Blog
FREAK On a Leash – Another SSL Vulnerability

freak_on_a_leash

Many companies are still recovering from the SSL Heartbleed bug released back in April 2014. Now, administrators everywhere can add another SSL vulnerability to their patch list. Factoring Attack on RSA-EXPORT Keys (FREAK) is an SSL/TLS vulnerability that affects OpenSSL versions 1.01k and earlier, Apple’s SecureTransport, and Windows Schannel TLS library. The vulnerability forces the use of a weaker cipher suite that can be cracked within a few hours.

The FREAK vulnerability is a product of old US government restrictions that restricted the exportation of strong encryption to foreign markets. This policy allowed intelligence agencies to continue surveillance of overseas entities. Support for the weak algorithm continues to exist in many products. Patches are available from many venders to address this vulnerability including Microsoft’s patch release of MS15-031, MS15-018 (Internet Explorer), and MS15-022 (Office).

FREAK, among other vulnerabilities, illustrates the importance of effective patch and vulnerability management. Products such as Tivoli Endpoint Manager (TEM), WSUS, and many others can assist administrators in deploying updates in a timely manner. Qualys Vulnerability Management can be used in conjunction with these products to identify any vulnerable devices on the network. QID’s 123362, 91025, and 42442 have recently been released by Qualys to identify FREAK in Apple, Microsoft, and general remote services.

When it comes to vulnerabilities, Infogressive recommends the wash, rinse, repeat method. Run a vulnerability scan to identify any potential threats to your network. Next, apply patches and any other fixes that the scans recommend. After remediation, launch another vulnerability scan to verify those vulnerabilities no longer exist. Repeat this weekly to maintain the security of the network.

New threats emerge every day. They constantly evolve and become more sophisticated. Identifying vulnerabilities before the adversaries do is paramount to an organization’s credibility, security, and success. While the FREAK may not have bit you this time, it’s only a matter of time before something else tries. Always be proactive, never reactive.

Blog
Infogressive’s New Datasheets Are Here!

Infogressive_Datasheet

Blog
SANS 20 Critical Controls Poster

20crit_home_banner

We are excited and proud to appear three times on the latest SANS 20 Critical Controls poster! “It’s a great initiative that we believe in very strongly. We believe that if all of our customers strive toward to these 20 controls, their security posture will be greatly improved, said Infogressive CEO Justin Kallhoff.”

Download the Latest Poster Here:
SANS Fall 2014 20 Critical Controls Poster

Blog
Cylance Video – The Future of Malware Defense

Watch Cylance in action and you’ll understand why we’re so excited about our new partnership!

https://www.youtube.com/watch?v=OPytFAU2Pg0&feature=youtu.be

Blog
Infogressive experiences 106.9% growth in 2014!

Infogressive grew a record 106.9% in 2014 vs. 2013. We want to extend a sincere THANK YOU to our clients, partners, and friends for their support and trust!

Blog
Sony Breach Linked To North Korean Attackers, FBI Says

Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story regarding the latest Sony breach.

Sony Breach Linked To North Korean Attackers, FBI Says

Blog
Heartbleed Prompts Open Source Donation From Cisco, Other Tech Giants

Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story on  the Heartbleed vulnerability and what some organizations are doing to resolve it.

Heartbleed Prompts Open Source Donation From Cisco, Other Tech Giants

Blog
Mandiant Researchers: Heartbleed Attack Bypasses Multifactor Authentication, Hijacks VPN Sessions

Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story on  what researchers are discovering in the possible attacks from the Heartbleed vulnerability.

Mandiant Researchers: Heartbleed Attack Bypasses Multifactor Authentication, Hijacks VPN Sessions

Blog
FireEye, NSS Labs Continue To Trade Barbs Over Testing Report Credibility

Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story on the credibility of breach detection products.

FireEye, NSS Labs Continue To Trade Barbs Over Testing Report Credibility

Blog
Prevention Core To Palo Alto Networks’ Philosophy, Says CTO Zuk

Infogressive CEO Justin Kallhoff quoted in Robert Westervelt’s story on network security vendor Palo Alto Networks and the direction their founder and CTO, Nir Zuk, is taking them in.

Prevention Core To Palo Alto Networks’ Philosophy, Says CTO Zuk

<< Older posts
Translation