Search This Blog

Tuesday, July 27, 2010

The Cloud Security Newsletter - July 2010 Edition

The Cloud Security Newsletter
The most trusted source for security and IT professionals July 2010 Edition
 

         
 
LEAD STORY OF THE MONTH
Microsoft 0-Day .LNK Handling Vulnerability Exploited

Microsoft 0-Day .LNK Handling Vulnerability Exploited

On Friday July 16, Microsoft contacted MAPPs partners to inform them of a new vulnerability in the parsing of .lnk files, known as Windows Shortcut Files. The vulnerability lies in Windows Shell, which is responsible for parsing the files and could lead to an attacker executing arbitrary code on a victim machine whenever the .lnk file is viewed with an application such as Windows Explorer. This attack vector can be exploited via USB drives, network shares or WebDAV. As of now, Microsoft has released only workarounds for this issue, a patch is not presently available. It has gone public with this information, as the vulnerability is presently being exploited by the Stuxnet worm. Learn More
 
TECH TALK (Demo Video)
Data Loss Prevention: Have You Covered All Your Bases?
Data Loss Prevention (DLP) is a top priority for organizations due to increasing internal threats from employee negligence or malicious intent. Organizations incur financial and legal liabilities when found in breach of popular data security mandates such as PCI-DSS, GLBA, and HIPAA. Most of these violations occur over the two major channels of communication, web and email. Sensitive data can be sent externally by email, webmail, social networks, blogs, or instant messaging. Have you covered all your bases with your DLP solution? Understand the requirements for a robust solution. Watch Video     Learn More
 
SECURITY INNOVATIONS
Social Engineering Tactics – Have You Been Victimized?
Client-side attacks generally require an element of social engineering. Attackers must convince a potential victim to open a file, visit a web page, etc. and once that goal is achieved, the malicious payload can then be deployed. Attackers are becoming increasingly sophisticated with the techniques that they employ to social engineer unsuspecting end users. Learn about the most common tactics to determine your potential exposure. Learn More
 
NEWS HIGHLIGHTS
Cloud Computing - Evaluating Security-as-a-Service
CIO Update
Over the past few years, more and more businesses have turned to software as a service (SaaS) to bring down costs. While all vendors argue the appeal of reduced costs, only a few vendors argue that their solutions are better offered as a service.
 
Hackers target Microsoft Windows XP support system
BBC News
Hi-tech criminals are "escalating" attacks on an unpatched bug in the Windows XP help and support system. Microsoft said it had seen more than 10,000 machines hit by the attack that. Windows PCs falling victim will have control of that machine handed over to attackers.
 
Zscaler Launches Industry-First Fully Integrated Email and Web Cloud Security Service
ZDNet
Zscaler, Inc., the market leader in cloud security, announced the worldwide availability of the industry's first fully integrated email and web security service. With the addition of email security to its existing web security portfolio, Zscaler now offers enterprises with the most comprehensive cloud-delivered service that protects against most Internet-based risks.
 
SECURITY PRACTITIONER'S COLUMN
API Group Secures Mobile Employees With Cloud Security
API is a leading manufacturer of specialized packaging materials with business units spread across the globe, including the United Kingdom, Continental Europe, USA and Asia Pacific. Patrick Kittle, Global Infrastructure Manager, determined that the legacy appliance based security solution was not scalable given an increasingly mobile workforce and prohibitively high cost of global traffic backhauling to two central gateways. Learn More
 
" we were spending time and money managing an on-premise proxy server with a URL filter plug-in and an antivirus plug-in. All three of these controls were bypassed by our remote workers."
- Patrick Kittle, Global Infrastructure Manager
 
EDUCATIONAL PANEL WEBCAST
Is Cloud Security Ready for Prime Time?
Webcast with key panelists from IDC and CSA
Date: July 27, 2010 at 10:00am PST(Live and Ondemand)
 
CSA   IDC
 
Join Chris Christiansen, VP of Security Products & Services, and Jim Reavis, Founder and Executive Director of the Cloud Security Alliance, as they debate the merits of hybrid versus cloud security Learn More
 
     
  If you or your colleagues would like to receive this newsletter, please sign up.
 
     
Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com.
Zscaler

Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe

No comments: