Search This Blog

Thursday, September 23, 2010

The Cloud Security Newsletter - September 2010 Edition

The Cloud Security Newsletter
The most trusted source for security and IT professionals September 2010 Edition
 

         
 
LEAD STORY OF THE MONTH
Corporate Espionage for Dummies: HP Scanners

HP Scanner

With over $1B in printer sales in Q3 2010 alone, and with many of those devices being all-in-one printers, running across an HP scanner in the enterprise is certainly very common. What many enterprises do not realize, is that their scanners may by default allow anyone on the LAN to remotely connect to the scanner and if a document was left behind, scan and retrieve it using nothing more than a web browser. Ever left a confidential document on the scanner and sprinted back to retrieve it when you realized? Thought so. Want to know if your office LAN has any wide open HP scanners running? Run a simple Perl script to determine if there are any devices on the local network running HP web servers. Get Test Script
 
TECH TALK
Spammers Turn to Pay-Per-Install Model for Extra Cash
Traditionally, "hacking" was viewed as a form of art by many where the primary motivation was bragging rights. Today, organized cyber crime syndicates are using money as the main incentive. Recent research uncovered one specific example of a post that offers a revenue share model referred to as Pay-Per-Install (PPI). In this case, those engaging in this particular campaign stand to make between $500 and $800 per 1000 installs. Initially, the malicious executable was only detected by 8 out of 43 Anti-Virus (AV) vendors. As newer threats emerge, traditional AV is less effective and more dynamic security solutions are necessary. Learn More
 
SECURITY INNOVATIONS
Critical Microsoft and Adobe Vulnerabilities (Patch Unavailable)
On Sept 14, Microsoft released its monthly security advisories which included three web based, client side vulnerabilities. These impact commonly used tools such as WordPad and MPEG-4 codec. In addition, a new critical zero-day vulnerability (CVE-2010-2883) in Adobe Reader and Acrobat was announced on September 8. There is no patch currently available and there are reports of exploits in the wild. The increasing frequency of patch cycles are creating large maintenance burdens for organizations. As a result, many are seriously investigating cloud based security alternatives where the onus of maintenance lies with the service provider. Zscaler deployed immediate updates to its service cloud upon the announcement of the vulnerabilities, instantly protecting customers. Vulnerability Details
 
EDUCATIONAL RESOURCES
Ambushed by Facebook and Twitter?
Live Webcast with Keynote by Forrester's Chenxi Wang
Date: Oct 5 & 7, 2010 (3 convenient times)

Forrester Logo Join Chenxi Wang of Forrester to understand how hackers are using your trust web resources such as Google, Facebook, and Twitter to compromise your employees. Social media security should be on everyone's agenda. Traditional security controls such as Anti-Virus software or URL filtering are crippled in combating these new threats. Register
Chenxi Wang - Forrester
 
NEWS HIGHLIGHTS
Google working to kill nearly 3 million malicious search results
The Tech Herald
Zscaler researcher Julien Sobrier recently sounded the alarm on nearly three million pages indexed by Google that were serving Malware. Hours after Sobrier's blog post, Google now seems to have finally started cleaning house.
 
Attackers re-create an entire Facebook site for phishing
Zscaler Blog
Most phishing sites consist of one login page with perhaps a few additional pages. However, I recently stumbled upon a Facebook phishing site which cloned all the facebook pages: About, Developers, Adverting, Sign up, etc. and even in all of the 64 languages the original site offers!
 
Seeking Clarity in the Cloud's Security Haze
E-Commerce Times
Security concerns continue to be among the main forces preventing businesses from furthering their investments in cloud computing. That's one of the reasons behind the Open Security Foundation's new Cloutage project.
 
SECURITY PRACTITIONER'S COLUMN
Heritage-Crystal Clean Goes Green With Security
Crystal Clean Logo Heritage-Crystal Clean, Inc., headquartered in Elgin, Illinois, is a publicly-held environmental services company with a focus on automotive repair, commercial and industrial marketplaces. As the company continued to grow, the centralized URL filtering solution became highly inefficient in securing the 60 internet gateways as it introduced re-routing latency and traffic backhauling consumed expensive bandwidth. Matt Fields, IT Operations Supervisor, investigates cloud based security as a "greener" alternative which could also be extended to protect the organization's growing mobile workforce.. Learn More
 
"Seamless integration, agent-less implementation, and service performance were key "
- Matt Fields, IT Operations Supervisor
 
 
     
  If you or your colleagues would like to receive this newsletter, please sign up.
 
     
Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com.
Zscaler

Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe

No comments: