The Cloud Security Newsletter |
The most trusted source for security and IT professionals | May 2010 Edition |
| | | | | | | LEAD STORY OF THE MONTH | State of the Web Q1 2010 |
| |
| The first quarter of 2010 saw a number of significant events including earthquakes in Chile and Haiti. Apple announced the iPad and Toyota took responsibility for a massive recall. Attackers on the other hand, were busy taking advantage of all of the events leveraging search engine optimization attacks to lure unsuspecting victims to malicious sites attacking web browser vulnerabilities or serving up fake anti-virus software that now accounts for the majority of content on the web. Botnet activity remained strong and the Eleanore exploit kit was also the source of 5% of all browser exploits that were encountered. That said, enterprises are finally starting to phase out Internet Explorer 6 and it lost 7.5% market share this past quarter. Learn More | | TECH TALK | Poisoned Search Results: No Situation Too Tragic To Exploit. | Case in point the recent floods in Tennessee. An analysis of the top search results related to this disaster revealed that the tenth link was malicious. Clicking on it redirected users to a different domain and prompted them to download a harmful executable. Once installed, the computer will be compromised. Sadly, there is no situation too tragic to exploit. View Demo | | SECURITY INNOVATIONS | Fake Anti-virus: A Growing Threat | Google announced that fake anti-virus (AV) pages represent 60% of the malware discovered on domains that include popular search terms. Even more alarming is the fact that attackers are becoming adept at having their links displayed as the first result for very popular searches. Despite the growing awareness, such threats usually go undetected by traditional security tools. As a result, organizations are wasting valuable resources on remediation. Learn More | | | NEWS HIGHLIGHTS | Apache.org hit by targeted XSS attack | The open-source Apache Software Foundation recently suffered a cross-site scripting (XSS) attack against its infrastructure that resulted in users' passwords being compromised. | | Porn-viewing SEC staff bypassed blocking, filtering systems | What policies and technologies were in place to curb this sort of behavior, and how did so many employees get around them so often? | | Companies Look To Managed Services To Close Security Gaps | Small and midsize businesses look to outsourcing as threats become more complex | | 2010 Trend Watch | Evolving mobile technologies, adapting malware and a new breed of attackers are all trends that enterprises should be paying attention to. | | SECURITY PRACTITIONER'S COLUMN | Crutchfield Evaluates Web Security Solutions | Protection of corporate assets from Web-based threats is critical for business continuity at Crutchfield Corporation, a leading internet retailer of consumer electronics. Paul Fitzsimmons, senior manager of IT systems, oversees the organization's IT infrastructure which consists of multiple gateways and a growing mobile user base. After evaluating a number of security solutions, he concluded that cloud-delivered security was the only effective solution to protect against more advanced exploits. Learn More | | | "Today we only spend one fifth of our time on web security as compared to our legacy product." | - Paul Fitzsimmons | | | EDUCATIONAL WEBCASTS | Hidden Dangers Behind Your Favorite Search Engine | Live Webcast with Keynote by Gartner's Peter Firstbrook | Date: May 26, 2010 (3 convenient times) | | Join Peter Firstbrook of lead analyst firm Gartner to understand the growing risks associated with using search engines such as Google, Bing and Yahoo. Live demos will illustrate how trusted internet resources are compromised to infect your computers. Register Now | | | | | | If you or your colleagues would like to receive this newsletter, please sign up.
| | Copyright 2010 Zscaler, Inc. 392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | info@zscaler.com. | | | |
|
Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests http://cp20.com/Tracking/t.fo?Ak1J--KCN-7KXAo5
No comments:
Post a Comment