“Zscaler had the best booth in terms of allowing attendees to relieve a bit of aggression. Taking a very literal approach to data destruction, Zscaler supplied an arsenal of destruction tools to eviscerate hard drives. With hammer in hand, attendees hacked away, splintering dated data to smithereens.”
“If you want to introduce cloud computing in your company, you need a clear strategy, which also takes account of network infrastructure, remote access and Internet security. Read about how "clouding" succeeds in practice.”
“The main hurdle with “cloudification” is that network infrastructure has to be taken into consideration as well as security to ensure consistent user experience, when accessing cloud-based apps. Teams can’t just strengthen the hardware they’ve already got at a few internet gateways.”
“Businesses need to be careful when selecting a technology supplier. A wrong choice could lead to a false sense of security, more chaos and disastrous consequences,” he warned.
I don’t think enterprise were particularly well prepared for [the cloud]. I think now there’s this rush to move everything into the cloud. But networking teams were ill prepared; it’s crushing their network because they have all this new internet traffic. Security teams are scrambling because now they have to secure data in locations they don’t own and control.
“I have witnessed Zscaler’s momentum from the outside and I am thrilled to be joining the Zscaler team. Zscaler foresaw the massive growth in cloud services years ago, and I am convinced that Zscaler is unique in its ability to secure this transformation from the corporate data center to the cloud," Canessa said.
Mr. Canessa said Illumio was a “great” company, but he felt Zscaler was a better fit given its momentum. Mr. Canessa’s hiring follows just weeks after the company announced technology industry veteran Charles H. Giancarlo would join its board.
Cloud security startup Zscaler on Friday hired Remo Canessa as chief financial officer, tapping a person who has helped lead two big tech IPOs in the past.
Ransomware has become a profitable business for the bad guys. We’re seeing numerous affiliate schemes where criminals are leasing ransomware infrastructure to other criminals and taking a percentage of the profits. This evidences the same service-based model we see in all industries. With this framework, the barriers to entry are lowered, and more criminals are turning to ransomware.
“All over the world, Zscaler has seen the emergence of demand for cloud security causing a major transformation in IT business security operations from both startups to multiple multi-billion dollar industries - and Australia and New Zealand is no exception,” said Zscaler country manager for A/NZ, Sean Kopelke.
Based on today's data on malware, which is transported to the company via SSL-encrypted data traffic and the resulting threat potential, companies are doing well to expand their security strategy by legally compliant SSL scanning. It is important for the works council to collect and deal with concerns about data protection.
Chris Hodson, EMEA CISO at Zscaler, plays devil's advocate and points out that “decrypting traffic has a significant time, performance and cost impact and in some areas is simply not possible because the necessary cryptographic keys aren't available
Zscaler: Another security solution gaining traction in our network is Zscaler. It's focus on next-generation firewalls, sandboxing, SSL inspection, and vulnerability management has made it the cloud-based internet security company to watch in our network.
Android users must be more vigilant today than ever before and only deploy apps from legitimate Google and Apple application stores. We have identified examples of malware on these sites but a fraction of the likelihood," he told CNBC via email.
“Majority of these enterprises are based in Indian metros like Mumbai, Delhi, Bangalore, Chennai but they have branch offices across tier-2 and tier-3 cities,” he says. We have traditionally been in the business around the security controls which is a dire need across all verticals including pharma, ITES, retail, and manufacturing as per him.”
"Generally, when you go to business meetings, it's not for political talk," he said. "But I had a few business meetings today and every meeting would start with, 'So, America, you're closing down? You're going to build a wall around yourself?' I'm not sure we're gaining much from this. But we have a lot to lose. Every country out there used to look at America as a role model," he said. "This goes against our fundamental values. Reagan went to Berlin and said, 'Mr. Gorbachev, tear down this wall!' Now we've come full circle."
“The spyware in this analysis was portraying itself as the Netflix app. Once installed, it displayed the icon found in the actual Netflix app on Google Play,” Zscaler’s Shivang Desai explained in a blog post. “As soon as the user clicks the spyware’s icon for the first time, nothing seems to happen and the icon disappears from the home screen. This is a common trick played by malware developers, making the user think the app may have been removed. But, behind the scenes, the malware has not been removed; instead it starts preparing its onslaught of attacks.”
"Android apps for Netflix are enormously popular [...] but the apps, with their many millions of users, have captured the attention of the bad actors who are exploiting the popularity of Netflix to spread malware," shared Shivang Desai, a researcher with Zscaler.
Watch out for the fake Netflix app, which could be spying on you — stealing your contacts, uninstalling apps and more. Zscaler came across this fake app, which turned out to be a new variant of SpyNote RAT (Remote Access Trojan). Read more.
“The spyware in this analysis was portraying itself as the Netflix app. Once installed, it displayed the icon found in the actual Netflix app on Google Play,” researchers explained, in an analysis. “As soon as the user clicks the spyware’s icon for the first time, nothing seems to happen and the icon disappears from the home screen. This is a common trick played by malware developers, making the user think the app may have been removed. But, behind the scenes, the malware has not been removed; instead it starts preparing its onslaught of attacks.”
“There were two interesting sub-classes found inside Main Activity: Receiver and Sender,” the blog said. “Receiver was involved in receiving commands from the Server and the main functionality of Sender was to send all the data collected to the C&C over Wi-Fi.”
“Deepen Desai, Zscaler’s senior director of security research and operations, told Threatpost Tuesday that while researchers haven’t seen this particular RAT variant being spammed in the wild yet, they did see it on one of their threat feeds.”
“Security is fundamentally moving away from the box-based approach," Mr. Chaudhry said. "It’s almost like moving from individual power generators in homes to power plants.”
Technical expertise in the protection of critical data and infrastructures must be accompanied by a Chief Information Security Officer (CISO), as well as leadership skills, in order to be responsible for the management strategies. Employee mobility, digital transformation, increasingly intelligent attack scenarios, and legal requirements on data protection must be brought into line with the protection strategy in order to successfully counteract opportunistic attacks as well as industrial pioneering.
“The DroidJack RAT is another example of a growing trend in which malware authors seek to exploit public interest as a way to spread malware. In this case, like others before, the event of a popular game release became an opportunity to trick unsuspecting users into downloading the RAT. As a reminder, it is always a good practice to download apps only from trusted app stores such as Google Play,” Zscaler concludes.
Zscaler researchers also reveal that the RAT is able to extract WhatsApp data from the infected devices. All of the gathered information is stored in a database and is then sent to the command and control (C&C) server.
They include the main sections of their suite -- Skype, Office, Xbox are all accessible -- but they don't have full integration. For example, clicking on Skype will just send you to you Skype and leave you there and clicking Office Trust Center will send you to the help page of the Office Trust Center," Harmer told SearchSecurity via email."While not ideal, this setup is better than nothing as it reminds you that you have different places to deal with privacy for each of the components.
Der Internet-Security-Spezialist Zscaler hat nun in seiner Security Cloud die Gefahrensituation untersucht, die von IoT-Geräten seiner Kunden ausgeht, deren Traffic durch die Zscaler-Cloud läuft. Die zweimonatige Analyse von August bis Oktober verfolgte darüber hinaus das Ziel herauszufinden, ob diese Geräte in die prominenten DDoS-Attacken dieser Monate involviert waren. Die Untersuchung konzentrierte sich vor allem auf die Faktoren Gerätetyp, genutzte Protokolle der Geräte, Lokation der Server mit denen kommuniziert wird und die Häufigkeit der In- und Outbound-Kommunikation.
Zscaler also reports about this modus, knowing that Android users are eagerly waiting for "Super Mario Run," the Trojan malware will attempt to present a fake web page promoting its release. Some details of the malware are cited in their report.
The malware targets all the financial apps on a users’ device. When they use them they are presented with a fake login screen that captures their details. In the Zscaler blog, Ghandi lists the finance apps the malware targets. It includes the Android apps from banks such as Société Générale, BNP Paribas, RBS, NatWest, Halifax, HSBC, TSB and Santander. All data gathered is sent back to a Command and Control (C&C) server where it is harvested and shared.
Due to the constantly evolving nature of the malware, Zscaler researchers have previously dubbed Marcher "the most prevalent threat to the Android devices" and the malware attacks all versions of Google's mobile operating system.
“Android Marcher has been around since 2013 and continues to actively target mobile user’s financial information," says Zscaler’s Viral Gandhi. "To avoid being a victim of such malware, it is always a good practice to download apps from trusted app stores such as Google Play. This can be enforced by unchecking the ‘Unknown Sources’ option under the ‘Security’ settings of your device.”
“While it may be the CIO’s responsibility to enact the requirements needed to achieve a secure environment, the CSO is ultimately responsible for enabling security," Harmer said. "CSOs must understand the requirements laid out by the CIO and are responsible for providing the most effective, easily integrated and cost-effective security solutions. Separation of CIO and CSO responsibility is fundamental and should be implemented by default.”
“Recently, ThreatlabZ came across a variant of Android Marcher Trojan disguised as the Super Mario Run app in one of our threat feeds,” the firm explained. “This malware scams users by presenting fake finance apps and credit card page in order to harvest banking details.”
Marcher is a sophisticated banking malware strain that targets a wide variety of banking and financial apps and credit cards by presenting fake overlay pages. Once the user's mobile device has been infected, the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details. Unsuspecting victims will provide the details that will be harvested and sent out to to the malware's command and control (C&C) server.
“Once the user's mobile device has been infected, the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details. Unsuspecting victims will provide the details that will be harvested and sent out to the malware's command and control (C&C) server" Zscaler says.