News

“With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim. Advertisement “It might well be that Yahoo has had support from government departments and that attribution has been possible but equally, ‘state-sponsored’ is often prefixed to ‘actor’ in an effort to suggest sophisticated and surreptitious means of data exfiltration. We simply do not know,” Chris Hodson, EMEA chief information security officer at enterprise security firm Zscaler said

In addition to tracking keystrokes, iSpy can steal passwords, take screenshots, monitor webcams and clipboards, said Zscaler researcher Atinderpal Singh in a blog. The malware is delivered through spam email with a malicious JavaScript or document attached.

"iSpy keylogger contains advanced keylogger functionality to steal information, monitor the target user's system activity via screenshots, and act as a surveillance system for criminals by capturing video through an infected system's webcam,” says Deepen Desai, director of security research at Zscaler.

“By its very nature, hacking and online crime is complex and difficult to track, making attribution a tricky area for authorities. Even more so, when it comes to organized, financially-motivated criminal syndicates. The real challenge for courts and nation states is how they catch and prosecute the organized criminal syndicates that consistently cause economic loss and political havoc.”

"Boards are holding CISOs accountable,” Michael Sutton, CISO with cloud-security vendor Zscaler, recently told CSO Australia. “That's a positive thing because the role of the CISO is getting elevated — but not every CISO will survive that transition. The back-office technologist who doesn't know how to deal with the business side, is never going to survive.”

“Often the demographics of an individual like [Guccifer] are male, young, highly intelligent. And the fact that they are getting recognition for their success continues to fuel them,” Sutton said.

Chris Hodson, EMEA CISO at Zscaler, told SCMagazineUK.com that in the case of Gugi, social engineering is coming via a spam SMS message. "Security professionals have a duty of care to educate users. SMS messages from an unknown number should always be treated with caution," he said.

Wir empfehlen daher einen ganzheitlichen Ansatz, dessen Sicherheitsmodule intelligent zusammenspielen. Wichtig ist, dass alle Daten in Echtzeit korreliert und automatisch auf Schadcode-Muster analysiert werden. Dazu zählen nicht nur die innerhalb des Unternehmensnetzes generierten Daten, sondern auch die mobiler Nutzer, der IoT-Geräte und aller Zweigstellen

Seit Anfang August beobachten die Analysten des Threatlabz Teams von Zscaler eine neue Welle an Aktivität des Android Marcher Trojaners - seit 2013 ein alter Bekannter - der nun mit einer neuen Masche auf Bankinformationen argloser Anwender abzielt. Frühere Marcher-Varianten wurden als gefälschte Apps über den Amazon oder Google Play Store verbreitet.

Das haben wir bei bösartigen Android-Applikationspaketen in letzter Zeit öfter beobachtet, dass sie Scareware-Taktiken verwenden und der User per Pop-up einen Hinweis erhält, sein Gerät sei infiziert. Das angebliche Update verspricht dann eine Säuberung des Geräts.

With the growing security concerns around mobile malware, this distribution is an attempt to lure users into downloading fake mobile firmware updates to infect their device. There's a bit of irony here too – users think they are downloading an update to protect their device, when in fact it's actually a malicious application designed to cause harm.

Zscaler has labelled Marcher "the most prevalent threat to the Android devices" due to the constantly evolving nature of the malware. The best way for Android users to avoid falling victim to Marcher is to only download applications from trusted application stores such as Google Play, and not downloading anything from unknown sources.

Zscaler was bashing the competition – literally – at Black Hat 2016. The cloud security company had set up a booth where attendees could suit up and take a hammer to security appliances, highlighting its own 100 percent cloud-based internet security solutions.

[Companies] are getting that advice from law enforcement. They have gone on record saying you are better off paying. The thing is if we did the basics, we wouldn’t be in that situation in the first place.

“En este tipo de eventos, es común también acceder a sitios de venta de boletos falsos u ofertas de boletos gratuitos. Y este tipo de acciones pueden llevarse a cabo desde los equipos de cómputo de la empresa o desde un dispositivo personal que utiliza la red empresarial. Por ello, Zscaler aconseja que las organizaciones se aseguren de identificar los sitios de phishing y detectar scripts en páginas web que podrían ser maliciosas.”

While the business and security implications around the Games should not be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. Defence in depth is of the utmost importance and businesses need to be extra vigilant when it comes to advanced security threats this August.

Protection and productivity should be at the forefront for business leaders across the world in the run up to the Games. In the last few years we’ve seen cybercriminals using spam emails and scam websites mirroring legitimate sites to entice users to click on, and download malicious files. This year’s events host similar risks and we should expect similar techniques from those trying to exploit users.

The truth is that although security measures may work, industry professionals can’t set them and forget them — or operate under false assumptions. Only when security professionals become aware of what they don’t know, can they start asking the right questions and implementing the right security controls.

More warnings about Pokemon Go, this time via Zscaler ThreatlabZ. In a blog post out today, researchers found an Android SMS Trojan disguised as the Pokemon Go app, which once downloaded secretly sends SMS to premium numbers costing the victim money, as well as malware that downloaded an autoclicker onto the phone that opens several pages and clicks on advertisements.

In speaking with SCMagazine.com, Amit Sinha, CTO and EVP of engineering and cloud operations at Zscaler, said the flaw is a ‘major vulnerability’ affecting all Mac users. ‘Any application that is installed on the Mac App Store has full access’ to the persistent cookies stored unencrypted in Safari's cookie store.

“As with most attacks, user awareness plays a huge part. The malware in question was not digitally signed. A vigilant user could have picked this up although it is more realistic to expect the organization to block the running of unsigned executables,” Zscaler EMEA CISO, Chris Hodson said.

Zscaler has found ransomware on the South African Gymnastics Federation and suggests it is a sign of things to come as interest in the Olympics heats up and sports fans search for live streams, tickets and other information. "As we get closer to the event, we expect to see a rise in threats and scams leveraging Olympics topics to target a large number of victims," it said.

Security researchers at Zscaler ThreatLabZ reckon the miscreants behind Sundown have accelerated the evolution of what started out as a fairly rudimentary exploit kit since the beginning of 2016. The crooks behind Sundown used stolen code from the rival RIG exploit kit for a short time before subsequently knitting together their own code, security researchers at cloud security firm Zscaler ThreatLabZ report.

For me curiosity is one of the more important characteristics to nurture for innovation. In my experience it’s important to encourage that sense of curiosity in each and every team member through the open sharing of new ideas. Nothing is ever a bad idea, it might get shot down quickly if it doesn’t meet the requirements but you can’t encourage innovation without an open flow of ideas.

Ransomware authors are changing their methods according to their target. It’s no longer the stray individual that is under attack, but corporate PCs, mobile devices and even servers. Why lock and/or pilfer a person’s files worth hundreds when corporate data is infinitely more valuable?

Chris Hodson comments on the discovery of a new CCTV botnet. He asserts that IoT botnets are increasing because IoT-enabled devices are everywhere and the security development lifecycle for IoT devices is often expedited or bypassed due to strict deadlines around time to market or the cost of the hardware.

Making a decision between one [managed security service] provider or another is not something that should be left to mainstream IT today. A dedicated security professional is needed to understand, interact, manage and monitor service providers.

  The lack of technical skills in-house restricts the freedom in which organizations can customize and manage their own security infrastructures. Instead, they have no choice but to look externally for assistance from consultants and managed service providers.

Recently the attack vector is focusing more on the user side. Now the attackers are leveraging Office Documents with social engineering tactics. What will happen is if you open a malicious document that contains an embedded macro, you will see a security warning from Microsoft Office that says this document contains a macro. Basically it’s preventing you from getting infected. What hackers are now doing is they are saying that this content is protecting and if you want to view this content you will have to enable the macros.

L’app apparaît comme étant celle de la banque Sberbank et demande des privilèges administrateurs une fois installée, comme indiqué ci-dessous : l’équipe Zscaler a tenté d’installer l’application originale Sberbank à partir du Play Store Google, et il est difficile de différencier l’app malveillante de l’originale. Pour respecter notre travail, merci de ne reprendre que l'intro. Pour lire la suite de cet article original direction.

Based in San Jose, Calif., Zscaler offers a cloud security solution that preserves the user experience, while boosting web and application security with a cloud-based firewall proxy architecture that acts as a single virtual proxy to the web. This security-as-a-service approach helps drive better web, application, cloud and mobile security for customers. The solution can act as a CASB between users and cloud applications, inspecting traffic for malware and threats, as well as providing secure access capabilities.

Symantec may have not made the best call in terms of its choice in Blue Coat. Blue Coat lies in the web gateway security space with several faster-growing, smaller competitors like Zscaler, CipherCloud, Skyhigh and Cloudlock.

This article describes the increased use of malicious executables, a trend identified by Zscaler’s research team, ThreatLabZ. In addition to the rise in delivering executable payloads, cyber criminals are adding newer anti-VM and anti-analysis techniques to the malicious documents themselves, thereby protecting the end executable payloads from being downloaded and detected by automated analysis systems.

Für letzteren hat Blue Coat im November 2015 den Spezialanbieter Elastica für 280 Millionen Dollar übernommen. Durch die Integration von dessen Cloud Application Security Broker (CASB) wollte der Spezialist für Unternehmenssicherheit das Portfolio vor allem für Cloud-Szenarien erweitern. Er reagierte damit offensichtlich auf den Druck durch Firmen wie Zscaler, die die Absicherung diverser und komplexer Cloud-Nutzungszenarien besser beherrechen und in den Vordergrund stellen.

The researchers noticed that a recent wave of malicious Microsoft Word documents were evading automatic analysis by using anti-virtual machine and anti-sandboxing techniques. Securityresearchers tend to use VMs or other types of sandboxes to protect their systems when analyzing files or malware code.

Macro malware became almost extinct after Microsoft disabled VBA macros by default in Office applications,’ several years ago, says Deepen Desai, director of research at security vendor Zscaler. However, with modern attacks increasingly targeting end users and endpoint systems, there has been a steady resurgence in the use of macro malware, Desai told Dark Reading.

This week, security firm Zscaler published a report on Android malware that's disguised as the official Sberbank mobile banking app. […] The app demonstrates one way that hackers have been tricking banking customers into revealing their access credentials, thus allowing attackers to drain their accounts.

Zscaler is a high-growth technology company which is focused on bringing cloud computing to internet security. It protects more than 15 million users at more than 5,000 of the world’s leading enterprises and government organizations worldwide against cyber-attacks and data breaches, while staying fully compliant with corporate and regulatory policies.

“Rather than prohibiting applications, CIOs and CISOs must find alternative ways to close the gaps. To keep pace, IT must go from ‘block or allow’ to ‘manage and monitor.’ It’s all too easy for businesses to feel overwhelmed at the new technology coming to the market, or new consumer apps penetrating the workplace.”

Charles Milton, Director of EMEA channels at Zscaler, flags up a couple of trends that are impacting on the footprint of the company’s cloud security application: “There is obviously increased mobility and cloud apps. From our point-of-view a lot of projects are driven by the adoption of major corporate cloud apps, leading to people transforming networking and the way they do business, and therefore their perception of security – things like Office 365, salesforce.com.

In April, security researchers at Zscaler came across malware that targets a specific bank and steals user credentials. This infostealer Trojan seems to be Spanish in origin, and so far has targeted users in the U.S. and Mexico.

L’équipe de recherche en sécurité de Zscaler a détecté une activité importante dans le cloud liée à un malware voleur d’information infostealer se déguisant en mise à jour de Google Chrome. Ce malware est capable de récupérer l’historique des appels, les données SMS, l’historique de navigation ainsi que les informations bancaires, pour les envoyer à un serveur C&C. Il est, par ailleurs, à même de détecter les antivirus installés et de les neutraliser pour éviter d’être repéré.

 new malware strain has been uncovered that steals information through phishing and by imitating bank webpages. According to Zscaler researchers, it tracks for certain URLs—including those for Mexico’s second largest bank, Banamex—in order to intercept the websites and replace them with proxies.

Dans son nouvel article de blog, l’équipe de recherche en sécurité de Zscaler a détecté une activité importante dans le cloud liée à un malware voleur d’information « infostealer » se déguisant en mise à jour de Google Chrome. Ce malware est capable de récupérer l’historique des appels, les données SMS, l’historique de navigation ainsi que les informations bancaires, pour les envoyer à un serveur C&C. Il est, par ailleurs, à même de détecter les antivirus installés et de les neutraliser pour éviter d’être repéré.

London-based communication service provider BT is plugging access points from security vendor Zscaler into its global network for better application performance over secure Internet connections. Zscaler's access points will act as a series of traffic checkpoints between businesses and the public Internet to identify and block potential threats, according to BT. The new service, Assure Managed Cloud with Zscaler, will provide real-time protection by scanning and filtering all network traffic, including SSL-encrypted sessions, the provider said.

Cloud security vendor Zscaler Inc. is hoping to unseat the Virtual Private Network (VPN) in the enterprise world. Traditionally, organizations provide remote access to corporate apps via a VPN in order to protect their networks from remote attacks, but VPNs can be a tricky beast to use. Zscaler’s alternative is something called Zscaler Private Access, a new service that allows organizations to provide access to internal apps and services while ensuring they are secure, without any sign of a VPN. 

Dès lors, Zscaler se propose de « découpler les applications du réseau physique pour offrir un accès granulaire, par utilisateur, aux applications et services sur le réseau interne, dans le centre de calcul, ou dans un cloud public ». Il s’agit en fait de mettre en place un tunnel, via l’infrastructure Cloud du prestataire de service, entre le poste client et l’actif du système d’information auquel il cherche à accéder, le tout sans connexion directe. Ce tunnel est chiffré et évite, accessoirement, d’exposer ouvertement une adresse IP ou un serveur dédié sur Internet.

Auf eine neue Android-Malware, die Bankdaten und andere private Daten stiehlt, hat jetzt Zscaler hingewiesen. Die Schadsoftware tarnt sich als Update für den Browser Chrome und wird nicht von einer einheitlichen, sondern einer ganzen Reihe unterschiedlicher URLs gehostet, die mit Namensbestandteilen wie “android-update” oder zumindest “goog” einen offiziellen Eindruck erwecken sollen. Sie sind jeweils nur kurz aktiv und werden dann, um eine URL-basierte Erkennung zu verhindern, gewechselt.

Director of Security Research at Zscaler, Deepen Desai, was interviewed by ZDNet and he said that “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” Users are advised to stay away from dubious websites and to no click OK no matter how tempting it is. Desai added that “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

Zscaler researcher Viral Gandhi said in a blog post that the malware's author uses domain squatting on several URLs that mimic those of a Google Android update in order to trick users and spread the Infostealer. He added the fake URLs are very short lived being, regularly replaced with newer ones to serve the malware and effectively evade URL based filtering.

Zscaler notes that the malware is powerful enough and can be used to compromise privacy of Android device users and leak critical information like credit card information which, can in turn, lead to cases of financial banking fraud.

“We are seeing many new URLs dropping this malware actively in the wild. Such infection of the victim’s device leads to critical information leakage like credit card details, SMS and call logs – which can further lead to financial banking fraud,” Zscaler said. “Once installed, this Infostealer cannot be removed from the phone as the malware does not allow the user to deactivate its administrative access. The only option to remove this malware is a factory reset, which leads to further data loss.”

The research team at technology company Zscaler has unearthed new Android Infostealer malware which is capable of harvesting call logs, SMS data, browser history and banking information and sending them to a remote command and control server. What’s more, the firm says the malware, which disguises itself as a Google Chrome update, also has the ability to go unseen by checking for well-known installed anti-virus applications such as Kaspersky, ESET and Avast and terminating them.

BT annonce aujourd’hui la connexion directe de son réseau mondial aux points d’accès Zscaler afin de permettre à ses clients de bénéficier d’une plus faible latence et d’optimiser à la fois les performances des applications et celles des interconnexions Internet sécurisées. Cette amélioration des interconnexions réduit la nécessité de déplacer le trafic sur de grandes distances pour accéder aux points d’accès sécurisés de Zscaler.

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.” He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.” Syndicated in Yahoo Tech 

Zscaler is warning Android users about a fake Google Chrome update that installs malware onto their devices. The malware steals information including browser data, banking details, call logs and SMS data which is then sent to a remote server.

“The service is also designed to replace the need for stacks of security gear at individual data centers, to protect traffic going between data centers, as often exists today. ‘If enterprises are looking at moving some of their applications out to an AWS or Google Compute or Azure, they have to extend their network out to those public clouds in order to provide connectivity,’ Wessels says. ‘They want to embrace the agility of the cloud and put their private applications there. But they are having to use old legacy network plumbing tools to be able to extend that connectivity.’”

Zscaler, spécialiste de la sécurité internet, annonce sous l’appellation Zscaler Private Access, un nouveau service grâce auquel les entreprises peuvent autoriser l’accès à leurs applications et services internes sans compromettre la sécurité de leur réseau.

Intended as an alternative to traditional VPNs that are difficult to set up and maintain, Zscaler Private Access routes traffic via secure tunnels through a global network of data centers based on which of those data centers will provide the lowest network latency, says Denzil Wessels, senior director of product management for emerging technologies at Zscaler. As part of that process, a Zscaler policy engine ensures that the traffic moving through those tunnels is limited to the applications that any given user has permission to access.

Zscaler stellt den Clouddienst 'Zscaler Private Access' vor. Dieser ermöglicht es Firmen, Mitarbeitern und Zulieferern granularen und gezielten Zugriff auf einzelne Applikationen und Services zu gewähren, ohne die Sicherheit der Unternehmensdaten zu gefährden. Dabei spielt es keine Rolle, ob die Anwendungen lokal oder in der Cloud laufen.

‘Zscaler Private Access extends Zscaler’s security capabilities across the entire spectrum of enterprise traffic, including all web traffic and all private application access, for all ports and protocols,’ said Jay Chaudhry, CEO of Zscaler. ‘We’ve used our cloud security infrastructure to significantly advance the state-of-the-art in security and access to a company’s private applications.’

Zscaler Private Access takes a new approach by decoupling applications from the physical network to deliver granular, per-user access to apps and services running on the internal corporate network, in a data center or in a public cloud. The service is based on Zscaler’s existing global cloud, so there is no requirement for additional hardware or forklift upgrades of existing hardware. Customers are already using this technology in the wild, and they seem pretty happy: MAN Diesel & Turbo ‘is always looking for the state of the art in security technology and have been searching for an alternative to our global VPN solution,’ said Tony Fergusson, IT Infrastructure Architect for MAN Diesel & Turbo. ‘In general, legacy VPN technology is extremely complex, doesn't scale well and, most importantly, lacks application-centric security. Traditional VPNs extend the network perimeter to any user that connects, which is a security risk. Zscaler Private Access allows me to give users access to a single application and not to my entire network. This granular application control is also perfect for the growing demand of contractors and partner access.’”

But several other cyber security companies have put their IPOs on hold for months already. They include Bit 9 + Carbon Black, Veracode and Zscaler, according to venture capitalists.

We use a program called Zscaler as our filtering system. It will work at home as well as it does at school, but it is not 100 percent. It only catches what someone has identified as a problem, so we try to teach our students and teachers safe searching.

Wanting to allow mobile workers to work remotely, another commercial company, Zscaler, noting the move to cloud services in Web 2.0, decided to introduce a cloud-based security service; company CISO Michael Sutton explained that although “SSL by default is great for privacy, it is terrible for the enterprise.”

"Besides being able to quickly pivot their network infrastructure and delivery techniques, and being able to generate randomized payloads to avoid signature-based blocks, they also use tactics like code-signing certificates to give their installers an extra air of legitimacy," Desai said. "We were able to identify them with the Zscaler Behavioral Analysis Engine, which allowed us to evaluate the threats on the basis of what they will actually do on a user's machine versus how they're coded."

In September, Google invested in Zscaler, an Internet security company, in a $25 million continuation of its Series D round. In total in that round Zscaler raised $110 million.

The tech hub's venture capitalists were investing so much money in startups worth at least a billion dollars that a baby one-horned horse was born every four days. They often had cute, if difficult to interpret, names, like Twilio, Sprinklr and Zscaler.

According to Microsoft Technet's official site, this service can support firewalls and proxies like Blue Coat, Cisco, Fortigate, Zscaler, Palo Alto, Check Point, McAfee Secure Web Gateway, and many more.

Zscaler’s route to market has been through large service providers. It has relationships with companies such as Verizon, BT, Orange Business Services, AT&T, along with many other regional service provider relationships and value-added, nimble resellers who are delivering mobility and digital solutions to the enterprise market, [Scott Robertson] said. In Australia, it has relationships with companies like Telstra, Optus and The Missing Link.

Training starts with feeding it firewall and proxy system logs from vendors like Blue Coat, Cisco, Zscaler, Palo Alto, Juniper Networks and others

Zscaler       Logiciel       1       0,138       Juillet 2015       Etats-Unis

In both attacks, cyber criminals used the same ransomware known as Locky, which arrives via email attachments and encrypts all the data on an infected system and deletes the originals. Security firm Zscaler says it has blocked around 75 unique and new payloads from this ransomware family in the past month alone.

Elsewhere in the security world, Zscaler has discovered new instances of the Locky ransomware that was used to target the Hollywood Hospital last month.

The campaign sends users a .zip archive that contains malicious JavaScript that downloads and executes the Locky payload, according to researchers at Zscaler who also witnessed a surge of infections over the last three weeks and published their findings Tuesday. According to Deepen Desai and Dhanalakshmi PK, the researchers who penned the blog post, the ransomware has evolved into one of the most active and lucrative malware strains they’ve seen in the past three years.

Zscaler head of security research Deepen Desai said now that BinDiff is free, it will help application security and malware coverage. “The graphical view provided by BinDiff makes it easier to spot the similarities as well as differences in the disassembled code. This tool can be used for identifying new vulnerabilities as well verifying vulnerability fixes by comparing the vendor patches with the original file,” Desai said. 

TPG Growth, the middle market growth equity platform of TPG, has partnered with companies such as Airbnb, Domo, Uber and Zscaler and recently led the incubation and launch of STX Entertainment.

Zscaler has uncovered new instances of the Android Marcher Trojan being hidden as a flash player for watching pornography on Android devices – by prompting users to update their flash player through the Google Play Store an deceiving users into filling in their payment details, the proprietors are exploiting goodness knows how many hapless porn-watchers.

Zscaler is quickly becoming one of the most popular cloud security vendors around. The company's Zscaler platform uses a SaaS model to protect organizations from threats coming to or from the Internet, as well as public and hybrid clouds.

Researchers said they captured over 50 unique payloads from this campaign serving a fake adobe flash player for watching porn. The goal of the malware is to steal the user's financial information from a phishing page designed to mimic the Google Play store payment page that supposedly needs to be filled out before a victim can access the “content,” researchers said.  

Any action that leads to the opening of Google Play store app will trigger the fake payment screen to appear, it said. “This is a new tactic for Marcher where the malware authors are pushing a redirect link to the official Google Play store and the X-Video app,” Zscaler told Threatpost. Researchers theorize the redirect is likely to force the Google Play store app to launch. 

The tricky balance between back doors and encryption: Zscaler's Jay Chaudhry

The researchers warned that ransomware has now migrated from holding Windows PCs users to ransom onto the Android OS, with several varieties attacking the open source platform in 2015. Last September for example, Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. This app was not available to download from the Android app store but had to be accessed from other sites, and appeared to offer pornographic videos.

Larry Biagini, General Electric's former chief tech officer, has ditched retirement to become chief tech evangelist at the Internet traffic-scrubbing startup Zscaler.

Mobily has introduced information security services in the Kingdom, based upon the “highest international standards.” The company has developed valuable international partnerships to facilitate provision of optimal services. This includes partnerships with organizations such as Zscaler, Arbor and IBM, among others.

MarketsandMarkets says SECaaS will grow from $3.1 billion in 2015 to more than $8.5 billion in 2020. That’s a compound annual growth rate of 22 percent. This is largely due to the increasing bring-your-own device (BYOD) trend among businesses worldwide... MarketsandMarkets names Symantec, McAfee, Cisco, Trend Micro, CipherCloud, Zscaler, Alert Logic, Radware and others as “major vendors.”

Jay Chaudhry, CEO said: "Is being public a destination? No it is a step in the journey. Many companies go public because they need funds to scale. Many go public because VCs have put in money and they want a return and they need to get their money out. ZScaler doesn't have any of those pressures. Public helps the brand, large firms feel more comfortable doing business with public companies because all the numbers are out there. The employees are shareholders and have easy liquidity. But it is a step."

Selon Julien Sobrier, « l’un des gros problèmes, c’est d’avoir une vue d’ensemble de tous les objets connectés et de l’endroit où ils sont situés dans le réseau ». En effet, les entreprises n’ont pas encore conscience de la multitude d’objets qui peuvent se connecter au réseau comme la photocopieuse, les smart TV, les systèmes de climatisation et autres éléments de domotique ou encore les badges d’accès. Julien Sobrier a pu observer « dans des études, que dans une banque par exemple, le système réseau pour la climatisation était sur le même réseau que les appareils qui s’occupaient des cartes de crédit ».

ИБ-эксперты компании Zscaler предупредили пользователей Android-устройств о новой угрозе. Вредоносное ПО маскируется под функцию безопасности популярного приложения для осуществления online-платежей AliPay, но на самом деле представляет собой троян для перехвата SMS-сообщений. Пользователи загружают вредонос в полной уверенности, будто скачивают приложение, усиливающее защиту AliPay. Через три секунды после установки трояна его иконка удаляется, однако сама программа никуда не исчезает. Незаметно для жертвы вредонос регистрирует сервисы Android, способные работать в фоновом режиме и выполнять задачи с длительным временем реализации.

According to Zscaler research, the fake app is a malicious SMS stealer Trojan. It portrays itself as "security controls," tricking victims into thinking it’s an app enhancing AliPay. AliPay, the PayPal of the East, is a third-party online payment platform with no transaction fees, supporting more than 65 financial institutions including Visa as well as MasterCard. Globally, more than 300 merchants use AliPay. It also supports transactions in 14 major foreign currencies.

According to Zscaler, the changing IT landscape, brought on by the shift of applications from the data centre to the cloud and the increased access through mobile devices, introduces new threats that go undetected by appliances deployed in the data centre. As a result, enterprises have to rethink their traditional appliance-centric castle-and-moat security architectures while continuing to provide their users with access to cloud applications and services. To combat this, Zscaler’s cloud security platform provides inline threat protection to guard against cyber attacks, prevent data leakage and allow safe enablement of cloud applications by employees, the company says.

In November 2015, the Cyber Threat Alliance (CTA), an organisation counting Symantec, Fortinet, Zscaler, Intel Security and Palo Alto among its members, put the total damage done by CryptoWall 3.0 at a headache-inducing $325 million. Astonishingly, the world barely blinked at the scale of this estimate.

SD-WAN also could serve as a simple interface to zScaler or other cloud-based security services, allowing for local internet breakouts without requiring further investment in on-premise security appliances.

Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot, also known as Kasidet, via spearphishing emails. Over the past two weeks, attackers have been using the same visual basic for applications (VBA) macros found in Microsoft Office that have been leveraged to place Dridex to drop Neutrino as well, according to a Jan. 29 security post. 

Today, vendors are emerging with solutions to deliver guaranteed application performance to the modern users and workloads of the hybrid enterprise, by applying the SDN principles to the WAN in the form of so-called SD-WAN solutions. A simple interface to Zscaler or other cloud-based security services enabling local Internet breakouts without requiring further investment in on-premises Internet security appliances.

"Malicious Office document file is a popular vector for malware authors to deliver their payloads. Dridex authors have leveraged this technique for over a year and it was interesting to see the same campaign and URLs being leveraged to deliver Kasidet payloads," the researchers wrote.

“Malicious Office documents are a popular vector for malware authors to deliver their payloads,” said Zscaler researchers, in the analysis. “Dridex authors have leveraged this technique for over a year and it was interesting to see the same campaign and URLs being leveraged to deliver Kasidet payloads. While this does not establish any links between the two malware family authors, it reaffirms the fact that a lot of the underlying infrastructure and delivery mechanisms are often shared by these cyber criminals.”

There are two techniques used by the malware to steal data. The first is to use memory scraping to take data from PoS systems. This is done by checking any memory space used by a number of system functions. The second approach is to hook to the browser and this is where Kasidet is having good success on users machines. Internet Explorer (all versions), FireFox and Chrome are all susceptible but Zscaler has not said if Microsoft Edge, its latest browser is also affected.

Symantec is on trend. The malware company has extended its DLP to email and storage services. Cloud access security brokers such as Zscaler and Netskope have DLP capabilities (Symantec's former CEO, Enrique Salem, is a Netskope board member).

The investment marks Google Capital’s fourth cybersecurity investment. Earlier ones included in CrowdStrike, Zscaler, and CloudFlare.

Early in the year, VeloCloud added complementary cloud security from Zscaler and Websense (now Forcepoint).

Regionalized services can be deployed in private regional network hubs, owned and operated by the enterprise. For companies that would rather outsource this altogether we are seeing the emergence of security-as-a-service offerings such as Zscaler (which has of order 100 regional hubs), or Unified Communications-as-a-Service (UCaaS) offerings from the likes of Orange Business Services, 8X8, HP and others.

Commenting on the investment, Cisco vice president and general manager of the enterprise infrastructure and solutions group said the company "is committed to open networking, and interoperability with the VeloCloud solution will provide our joint customers with additional enhancements for application and cloud services performance." In addition to Cisco, VeloCloud’s vendor partners include BroadSoft, Equinix, Hewlett Packard Enterprise, IIx Console, Intel, VMware, Websense and Zscaler.

Malvertising, or "malicious advertising," is not a new threat, and just a few weeks into 2016 ThreatLabZ has observed a malvertising campaign injecting iframes into banner advertisements that lead to Angler Exploit Kit. Surprisingly, the Angler operators took some vacation for the New Year, as noted by F-Secure, and have only recently resumed operations, so we were surprised to see a malvertising campaign so soon after their break

Venture capitalists last year rushed to fund start-ups touting potential solutions to increasingly widespread and sophisticated cyber attacks. Private cyber security companies including Crowdstrike, Illumio and Zscaler raised rounds of $100m, at valuations thought to be above $1bn in 2015. Tanium’s valuation grew from $1.7bn to $3.5bn in six months last year, according to a person familiar with their fundraising.

The natural next step is to look at how organisations can consolidate their existing security functions into one central framework. Results from Forrester support this suggestion. An overwhelming majority (98 per cent) of IT security professionals believe that an integrated security platform would be more effective in delivering a broad range of cyber security capabilities versus point solutions delivered by multiple vendors. In fact, 76 per cent of respondents claimed that the approach would be very effective in comparison.

McCormack led Websense when Vista Equity Partners, a private equity firm also based in Austin, took the dot-com bust veteran private in 2013 for about $890 million. Its competitors have included Internet traffic-scrubbing cybersecurity firms such as Zscaler, a billion dollar “unicorn” startup, and Blue Coat, a once-public company acquired last year by Bain Capital for $2.4 billion.

Zscaler détecte et publie régulièrement sur son blog des billets concernant les applications malveillantes provenant d’app-stores Android parallèles. Google devra restreindre les autorisations accessibles aux applications non homologuées par le processus de soumission de Google Play. Les applications chargées hors Google Play et qui demandent une autorisation de niveau administrateur devraient prochainement disparaitre. Google va également commencer à imposer des délais acceptables pour les correctifs et les mises à jour de firmware, lesquels sont en grande partie contrôlés par ses partenaires OEM.

Die Idee, Sicherheits-Appliances in einem Datencenter zu installieren, um die Mitarbeiter zu schützen, stammt aus den 1990er Jahren – und ist überholt. Statt an einem festen Arbeitsplatz sitzen diese nämlich heute zum Beispiel mit ihren Laptops in Cafés und arbeiten über die Cloud. Herkömmliche Sicherheits-Appliances sind nicht nur Altlasten aus traditionellen Standortkonzepten, sie engen den Geschäftsalltag ein, anstatt ihn zu fördern. Zudem sind sie oft nur für eine einzige Sicherheitsfunktion gebaut. Dadurch sprießen neue Appliances in den Datenzentren nur so aus dem Boden – für jede neue Bedrohung ein neues Gerät. Und jedes einzelne muss gekauft, installiert, gewartet und aktualisiert werden.

“Users are all too willing to begrudgingly pay an expensive but not excessive ransom in exchange for the return of their precious data,” Sutton says. “Even the FBI are recommending that it’s easier to pay than fight. The wildly profitable CryptoLocker has attracted many clones since it was largely knocked offline following Operation Tovar.” Many of these clones, including more popular variants such as CryptoWall and TorrentLocker largely followed the proven formula, but we’re starting to see variations such as mobile and Linux focused ransomware. “The latter is especially important as it’s more likely to impact the websites and code repositories of enterprises, who in our experience are also very willing to pay up rather than risk losing critical intellectual property,” says Sutton.

As Deepen Desai, director of security research at Zscaler explained, “The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor. This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

Az elmúlt évben két jelentősebb hibát is kiszűrtek a rendszerben. Tavaly augusztusban a Zscaler kutatói figyeltek fel arra, a WordPress egyik biztonsági hibáját kihasználva az ilyen weboldalakon keresztül terjesztették tömegesen a Neutrino exploit kitet. Ez a kiberbűnözők egyik legfelkapottabb exploitja, amelybe nagyon gyorsan belekerül minden új lehetőség, amivel akár a nulladik napi sérülékenységek is kihasználhatók.

Η Zscaler, ένας πωλητής προϊόντων ασφάλειας στον κυβερνοχώρο με έδρα τις ΗΠΑ, ανακάλυψε ένα νέο trojan, το οποίο εξαπλώνεται μέσω spam e-mail και χρησιμοποιεί ψηφιακά πιστοποιητικά για να μολύνει τους υπολογιστές και να περάσει απαρατήρητο από τα προϊόντα ασφάλειας. Ονομάζεται Spymel και αυτό το trojan φτάνει πρώτα στους υπολογιστές ως ένα συμπιεσμένο αρχείο που επισυνάπτεται σε e-mail.

“There are a lot of security vendors who do not perform SSL inspection. You have to do SSL man in the middle inspection,” Zscaler head of security research Deepen Desai told SCMagazine.com. “A lot of these advanced attacks are multi-stage attacks trying to exploit this scenario.” Once executed, the code logs user keystrokes and prevents the user from terminating the malware through system tools like TaskMgr, Procexp, ProcessHacker and Taskkill.

“The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor,” says Deepen Desai, director of security research at Zscaler. “This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

Deutsche Unternehmen fragen verstärkt nach einer effizienten Lösung für die Sicherheit von Unternehmensdatenverkehr im Internet für alle Mitarbeiter, unabhängig von deren Standort – das berichtet EBF. Genau diesen Bedarf will das Kölner Beratungs- und Softwarehaus jetzt adressieren und hat dafür ein Partnerschaftsabkommen mit dem Security-Anbieter Zscaler unterzeichnet.

“The malware monitors application like Task Manager, Process Explorer, and Process Hacker. It uses GetForegroundWindow() API to get the handle of active window and changes it's functionality if process is from the above list,” Zscaler researchers explained. Attackers can use the C&C server to send various commands to the malware, including for collecting information about the infected system and the files found on it, deleting, executing or renaming a specified file, uploading a specified file to the C&C, capturing a screenshot of the desktop, and enabling or disabling video recording.

ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate.

American business magnate, Warren Buffet once said, “it takes twenty years to build a reputation and five minutes to ruin it. If you think about that you’ll do things differently.” Hot on the heels of the fallout from the TalkTalk hack, for many organisations and their Chief Information Security Officers (CISOs) in particular, that stark reality rings true. Doing things differently in relation to data security strategy is no longer a project for the wish-list, but a boardroom priority.