| The Cloud Security Newsletter |
| The most trusted source for security and IT professionals | October 2010 Edition |
| |
| | | | | | | | | | LEAD STORY OF THE MONTH | | Microsoft Tops Record (Again!): Largest Ever Patch Cycle | |  | | On October 12, Microsoft released its monthly security advisories which included 49 vulnerabilities of which 16 were web based, client side vulnerabilities These impact commonly used applications such as Internet Explorer, Word, Excel and Windows Media Player. In order to be effective, IT departments must continuously keep abreast of vulnerability announcements and ensure that that these applications are properly patched across all users in their organization. Not only does this consume significant amount of manpower, IT management must also ensure that they hire IT specialists within their department that are knowledgeable about security, or risk loopholes which may be costly if exploited. As a result, it makes sense to embrace security services where specialists ensure that the service addresses vulnerabilities in applications around the clock. Zscaler is a member of the Microsoft Active Protections Program (MAPP) which notifies security providers in advance of such monthly bulletins. As a result, a patch is in place as soon as the bulletin is publicly made available and customers are protected immediately without any action on their part. Security Advisory  | | | | TECH TALK | | This Poor Girl Killed Herself | | Did this news title get your attention? It certainly caught the attention of hundreds of Facebook users when this latest Clickjacking attack initially surfaced. Clickjacking is really starting to be embraced by attackers since Jeremiah Grossman and Robert Hansen first spoke about it at OWASP NYC AppSec 2008. One of the primary targets for Clickjacking has been Facebook and most notably their new 'Like' feature which now appears on over 2 million websites. Most of the 'Likejacking' attacks as they're commonly called actually occur on third party websites but leverage the 'Like' button to promote advertising scams. This specific attack however, was directly on Facebook – see if you have come across it Learn More | | | | SECURITY INNOVATIONS | | Security 101: Police Browser and Plugin Use for All Users | | The most common type of malware scam seen in Blackhat spam SEO is the fake Anti-Virus. However, there are also other types of exploits from time to time that do not employ the usual social engineering tactics. One such example was uncovered where seven types of exploits were hosted on a single page and these exploited everyday applications such as PDF, Internet Explorer, and Quicktime. The malicious page tries the different exploits until one is successful. The only way to truly protect against an assortment of vulnerabilities such as these is to ensure that all browsers and plugins in an organization are continuously kept up-to-date. Given the expansive scope of this task, an additional layer of security which enforces browsers and plugins is essential. Learn More | | | | EDUCATIONAL RESOURCES | | Online Fireside Chat with Peter Firstbrook of Lead Analyst Firm Gartner | iPad+ Facebook + Blended Threats = IT NIGHTMARE
Date: Nov 16 & 18, 2010 (3 convenient times) | |  | Join Peter Firstbrook of Lead Analyst Firm Gartner to understand how growing use of iPads and Facebook in your business environment has opened new dangerous backdoors. Traditional security controls such as Anti-Virus software or URL filtering are crippled in combating blended threats. Learn about a new security paradigm in this untethered world. Register |  | | | | | NEWS HIGHLIGHTS | | WiFi printers create security concerns | | ABC News KGO-TV San Francisco, CA | | WiFi enabled printers and scanners make it convenient to print from across the room or across the country. But it can leave your system open to snoops. | | | | Black Hat SEO | | Threatpost | | This Google TechTalk features Julien Sobrier of Zscaler discussing the tactics and techniques that spam gangs use in constructing their black hat SEO campaigns | | | | Halloween tricks: spammers are ready | | Zscaler Blog | | Several university websites, including byu.edu and bowdoin.edu, have been used to host spam about Halloween costumes. If accessed from Google, the spam pages redirect to buycostumes.com. | | | | SECURITY PRACTITIONER'S COLUMN | | HDFC Combats Changing Threatscape with Cloud Security | | 
Founded in 1977, HDFC Ltd. is India's largest home mortgage company with over 3 million customers. It has headquarters in Mumbai, India and operates branches all over the world. HDFC's legacy centralized solution for URL filtering and Anti-Virus was difficult to maintain as it required significant investments in terms of time, manpower and technology. Arivazhagan, Senior General Manager of IT, investigated cloud security as a cost effective alternative to uniformly protect all users against newer web based threats across a geographically dispersed organization. Learn More | | | | "Advanced security technology, mobile user protection, and the ease of administration by not having to deploy and manage appliances were among the most compelling reasons we selected Zscaler." | | - Arivazhagan, Senior General Manager of IT | | | | | | | | | | | | If you or your colleagues would like to receive this newsletter, please sign up.
| | | | | | Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com. |  | | |
 |
Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe 
No comments:
Post a Comment