Wednesday, May 19, 2010

The Cloud Security Newsletter - May 2010 Edition

The Cloud Security Newsletter
The most trusted source for security and IT professionals May 2010 Edition

         
 
LEAD STORY OF THE MONTH
State of the Web Q1 2010

Natural Disasters, Floods, Earthquake

The first quarter of 2010 saw a number of significant events including earthquakes in Chile and Haiti. Apple announced the iPad and Toyota took responsibility for a massive recall. Attackers on the other hand, were busy taking advantage of all of the events leveraging search engine optimization attacks to lure unsuspecting victims to malicious sites attacking web browser vulnerabilities or serving up fake anti-virus software that now accounts for the majority of content on the web. Botnet activity remained strong and the Eleanore exploit kit was also the source of 5% of all browser exploits that were encountered. That said, enterprises are finally starting to phase out Internet Explorer 6 and it lost 7.5% market share this past quarter. Learn More
 
TECH TALK
Poisoned Search Results: No Situation Too Tragic To Exploit.
Case in point – the recent floods in Tennessee. An analysis of the top search results related to this disaster revealed that the tenth link was malicious. Clicking on it redirected users to a different domain and prompted them to download a harmful executable. Once installed, the computer will be compromised. Sadly, there is no situation too tragic to exploit. View Demo
 
SECURITY INNOVATIONS
Fake Anti-virus: A Growing Threat
Google announced that fake anti-virus (AV) pages represent 60% of the malware discovered on domains that include popular search terms. Even more alarming is the fact that attackers are becoming adept at having their links displayed as the first result for very popular searches. Despite the growing awareness, such threats usually go undetected by traditional security tools. As a result, organizations are wasting valuable resources on remediation. Learn More
 
NEWS HIGHLIGHTS
Apache.org hit by targeted XSS attack
The open-source Apache Software Foundation recently suffered a cross-site scripting (XSS) attack against its infrastructure that resulted in users' passwords being compromised.
 
Porn-viewing SEC staff bypassed blocking, filtering systems
What policies and technologies were in place to curb this sort of behavior, and how did so many employees get around them so often?
 
Companies Look To Managed Services To Close Security Gaps
Small and midsize businesses look to outsourcing as threats become more complex
 
2010 Trend Watch
Evolving mobile technologies, adapting malware and a new breed of attackers are all trends that enterprises should be paying attention to.
 
SECURITY PRACTITIONER'S COLUMN
Crutchfield Evaluates Web Security Solutions
Protection of corporate assets from Web-based threats is critical for business continuity at Crutchfield Corporation, a leading internet retailer of consumer electronics. Paul Fitzsimmons, senior manager of IT systems, oversees the organization's IT infrastructure which consists of multiple gateways and a growing mobile user base. After evaluating a number of security solutions, he concluded that cloud-delivered security was the only effective solution to protect against more advanced exploits.  Learn More
  Crutchfield
"Today we only spend one fifth of our time on web security as compared to our legacy product."
- Paul Fitzsimmons
 
EDUCATIONAL WEBCASTS
Hidden Dangers Behind Your Favorite Search Engine
Live Webcast with Keynote by Gartner's Peter Firstbrook
Date: May 26, 2010 (3 convenient times)
Join Peter Firstbrook of lead analyst firm Gartner to understand the growing risks associated with using search engines such as Google, Bing and Yahoo. Live demos will illustrate how trusted internet resources are compromised to infect your computers. Register Now
 
     
If you or your colleagues would like to receive this newsletter, please sign up.
 
Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | info@zscaler.com.
Zscaler

Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests http://cp20.com/Tracking/t.fo?Ak1J--KCN-7KXAo5

No comments:

Post a Comment