Thursday, October 28, 2010

The Cloud Security Newsletter - October 2010 Edition

The Cloud Security Newsletter
The most trusted source for security and IT professionals October 2010 Edition
 
         
 
LEAD STORY OF THE MONTH
Microsoft Tops Record (Again!): Largest Ever Patch Cycle
On October 12, Microsoft released its monthly security advisories which included 49 vulnerabilities of which 16 were web based, client side vulnerabilities These impact commonly used applications such as Internet Explorer, Word, Excel and Windows Media Player. In order to be effective, IT departments must continuously keep abreast of vulnerability announcements and ensure that that these applications are properly patched across all users in their organization. Not only does this consume significant amount of manpower, IT management must also ensure that they hire IT specialists within their department that are knowledgeable about security, or risk loopholes which may be costly if exploited. As a result, it makes sense to embrace security services where specialists ensure that the service addresses vulnerabilities in applications around the clock. Zscaler is a member of the Microsoft Active Protections Program (MAPP) which notifies security providers in advance of such monthly bulletins. As a result, a patch is in place as soon as the bulletin is publicly made available and customers are protected immediately without any action on their part. Security Advisory
 
TECH TALK
This Poor Girl Killed Herself
Did this news title get your attention? It certainly caught the attention of hundreds of Facebook users when this latest Clickjacking attack initially surfaced. Clickjacking is really starting to be embraced by attackers since Jeremiah Grossman and Robert Hansen first spoke about it at OWASP NYC AppSec 2008. One of the primary targets for Clickjacking has been Facebook and most notably their new 'Like' feature which now appears on over 2 million websites. Most of the 'Likejacking' attacks as they're commonly called actually occur on third party websites but leverage the 'Like' button to promote advertising scams. This specific attack however, was directly on Facebook – see if you have come across it Learn More
 
SECURITY INNOVATIONS
Security 101: Police Browser and Plugin Use for All Users
The most common type of malware scam seen in Blackhat spam SEO is the fake Anti-Virus. However, there are also other types of exploits from time to time that do not employ the usual social engineering tactics. One such example was uncovered where seven types of exploits were hosted on a single page and these exploited everyday applications such as PDF, Internet Explorer, and Quicktime. The malicious page tries the different exploits until one is successful. The only way to truly protect against an assortment of vulnerabilities such as these is to ensure that all browsers and plugins in an organization are continuously kept up-to-date. Given the expansive scope of this task, an additional layer of security which enforces browsers and plugins is essential. Learn More
 
EDUCATIONAL RESOURCES
Online Fireside Chat with Peter Firstbrook of Lead Analyst Firm Gartner
iPad+ Facebook + Blended Threats = IT NIGHTMARE
Date: Nov 16 & 18, 2010 (3 convenient times)
Gartner Logo Join Peter Firstbrook of Lead Analyst Firm Gartner to understand how growing use of iPads and Facebook in your business environment has opened new dangerous backdoors. Traditional security controls such as Anti-Virus software or URL filtering are crippled in combating blended threats. Learn about a new security paradigm in this untethered world. Register
Peter Firstbrook, Gartner
 
NEWS HIGHLIGHTS
WiFi printers create security concerns
ABC News KGO-TV San Francisco, CA
WiFi enabled printers and scanners make it convenient to print from across the room or across the country. But it can leave your system open to snoops.
 
Black Hat SEO
Threatpost
This Google TechTalk features Julien Sobrier of Zscaler discussing the tactics and techniques that spam gangs use in constructing their black hat SEO campaigns
 
Halloween tricks: spammers are ready
Zscaler Blog
Several university websites, including byu.edu and bowdoin.edu, have been used to host spam about Halloween costumes. If accessed from Google, the spam pages redirect to buycostumes.com.
 
SECURITY PRACTITIONER'S COLUMN
HDFC Combats Changing Threatscape with Cloud Security

Founded in 1977, HDFC Ltd. is India's largest home mortgage company with over 3 million customers. It has headquarters in Mumbai, India and operates branches all over the world. HDFC's legacy centralized solution for URL filtering and Anti-Virus was difficult to maintain as it required significant investments in terms of time, manpower and technology. Arivazhagan, Senior General Manager of IT, investigated cloud security as a cost effective alternative to uniformly protect all users against newer web based threats across a geographically dispersed organization. Learn More
 
"Advanced security technology, mobile user protection, and the ease of administration by not having to deploy and manage appliances were among the most compelling reasons we selected Zscaler."
- Arivazhagan, Senior General Manager of IT
 
 
     
  If you or your colleagues would like to receive this newsletter, please sign up.
 
     
Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com.
Zscaler

Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe

No comments:

Post a Comment