Research Blog

News and views from the leading voice in cloud security.

By: Derek Gooley

Top Exploit Kit Activity Roundup - Fall 2016

Exploit Kit

Overview This is the third in a series of blogs reviewing the activity of the current top exploit kits. Exploit Kits (EKs) are rapidly deployable software packages designed to leverage vulnerabilities in web browsers as a way to deliver a…
By: Ed Miles

CNACOM - Open Source Exploitation via Strategic Web Compromise


Introduction Since a full proof of concept for CVE-2016-0189 vulnerability was published on GitHub, Zscaler ThreatLabZ has been closely tracking its proliferation. The first copying of the exploit code we spotted was from the Sundown exploit kit (EK), followed closely by…
By: Atinderpal Singh

A look at recent Stampado ransomware variant

Self-propagates and encrypts files already encrypted by other ransomware


Introduction Stampado is one of the many new ransomware strains we have seen in 2016. Stampado was first seen in the wild in July 2016, as one of the cheapest pieces of ransomware available on the underground forums.   Figure 1…
By: Deepen Desai

IoT devices in the enterprise

A look at the enterprise IoT device footprint and IoT traffic analysis

Analysis | Compromise

In the months prior to the recent attacks, which used Internet of things (IoT) devices to carry out massive distributed-denial-of-service (DDoS) attacks, the ThreatLabZ research team had begun studying the use of IoT devices on the networks of Zscaler customers.…
By: Viral Gandhi

Are mobile apps a leaky tap in the enterprise?

Mobile Privacy Trends

In almost every enterprise, mobile and cloud represent a large and growing proportion of overall traffic. While they offer many advantages in productivity, they also bring about new challenges for organizations trying to simplify their infrastructures while maintaining critical security…
By: Sameer Patil

Threat Campaigns during the U.S. Election

U.S. presidential elections are among the most followed political events in the world. Many U.S. policies, as they apply to foreign affairs, are dependent upon the outcome of the race as well as the political party that holds the majority…
By: Shivang Desai

Android malware targeting South Korean mobile users

Mobile Banking Trojan


In a recent cycle of malware hunting, ThreatLabZ came across a malicious Android application specifically targeting South Korea. There have been a few attempts in the past to target South Korea, in which malicious apps were either trying to pose as bank apps or as…
By: Dhanalakshmi

Compromised Websites Delivering Tech Support Scams and Credit Card Hijacks

Tech Support Scams and Magento Credit Card Hijacking

Compromise | Scam

Introduction   Tech support scams and credit card hijacking attacks are not new. These types of cyber-fraud have been seen in the wild as supported extensions for Internet Explorer, Firefox, and Chrome; they become distributed through various monetization platforms during…

Learn more about Zscaler.
Join one of our webcasts.

How secure are you?

Check your security with our instant risk assessment, Security Preview. It’s free, confidential and safe. 85% of companies who run this test find vulnerabilities that require immediate attention.