Infogressive Partner Sophos this week will acquire SMB email security and archiving powerhouse Reflexion Networks. The CRN reporter working on the story, Sarah Kuranda called Infogressive CEO Justin Kallhoff for comment on the acquisition. The full story including Justin’s comments is located here:
Members of Cylance’s SPEAR team have discovered a vulnerability in Windows and over 30 well known software vendors’ products, (Adobe, Apple, Oracle, and Symantec to name a few), in what is being called the “Re-Direct To SMB” vulnerability. This vulnerability could allow an attacker to remotely siphon the encrypted log on credentials for a Windows PC user. Reports are stating that even the yet-to-be released Windows 10 is susceptible all due to an extension of a bug in the SMB protocol that has existed in Windows since 1997. For more information, including Cylance lead researcher Brian Wallace’s White Paper, check the links below.
Follow the link, watch the story, and then let us know how we can prevent your company from becoming the next headline.
Anyone associated with Infogressive knows that we live by the SANS 20 Critical Controls as the staple for any organization’s security. Control number 4 is Vulnerability Management and Remediation. We very much believe that a solid Vulnerability Management program is crucial to securing your environment, regardless of the size of your organization.
Our partners at Qualys have put together this awesomely simple, yet helpful guide to get you started. Let us know how we can help get you the rest of the way.
Many companies are still recovering from the SSL Heartbleed bug released back in April 2014. Now, administrators everywhere can add another SSL vulnerability to their patch list. Factoring Attack on RSA-EXPORT Keys (FREAK) is an SSL/TLS vulnerability that affects OpenSSL versions 1.01k and earlier, Apple’s SecureTransport, and Windows Schannel TLS library. The vulnerability forces the use of a weaker cipher suite that can be cracked within a few hours.
The FREAK vulnerability is a product of old US government restrictions that restricted the exportation of strong encryption to foreign markets. This policy allowed intelligence agencies to continue surveillance of overseas entities. Support for the weak algorithm continues to exist in many products. Patches are available from many venders to address this vulnerability including Microsoft’s patch release of MS15-031, MS15-018 (Internet Explorer), and MS15-022 (Office).
FREAK, among other vulnerabilities, illustrates the importance of effective patch and vulnerability management. Products such as Tivoli Endpoint Manager (TEM), WSUS, and many others can assist administrators in deploying updates in a timely manner. Qualys Vulnerability Management can be used in conjunction with these products to identify any vulnerable devices on the network. QID’s 123362, 91025, and 42442 have recently been released by Qualys to identify FREAK in Apple, Microsoft, and general remote services.
When it comes to vulnerabilities, Infogressive recommends the wash, rinse, repeat method. Run a vulnerability scan to identify any potential threats to your network. Next, apply patches and any other fixes that the scans recommend. After remediation, launch another vulnerability scan to verify those vulnerabilities no longer exist. Repeat this weekly to maintain the security of the network.
New threats emerge every day. They constantly evolve and become more sophisticated. Identifying vulnerabilities before the adversaries do is paramount to an organization’s credibility, security, and success. While the FREAK may not have bit you this time, it’s only a matter of time before something else tries. Always be proactive, never reactive.
We are excited and proud to appear three times on the latest SANS 20 Critical Controls poster! “It’s a great initiative that we believe in very strongly. We believe that if all of our customers strive toward to these 20 controls, their security posture will be greatly improved, said Infogressive CEO Justin Kallhoff.”
Download the Latest Poster Here:
SANS Fall 2014 20 Critical Controls Poster
Watch Cylance in action and you’ll understand why we’re so excited about our new partnership!
Infogressive grew a record 106.9% in 2014 vs. 2013. We want to extend a sincere THANK YOU to our clients, partners, and friends for their support and trust!
Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story regarding the latest Sony breach.