Michael Sutton weighs in on WireLurker, “We keep waiting for mobile malware to eclipse traditional PC malware but it turns out that we're waiting for the wrong thing. We'll never see the drive by downloads and fast spreading device to device malware that we've become accustomed to in the Windows world, due to the differing architectures of Windows vs Mobile operating systems. That doesn't however mean that malware on mobile devices isn't a concern, it just means that malware is being forced to evolve and adapt to a more restrictive environment.”
Zscaler comments on WireLurker, noting “WireLurker takes advantage of Enterprise Provisioning to install apps on the device, but when doing so users must accept a provisioning profile before apps can be installed. If the device is jailbroken, WireLurker has greater flexibility and can fully control the device.”
Michael Sutton, VP of security research at Zscaler, said that what is unique about WireLurker is that it takes the approach of first infecting a Mac OS X device, and then monitoring for connected devices.
SWG vendors know that they can’t risk newcomers like FireEye encroaching much further. Trend Micro, Websense and Zscaler are three vendors that have built their own sandboxes. This post looks at Zscaler’s new sandbox technology.
Zscaler’s Michael Sutton weights in on the White House security breach, noting "The breach of a compromised White House computer reported this week is simply the latest in ongoing and continual attacks on government networks. While such breaches periodically hit the headlines thanks to 'unnamed sources', it's safe to assume that the general public only has visibility into the tip of the iceberg.”
Internet security providerZscaler has expanded itsTechnology Partner Program, announced in tandem with the release of the company’s Fall 2014 Internet security and compliance platform, which promises to provide new ways to protect end users from security risks.
Zscaler Fall 2014 offers Internet security, APT protection, data loss prevention, SSL decryption, traffic shaping, policy management, security assessment and threat intelligence - without the need for on-premises hardware, appliances or software.
Zscaler comments on a new, unpatched software vulnerability affecting almost all Windows machines, which is remarkably similar to a flaw used in recent cyberattacks on the Ukrainian government.
Cybersecurity monitoring groups and security experts said on Monday that people trying to useApple’s online data storage service, known as iCloud, were the target of a new attack that sought to steal users’ passwords and then spy on their activities.
“All signs point to the Chinese government’s involvement,” said Michael Sutton, vice president for threat research at Zscaler, a San Jose, Calif., security company. “Evidence suggests this attack originated in the core backbone of the Chinese Internet and would be hard to pull off if it was not done by a central authority like the Chinese government.”
Available now, Zscaler Fall 2014 includes breakthrough new capabilities for Advanced Persistent Threat (APT) protection, guest Wifi security, global administration, policy management and reporting and instant assessment of security risks.
Internet security vendor Zscaler has boosted its Technology Partner Program to expand sales of its security and compliance SaaS platform. The Technology Partner Program promotes a portfolio of complementary offerings aimed at boosting security while reducing total cost of ownership, the vendor said, and this is being enhanced alongside a refresh and update of Zscaler's own platform.
Zscaler is pushing past its SaaS-based Web filtering technology and extending its add-on services to include licenses for cloud-based antimalware, data loss prevention and secure Wi-Fi services. Partners say the San Jose, Calif.-based vendor has been a solid choice for companies that are ripping out legacy, on-premise secure Web gateways that primarily were used for URL filtering capabilities to gain end-user productivity improvements.
No single security technology or vendor can fully protect everyone against all of today’s rapidly evolving threats. Zscaler’s Technology Partner Program brings together an ecosystem of complementary solutions to help organizations implement the best security infrastructure with the lowest TCO.
Just when you thought the Shellshock vulnerability issue couldn't get any more complex, a "handful" of Yahoo's servers were apparently infected by malware at the start of the week. Zscaler weighs in.
Cybercriminals are already exploiting Shellshock through the most obvious attack vector: vulnerable web servers. On its blog, ZScaler has an overview of various such attacks seen in the wild.
In March, Zscaler identified an APT watering-hole campaign that used the website of a law firm that works with energy companies to plant the LightsOut exploit kit on its intended victims.
Zscaler weighs in on how the use of mobile devices in the enterprise has forced those in charge of maintaining the integrity of business networks to consider new security strategies and new tools. All the old assumptions about how to protect endpoints have been under challenge.
Security vendor Zscaler observed an attack shortly after the Bash vulnerability was reported last week and identified malware that was able to collect system information and perform denial of service attacks.
Zscaler has also issued warnings that it has spotted the bug in the wild, while the UK government has given the bug "the highest possible threat rating" via its cybersecurity response team.
According to Deepen Desai, Zscaler's director of security research, "the two malware payloads that were getting dropped had almost zero AV detection" when they were first spotted. But about 24 hours later, "the detection level is slightly better," with 23 out of 55 antivirus engines on VirusTotal now flagging the malware.
That said, we're in very much in the same boat having potentially millions of vulnerable machines, many of which will simply never be patched. Shellshock, like Heartbleed, will live on indefinitely."
The Zscaler research team said this morning that it had spotted attacks using the flaw “within hours of the public disclosure”. Hackers have been gaining access to machines using the hole and using it to install additional malware that then leaves them wide open to abuse.
Hackers are exploiting the Bash bug, codenamed Shellshock, to install malware on Nginx and Apache web servers, according to researchers from Zscaler. Director of security research for Zscaler Deepen Desai revealed the attacks in a blog post, claiming the firm spotted it after detecting one of the infected servers.
According to Zscaler’s research team, upon successful exploitation of the CVE-2014-6271 vulnerability, an attacker is able to download and install a malicious ELF binary on the target Linux system. The malware connects to a predetermined Command and Control server on a specific port and awaits further instructions from the attacker.
According to Michael Sutton, VP of security research with Zscaler, this particular `like harvesting' scam for the iPhone 6 is quite basic as it is a straightforward social engineering scam.
Michael Sutton, vice president of security research at Zscaler, said that as the iCloud leak of celebrity photos didn’t occur due to an attack on the iCloud infrastructure, but rather on individual accounts whereby account passwords were successfully brute forced or reset, this was not a timely or reactive addition.
"It's certainly a sign of the times when Mitre has determined that ten thousand entries simply won't suffice for a given year and has instead moved to a more flexible scheme which allows for an unlimited number of vulnerabilities to be tracked," says Michael Sutton, vice president of security research for Zscaler. "While this will require some relatively minor coding changes for applications that digest CVEs, the pain shouldn't be too great. Mitre has given vendors sufficient warning, providing a full year to make the necessary changes."
"By restricting logins to Salesforce only from corporate networks, Dyre would not be able to access a compromised account externally, although it could still make such a connection from a compromised PC within the enterprise," said Michael Sutton, vice-president of security research at Zscaler.
Researchers from security firm Zscaler reported that the hacker gang behind the notorious Gameover Zeus campaign has returned to action and is attempting to spread a less complex version of the original malware on 2 September.
Hackers are leveraging the Nuclear exploit to launch a fresh wave of attacks using compromised webpages on a number of popular websites, including Facebook, according to researchers at Zscaler.
"Whenever a story like this week's 'iCloud hack' hits the headlines, it's inevitably followed by an angry mob demonizing the cloud for reducing security. Let's be clear about one thing - this was not a 'cloud issue'. The breach that took place followed a very basic script that was in use by attackers long before 'cloud' was ever a buzz word. If we believe Apple, there was no compromise of the iCloud infrastructure, but instead, this was 'a very targeted attack on user names, passwords and security questions'.”
Zscaler VP of security research Michael Sutton said that US retailers like Home Depot and Target could provide their customers with more protection through the use of "chip and PIN", which is used in the UK.
The incident raises fresh questions about retailers’ slow adoption of “chip and PIN” technology, which makes cards more secure, said Michael Sutton, vice president of security research for San Jose, California-based cloud-computing company Zscaler Inc.
Jay Chaudhry, chief executive of Zscaler, said: “The world of IT security has undergone tremendous transformation, sparked by the consumerization of the enterprise, mobility, the adoption of cloud computing and the ever-increasing threat landscape.
Third party security experts told El Reg that Apple had yet to update its technology to address the security weakness in iCloud backups. Michael Sutton, VP of security research at cloud security firm Zscaler, explained: "Apple's two factor authentication (what they refer to as 'Two Step Verification') applies only to a specific set of tasks related to managing your Apple ID account and making purchases.
Director of security research for Zscaler Deepen Desai revealed the campaign in a blog post, reporting that the firm spotted the attack while examining a wave of spam messages being sent from the Cutwail botnet.
Following the iCloud hack and resulting leak of celebrity photos, experts say many enterprises 'don't have a clue' that corporate data could also be at risk
Michael Sutton, vice president of security research at San Jose, Calif.-based cloud security vendor Zscaler Inc., said that enterprise security teams must accept that the use of consumerized IT services is a reality, and that the cost savings and productivity boost provided by such services makes it nearly impossible to bar them from being used.
The latest breach appears to have followed the same pattern as previous breaches at Target, Nieman Marcus and P.F. Changs, said Michael Sutton, vice president of security research at security vendor ZScaler.
However Michal Sutton, VP security research at Zscaler, warned that this will not be the last we hear of Heartbleed. “With an impact the size of Heartbleed, we can be sure that vulnerable machines will be discovered for years to come.”
“Heartbleed represented an unprecedented challenge for the security community both in terms of impact and reach. The vulnerability is trivially easy to exploit, leaks critical information and impacted a huge portion of the Internet due to the ubiquity of OpenSSL usage. While a significant portion of affected machines were patched in the days following Heartbleed's initial disclosure, the rallying cry has since faded. With an impact the size of Heartbleed, we can be sure that vulnerable machines will be discovered for years to come.
Der Zscaler-Blog hat Google Play unter die Lupe genommen. Der Blogpost richtet sein Augenmerk auf Risiken und Nebenwirkungen für den Datenschutz, die der Nutzer beim Installieren einer App gleich mit herunterlädt. Dazu wurden 75.000 hinsichtlich ihrer Zugriffsrechte analysiert.
“In the cyber era of numerous state-sponsored targeted attacks with the motive of cyber espionage, surveillance, or sabotage, it is not very surprising that Nuclear Regulatory Commission (NRC) has been targeted multiple times,” added Deepen Desai, director of security research for San Jose, Calif.-based Zscaler ThreatLabZ, in an emailed statement.
"It is extremely concerning that these attacks involved a commonly used technique of spear-phishing,” Deepen Desai, director of security research for Zscaler, said in an email to SC. “The sensitive information of prime interest to some foreign states, makes it very important for organisations like NRC to not only continuously train their employees but also update their training content more frequently. It is also imperative for such organisations to adopt a stronger security policy."
16% des von Zscaler geblockten Malware-Traffics verbirgt sich in SSL-verschlüsseltem Datenverkehr. Man könnte jetzt fälschlicherweise davon ausgehen, dass sich hierbei um eher harmlose Varianten von Schadcode handelt. Leider ist genau das Gegenteil der Fall: ZeroAccess-Attacken, Bitcoin-Mining- und Kazy-Trojaner waren ebenso unter den aufgespürten Schädlingen, wie Black Holes, aktuelle Ransomware und Backdoors. Und alle wurden durch SSL-Traffic transportiert.
Sixty-eight percent of Android apps examined by security researchers required that the user grant permission to send SMS messages, according to Zscaler research. Of that 68 percent, 28 percent also were able to access SMS, putting them in a position to spy on mobile authentication methods.
The fact that the Supervalu breach occurred a month ago raises questions about why it took so long to hear about it, said Michael Sutton, vice president of security research at Zscaler Inc.
Michael Sutton, vice president of security research with Zscaler, picked up on Bunker's comments, noting that, whilst the new variants of newGOZ are currently a fraction of the size of their predecessor, the resurgence of the popular malware illustrates the temporary nature of botnet takedown efforts.
PGP encryption is a little tricky to use, but it might be worth it. "The beauty to a solution like this is the email providers themselves won't have access to the email," said Michael Sutton, vice president of security research at Zscaler. "So if the government came to Yahoo or Google with a court order to see someone's email, they would have to say, 'We can't do that.'" - See more at: http://www.ecommercetimes.com/story/80882.html#sthash.rinLXwrC.dpuf
Having a password stolen from a small website that holds little personally identifying information may not sound like a big deal, but the threat is when people use the same password for multiple websites, said Michael Sutton, vice president of security research at Zscaler.
IT-Sicherheitsfachmann Mathias Widler von Zscaler warnt vor den Gefahren unsicherer Internet-Verschlüsselung.Mit SSL* verschlüsselte E-Mails und Internetseiten sind keineswegs sicher, sagt Experte Mathias Widler von Zscaler**.
Cyberattacken: was wir bis jetzt gesehen haben, ist nur die Spitze des Eisbergs. Die des unverschlüsselten, offenen und gut einsehbaren Datenverkehrs. Doch es gibt noch die andere Seite: die verschlüsselte Seite — SSL. Sie wird in der Regel nicht gescannt und birgt jede Menge Risiken. SaaS-Scanner-Anbieters Zscaler plaudert aus dem täglichen Scan-Nähkästchen.
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge, according to Zscaler’s Michael Sutton.
With 420,000 sites infected, it will be impossible to work with all of the impacted companies and ensure that the vulnerabilities that led to the breaches are ultimately patched. Many will remain vulnerable for some time, if not indefinitely. The attackers crowd sourced the hacking, leveraging botnet infected computers to do the heavy lifting for them and identify sites vulnerable to SQL injection attacks.
“The attackers crowd sourced the hacking, leveraging botnet infected computers to do the heavy lifting for them and identify sites vulnerable to SQL injection attacks,” said Michael Sutton, vice president of security research at Zscaler.
"We tend to see higher infection rates in countries where pirated software is more common as software vendors often provide patches only to those customers with a valid license. It's often therefore not that users don't want to upgrade but are unable to and feel that's a reasonable trade off to get free software," explained Michael Sutton, the VP of Security Research for Zscaler.
Read-only mode on a USB device implemented via a physical switch would apply to the flash memory where data is stored, not the firmware, so no, such a switch would not prevent the BadUSB threat. While the researchers have yet to reveal the full details of the attack, it presumably requires physical access to the USB device, so any settings on the device could be overridden anyway.
"While a 'backdoor' has no universal definition, it is generally deemed to not only allow remote access to a machine but to also be hidden, bypass traditional security controls and be used for nefarious purposes. Given that Apple has at least at a high level, responded to Zdziarski's findings to detail the purpose of the diagnostic tools and they are accessed via documented processes, which require user consent (device pairing), I would not define the services as a backdoor."
Zscaler VP of security research, Michael Sutton, argued that Google should restrict Android apps from accessing SMS content. “[‘Read SMS’] is a high risk permission to grant as any app with these privileges can read all incoming SMS content as there is no way to restrict a given SMS message to a specific application,” he said.
Zscaler was recognized as one of CRN’s Emerging Vendors in security for 2014. The list identifies rising technology vendors introducing new, innovative products that are changing the technology landscape and creating numerous opportunities for channel partners in North America. —By Rick
According to a zScaler blog post, the current CNN for iPhone App, Version 2.30 (Build 4948), sends passwords in clear text. According to zScaler, which observed the behavior using its ZAP tool, a network traffic sniffer, the password is exposed when a user first creates their iReport account and during any subsequent logins to the application.
Het gaat dan om foto's, video's en tekst die aan een CNN-artikel worden toegevoegd. Om een iReport-account aan te maken moeten gebruikers een e-mailadres, gebruikersnaam en wachtwoord opgeven. Ook kunnen gebruikers hun echte naam en telefoonnummer invullen. Tijdens het inloggen op iReport worden de inloggegevens onversleuteld verstuurd, aldus onderzoekers van Zscaler. Volgens de onderzoekers is dit met name een probleem omdat er via de iReport-functie ook anoniem nieuwsberichten kunnen worden ingestuurd.
Zscaler weist ausdrücklich darauf hin, dass man sich im Gegensatz zu anderen, vergleichbaren Untersuchungen nicht darauf beschränkt habe, zu prüfen, ob eine App grundsätzlich bestimmte Funktionen ausführen könnte, sondern ob sie das auch tatsächlich tut. Dazu war allerdings ein Jailbreak der zu dem Test herangezogenen iPhones erforderlich – sonst hätten die Experten nicht den erforderlichen Einblick bekommen.
Zscaler comments on “kill switches” for Android and Windows phones, noting that “Kill switches are not a foolproof plan as thieves could still sell stolen devices for parts, but it does reduce the overall value of the device for the criminal.
Zscaler’s Michael Sutton comments on the DARPA contest designed to create self-defending networks, and notes that “While companies and academic researchers have created components of self-healing networks and biologically inspired digital immune systems, no one has succeeded in creating a fully automated system.”
SC Magazine reviews the Zscaler Internet security platform, noting “Zscaler is, in my view, a secure data center in the cloud. That is saying a lot, but Zscaler delivers and has been since 2008.”
This is another service that forces users through the cloud instead of direct access to the organization's internet portal. However, in this case it is not just a content delivery issue for a website with which we are concerned - outside-in access, so-to-speak. Rather it is outward-looking in that it is the organizations' employees, not its customers, who get the advantage. Zscaler is, in my view, a secure data center in the cloud. That is saying a lot, but Zscaler delivers and has been since 2008.
Zscaler’s CEO discusses alternatives to MPLS. “Is MPLS really dead? It’s not, but its peak is over," said Jay Chaudhry, founder and CEO of Zscaler, who estimated half of MPLS traffic will move to alternatives within five years.
Commenting on cyber espionage among nation-states, Sutton says the best thing organizations can do to protect themselves against foreign predators is to share information, despite the natural competitive instinct to keep things quiet.
Why it's a favorite: “As BAT operates in 186 countries, BAT’s gateways had evolved over time to consist of 40 different Internet gateways with products from various vendors. In response to the non-standard environment, BAT had a locked-down approach to Internet browsing. This created user dissatisfaction, which was aggravated by the high latency resulting from the need to VPN into the BAT infrastructure and the associated back-hauling of Internet traffic. With Zscaler, users can go direct to the internet without VPN-ing into the office infrastructure with user traffic being routed to the closest node in the Zscaler’s network. This provides a fast user experience with near zero traffic latency and has enabled BAT to provide methods to ‘protect’ BYOD.”
“We’ve never seen any quite like this,” said Michael Sutton, vice president of security research at Zscaler, a San Jose, California-based security firm. “Not only is a huge portion of the Internet impacted, but the damage that can be done, and with relative ease, is immense.”
Shift is the latest innovation from Jay and the folks at Zscaler. Patrick Foxhoven, VP and CTO of Emerging Technology at the company, said Shift represents a move to intelligent routing. While it offers many advantages, the real benefit of Shift for Foxhoven is that it allows Zscaler to offer its world-class security offering to a whole new class of organizations that perhaps couldn't have afforded it before. Shift is targeted and priced for midmarket and SMBs.
Michael Sutton, from security research firm Zscaler, said that hackers using legitimate websites to host malicious content was now the norm. "Social engineering attacks always involve an element of communication - the victim must be tricked into performing an action such as providing data, clicking on a link, downloading a file, et cetera. Attackers have learned that it's far easier to simply infect an already popular web property than to attempt communication with victims directly," he said.
The shift to cloud-centric deliver models is also driving the rapid emergence and the massively disruptive transition to Network as a Service (NaaS) platforms. Perhaps the best example of this is Zscaler, but there are numerous companies such as Cloudflare, Aryaka and Pertino positioning into the NaaS market. We recently caught up with Zscaler at the RSA security trade show.
The attack, which was active during late February according to researchers at Zscaler, follows a familiar pattern seen in many other such attacks. It began with the compromise of a law firm’s site at 39essex[.]com and when users hit the site, they were redirected to a third-party site, which hosted the exploit kit. When victims visited the second compromised site hosting the kit, it performed a number of diagnostic tests on the user’s browser to see what sort of exploits should be delivered.
Cloud security firm Zscaler, for example, is beta-testing a slimmed-down version, dubbed SHIFT, of its enterprise security offering, limiting the dashboard to a single page and aiming to get companies "up and running in 5 minutes or less."
Michael Sutton, vice president of security research for Zscaler, says the landscape for zero-day vulnerabilities has evolved significantly in recent years as software makers, Microsoft in particular, have gotten increasingly better about putting out patches, and organizations have become more adept at shortening the patch cycle. Instead, it's no longer the “low-hanging fruit” of simple vulnerabilities, Sutton says. “It's not getting worse so much in terms of sheer volume, it's the severity of the threats and the length of time they are taking to come to the surface to get to where a vendor can address them,” Sutton says.
A comprehensive approach to IT security includes prevention, detection and remediation. Most companies spend 90% of their security budget on prevention in the belief that they should focus on stopping or preventing attacks in the first place. From his position with the Zscaler ThreatLabz, Sutton can see that most companies are already infected to some degree. “Of course we want to protect and defend against attacks before they affect us if at all possible, but we absolutely can’t ignore the detection side or the remediation side,” says Sutton. “We know we’re going to get some infections and we need to limit that damage as quickly as possible and isolate the problem and do the appropriate remediation steps. Enterprises need to adopt that focus.”
Cloud security vendor Zscaler said it has created a joint product with communications services provider BT aimed at addressing mobile security risks. The BT Assure Threat Monitoring service will support real-time threat monitoring from the Zscaler Global Security Cloud. The joint products integrate Zscaler Web logs with BT’s service to provide monitoring, data analysis and regulatory compliance.
Well, the first day of RSA week is in the books and things are off to a rousing start. My day started early today as I was the moderator of a great panel at the Americas Growth Capital Conference. My panel was on Security Automation. Panel members were Jay Chaudry of Zscaler, Marty Roesch of Cisco/Sourcefire, John Summers of Akami, Marc Willebeek-LeMair of Click Security and Rajat Bhargava of JumpCloud.
Moderator Jay Chaudhry, CEO of vendor Zscaler, said that tactic needs to be modified to account for the distributed access demands of an organization that broadly uses cloud applications. He mentioned that one Zscaler customer with 150,000 employees in more than 100 countries suddenly realized its gateway strategy wasn't working when it implemented SaaS applications and backhauled its traffic to just four gateways, grinding activity to a halt.
While the Target theft and others like it may be the work of organized crime, Sutton explains, it's not necessarily the same group: “I think that we're seeing the tip of the iceberg here. Because yes, Target was the first and now we're starting to see other retailers, Neiman Marcus, Michael's have also stepped forward.
Advances Internet security with intelligent routing that automatically applies adaptive security and policy to dynamic Internet threats, enabling global protection and visibility in minutes through a cloud based service
Samsung’s Knox mobile security platform has bolstered its status as the emerging standard in mobile enterprise device security by inking a deal with Zscaler to integrate its technology with the software.
While larger companies have the ability to deploy DNS servers in their internal networks, cloud services have quickly begun offering much of the flexibility of internal configurations while delivering on a passel of security features as well, says Patrick Foxhoven, chief technology officer for cloud security firm Zscaler.
These security services aren’t the same as an on-premise firewall that watches the network from a physical appliance attached in your data center. But these products promise to protect you from malware, help you keep track of who signs into your network, monitor all your other cloud applications such as Salesforce and Google Docs, and more.
Zscaler specializes in providing a fully SaaS-based antivirus, vulnerability management and user activity control for Web, email and mobile devices. The company recently added suspicious file analysis capabilities to its cloud-based security platform to detect advanced threats. It also rolled out Zscaler for Office 365 deployments that it says will provide protection without impacting performance.
“Privacy is dead in the digital world that we live in,” said Michael Sutton, vice president of security research at San Jose, California-based Zscaler. “I tell people, unless you are comfortable putting that statement on a billboard in Times Square and having everyone see it, I would not share that information digitally.”
In a nutshell, Zscaler sees these two major trends – the evolution of advanced threats and the complexity of cloud and mobile environments – increasingly intersect. In particular, there are five areas (below) that information security practitioners should be considering as they take on challenges in the new year.
Michael Sutton, a cybersecurity analyst from Zscaler, noted that few of the other recommendations from the presidential advisory panel were adopted. "Those that were, ended up being watered down," Sutton says. "For example, rather than adding a permanent public advocate to the FISA court, he instead noted that 'significant cases' before the FISA court would also go to an independent panel for review."
I recently had a conversation with Michael Sutton, vice president of security research for Zscaler and head of Zscaler ThreatLabZ. We talked about where many organizations are falling short today in defending against current threats and especially the more dangerous advanced persistent threats. I’ve singled out six common shortcomings that Sutton sees among most companies today.
Zscaler senior researcher Michael Sutton says SMS Tracker, in essence, functions as spyware. While the vendor is promoting the apps usefulness to parents who want to monitor their kids' online activities, it could also be surreptitiously download to someone's device and used as a " very effective tool for spying."