag event, where they had to attack specially prepared servers simulating real environments.

After attending this course the students can also apply for the exam to earn the GIAC Certified Incident Handler (GCIH) certification.

MS09-002 exploits in the wild

Fri, 20 Feb 2009 14:39:05 +0100

2009-02-20

Just one week after Microsoft released the MS09-002 security patch first exploits have been detected in the wild. Although attacks using these exploits were delivered to end users via Word documents, the vulnerability is present in Microsoft’s Internet Explorer 7 which means that web based, drive-by attacks can be expected very soon as well.

The version of the exploit currently used in the wild was analyzed by INFIGO IS’ researchers who confirmed that, as a result of a successful exploit, a Trojan horse is installed on the vulnerable machine. This Trojan horse collects sensitive personal information and sends it to a remote site.

INFIGO IS warns all clients that security patches for both operating systems and applications should be installed regularly.

More information about the attack can be found at the Internet Storm Center.

Conficker worm still spreading

Wed, 18 Feb 2009 10:58:55 +0100

2009-02-16

A large number of companies and small and medium business are still having issues caused by the Conficker (Downadup) worm, initially detected at the end of year 2008. It is estimated that the worm infected millions of machines around the world in just couple of days. The worm is still successfully spreading after almost 45 days from initial detection and after all anti-virus companies released signatures for detection.

INFIGO IS researchers reverse engineered the worm and assisted numerous clients in cleaning and limiting the damage caused by the worm. It is estimated that there are tens of thousands of machines infected with the Conficker worm just in Croatia.

The analysis of the worm, as well as monitoring of activities of the worm on the global level, indicated that there are two main features of the worm that helped it spread rapidly, especially in corporate environments.

First, the worm is technically very sophisticated; it uses several infection vectors such as spreading over USB devices, network shares, as well as exploiting a vulnerability in Microsoft Windows operating systems and exploiting weak user passwords.

Second, a lot of issues with the Conficker worm were caused by organizations not regularly patching systems, installing anti-virus applications or requiring complex user passwords.

This incident indicated that information security in most organizations needs more commitment and investments into security technologies, as well as processes and policies.

Infigo IS at KOM 2008

Tue, 25 Nov 2008 09:32:03 +0100

2008-11-25

The 19th KOM conference on communication technologies and standards in informatics will take place in Opatija from the 24th to 26th of November. Infigo IS is one of the conference sponsors.

Saša Ilić will give a seminar titled "ISO 27001 Security Management / Risk Management". The seminar covers ISO 27001 information security management system (ISMS) implementation process, as well as risk assessment and risk management processes.

Bojan Ždrnja will give a presentation titled "Security – current Internet attacks" in which he will analyze politically motivated attacks, including those on Estonian and Georgian governments. The presentation will also cover other attacks by hacktivists as well as attack methods and technologies previously used.

Infigo IS at Business and security 2008 conference

Tue, 21 Oct 2008 11:06:18 +0200

2008-10-21

The II. Croatian security manager's conference will take place from the 21st to 23rd of October in Hotel Ilirija in Biograd na moru. The conference goal is to improve security management systems in corporations, financial and government institutions.

Infigo IS will be represented by Bojan Ždrnja, who will, on Wednesday, 22nd of October, give the presentation "Information risks and threats – Internet and new technologies". The presentation will be a part oft he "Information security and business continuity" track.

More information is available at the official conference web site.