Search This Blog

Thursday, August 26, 2010

The Cloud Security Newsletter - August 2010 Edition

The Cloud Security Newsletter
The most trusted source for security and IT professionals August 2010 Edition
 

         
 
LEAD STORY OF THE MONTH
RESEARCH REPORT: State of the Web Q2 2010

State of the Web Q2 2010

During the second quarter of 2010, attackers once again took advantage of opportunities just as quickly as they emerged. These opportunities included both the emergence of new vulnerabilities in popular technologies as well as current events that drew the attention of millions around the globe. They were quick to leverage the biggest news stories of the quarter, including the World Cup and release of the iPad. 'Likejacking' and Twitter follower scams continued to rise. Analysis of web traffic revealed that China has surged to a #2 ranking, up from #5 in Q1, when looking at countries hosting the most malicious sites. The State of the Web report details the enterprise threat landscape and the variety of web based issues plaguing internet users.. Learn More
 
TECH TALK
34 Microsoft Vulnerabilities – Are You Protected?
On Aug 10, Microsoft released one of its largest monthly patch cycles to date, covering a total of 34 vulnerabilities in 14 advisories including commonly used products such as Silverlight and Internet Explorer. Such patch cycles create a daunting task for enterprises, which must quickly deploy patches to individual systems before exploits emerge, allowing attackers to compromise machines. This challenge is made even more difficult for companies with a mobile workforce where laptop computers may not be online at any given time to permit patches to be pushed to road warriors. In contrast, a cloud delivered security service is able to offer immediate and transparent protection to all users. Learn More
 
SECURITY INNOVATIONS
Blackhat SEO Victimizing Your Users?
FREE Security Tool Available
Attackers are abusing SEO in order to ensure that malicious websites are included within the top search results. They target popular search terms and given the resources at their disposal, the attackers are extremely effective injecting malicious results. The pages injected include malicious content that will target and infect PCs using a variety of techniques such as delivering fake antivirus, Flash/Java upgrades, codecs, etc. Unfortunately, search engines are having limited success in blocking such attacks and anti-virus vendors are failing at deploying signatures to detect the malicious binaries included in the attacks due to the rate at which they change. The new security tool will prevent Blackhat SEO attacks by masking the source of requests to malicious pages, ensuring that the attacks are never delivered. Learn More
 
NEWS HIGHLIGHTS
Hackers Infiltrate Red Cross Website – Again
eSecurity Planet
A new malware scam targeted the Red Cross of Serbia – the second time in five months that hackers have zeroed in on one of the international humanitarian organization's public websites.
 
Old and Insecure, IE6 Still Popular in the Enterprise
Threatpost
the Old Blue Lady of the Web is still a force among enterprise users and that IE6, the notoriously security plagued version, is the browser of choice for one in five employees.
 
Security Vendors In The Cloud
CRN
Channelweb editors look at why the cloud is so important for security vendors today, and call out examples of creative approaches to the cloud.
 
Zscaler Offers Secure Web Gateway as a Service
eWeek
For a look at Zscaler's service in action, check out the gallery by eWeek and read review.
 
CSA Sets Industry Standard with New User Certification
Marketwire
The Cloud Security Alliance today unveiled the industry's first user certification program for secure cloud computing.
 
SECURITY PRACTITIONER'S COLUMN
Ulster-Greene ARC Implements Bi-directional Threat Protection
Ulster-Greene ARC is a non-profit agency that offers a full array of services from birth through adulthood to people who have autism and other developmental and intellectual disabilities. Bart Louwagie, Director of IT, deemed the legacy URL filtering solution ineffective in light of the dynamic nature of Web 2.0. In addition, protection of Personal Health Information (PHI) was a growing concern due to compliance mandates such as HIPAA. Learn More
 
"We had blocked a lot of websites because we feared the chance that they may contain rogue elements like botnets, even if the website was legitimate."
- Bart Louwagie, Director of IT
 
EDUCATIONAL RESOURCES
 
Key Differentiators of a Best-of-breed Security Solution
View Video
 
Live Webinar: SaaS Web Security
Date: August 31, 2010 at 11 AM PST / 1 PM EST
Register Now
 
Other On-demand Webcasts
View Webcast
 
     
  If you or your colleagues would like to receive this newsletter, please sign up.
 
     
Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com.
Zscaler

Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe

No comments: