News

“There are the countries who actively fund organised groups. But there is also state-aware hacking where governments know it's going on but, potentially for their own benefit, there is a plausible deniability. However the targets of some of these cases are key. If you look at motive, there was a lot of scandal around Russian doping before the Olympics and then around a month or two later there was a large data breach of the doping association,” says Chris Hodson, from cyber security company Zscaler.

In addition to tracking keystrokes, iSpy can steal passwords, take screenshots, monitor webcams and clipboards, said Zscaler researcher Atinderpal Singh in a blog. The malware is delivered through spam email with a malicious JavaScript or document attached.

"iSpy keylogger contains advanced keylogger functionality to steal information, monitor the target user's system activity via screenshots, and act as a surveillance system for criminals by capturing video through an infected system's webcam,” says Deepen Desai, director of security research at Zscaler.

“By its very nature, hacking and online crime is complex and difficult to track, making attribution a tricky area for authorities. Even more so, when it comes to organized, financially-motivated criminal syndicates. The real challenge for courts and nation states is how they catch and prosecute the organized criminal syndicates that consistently cause economic loss and political havoc.”

"Boards are holding CISOs accountable,” Michael Sutton, CISO with cloud-security vendor Zscaler, recently told CSO Australia. “That's a positive thing because the role of the CISO is getting elevated — but not every CISO will survive that transition. The back-office technologist who doesn't know how to deal with the business side, is never going to survive.”

“Often the demographics of an individual like [Guccifer] are male, young, highly intelligent. And the fact that they are getting recognition for their success continues to fuel them,” Sutton said.

Chris Hodson, EMEA CISO at Zscaler, told SCMagazineUK.com that in the case of Gugi, social engineering is coming via a spam SMS message. "Security professionals have a duty of care to educate users. SMS messages from an unknown number should always be treated with caution," he said.

Wir empfehlen daher einen ganzheitlichen Ansatz, dessen Sicherheitsmodule intelligent zusammenspielen. Wichtig ist, dass alle Daten in Echtzeit korreliert und automatisch auf Schadcode-Muster analysiert werden. Dazu zählen nicht nur die innerhalb des Unternehmensnetzes generierten Daten, sondern auch die mobiler Nutzer, der IoT-Geräte und aller Zweigstellen

Seit Anfang August beobachten die Analysten des Threatlabz Teams von Zscaler eine neue Welle an Aktivität des Android Marcher Trojaners - seit 2013 ein alter Bekannter - der nun mit einer neuen Masche auf Bankinformationen argloser Anwender abzielt. Frühere Marcher-Varianten wurden als gefälschte Apps über den Amazon oder Google Play Store verbreitet.

Das haben wir bei bösartigen Android-Applikationspaketen in letzter Zeit öfter beobachtet, dass sie Scareware-Taktiken verwenden und der User per Pop-up einen Hinweis erhält, sein Gerät sei infiziert. Das angebliche Update verspricht dann eine Säuberung des Geräts.

A site page serving the malware attempts to scare potential marks by showing that the device is vulnerable to viruses, inviting them to install a "fake" update to prevent future data theft. The tactic represents a change of tack by cybercrooks behind the scam, who previously spread the nasty through Amazon and Google Play store apps, cloud security firm Zscaler reports.

Zscaler has labelled Marcher "the most prevalent threat to the Android devices" due to the constantly evolving nature of the malware. The best way for Android users to avoid falling victim to Marcher is to only download applications from trusted application stores such as Google Play, and not downloading anything from unknown sources.

While it may seem easier to simply blanket ban any live coverage during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events. In turn, this could result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for alternative means to stream events.

[Companies] are getting that advice from law enforcement. They have gone on record saying you are better off paying. The thing is if we did the basics, we wouldn’t be in that situation in the first place.

“En este tipo de eventos, es común también acceder a sitios de venta de boletos falsos u ofertas de boletos gratuitos. Y este tipo de acciones pueden llevarse a cabo desde los equipos de cómputo de la empresa o desde un dispositivo personal que utiliza la red empresarial. Por ello, Zscaler aconseja que las organizaciones se aseguren de identificar los sitios de phishing y detectar scripts en páginas web que podrían ser maliciosas.”

While the business and security implications around the Games should not be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. Defence in depth is of the utmost importance and businesses need to be extra vigilant when it comes to advanced security threats this August.

Protection and productivity should be at the forefront for business leaders across the world in the run up to the Games. In the last few years we’ve seen cybercriminals using spam emails and scam websites mirroring legitimate sites to entice users to click on, and download malicious files. This year’s events host similar risks and we should expect similar techniques from those trying to exploit users.

Although this threat is targeted toward end users rather than organizations, if it is a corporate issued mobile device then it may cause financial loss to the organization as well,” said Deepen Desai, director of security research at Zscaler.

In speaking with SCMagazine.com, Amit Sinha, CTO and EVP of engineering and cloud operations at Zscaler, said the flaw is a ‘major vulnerability’ affecting all Mac users. ‘Any application that is installed on the Mac App Store has full access’ to the persistent cookies stored unencrypted in Safari's cookie store.

“Cloud is not a trend. That’s for sure. It’s here to stay. Companies want to have control over their security but they don’t want to be in the business of managing owning, maintaining boxes,” Sutton said.

“As with most attacks, user awareness plays a huge part. The malware in question was not digitally signed. A vigilant user could have picked this up although it is more realistic to expect the organization to block the running of unsigned executables,” Zscaler EMEA CISO, Chris Hodson said.

Zscaler has found ransomware on the South African Gymnastics Federation and suggests it is a sign of things to come as interest in the Olympics heats up and sports fans search for live streams, tickets and other information. "As we get closer to the event, we expect to see a rise in threats and scams leveraging Olympics topics to target a large number of victims," it said.

Security researchers at Zscaler ThreatLabZ reckon the miscreants behind Sundown have accelerated the evolution of what started out as a fairly rudimentary exploit kit since the beginning of 2016. The crooks behind Sundown used stolen code from the rival RIG exploit kit for a short time before subsequently knitting together their own code, security researchers at cloud security firm Zscaler ThreatLabZ report.

For me curiosity is one of the more important characteristics to nurture for innovation. In my experience it’s important to encourage that sense of curiosity in each and every team member through the open sharing of new ideas. Nothing is ever a bad idea, it might get shot down quickly if it doesn’t meet the requirements but you can’t encourage innovation without an open flow of ideas.

Ransomware authors are changing their methods according to their target. It’s no longer the stray individual that is under attack, but corporate PCs, mobile devices and even servers. Why lock and/or pilfer a person’s files worth hundreds when corporate data is infinitely more valuable?

Chris Hodson comments on the discovery of a new CCTV botnet. He asserts that IoT botnets are increasing because IoT-enabled devices are everywhere and the security development lifecycle for IoT devices is often expedited or bypassed due to strict deadlines around time to market or the cost of the hardware.

In the case of CCTV, price-point is also imperative. Manufacturers are looking for hardware components which are affordable and increase profit margins. Cheap, lightweight components in IoT devices often lack the capability to provide fundamental security services, such as encryption, as its hardware simply cannot support it. How many anti-malware products have been released for our IoT devices? Very few, if any.

  The lack of technical skills in-house restricts the freedom in which organizations can customize and manage their own security infrastructures. Instead, they have no choice but to look externally for assistance from consultants and managed service providers.

Recently the attack vector is focusing more on the user side. Now the attackers are leveraging Office Documents with social engineering tactics. What will happen is if you open a malicious document that contains an embedded macro, you will see a security warning from Microsoft Office that says this document contains a macro. Basically it’s preventing you from getting infected. What hackers are now doing is they are saying that this content is protecting and if you want to view this content you will have to enable the macros.

Le ransomware est une menace qui se propage très rapidement sur les réseaux et sa spécificité est le chiffrement. C’est pourquoi l’analyse et la régulation des certificats SSL doivent faire partie de la stratégie sécuritaire de l’entreprise. Aujourd’hui, 25% du trafic internet utilise le protocole SSL et la plupart des entreprises ont confiance en ce protocole de sécurité et préfèrent allouer leurs ressources à l’analyse du trafic non chiffré. Cela équivaut à fermer sa maison avec une porte blindée mais laisser la fenêtre du salon ouverte.

Die integrierte Security Plattform von Zscaler liefert ganzheitlichen Schutz und beste Performance dank Advanced Threat Protection, Bandbreitenmanagement, Remote Access, Next Generation Firewall und Web Security. Dieser Ansatz geht wesentlich weiter und schützt damit alle User, Branch Offices und die Unternehmenszentrale völlig ohne den Einsatz von Hardware am Perimeter.

Symantec may have not made the best call in terms of its choice in Blue Coat. Blue Coat lies in the web gateway security space with several faster-growing, smaller competitors like Zscaler, CipherCloud, Skyhigh and Cloudlock.

Scott Robertson, vice-president, Asia Pacific and Japan, Zscaler, has a different view. "While Symantec’s intent to buy Blue Coat validates the need for secure web gateway solutions, it does not align with where the market is going because it is essentially just a consolidation of the old paradigm – legacy appliances and on-premise software. With a distributed mobile workforce moving data and applications to the cloud, neither endpoints nor appliances are enough to keep enterprises secure today. The only viable way forward is a purpose-built cloud security platform to eliminate the need to buy, deploy and manage security appliances.

Für letzteren hat Blue Coat im November 2015 den Spezialanbieter Elastica für 280 Millionen Dollar übernommen. Durch die Integration von dessen Cloud Application Security Broker (CASB) wollte der Spezialist für Unternehmenssicherheit das Portfolio vor allem für Cloud-Szenarien erweitern. Er reagierte damit offensichtlich auf den Druck durch Firmen wie Zscaler, die die Absicherung diverser und komplexer Cloud-Nutzungszenarien besser beherrechen und in den Vordergrund stellen.

The researchers noticed that a recent wave of malicious Microsoft Word documents were evading automatic analysis by using anti-virtual machine and anti-sandboxing techniques. Securityresearchers tend to use VMs or other types of sandboxes to protect their systems when analyzing files or malware code.

Macro malware became almost extinct after Microsoft disabled VBA macros by default in Office applications,’ several years ago, says Deepen Desai, director of research at security vendor Zscaler. However, with modern attacks increasingly targeting end users and endpoint systems, there has been a steady resurgence in the use of macro malware, Desai told Dark Reading.

This week, security firm Zscaler published a report on Android malware that's disguised as the official Sberbank mobile banking app. […] The app demonstrates one way that hackers have been tricking banking customers into revealing their access credentials, thus allowing attackers to drain their accounts.

Zscaler is a high-growth technology company which is focused on bringing cloud computing to internet security. It protects more than 15 million users at more than 5,000 of the world’s leading enterprises and government organizations worldwide against cyber-attacks and data breaches, while staying fully compliant with corporate and regulatory policies.

“In order to offer security as a service ZScaler has built its own cloud hosted in data centres around the world – two are in Australia. As Sutton explains; “You always access everything through the internet…now you go through us to get there. The security challenge is that the security model of old is broken – it looked for bad things.” But, he said that there were gaps in visibility of bad things because of the uptake of public cloud, BYOD and mobile devices.

Charles Milton, Director of EMEA channels at Zscaler, flags up a couple of trends that are impacting on the footprint of the company’s cloud security application: “There is obviously increased mobility and cloud apps. From our point-of-view a lot of projects are driven by the adoption of major corporate cloud apps, leading to people transforming networking and the way they do business, and therefore their perception of security – things like Office 365, salesforce.com.

In April, security researchers at Zscaler came across malware that targets a specific bank and steals user credentials. This infostealer Trojan seems to be Spanish in origin, and so far has targeted users in the U.S. and Mexico.

Zscaler offers several different products on its platform that are all focused on cloud security. The Cloud Firewall product handles aggregate traffic at over 100 million sessions per second and provides native SSL inspection. One of the strengths of Zscaler's offerings is that it inspects every byte of traffic, so it should be easier to see and control the applications that are in use in the organization.

 new malware strain has been uncovered that steals information through phishing and by imitating bank webpages. According to Zscaler researchers, it tracks for certain URLs—including those for Mexico’s second largest bank, Banamex—in order to intercept the websites and replace them with proxies.

Dans son nouvel article de blog, l’équipe de recherche en sécurité de Zscaler a détecté une activité importante dans le cloud liée à un malware voleur d’information « infostealer » se déguisant en mise à jour de Google Chrome. Ce malware est capable de récupérer l’historique des appels, les données SMS, l’historique de navigation ainsi que les informations bancaires, pour les envoyer à un serveur C&C. Il est, par ailleurs, à même de détecter les antivirus installés et de les neutraliser pour éviter d’être repéré.

London-based communication service provider BT is plugging access points from security vendor Zscaler into its global network for better application performance over secure Internet connections. Zscaler's access points will act as a series of traffic checkpoints between businesses and the public Internet to identify and block potential threats, according to BT. The new service, Assure Managed Cloud with Zscaler, will provide real-time protection by scanning and filtering all network traffic, including SSL-encrypted sessions, the provider said.

A fake malicious Chrome update is being actively pushed onto Android users, saddling them with information-stealing malware that can be uninstalled only by restoring the device to factory settings – and losing data in the process. “Once installed, this infostealer cannot be removed from the phone as the malware does not allow the user to deactivate it’s administrative access. The only option to remove this malware is a factory reset which leads to further data loss,” Zscaler researchers have discovered.

Dès lors, Zscaler se propose de « découpler les applications du réseau physique pour offrir un accès granulaire, par utilisateur, aux applications et services sur le réseau interne, dans le centre de calcul, ou dans un cloud public ». Il s’agit en fait de mettre en place un tunnel, via l’infrastructure Cloud du prestataire de service, entre le poste client et l’actif du système d’information auquel il cherche à accéder, le tout sans connexion directe. Ce tunnel est chiffré et évite, accessoirement, d’exposer ouvertement une adresse IP ou un serveur dédié sur Internet.

Auf eine neue Android-Malware, die Bankdaten und andere private Daten stiehlt, hat jetzt Zscaler hingewiesen. Die Schadsoftware tarnt sich als Update für den Browser Chrome und wird nicht von einer einheitlichen, sondern einer ganzen Reihe unterschiedlicher URLs gehostet, die mit Namensbestandteilen wie “android-update” oder zumindest “goog” einen offiziellen Eindruck erwecken sollen. Sie sind jeweils nur kurz aktiv und werden dann, um eine URL-basierte Erkennung zu verhindern, gewechselt.

ZScaler points out that established anti-viruses, such as ESET, Kaspersky and Avast are vulnerable to the attack and stop working as soon as the admin rights are provided to the malicious software. After the malware takes out your anti-virus program, the info-thief starts its work. The fake Chrome will track the full list of calls and texts and forward the list to a command-and-control server. 

Zscaler researcher Viral Gandhi said in a blog post that the malware's author uses domain squatting on several URLs that mimic those of a Google Android update in order to trick users and spread the Infostealer. He added the fake URLs are very short lived being, regularly replaced with newer ones to serve the malware and effectively evade URL based filtering.

Zscaler notes that the malware is powerful enough and can be used to compromise privacy of Android device users and leak critical information like credit card information which, can in turn, lead to cases of financial banking fraud.

“We are seeing many new URLs dropping this malware actively in the wild. Such infection of the victim’s device leads to critical information leakage like credit card details, SMS and call logs – which can further lead to financial banking fraud,” Zscaler said. “Once installed, this Infostealer cannot be removed from the phone as the malware does not allow the user to deactivate its administrative access. The only option to remove this malware is a factory reset, which leads to further data loss.”

The research team at technology company Zscaler has unearthed new Android Infostealer malware which is capable of harvesting call logs, SMS data, browser history and banking information and sending them to a remote command and control server. What’s more, the firm says the malware, which disguises itself as a Google Chrome update, also has the ability to go unseen by checking for well-known installed anti-virus applications such as Kaspersky, ESET and Avast and terminating them.

Zscaler is warning Android users about a fake Google Chrome update that installs malware onto their devices. The malware steals information including browser data, banking details, call logs and SMS data which is then sent to a remote server.

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.” He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.” Syndicated in Yahoo Tech 

BT annonce aujourd’hui la connexion directe de son réseau mondial aux points d’accès Zscaler afin de permettre à ses clients de bénéficier d’une plus faible latence et d’optimiser à la fois les performances des applications et celles des interconnexions Internet sécurisées. Cette amélioration des interconnexions réduit la nécessité de déplacer le trafic sur de grandes distances pour accéder aux points d’accès sécurisés de Zscaler.

Die Remote-Verbindung eines Anwenders zu einer Applikation erfolge dabei aufgrund granularer Richtlinien, die durch den Cloud-basierten Ansatz über eine zentrale Administrationsoberfläche leicht einzurichten und zu verwalten seien. Zscaler Private Access komme damit ohne jegliche Hardware wie VPN-Konzentratoren oder Load Balancer aus und gehe deshalb mit geringem Administrations- und Implementierungsaufwand einher.

Zscaler, spécialiste de la sécurité internet, annonce sous l’appellation Zscaler Private Access, un nouveau service grâce auquel les entreprises peuvent autoriser l’accès à leurs applications et services internes sans compromettre la sécurité de leur réseau.

Zscaler stellt den Clouddienst 'Zscaler Private Access' vor. Dieser ermöglicht es Firmen, Mitarbeitern und Zulieferern granularen und gezielten Zugriff auf einzelne Applikationen und Services zu gewähren, ohne die Sicherheit der Unternehmensdaten zu gefährden. Dabei spielt es keine Rolle, ob die Anwendungen lokal oder in der Cloud laufen.

Zscaler Private Access takes a new approach by decoupling applications from the physical network to deliver granular, per-user access to apps and services running on the internal corporate network, in a data center or in a public cloud. The service is based on Zscaler’s existing global cloud, so there is no requirement for additional hardware or forklift upgrades of existing hardware. Customers are already using this technology in the wild, and they seem pretty happy: MAN Diesel & Turbo ‘is always looking for the state of the art in security technology and have been searching for an alternative to our global VPN solution,’ said Tony Fergusson, IT Infrastructure Architect for MAN Diesel & Turbo. ‘In general, legacy VPN technology is extremely complex, doesn't scale well and, most importantly, lacks application-centric security. Traditional VPNs extend the network perimeter to any user that connects, which is a security risk. Zscaler Private Access allows me to give users access to a single application and not to my entire network. This granular application control is also perfect for the growing demand of contractors and partner access.’”

Intended as an alternative to traditional VPNs that are difficult to set up and maintain, Zscaler Private Access routes traffic via secure tunnels through a global network of data centers based on which of those data centers will provide the lowest network latency, says Denzil Wessels, senior director of product management for emerging technologies at Zscaler. As part of that process, a Zscaler policy engine ensures that the traffic moving through those tunnels is limited to the applications that any given user has permission to access.

Cloud security provider Zscaler today announced the introduction of Zscaler Private Access, a new service that enables organizations to provide access to internal applications and services while ensuring the security of their networks.

But several other cyber security companies have put their IPOs on hold for months already. They include Bit 9 + Carbon Black, Veracode and Zscaler, according to venture capitalists.

Businesses need to employ sandboxing technology and dynamic data analysis in order to counter-act aggressive corporate ransomware attempts. In the coming months, we will continue to see ransomware become increasingly corporate focused, and as it does, enterprises won’t get away with paying consumer prices. Hackers will narrow their attacks to target enterprise servers and in doing so, will demand much, much more. The criminals behind ransomware campaigns are savvy and now that they’re realising that they can lock up enterprise source code and important financial documents, they know they’re in for a big payday.

Wanting to allow mobile workers to work remotely, another commercial company, Zscaler, noting the move to cloud services in Web 2.0, decided to introduce a cloud-based security service; company CISO Michael Sutton explained that although “SSL by default is great for privacy, it is terrible for the enterprise.”

"Besides being able to quickly pivot their network infrastructure and delivery techniques, and being able to generate randomized payloads to avoid signature-based blocks, they also use tactics like code-signing certificates to give their installers an extra air of legitimacy," Desai said. "We were able to identify them with the Zscaler Behavioral Analysis Engine, which allowed us to evaluate the threats on the basis of what they will actually do on a user's machine versus how they're coded."

Zscaler, San Jose, Calif., Cloud Security Platform

The tech hub's venture capitalists were investing so much money in startups worth at least a billion dollars that a baby one-horned horse was born every four days. They often had cute, if difficult to interpret, names, like Twilio, Sprinklr and Zscaler.

According to Microsoft Technet's official site, this service can support firewalls and proxies like Blue Coat, Cisco, Fortigate, Zscaler, Palo Alto, Check Point, McAfee Secure Web Gateway, and many more.

Zscaler’s route to market has been through large service providers. It has relationships with companies such as Verizon, BT, Orange Business Services, AT&T, along with many other regional service provider relationships and value-added, nimble resellers who are delivering mobility and digital solutions to the enterprise market, [Scott Robertson] said. In Australia, it has relationships with companies like Telstra, Optus and The Missing Link.

Training starts with feeding it firewall and proxy system logs from vendors like Blue Coat, Cisco, Zscaler, Palo Alto, Juniper Networks and others

Zscaler       Logiciel       1       0,138       Juillet 2015       Etats-Unis

The campaign sends users a .zip archive that contains malicious JavaScript that downloads and executes the Locky payload, according to researchers at Zscaler who also witnessed a surge of infections over the last three weeks and published their findings Tuesday. According to Deepen Desai and Dhanalakshmi PK, the researchers who penned the blog post, the ransomware has evolved into one of the most active and lucrative malware strains they’ve seen in the past three years.

Zscaler warned that the Locky ransomware family is still going strong and that it has blocked 75 unique and new payloads that was targeting its customers. They warned that the ransomware authors have migrated from infecting Microsoft Word documents to now delivering the malicious content through zip attachment files in spam emails. 

On the list of 174 unicorns compiled by Fortune, SMB software companies are few in number: Stripe, Zenefits, DocuSign, CloudFlare, Zscaler and Powa are among them.

TPG Growth, the middle market growth equity platform of TPG, has partnered with companies such as Airbnb, Domo, Uber and Zscaler and recently led the incubation and launch of STX Entertainment.

The current valuation of Zscaler is $1 billion, which was founded in 2007 by Jay Chaudhry. The startup provides automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing for more than 6,000 corporate, government and military organizations and more than 15 million paying users.

Zscaler has uncovered new instances of the Android Marcher Trojan being hidden as a flash player for watching pornography on Android devices – by prompting users to update their flash player through the Google Play Store an deceiving users into filling in their payment details, the proprietors are exploiting goodness knows how many hapless porn-watchers.

Zscaler is quickly becoming one of the most popular cloud security vendors around. The company's Zscaler platform uses a SaaS model to protect organizations from threats coming to or from the Internet, as well as public and hybrid clouds.

Security firm Zscaler is warning about a new variant of the Android Marcher Trojan that is using Adobe Flash and adult content sites as a way to trick users into becoming infected and giving up financial information. Many different vulnerabilities show up in Adobe Flash—in fact, Adobe just released fixes to address 23 of the latest security flaws this week. 

Any action that leads to the opening of Google Play store app will trigger the fake payment screen to appear, it said. “This is a new tactic for Marcher where the malware authors are pushing a redirect link to the official Google Play store and the X-Video app,” Zscaler told Threatpost. Researchers theorize the redirect is likely to force the Google Play store app to launch. 

The tricky balance between back doors and encryption: Zscaler's Jay Chaudhry

The researchers warned that ransomware has now migrated from holding Windows PCs users to ransom onto the Android OS, with several varieties attacking the open source platform in 2015. Last September for example, Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. This app was not available to download from the Android app store but had to be accessed from other sites, and appeared to offer pornographic videos.

Larry Biagini, General Electric's former chief tech officer, has ditched retirement to become chief tech evangelist at the Internet traffic-scrubbing startup Zscaler.

Mobily has introduced information security services in the Kingdom, based upon the “highest international standards.” The company has developed valuable international partnerships to facilitate provision of optimal services. This includes partnerships with organizations such as Zscaler, Arbor and IBM, among others.

MarketsandMarkets says SECaaS will grow from $3.1 billion in 2015 to more than $8.5 billion in 2020. That’s a compound annual growth rate of 22 percent. This is largely due to the increasing bring-your-own device (BYOD) trend among businesses worldwide... MarketsandMarkets names Symantec, McAfee, Cisco, Trend Micro, CipherCloud, Zscaler, Alert Logic, Radware and others as “major vendors.”

Jay Chaudhry, CEO said: "Is being public a destination? No it is a step in the journey. Many companies go public because they need funds to scale. Many go public because VCs have put in money and they want a return and they need to get their money out. ZScaler doesn't have any of those pressures. Public helps the brand, large firms feel more comfortable doing business with public companies because all the numbers are out there. The employees are shareholders and have easy liquidity. But it is a step."

Selon Julien Sobrier, « l’un des gros problèmes, c’est d’avoir une vue d’ensemble de tous les objets connectés et de l’endroit où ils sont situés dans le réseau ». En effet, les entreprises n’ont pas encore conscience de la multitude d’objets qui peuvent se connecter au réseau comme la photocopieuse, les smart TV, les systèmes de climatisation et autres éléments de domotique ou encore les badges d’accès. Julien Sobrier a pu observer « dans des études, que dans une banque par exemple, le système réseau pour la climatisation était sur le même réseau que les appareils qui s’occupaient des cartes de crédit ».

ИБ-эксперты компании Zscaler предупредили пользователей Android-устройств о новой угрозе. Вредоносное ПО маскируется под функцию безопасности популярного приложения для осуществления online-платежей AliPay, но на самом деле представляет собой троян для перехвата SMS-сообщений. Пользователи загружают вредонос в полной уверенности, будто скачивают приложение, усиливающее защиту AliPay. Через три секунды после установки трояна его иконка удаляется, однако сама программа никуда не исчезает. Незаметно для жертвы вредонос регистрирует сервисы Android, способные работать в фоновом режиме и выполнять задачи с длительным временем реализации.

During an ongoing analysis to protect our customers from the latest mobile threats, we came across an Android malware that disguised itself as a security feature for a famous Chinese online payment app, AliPay.

According to Zscaler, the changing IT landscape, brought on by the shift of applications from the data centre to the cloud and the increased access through mobile devices, introduces new threats that go undetected by appliances deployed in the data centre. As a result, enterprises have to rethink their traditional appliance-centric castle-and-moat security architectures while continuing to provide their users with access to cloud applications and services. To combat this, Zscaler’s cloud security platform provides inline threat protection to guard against cyber attacks, prevent data leakage and allow safe enablement of cloud applications by employees, the company says.

In November 2015, the Cyber Threat Alliance (CTA), an organisation counting Symantec, Fortinet, Zscaler, Intel Security and Palo Alto among its members, put the total damage done by CryptoWall 3.0 at a headache-inducing $325 million. Astonishingly, the world barely blinked at the scale of this estimate.

SD-WAN also could serve as a simple interface to zScaler or other cloud-based security services, allowing for local internet breakouts without requiring further investment in on-premise security appliances.

С недавних пор злоумышленники возродили интерес к макросам Microsoft Office, активно используемым для распространения банковских троянов, а в последнее время и вредоноса BlackEnergy. По информации исследователей из американской компании zScaler, данную технику применяют операторы трояна Kasidet, также известного как Neutrino. Вредоносные макросы Office распространяются в виде вложений в фишинговые письма. По наблюдениям zScaler, за последние две недели активность вредоносной спам-кампании значительно возросла. Помимо Kasidet, тот же VBA-дроппер загружает банковский троян Dridex.

A Chinese government website got hit by a ransomware malady. Initially exposed by Zscaler IT security company in November 2015, this virus campaign put all visitors of cxda.gov.cn web page at risk. Whenever a person visited the compromised website, a malicious script would reroute their traffic to a third-party page hosting the Angler exploit kit. The exploit kit was leveraged to contaminate the users with CryptoWall 3.0 ransom Trojan. Luckily, the infection was shortly removed from the site. This case is unique because it was the first time ransomware distributors took advantage of a government website to infect unsuspecting end users. 

"Malicious Office document file is a popular vector for malware authors to deliver their payloads. Dridex authors have leveraged this technique for over a year and it was interesting to see the same campaign and URLs being leveraged to deliver Kasidet payloads," the researchers wrote.

There are two techniques used by the malware to steal data. The first is to use memory scraping to take data from PoS systems. This is done by checking any memory space used by a number of system functions. The second approach is to hook to the browser and this is where Kasidet is having good success on users machines. Internet Explorer (all versions), FireFox and Chrome are all susceptible but Zscaler has not said if Microsoft Edge, its latest browser is also affected.

“Malicious Office documents are a popular vector for malware authors to deliver their payloads,” said Zscaler researchers, in the analysis. “Dridex authors have leveraged this technique for over a year and it was interesting to see the same campaign and URLs being leveraged to deliver Kasidet payloads. While this does not establish any links between the two malware family authors, it reaffirms the fact that a lot of the underlying infrastructure and delivery mechanisms are often shared by these cyber criminals.”

Symantec is on trend. The malware company has extended its DLP to email and storage services. Cloud access security brokers such as Zscaler and Netskope have DLP capabilities (Symantec's former CEO, Enrique Salem, is a Netskope board member).

The investment marks Google Capital’s fourth cybersecurity investment. Earlier ones included in CrowdStrike, Zscaler, and CloudFlare.

VMware, Zscaler, Websense and more all joined in to deliver new features and areas of operations to VeloCloud and further drive that impressive new year.

Regionalized services can be deployed in private regional network hubs, owned and operated by the enterprise. For companies that would rather outsource this altogether we are seeing the emergence of security-as-a-service offerings such as Zscaler (which has of order 100 regional hubs), or Unified Communications-as-a-Service (UCaaS) offerings from the likes of Orange Business Services, 8X8, HP and others.

ForeScout’s latest round of financing vaults the company into the coveted “unicorn” club, a burgeoning pack of venture capital-backed companies with billion-dollar valuations. As part of the late-stage injection, investors have appraised the firm at $1 billion; other “unicorns” in the cybersecurity category include Tanium, Okta, Illumio, Avast, Lookout, and Zscaler.

"Providing security as applications migrate to the cloud is increasingly important," said the financial analyst who asked not to be named. "Zscaler is key to providing cloud-based security today. Many of Cisco's competitors partner with Zscaler, which is an added bonus."

This year, Juniper formed a wireless partnership with Aerohive Networks in addition to its alliance with Aruba, which was bought by HP. Juniper says it will continue to stay with Aruba. Software-defined WAN specialist Silver Peak inked alliances with a trio of companies at the same time: hyper-converged startup Nutanix, Infoblox and Zscaler. Cisco created partnerships with the likes of giants Apple and Ericsson, while expanding its Microsoft partnership even though it still sees the Redmond, Wash.-based tech giant as a competitor in some areas. The list of technology partnerships formed in 2015 goes on and on.

The natural next step is to look at how organisations can consolidate their existing security functions into one central framework. Results from Forrester support this suggestion. An overwhelming majority (98 per cent) of IT security professionals believe that an integrated security platform would be more effective in delivering a broad range of cyber security capabilities versus point solutions delivered by multiple vendors. In fact, 76 per cent of respondents claimed that the approach would be very effective in comparison.

McCormack led Websense when Vista Equity Partners, a private equity firm also based in Austin, took the dot-com bust veteran private in 2013 for about $890 million. Its competitors have included Internet traffic-scrubbing cybersecurity firms such as Zscaler, a billion dollar “unicorn” startup, and Blue Coat, a once-public company acquired last year by Bain Capital for $2.4 billion.

However, new findings published by Zscaler's ThreatLabZ revealed that a new malware family is using compromised digital certificates to avoid detection. The way it works is it monitors the activity on an infected PC and conveys that information back to cyber criminals. In order to spread the virus, a phishing campaign is sent around via email. Known as Spymel, the malware is often difficult to spot as it uses legitimate certificates that were issued by DigiCert.

There Goes The Neighborhood — Bad Actors on GMHOST Alexander Mulgin Serginovic (Zscaler Threat Lab)

“Users are all too willing to begrudgingly pay an expensive but not excessive ransom in exchange for the return of their precious data,” Sutton says. “Even the FBI are recommending that it’s easier to pay than fight. The wildly profitable CryptoLocker has attracted many clones since it was largely knocked offline following Operation Tovar.” Many of these clones, including more popular variants such as CryptoWall and TorrentLocker largely followed the proven formula, but we’re starting to see variations such as mobile and Linux focused ransomware. “The latter is especially important as it’s more likely to impact the websites and code repositories of enterprises, who in our experience are also very willing to pay up rather than risk losing critical intellectual property,” says Sutton.

As Deepen Desai, director of security research at Zscaler explained, “The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor. This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

Az elmúlt évben két jelentősebb hibát is kiszűrtek a rendszerben. Tavaly augusztusban a Zscaler kutatói figyeltek fel arra, a WordPress egyik biztonsági hibáját kihasználva az ilyen weboldalakon keresztül terjesztették tömegesen a Neutrino exploit kitet. Ez a kiberbűnözők egyik legfelkapottabb exploitja, amelybe nagyon gyorsan belekerül minden új lehetőség, amivel akár a nulladik napi sérülékenységek is kihasználhatók.

Zscaler found that the C&C server may send a host of commands to infected machines. These include collecting information about the infected system and the files found on it, as well as deleting, executing or renaming a specified file. A specified file can be uploaded to the C&C and so can a screenshot of the desktop. Enabling or disabling video recording can also be performed.

“There are a lot of security vendors who do not perform SSL inspection. You have to do SSL man in the middle inspection,” Zscaler head of security research Deepen Desai told SCMagazine.com. “A lot of these advanced attacks are multi-stage attacks trying to exploit this scenario.” Once executed, the code logs user keystrokes and prevents the user from terminating the malware through system tools like TaskMgr, Procexp, ProcessHacker and Taskkill.

“The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor,” says Deepen Desai, director of security research at Zscaler. “This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

In late December, security experts at Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. “ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate.” states a blog post published by Zscaler.

With more than 140 million downloads, WordPress is the most popular CMS on the Web, but it’s also the most attacked. It’s not uncommon for malicious actors to exploit vulnerabilities in both WordPress itself and various plugins. In August, security firm Zscaler reported that thousands of WordPress websites had been compromised and abused to redirect visitors to Neutrino exploit kit sites set up to serve malware.

ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate.

American business magnate, Warren Buffet once said, “it takes twenty years to build a reputation and five minutes to ruin it. If you think about that you’ll do things differently.” Hot on the heels of the fallout from the TalkTalk hack, for many organisations and their Chief Information Security Officers (CISOs) in particular, that stark reality rings true. Doing things differently in relation to data security strategy is no longer a project for the wish-list, but a boardroom priority.