Thursday, January 27, 2011

The Cloud Security Newsletter - January 2011 Edition

The Cloud Security Newsletter
The most trusted source for security and IT professionals January 2011 Edition
 

         
 
LEAD STORY OF THE MONTH
High profile websites hijacked to lead to fake stores

High profile websites hijacked to  lead to fake stores

Wednesday, January 12, 2011
Recently, a lot of high profile .EDU and .GOV were hijacked to redirect users to fake online stores. Google searches related to buying software ("buy windows 7 key", where to buy microsoft, "purchase microsoft word", "buy microsoft office", etc.) contain a long list of websites running on non-standard ports. These links redirected users to online stores which claimed to sell software at a discounted price. Some of the major sites that were hijacked included Harvard, Stanford, MIT & Fandango. Unlike the usual Blackhat spam SEO coming from the Google Hot Trends, this type of spam was targeted at multiple languages: English, French ("achat windows"), German ("Microsoft kaufen"), etc. Hijacked sites on non-standard ports are also used for other types of spam: US student visa, Viagra, etc.  Once again spammers have managed to poison search results for popular searches. This specific spam was reported a month ago, but it still shows up in the first page of results for multiple searches Learn More
 
TECH TALK
Security breach gives complete access to iPhone- iPhone and iPod Touch running iOS4 — and any iPad — could be exploited
IPhone
You may give the total control of your iPhone, iPod Touch or iPad to a hacker, simply by visiting a page and loading a simple PDF.  The security bug affects all iOS4 devices and the iPad. The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required jailbreak solution for iOS 4 devices uses this same method to break Apple's own security. It just requires the user to visit a Web address using Safari and then the website can automatically load a simple PDF document, which contains a font that hides a special program. Without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod Touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions ... anything can be done. Learn More
 
SECURITY INNOVATIONS
Blackhat SEO numbers for December 2010 (Part I) Wednesday, January 5, 2011
Most Dangerous Searches
Blackhat spam SEO was very prevalent in 2010 and it is not likely to disappear in 2011. Fake AV pages are still the most popular type of attack, accounting for 85% of all malicious sites. Next in line are fake software stores, with 6% of the sites. It looks like malicious Blackhat spam SEO will still be a major threat, if not the most significant threat to users in 2011. Learn More
 
EDUCATIONAL RESOURCES
ZScaler Web Security Cloud for Small Business
Joseph Moran 
Small Business Computing.com
The Internet is an indispensable small business tool, but using it safely means guarding your small business against myriad online threats and ensuring that employees aren't putting the company at risk by using Web access in risky or inappropriate ways. Small Business Computing found ZScaler's SaaS- based Web Security Cloud for Small Business very promising for small business security, as it does not require deploying and managing security appliances and PC-based anti spyware/virus/firewall utilities. Zscaler's Web Security Cloud is relatively straightforward to set up, offers a high degree of protection, and enables small businesses to monitor and control virtually every aspect of employees' interaction with the Web. The service is available in five tiers, with basic Web URL filtering at the entry level, anti-virus and anti-spyware included at the midrange, and advanced features such as bandwidth management and data loss prevention (DLP) on tap at the high-end. Read More
 
Is a $1 Smartphone App a Million Dollar Liability?
Are you doing enough to manage risk in the Web 2.0 world?
Webcast: March 2 & 3, 2011 (3 sessions)
IDC LogoThe "consumerization" of IT has blurred the line between business and personal smartphones. Join experts from IDC and Zscaler as they discuss the challenges and solutions around mobile security More information
 
RSA Conference 2011
RSARegister here and use code EC11ZSC to get a FREE expo pass to RSA Conference 2011 in San Francisco Visit Zscaler at Booth#317
 
NEWS HIGHLIGHTS
2011 InfoSec Predictions from Zscaler Labs
Lukenotricks Blog
Zscaler Labs recently announced Security Predictions related to Flash mob, Niche malware ,Cloud-hosted botnets, Social networks and Information security market.
 
Alexa's top one-million showcases malicious domain
The Tech Herald
Alexa's list of the top one-million domains on the Internet contains at least 150 sites linked to Rogue anti-Virus and other scams, researchers at Zscaler have found. While the domains are low on the list, they show just how much traffic criminals can generate to fund their activities.
 
Malvertising - It's Not Just on Websites Anymore
Network Security Edge
Malvertising is a well-known technique, whereby attackers lease advertising space on popular websites in order to facilitate an attack. The ads are there to lure users to a malicious secondary site; sometimes it involves a browser-based vulnerability to deliver a malicious file. With rise in usage of mobile devices and smart phones, for business and personal purpose, malvertising in this area is also on the rise.
 
SECURITY PRACTITIONER'S COLUMN
Lanco adopts rich functionality and better administered IT security solution
 
MI-JACK Products
 
LANCO Group of companies is a diverse group specializing in numerous disciplines, including: heavy equipment manufacturing, sales and service, integrated technologies, and equipment distribution. It includes 16 operating companies located throughout the U.S., Canada and Central America. LANCO Group's legacy centralized URL filtering solution introduced latency and increased costs, and multiple point products were not a viable solution due to complexity of management. Lanco Group's Director of MIS, Jerry Wasowski, chose Zscaler to protect its corporate and mobile useres from range of security threats and have full visibility through Zscaler's real-time, consolidated reporting. Read Case
 
"Zscaler allows us to simplify IT administration, consolidate point products and reduce cost, while offering rich functionality and low latency."
- Director of MIS, Jerry Wasowski
 
     
  If you or your colleagues would like to receive this newsletter, please sign up.
 
     
Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com.
Zscaler

Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe

No comments:

Post a Comment