Blog
Re-Direct To SMB – Infogressive Partner, Cylance, Discovers New(Old) Windows Vulnerability

Members of Cylance’s SPEAR team have discovered a vulnerability in Windows and over 30 well known software vendors’ products, (Adobe, Apple, Oracle, and Symantec to name a few), in what is being called the “Re-Direct To SMB” vulnerability. This vulnerability could allow an attacker to remotely siphon the encrypted log on credentials for a Windows PC user.  Reports are stating that even the yet-to-be released Windows 10 is susceptible all due to an extension of a bug in the SMB protocol that has existed in Windows since 1997.  For more information, including Cylance lead researcher Brian Wallace’s White Paper, check the links below.

SPEAR – Redirect to SMB

White Paper

 

 

Blog
CBS 60 Minutes Features Infogressive Partners, FireEye and Cylance

Kevin Mandia of FireEye and Jon Miller of Cylance were both featured on 60 minutes giving their opinions on the Sony hack and giving insight into their involvement with containing the breach.

Follow the link, watch the story, and then let us know how we can prevent your company from becoming the next headline.

 

The Attack on Sony

Blog
Qualys Vulnerability Management for Dummies

Anyone associated with Infogressive knows that we live by the SANS 20 Critical Controls as the staple for any organization’s security. Control number 4 is Vulnerability Management and Remediation. We very much believe that a solid Vulnerability Management program is crucial to securing your environment, regardless of the size of your organization.

Our partners at Qualys have put together this awesomely simple, yet helpful guide to get you started. Let us know how we can help get you the rest of the way.

VM-for-Dummies

Blog
FREAK On a Leash – Another SSL Vulnerability

freak_on_a_leash

Many companies are still recovering from the SSL Heartbleed bug released back in April 2014. Now, administrators everywhere can add another SSL vulnerability to their patch list. Factoring Attack on RSA-EXPORT Keys (FREAK) is an SSL/TLS vulnerability that affects OpenSSL versions 1.01k and earlier, Apple’s SecureTransport, and Windows Schannel TLS library. The vulnerability forces the use of a weaker cipher suite that can be cracked within a few hours.

The FREAK vulnerability is a product of old US government restrictions that restricted the exportation of strong encryption to foreign markets. This policy allowed intelligence agencies to continue surveillance of overseas entities. Support for the weak algorithm continues to exist in many products. Patches are available from many venders to address this vulnerability including Microsoft’s patch release of MS15-031, MS15-018 (Internet Explorer), and MS15-022 (Office).

FREAK, among other vulnerabilities, illustrates the importance of effective patch and vulnerability management. Products such as Tivoli Endpoint Manager (TEM), WSUS, and many others can assist administrators in deploying updates in a timely manner. Qualys Vulnerability Management can be used in conjunction with these products to identify any vulnerable devices on the network. QID’s 123362, 91025, and 42442 have recently been released by Qualys to identify FREAK in Apple, Microsoft, and general remote services.

When it comes to vulnerabilities, Infogressive recommends the wash, rinse, repeat method. Run a vulnerability scan to identify any potential threats to your network. Next, apply patches and any other fixes that the scans recommend. After remediation, launch another vulnerability scan to verify those vulnerabilities no longer exist. Repeat this weekly to maintain the security of the network.

New threats emerge every day. They constantly evolve and become more sophisticated. Identifying vulnerabilities before the adversaries do is paramount to an organization’s credibility, security, and success. While the FREAK may not have bit you this time, it’s only a matter of time before something else tries. Always be proactive, never reactive.

Blog
Infogressive’s New Datasheets Are Here!

Infogressive_Datasheet

Blog
SANS 20 Critical Controls Poster

20crit_home_banner

We are excited and proud to appear three times on the latest SANS 20 Critical Controls poster! “It’s a great initiative that we believe in very strongly. We believe that if all of our customers strive toward to these 20 controls, their security posture will be greatly improved, said Infogressive CEO Justin Kallhoff.”

Download the Latest Poster Here:
SANS Fall 2014 20 Critical Controls Poster

Blog
Cylance Video – The Future of Malware Defense

Watch Cylance in action and you’ll understand why we’re so excited about our new partnership!

https://www.youtube.com/watch?v=OPytFAU2Pg0&feature=youtu.be

Blog
Infogressive experiences 106.9% growth in 2014!

Infogressive grew a record 106.9% in 2014 vs. 2013. We want to extend a sincere THANK YOU to our clients, partners, and friends for their support and trust!

Blog
Sony Breach Linked To North Korean Attackers, FBI Says

Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story regarding the latest Sony breach.

Sony Breach Linked To North Korean Attackers, FBI Says

Blog
Heartbleed Prompts Open Source Donation From Cisco, Other Tech Giants

Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story on  the Heartbleed vulnerability and what some organizations are doing to resolve it.

Heartbleed Prompts Open Source Donation From Cisco, Other Tech Giants

<< Older posts
Translation