| | | LEAD STORY OF THE MONTH | | High profile websites hijacked to lead to fake stores |
|  |
| Wednesday, January 12, 2011
Recently, a lot of high profile .EDU and .GOV were hijacked to redirect users to fake online stores. Google searches related to buying software ("buy windows 7 key", where to buy microsoft, "purchase microsoft word", "buy microsoft office", etc.) contain a long list of websites running on non-standard ports. These links redirected users to online stores which claimed to sell software at a discounted price. Some of the major sites that were hijacked included Harvard, Stanford, MIT & Fandango. Unlike the usual Blackhat spam SEO coming from the Google Hot Trends, this type of spam was targeted at multiple languages: English, French ("achat windows"), German ("Microsoft kaufen"), etc. Hijacked sites on non-standard ports are also used for other types of spam: US student visa, Viagra, etc. Once again spammers have managed to poison search results for popular searches. This specific spam was reported a month ago, but it still shows up in the first page of results for multiple searches Learn More  | | | | TECH TALK | | Security breach gives complete access to iPhone- iPhone and iPod Touch running iOS4 — and any iPad — could be exploited |  | | You may give the total control of your iPhone, iPod Touch or iPad to a hacker, simply by visiting a page and loading a simple PDF. The security bug affects all iOS4 devices and the iPad. The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required jailbreak solution for iOS 4 devices uses this same method to break Apple's own security. It just requires the user to visit a Web address using Safari and then the website can automatically load a simple PDF document, which contains a font that hides a special program. Without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod Touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions ... anything can be done. Learn More | | | | SECURITY INNOVATIONS | | Blackhat SEO numbers for December 2010 (Part I) Wednesday, January 5, 2011 |  | | Blackhat spam SEO was very prevalent in 2010 and it is not likely to disappear in 2011. Fake AV pages are still the most popular type of attack, accounting for 85% of all malicious sites. Next in line are fake software stores, with 6% of the sites. It looks like malicious Blackhat spam SEO will still be a major threat, if not the most significant threat to users in 2011. Learn More | | | | EDUCATIONAL RESOURCES | ZScaler Web Security Cloud for Small Business
Joseph Moran |  | | The Internet is an indispensable small business tool, but using it safely means guarding your small business against myriad online threats and ensuring that employees aren't putting the company at risk by using Web access in risky or inappropriate ways. Small Business Computing found ZScaler's SaaS- based Web Security Cloud for Small Business very promising for small business security, as it does not require deploying and managing security appliances and PC-based anti spyware/virus/firewall utilities. Zscaler's Web Security Cloud is relatively straightforward to set up, offers a high degree of protection, and enables small businesses to monitor and control virtually every aspect of employees' interaction with the Web. The service is available in five tiers, with basic Web URL filtering at the entry level, anti-virus and anti-spyware included at the midrange, and advanced features such as bandwidth management and data loss prevention (DLP) on tap at the high-end. Read More | | | | Is a $1 Smartphone App a Million Dollar Liability?
Are you doing enough to manage risk in the Web 2.0 world? | | Webcast: March 2 & 3, 2011 (3 sessions) |  The "consumerization" of IT has blurred the line between business and personal smartphones. Join experts from IDC and Zscaler as they discuss the challenges and solutions around mobile security More information | | | | RSA Conference 2011 |  Register here and use code EC11ZSC to get a FREE expo pass to RSA Conference 2011 in San Francisco Visit Zscaler at Booth#317 | | | | NEWS HIGHLIGHTS | | 2011 InfoSec Predictions from Zscaler Labs | | Lukenotricks Blog | | Zscaler Labs recently announced Security Predictions related to Flash mob, Niche malware ,Cloud-hosted botnets, Social networks and Information security market. | | | | Alexa's top one-million showcases malicious domain | | The Tech Herald | | Alexa's list of the top one-million domains on the Internet contains at least 150 sites linked to Rogue anti-Virus and other scams, researchers at Zscaler have found. While the domains are low on the list, they show just how much traffic criminals can generate to fund their activities. | | | | Malvertising - It's Not Just on Websites Anymore | | Network Security Edge | | Malvertising is a well-known technique, whereby attackers lease advertising space on popular websites in order to facilitate an attack. The ads are there to lure users to a malicious secondary site; sometimes it involves a browser-based vulnerability to deliver a malicious file. With rise in usage of mobile devices and smart phones, for business and personal purpose, malvertising in this area is also on the rise. | | | | SECURITY PRACTITIONER'S COLUMN | | Lanco adopts rich functionality and better administered IT security solution | | |  | | | | LANCO Group of companies is a diverse group specializing in numerous disciplines, including: heavy equipment manufacturing, sales and service, integrated technologies, and equipment distribution. It includes 16 operating companies located throughout the U.S., Canada and Central America. LANCO Group's legacy centralized URL filtering solution introduced latency and increased costs, and multiple point products were not a viable solution due to complexity of management. Lanco Group's Director of MIS, Jerry Wasowski, chose Zscaler to protect its corporate and mobile useres from range of security threats and have full visibility through Zscaler's real-time, consolidated reporting. Read Case | | | "Zscaler allows us to simplify IT administration, consolidate point products and reduce cost, while offering rich functionality and low latency."
- Director of MIS, Jerry Wasowski | | |
No comments:
Post a Comment