3 Million Customer Credit, Debit Cards Stolen in Michaels, Aaron Brothers Breaches

Brian Krebs is at again, breaking news regarding another large data breach. This time is Irving, Texas-based Michaels Stores Inc. losing 3 Million credit card numbers.,default,pg.html

Infogressive CEO, Justin Kallhoff Quoted in CRN articles

Infogressive CEO, Justin Kallhoff was quoted in two different articles released this week by CRN:
FireEye, NSS Labs Continue To Trade Barbs Over Testing Report Credibility
Prevention Core To Palo Alto Networks’ Philosophy

Mandiant Releases 2014 Annual Report

Mandiant released their 2014 annual report, “M-Trends 2014: Beyond the Breach” today. We found the report to be succinct and informative, so we thought we would share it!
Download the report here

Brian Krebs covers the Target Breach

Our very smart friend and all around hilarious reporter Brian Krebs (KrebsonSecurity) does a great job covering a lot of breaches and issues in information security. We particularly found his coverage of the Target breach to informative and on point, so we wanted to share it with our visitors.

Email Attack on Vendor Set Up Breach at Target

We find it’s always better to fire people on a Friday….

Note: We received this from a friend in the Omaha security community. We’re not (nor was he) sure if it’s true or not, but it was too funny and serves as a good reminder regardless of authenticity, so we wanted to share.

“We find it’s always better to fire people on a Friday. Studies have statistically shown that there’s less chance of an incident if you do it at the end of the week.”
— Bob Slydell, Office Space

Well, not all the time, Bob. Allow me to explain.

On Friday, November 15, 2013, I started to receive reports of my web server being unreachable for connections originating from outside the central office. I checked my servers in a panic and found all of them were humming along like a satchel of hornets. I checked the connection with my smartphone and saw that my website was indeed unresponsive. I also checked some other work websites and saw that they were unresponsive from the outside too. Checking further, I found that not only were the DNS entries not resolving externally, all traffic was disappearing into an unanswered pit of silence. It took the ISP working a 72-hour weekend shift to fix the issue. The issue? Allegedly a technician was fired on that fateful Friday and decided to play a little real life “Grand Theft Auto: Fiber Seeking Backhoe Expansion Pack” and did some unauthorized excavating at an ISP networking site. The attached picture of the aftermath speaks volumes. Yes, those are unearthed fiber conduits. This also affected many other organizations in the Metro area. I guess it is true that you can only reduce your risks but never eliminate them, even when canning someone on a Friday.


Next Generation Firewall (NGFW) vs. Unified Threat Management (UTM) What is the difference?

We get the question a lot in the field and during presentations, “What is the difference between NGFW and UTM?”  Andrew Plato wrote a blog article on the subject and I’d say his opinions have a lot of merit.  Certainly worth a read for those wondering about the differences or those that like to watch the information security market evolve.


Amazon Phishing Attacks

I received a really well designed phishing attack today targeted at Amazon, so I thought I’d share it in hopes that it might save a few people.

Justin Kallhoff
CEO, Infogressive

[Read the full story]

Justin Kallhoff Earns GIAC Certified Forensics Analyst (GCFA)

GCFAs have the knowledge, skills, and abilities to handle advanced incident handling scenarios, conduct formal incident investigations, and carry out forensic investigation of networks and hosts.

Infogressive Security Team Adds OSCP, GCIA and CISSP Certifications

More certifications added to the Infogressive team.

Take a look at who earned these achievements in the .pdf document located here.

Brandon Harms Interviews Premier SANS Instructor for

A quick review of the Bureau of Labor Statistics Occupational Outlook shows us that ethical hackers will be in higher and higher demand over the next decade. With this demand, the need for a supply of highly qualified and professional information security personnel increases. The supply of highly qualified and professional personnel can only be created by organizations that can train and mentor them en masse, or rather, a large quantity of them relatively quickly…

Read the full story here at