Search This Blog

Thursday, April 28, 2011

The Cloud Security Newsletter - April 2011 Edition

Trouble viewing this email? Read it online
The Cloud Security Newsletter
The most trusted source for security and IT professionals April 2011 Edition
 

         
 
LEAD STORY OF THE MONTH
Will Mobile Apps be the Achilles' Heel of Web Security?

Will Mobile Apps be the Achilles' Heel of Web Security?

As an end user, you've followed best practices to keep your access credentials safe. You've chosen a complex password; you change it regularly and never share it with anyone. Unfortunately, all of that effort goes out the window when you trust an app with your data, and that app doesn't store it securely. Successful web services such as Twitter, Dropbox, Evernote, etc. have willingly provided APIs to allow integration with third party technologies, including mobile apps. This greatly enhances the value of such services, but unfortunately, the services then entrust third parties to implement appropriate security controls so as not to expose confidential user data.
In this situation, if you're a JotNot user and someone gains access to your computer either locally or remotely, they now have access to web services where you store confidential data such as documents, photos, receipts, etc. They may also gain access to your email accounts. As a user, you really have no way of knowing which apps have incorporated appropriate security controls. Learn More 
 
TECH TALK
30 Days of Cycbot
"Cycbot," detected around August 2010, is a botnet that has not appeared much in the media, but appears to be making its rounds infecting hosts in greater numbers—especially within the last month by a beaconing pattern. Learn More 
 
SECURITY INNOVATIONS
Cloud-delivered Security Service Ensures Immediate and Transparent Protection for Client-Side Web-Based Threats
Enterprises often struggle with large patch cycles as remediating devices across locations and for mobile workers is a daunting challenge. As a SaaS provider, Zscaler deployed immediate protections against threats included in Microsoft's largest-ever patch cycle. Such protections apply to both end-user systems on the enterprise network and laptops out in the field. Learn More 
 
EDUCATIONAL RESOURCES
What Hackers Know that You Don't
Appliances vs. Cloud Security – Keynote from Forrester Research
Webcast: 3, 4, 5, May 2011 What  Hackers Know that You Don't
We all know that hackers are making billions of dollars annually by targeting business blind spots, but how many of us know our own blind spots, and how to protect against them?. Learn More 
 
NEWS HIGHLIGHTS
The Epsilon data breach affected millions - so what happens next?
The Techherald
Epsilon Interactive issued a statement four sentences long informing the public that a "subset" of client data was exposed due to unauthorized access to its email system and suffered a data breach. Learn More 
 
Google Fights 'Poisoned' Search Results
Security News Daily
In a frequent practice known as "SEO poisoning," online criminals tweak search results for popular topics so that sites containing malware rise to the top. Learn More 
 
Fake AV Site Uses Code as Well as Binary Randomization
Spamfighter
Security specialists say that a large number of contaminated websites exist that divert Web-surfers onto bogus security software schemes. Learn More 
 
SECURITY PRACTITIONER'S COLUMN
Web Security SaaS Helps Streamline Security for Health Care Provider
Web security SaaS helps streamline security for health care provider
The URL filtering product HCR ManorCare Inc. used in-house never worked right. It misapplied business rules and caused problems for users. At the suggestion of CentraComm, HCR ManorCare's security operations center, HCR began considering Zscaler's Web Security Software as a Service. HCR now forwards traffic from its corporate headquarters via a GRE tunnel to Zscaler, which applies rule sets. Thomas Vines, director of information security, estimates that Zscaler saved HCR more than $150,000 in hardware and software costs. Learn More 
"[Before Zscaler] we had never considered building a Web filtering system with four 9s. That was economically unrealistic for us. We depend heavily on Zscaler's capabilities to protect us from malware."
- Thomas Vines, director of information security, HCR
 
     
  If you or your colleagues would like to receive this newsletter, please sign up.
 
     
Copyright 2011 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com.
Zscaler

Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe


No comments: