All Blogs

News and views from the leading voice in cloud security.


By: Rohit Hegde

JavaScript Malspam Campaigns

Multiple malicious JavaScript spam campaigns active in the wild

Malware | Spam

Introduction The Zscaler ThreatLabz team has observed multiple active malspam campaigns with links to malicious JavaScript payloads in the wild. These JavaScript files when opened by the end user will trigger download and execution of malware executables belonging to various Dropper and…
By: Anthony Gil

Ransomware starter kits? | This week in cybersecurity

Too busy working to keep up with cybersecurity news this week? Here’s a round-up of the top stories from the cyberscape.

Russian hacker creates starter pack ransomware service Researchers have discovered a new highly customized piece of ransomware dubbed Karmen that allows them to distribute it as a service to non-technical cyber criminals. With this new ransomware-as-a-service (RaaS), attackers can remotely…
By: Mike Ruiz

To inspect or to not inspect SSL: Why is this even a question?

Over half of the Internet today uses SSL (TLS) to encrypt traffic between your application and the server on the internet.  By the end of 2016, 80% of all traffic across Google properties was encrypted, and here at Zscaler, between…
By: Shivang Desai

Android Spyware SMSVova posing as system update on Play Store

Android Spyware SMSVova found on Google Play Store

Mobile Malware

In our ongoing effort to hunt malware, the Zscaler ThreatLabz team came across a highly suspicious app on the U.S. Google Play Store that has been downloaded between one and five million times since 2014. Upon analysis, we found it…
By: Sameer Patil

Increase in jRAT Campaigns

The Zscaler ThreatLabZ team has detected a rise in Java-based remote access Trojan variants  jRATs which give attackers a backdoor into a victim's system and can be capable of remotely taking control of the system once it's infected. Malware authors are using…
By: Chris Mannon

Microsoft Office 0-Day leveraged in spam campaigns

Exploit | Microsoft | Spam | Zero Day

A new spam campaign has been leveraging exploits for the Microsoft Office vulnerability CVE-2017-0199. Security industry repsonse to the vulnerability was rapid and several in-the-wild exploits have been detailed by various security companies. The timing of this attack was largely preempted by…
By: Anthony Gil

Amazon accounts hacked! | This week in cybersecurity

Too busy working to keep up with cybersecurity news this week? Here’s a round-up of the top stories from the cyberscape.

Amazon s Third-Party Sellers Hit by Hackers Hackers are targeting the growing population of third-party sellers on Amazon, using stolen credentials to post fake deals and steal cash. Hackers have gone into active seller accounts and changed the bank-deposit information…
By: Mathias Widler

How to choose a sandbox

Grab a shovel and start digging through the details

Businesses have become painfully aware that conventional approaches virus signature scanning and URL filtering are no longer sufficient in the fight against cyberthreats. This is in part because malware is constantly changing, generating new signatures with a frequency that far outpaces…

Learn more about Zscaler.
Join one of our webcasts.

Check how healthy is your Internet security with Security Preview, Zscaler's free security scan

How secure are you?

Check your security with our instant risk assessment, Security Preview. It’s free, confidential and safe. 85% of companies who run this test find vulnerabilities that require immediate attention.