News

“With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim. Advertisement “It might well be that Yahoo has had support from government departments and that attribution has been possible but equally, ‘state-sponsored’ is often prefixed to ‘actor’ in an effort to suggest sophisticated and surreptitious means of data exfiltration. We simply do not know,” Chris Hodson, EMEA chief information security officer at enterprise security firm Zscaler said

“If you look back five years to get into the cybercrime market you had to have a level of technical skill, you had to have the funding for infrastructure components for the likes of ransomware or APT [Advanced Persistent Threats]. Now there are these affiliate schemes – or what I am calling ‘cybercrime as a service’ – where we are seeing that the barrier for entry is no longer what it was way back when. That is causing this proliferation of criminals who are coming to the market,” Chris Hodson, CSIO for EMEA at Zscaler said.

“Overall, we are seeing a rise in malicious activity involving commercial keyloggers, which makes it very easy for a naive user with malicious intent to conduct successful attacks,” said Deepen Desai, director of security research at Zscaler. 

“This extradition ruling could well be setting a new precedent for cyber-crime convictions. The penalties for cyber-crime have historically been disproportionate to in-person crime. However, this verdict could see that change, as cyber-crime is now more frequent and more damaging to nation states and businesses than ever before,” Chris Hodson, CISO EMEA at Zscaler said. 

“By its very nature, hacking and online crime is complex and difficult to track, making attribution a tricky area for authorities. Even more so, when it comes to organized, financially-motivated criminal syndicates. The real challenge for courts and nation states is how they catch and prosecute the organized criminal syndicates that consistently cause economic loss and political havoc.”

“Zscaler is growing, and so is its team, with the announcement that Chris Stephens will now become the company's senior marketing manager for the Asia Pacific region.”

Face à cette pénurie de compétences, les DSI et les chefs d’entreprise doivent externaliser les mécanismes de protection et de sécurité. Alors que les applications quittent les datacenters au profit du Cloud, la meilleure approche consiste à déployer des mesures de sécurité qui fonctionnent également sur le nuage

Researchers at Zscaler recently discovered a new spyware campaign that used cybersquatting techniques to host, distribute and command-and-control the AgentTesla keylogger via a domain whose name was strikingly similar to Chesapeake, Virginia-based consulting and services firm Diode Technologies.

Zscaler said that it first learned about the keylogger when it landed in a customer’s cloud sandbox and was flagged for review. Upon further analysis, the company learned about the attackers’ cybersquatting tactics that were used to deliver the malware.

Wir erleben viele Infektionsversuche dieser Malware-Familie in unserer Cloud. Diese häufigen Änderungen weisen auf eine aktive Malware-Entwicklung hin, die sich stetig verändert – was es zur häufigsten Bedrohung für Android-Geräte macht.

With the growing security concerns around mobile malware, this distribution is an attempt to lure users into downloading fake mobile firmware updates to infect their device. There's a bit of irony here too – users think they are downloading an update to protect their device, when in fact it's actually a malicious application designed to cause harm.

Manufacturers are looking for hardware components which are affordable and increase profit margins. Cheap, lightweight components in IoT devices often lack the capability to provide fundamental security services, such as encryption, as its hardware simply cannot support it.

While it may seem easier to simply blanket ban any live coverage during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events. In turn, this could result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for alternative means to stream events.

“At previous Games, Zscaler found that 80 percent of Olympic web domains were found to be scams and spams. This is an easy win for cyber-criminals, so I expect Phishing to be ripe again in 2016,” says Chris Hodson, CISO EMEA at Zscaler.

When you look at the way that stuff has been done in the past, companies have always used a VPN and the problem with a VPN is that it includes the letter ‘N’ which is ‘Network’ — it is a Virtual Private Network. Basically I have a client which runs on my machine and that creates a network tunnel and places me as a roaming user on that network. So I might only need to access one application but I have access to the entire network.

“In den vergangenen Jahren hat das Threatlabz Team von Zscaler festgestellt, dass 80 Prozent aller „olympischen“ Webseiten betrügerisch waren oder Spam beinhalteten, wie ap-verlag.de berichtete. Grund genug, dass Unternehmen besonders aufmerksam sein sollten. Die Risiken verbergen sich in Phishing und Malware-Attacken sowie in mobilen Applikationen.”

Businesses need to ensure that they are able to identify phishing sites and detect scripts which are running in webpages which could be malicious. Relying on URL filtering and reputation off-site is no longer an appropriate cybersecurity defense framework. Streaming sites should be enabled on a whitelist-only approach.

The truth is that although security measures may work, industry professionals can’t set them and forget them — or operate under false assumptions. Only when security professionals become aware of what they don’t know, can they start asking the right questions and implementing the right security controls.

CISOs are increasingly worried that cloud computing and data loss go hand-in- hand. This does not have to be the case, but it is all too common. Business stakeholders are demanding the cost and elasticity benefits of cloud, and we need to make sure that a core set of security capabilities exist to support cloud adoption.

More warnings about Pokemon Go, this time via Zscaler ThreatlabZ. In a blog post out today, researchers found an Android SMS Trojan disguised as the Pokemon Go app, which once downloaded secretly sends SMS to premium numbers costing the victim money, as well as malware that downloaded an autoclicker onto the phone that opens several pages and clicks on advertisements.

“As with most attacks, user awareness plays a huge part. The malware in question was not digitally signed. A vigilant user could have picked this up although it is more realistic to expect the organization to block the running of unsigned executables,” Zscaler EMEA CISO, Chris Hodson said.

Zscaler discovered a vulnerability in Apple's recent OS X version (El Capitan), which enabled applications that did not have the appropriate privileges to access cookies stored in the Safari browser.

The biggest problem of typical VPN deployment is opening the entire network for the user - not just to a few required applications. The more the network is increased through a VPN tunnel, the more potential security holes can occur.

Michael Sutton opens the feature with an overview of the culture change and the threat landscape’s impact on roles (this follows an interview between Michael and Tony Morbin last month).

The world of IT security has undergone tremendous transformation, sparked by the consumerisation of the enterprise, the adoption of cloud computing, the ubiquity of mobile and BYOD devices and the evolution of threats, which are more serious today than they have ever been before.

Last September Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. That app had to be accessed from non Google sites, and offered pornographic videos. But in reality, when it was opened, it secretly took pictures of the user with the phone’s front-facing camera, before the device was locked and displayed a demand for $500 (£330).

Making a decision between one [managed security service] provider or another is not something that should be left to mainstream IT today. A dedicated security professional is needed to understand, interact, manage and monitor service providers.

A comment by Zscaler about Shadow IT, why it is not a solution to simply block applications and solution approaches.

Die Verantwortlichen in Unternehmen haben daher die neue Aufgabe, auch Zweigstellen und mobile Mitarbeiter so gut wie möglich abzusichern. Allerdings ist die Einrichtung von Hardware-basierten Firewalls in jedem Branch-Office teuer, steigert die Komplexität und geht meist mit untragbarem Verwaltungsaufwand für die nötigen Upgrades einher.

L’app apparaît comme étant celle de la banque Sberbank et demande des privilèges administrateurs une fois installée, comme indiqué ci-dessous : l’équipe Zscaler a tenté d’installer l’application originale Sberbank à partir du Play Store Google, et il est difficile de différencier l’app malveillante de l’originale. Pour respecter notre travail, merci de ne reprendre que l'intro. Pour lire la suite de cet article original direction.

Mais les DSI et les RSSI ne doivent pas pour autant interdire les applications cloud dans leur globalité : ils peuvent trouver des moyens empêchant la création de ces failles. Pour rester à la page, les services informatiques doivent passer du dilemme « bloquer ou autoriser » à une approche de type « gérer et surveiller ».

Die integrierte Security Plattform von Zscaler liefert ganzheitlichen Schutz und beste Performance dank Advanced Threat Protection, Bandbreitenmanagement, Remote Access, Next Generation Firewall und Web Security. Dieser Ansatz geht wesentlich weiter und schützt damit alle User, Branch Offices und die Unternehmenszentrale völlig ohne den Einsatz von Hardware am Perimeter.

Scott Robertson, vice-president, Asia Pacific and Japan, Zscaler, has a different view. "While Symantec’s intent to buy Blue Coat validates the need for secure web gateway solutions, it does not align with where the market is going because it is essentially just a consolidation of the old paradigm – legacy appliances and on-premise software. With a distributed mobile workforce moving data and applications to the cloud, neither endpoints nor appliances are enough to keep enterprises secure today. The only viable way forward is a purpose-built cloud security platform to eliminate the need to buy, deploy and manage security appliances.

Für letzteren hat Blue Coat im November 2015 den Spezialanbieter Elastica für 280 Millionen Dollar übernommen. Durch die Integration von dessen Cloud Application Security Broker (CASB) wollte der Spezialist für Unternehmenssicherheit das Portfolio vor allem für Cloud-Szenarien erweitern. Er reagierte damit offensichtlich auf den Druck durch Firmen wie Zscaler, die die Absicherung diverser und komplexer Cloud-Nutzungszenarien besser beherrechen und in den Vordergrund stellen.

Pour la sixième année consécutive, Zscaler, spécialiste de la sécurité sur Internet, est le leader du Magic Quadrant de Gartner dans la catégorie des passerelles web sécurisées (Secure Web Gateways).

Zscaler said that attackers are now making use of macros, which of course are pieces of code embedded inside Microsoft Office documents (usually written in Visual Basic). Microsoft Office disables macros by default, but attackers are now apparently ‘using clever social engineering tactics to lure the user into enabling the macros.

The malware author makes an assumption here that most clean virtual environment snapshots will be taken after a fresh Microsoft Office install with probably one or two document files opened for testing the installation,’” Desai said. “’Alternately, a standard user system with Office applications should have at least 3 or more recently accessed document files

The arrests were announced the same day researchers at security company Zscaler disclosed their analysis of a malicious Android application posing as the Sberbank mobile app. The malicious app steals credentials and requests extensive privileges on compromised devices. The app is worrisome because it can steal SMS messages and monitor incoming calls, two avenues by which banks send one-time passwords and PINs used as a second authentication factor.

“What advice would you give to a new CISO standing in front of the board for the first time?” “You have to be able to translate your world into theirs. You’re in a world with technical risk – we had this many incidents and this many computers were infected. You need to translate that into language the board can understand. For example – you had 20 infections on computers. What does that mean to them? But it’s straightforward to translate that. We had this many breaches that caused this much downtime and resulted in this much productivity loss. That’s something the board can understand.”  

“Rather than prohibiting applications, CIOs and CISOs must find alternative ways to close the gaps. To keep pace, IT must go from ‘block or allow’ to ‘manage and monitor.’ It’s all too easy for businesses to feel overwhelmed at the new technology coming to the market, or new consumer apps penetrating the workplace.”

Der Internet Security Spezialist Zscaler stellt dem traditionellen VPN-Konzept einen neuen Cloud-basierten Ansatz entgegen: Zscaler Private Access (ZPA). Auf Basis seiner globalen Cloud-Security-Infrastruktur wird eine Remote-Verbindung von einem bestimmten Anwender zu einer spezifischen Applikation möglich, ohne den Zugriff auf das gesamte Netzwerk zu öffnen.

Cela comporte toutefois des risques… Preuve en est que la société Zscaler, spécialisée dans la sécurité des systèmes informatiques, reporte qu’un nouveau spyware se propage dans les mises à jour d’application Android de ces magasins en se faisant passer pour une nouvelle version de Chrome en version mobile.

L’équipe de recherche en sécurité de Zscaler a détecté une activité importante dans le cloud liée à un malware voleur d’information infostealer se déguisant en mise à jour de Google Chrome. Ce malware est capable de récupérer l’historique des appels, les données SMS, l’historique de navigation ainsi que les informations bancaires, pour les envoyer à un serveur C&C. Il est, par ailleurs, à même de détecter les antivirus installés et de les neutraliser pour éviter d’être repéré.

Zscaler Private Access ermögliche es durch die zugrunde liegende Zscaler-Cloud-Infrastruktur gleichzeitig auf interne Anwendungen im Netzwerk sowie auf Apps im Cloud-Rechenzentrum des Unternehmens zuzugreifen. Eine solche flexible Zugriffsoption sei bei klassischen VPNs nur über eine kostentreibende Umleitung des Datenverkehrs durch das unternehmenseigene Rechenzentrum möglich. Im Unterschied dazu erlaube Zscaler Private Access dem Anwender einen schnellen und automatisierten Zugriff auf seine intern oder extern gehosteten Anwendungen – der Datenverkehr werde durch die Zscaler Security Cloud gesichert.

When this malware is installed, the data that it can potentially steal is transferred to a remote C2 (command & control server). As per the analysis of Zscaler, this malware can also detect and even terminate any antivirus app that is installed on the target computer. In fact, it is so resilient that the victim cannot delete it permanently from the device unless factory resets action is performed.

Cloud security vendor Zscaler Inc. is hoping to unseat the Virtual Private Network (VPN) in the enterprise world. Traditionally, organizations provide remote access to corporate apps via a VPN in order to protect their networks from remote attacks, but VPNs can be a tricky beast to use. Zscaler’s alternative is something called Zscaler Private Access, a new service that allows organizations to provide access to internal apps and services while ensuring they are secure, without any sign of a VPN. 

Dès lors, Zscaler se propose de « découpler les applications du réseau physique pour offrir un accès granulaire, par utilisateur, aux applications et services sur le réseau interne, dans le centre de calcul, ou dans un cloud public ». Il s’agit en fait de mettre en place un tunnel, via l’infrastructure Cloud du prestataire de service, entre le poste client et l’actif du système d’information auquel il cherche à accéder, le tout sans connexion directe. Ce tunnel est chiffré et évite, accessoirement, d’exposer ouvertement une adresse IP ou un serveur dédié sur Internet.

Auf eine neue Android-Malware, die Bankdaten und andere private Daten stiehlt, hat jetzt Zscaler hingewiesen. Die Schadsoftware tarnt sich als Update für den Browser Chrome und wird nicht von einer einheitlichen, sondern einer ganzen Reihe unterschiedlicher URLs gehostet, die mit Namensbestandteilen wie “android-update” oder zumindest “goog” einen offiziellen Eindruck erwecken sollen. Sie sind jeweils nur kurz aktiv und werden dann, um eine URL-basierte Erkennung zu verhindern, gewechselt.

Director of Security Research at Zscaler, Deepen Desai, was interviewed by ZDNet and he said that “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” Users are advised to stay away from dubious websites and to no click OK no matter how tempting it is. Desai added that “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

The research team at technology company Zscaler has unearthed new Android Infostealer malware which is capable of harvesting call logs, SMS data, browser history and banking information and sending them to a remote command and control server. What’s more, the firm says the malware, which disguises itself as a Google Chrome update, also has the ability to go unseen by checking for well-known installed anti-virus applications such as Kaspersky, ESET and Avast and terminating them.

Zscaler is warning Android users about a fake Google Chrome update that installs malware onto their devices. The malware steals information including browser data, banking details, call logs and SMS data which is then sent to a remote server.

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.” He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.” Syndicated in Yahoo Tech 

BT annonce aujourd’hui la connexion directe de son réseau mondial aux points d’accès Zscaler afin de permettre à ses clients de bénéficier d’une plus faible latence et d’optimiser à la fois les performances des applications et celles des interconnexions Internet sécurisées. Cette amélioration des interconnexions réduit la nécessité de déplacer le trafic sur de grandes distances pour accéder aux points d’accès sécurisés de Zscaler.

Zscaler researcher Viral Gandhi said in a blog post that the malware's author uses domain squatting on several URLs that mimic those of a Google Android update in order to trick users and spread the Infostealer. He added the fake URLs are very short lived being, regularly replaced with newer ones to serve the malware and effectively evade URL based filtering.

Zscaler notes that the malware is powerful enough and can be used to compromise privacy of Android device users and leak critical information like credit card information which, can in turn, lead to cases of financial banking fraud.

“We are seeing many new URLs dropping this malware actively in the wild. Such infection of the victim’s device leads to critical information leakage like credit card details, SMS and call logs – which can further lead to financial banking fraud,” Zscaler said. “Once installed, this Infostealer cannot be removed from the phone as the malware does not allow the user to deactivate its administrative access. The only option to remove this malware is a factory reset, which leads to further data loss.”

“The service is also designed to replace the need for stacks of security gear at individual data centers, to protect traffic going between data centers, as often exists today. ‘If enterprises are looking at moving some of their applications out to an AWS or Google Compute or Azure, they have to extend their network out to those public clouds in order to provide connectivity,’ Wessels says. ‘They want to embrace the agility of the cloud and put their private applications there. But they are having to use old legacy network plumbing tools to be able to extend that connectivity.’”

Der Anbieter erweitert damit seine cloud-basierenden Security-Dienste. Statt wie diese Geräte mit dem Netzwerk zu verbinden, sorgt Zscaler Private Access für den Zugriff von Personen auf Applikationen. So soll Komplexität reduziert und Sicherheit erhöht werden.

Zscaler, spécialiste de la sécurité internet, annonce sous l’appellation Zscaler Private Access, un nouveau service grâce auquel les entreprises peuvent autoriser l’accès à leurs applications et services internes sans compromettre la sécurité de leur réseau.

Zscaler Private Access takes a new approach by decoupling applications from the physical network to deliver granular, per-user access to apps and services running on the internal corporate network, in a data center or in a public cloud. The service is based on Zscaler’s existing global cloud, so there is no requirement for additional hardware or forklift upgrades of existing hardware. Customers are already using this technology in the wild, and they seem pretty happy: MAN Diesel & Turbo ‘is always looking for the state of the art in security technology and have been searching for an alternative to our global VPN solution,’ said Tony Fergusson, IT Infrastructure Architect for MAN Diesel & Turbo. ‘In general, legacy VPN technology is extremely complex, doesn't scale well and, most importantly, lacks application-centric security. Traditional VPNs extend the network perimeter to any user that connects, which is a security risk. Zscaler Private Access allows me to give users access to a single application and not to my entire network. This granular application control is also perfect for the growing demand of contractors and partner access.’”

Intended as an alternative to traditional VPNs that are difficult to set up and maintain, Zscaler Private Access routes traffic via secure tunnels through a global network of data centers based on which of those data centers will provide the lowest network latency, says Denzil Wessels, senior director of product management for emerging technologies at Zscaler. As part of that process, a Zscaler policy engine ensures that the traffic moving through those tunnels is limited to the applications that any given user has permission to access.

Cloud security provider Zscaler today announced the introduction of Zscaler Private Access, a new service that enables organizations to provide access to internal applications and services while ensuring the security of their networks.

Denzil Wessels, senior director of product management for emerging technologies at Zscaler, said that one of the big use cases was third-parties and independent contractors who need access to apps. With a traditional VPN, their access was only as good as the rules that were defined for them. But, ZPA offers per-application access by user, which means they'll only be able to access the apps they need.

Businesses need to employ sandboxing technology and dynamic data analysis in order to counter-act aggressive corporate ransomware attempts. In the coming months, we will continue to see ransomware become increasingly corporate focused, and as it does, enterprises won’t get away with paying consumer prices. Hackers will narrow their attacks to target enterprise servers and in doing so, will demand much, much more. The criminals behind ransomware campaigns are savvy and now that they’re realising that they can lock up enterprise source code and important financial documents, they know they’re in for a big payday.

We’ve added four contributing members since then. The contributing members are Reversing Labs, Barracuda, Zscaler and Eleven Paths. We sort of put a cap on it last year while we got our act together. We had to learn how to trust each other and we had to build some infrastructure to allow efficient sharing.

Skyhigh a d’ores et déjà établi un partenariat avec Bay Dynamics, Bitsight, Centrify, Checkpoint, Cisco, Cyphort, Exabeam, Gemalto, HPE, IBM, Ionique, Juniper Networks, Logrhythm, Microsoft, Mobileiron, Okta, Onelogin, Ping Identity, Titus, Vera, VMware, et Zscaler. 

In September, Google invested in Zscaler, an Internet security company, in a $25 million continuation of its Series D round. In total in that round Zscaler raised $110 million.

Skyhigh a d’ores et déjà établi un partenariat avec Bay Dynamics, Bitsight, Centrify, Checkpoint, Cisco, Cyphort, Exabeam, Gemalto, HPE, IBM, Ionique, Juniper Networks, Logrhythm, Microsoft, Mobileiron, Okta, Onelogin, Ping Identity, Titus, Vera, VMware, et Zscaler. 

Locky ist eine der aktivsten und lukrativsten Malware-Varianten, die in den letzten drei Jahren ihre Kreise gezogen hat. Die Ransomware folgt dem bereits bekannten Modell der asymmetrischen Verschlüsselung, um die Dokumente des Nutzers zu sperren und Lösegeld für die Entschlüsselung zu erpressen. Es ließ sich darüber hinaus eine Überschneidung zwischen den URLs feststellen, die zur Auslieferung der Locky- und Dridex-Payloads benutzt wurden.

Details regarding the actual attack and what government systems were infected is scant. Government officials said it knew the initial attack occurred in 2011, but are unaware of who specifically is behind the attacks. “Given the nature of malware payload involved and the duration of this compromise being unnoticed – the scope of lateral movement inside the compromised network is very high possibly exposing all the critical systems,” Deepen said. 

These currently include devices from Blue, Cisco, Zscaler, Fortigate, Palo Alto, McAfee, Check Point, Squid, Juniper, Sophos, Websense, and Microsoft.

Supported devices include firewalls and proxies from most major vendors, among them Blue Coat, Cisco, Zscaler, Fortigate, Palo Alto, Check Point, Websense, Juniper, and Microsoft’s own Forefront Threat Management Gateway.

Making that jump, however, drove Somerville/ISNet to reconsider how its SECaaS services – which bundle commercial antivirus, intrusion prevention, VPN and other security tools from the likes of Cisco Systems, McAfee, IronPort Systems, Zscaler, and Check Point Security Systems – could keep up with surging demand.

In both attacks, cyber criminals used the same ransomware known as Locky, which arrives via email attachments and encrypts all the data on an infected system and deletes the originals. Security firm Zscaler says it has blocked around 75 unique and new payloads from this ransomware family in the past month alone.

Elsewhere in the security world, Zscaler has discovered new instances of the Locky ransomware that was used to target the Hollywood Hospital last month.

Zscaler delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world.

The current valuation of Zscaler is $1 billion, which was founded in 2007 by Jay Chaudhry. The startup provides automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing for more than 6,000 corporate, government and military organizations and more than 15 million paying users.

Internet Protect Pro is a cloud-based firewall based on software from Zscaler. For its German customers, Deutsche Telekom will run it in its own data centers in Biere, Germany, ensuring that their data doesn't leave the country.

Die neue Einheit Telekom Security, die vom 1. Januar 2017 an offiziell als eigener Geschäftsbereich starten soll, wird den Angaben zufolge die Sicherheitsbereiche aus verschiedenen Konzerneinheiten bündeln. Das Ziel: die Schlagkraft des Bonner Konzerns am Markt für Cybersecurity erhöhen. Dabei geht man auch neue Wege - zum Beispiel mit der Sicherheitslösung „Internet Protect Pro“ in Kooperation mit dem amerikanischen Hersteller Zscaler. 

Zscaler delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world.

Researchers said they captured over 50 unique payloads from this campaign serving a fake adobe flash player for watching porn. The goal of the malware is to steal the user's financial information from a phishing page designed to mimic the Google Play store payment page that supposedly needs to be filled out before a victim can access the “content,” researchers said.  

Rather, the Android Marcher Trojan uses a fake version of an Adobe Flash Player installer to infect users. "The majority of the Marcher Trojan downloads that we are blocking in the cloud are from porn sites," Deepen Desai, head of security research at Zscaler, told eWEEK. This appears to be a popular social engineering tactic where the user is prompted to install the Flash Player update to view the porn video and the attack cycle can start with an email or SMS."

At the 2016 RSA Conference, CSO's Steve Ragan chats with Zscaler CEO Jay Chaudhry about the Apple/FBI case, and whether there's a way to have encryption backdoors without letting everyone in.

Zscaler is the only true integrated cloud security platform. It delivers carrier-grade internet security, advanced persistent threat (APT) protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence – all without the need for on-premise hardware, appliances or software. Zscaler’s cloud-based Next Generation Firewall fills the security whitespace, allowing for better visibility, control and protection for the entire extended enterprise, with a total cost of ownership up to 90 percent lower than hardware-based protections.

“It made sense for us to have someone who can evangelize the message,” says Jay Chaudhry, Zscaler’s founder, chief exec, and chairman, on a call with Fortune. “Quite often a (chief information officer) will say, I like what you’re saying but I’m nervous about moving to the cloud. It’s a major change and the whole business depends on it.” Chaudhry says he met Biagini four years ago while courting GE and that the two got along well. Now Biagini has been enlisted to help steer Zscaler’s marketing and product strategy, Chaudhry says.

"What Zscaler does is see who is coming in and going out. If your PC is calling a host in Korea, you cut it off and inform the IT department," Jay says. "In the competitive world of IT security - there is a shouting match, we cover more threats, we're up to speed. It is a race to the bad guys but being in the cloud is very beneficial. We're set apart. Security boxes inspect traffic but they don't inspect everything because it uses more cycles. They say look at the header, they may look at source, they may look at behaviour. But we put our R&D into inspecting every byte that goes in and out. Tracking a phone call is easy but inspecting the content of the conversation is hard. That's what we do. We inspect the content. So my software does it better than any box."

Evidently, research by Zscaler shows the phony application contains one sinister Trojan that steals SMS. The malware claims itself to be a 'security control' and so tricks victims that they believe it is an application for making AliPay more powerful. AliPay is described as the East's PayPal having zero transaction fees. Worldwide, over 300 traders are AliPay users. The online payment service enables transactions through fourteen prominent foreign currencies.

ИБ-эксперты компании Zscaler предупредили пользователей Android-устройств о новой угрозе. Вредоносное ПО маскируется под функцию безопасности популярного приложения для осуществления online-платежей AliPay, но на самом деле представляет собой троян для перехвата SMS-сообщений. Пользователи загружают вредонос в полной уверенности, будто скачивают приложение, усиливающее защиту AliPay. Через три секунды после установки трояна его иконка удаляется, однако сама программа никуда не исчезает. Незаметно для жертвы вредонос регистрирует сервисы Android, способные работать в фоновом режиме и выполнять задачи с длительным временем реализации.

Selon Julien Sobrier, « l’un des gros problèmes, c’est d’avoir une vue d’ensemble de tous les objets connectés et de l’endroit où ils sont situés dans le réseau ». En effet, les entreprises n’ont pas encore conscience de la multitude d’objets qui peuvent se connecter au réseau comme la photocopieuse, les smart TV, les systèmes de climatisation et autres éléments de domotique ou encore les badges d’accès. Julien Sobrier a pu observer « dans des études, que dans une banque par exemple, le système réseau pour la climatisation était sur le même réseau que les appareils qui s’occupaient des cartes de crédit ».

Standalone SMS-stealing trojans are strange because there's not that much they can do. Zscaler suspects that this trojan may be part of a larger cybercrime campaign, alongside other Android hacking tools. SMS stealers are often used together with other malware families, allowing attackers to intercept two-factor authentication codes and payment verification codes for online banking operations.

According to Zscaler research, the fake app is a malicious SMS stealer Trojan. It portrays itself as "security controls," tricking victims into thinking it’s an app enhancing AliPay. AliPay, the PayPal of the East, is a third-party online payment platform with no transaction fees, supporting more than 65 financial institutions including Visa as well as MasterCard. Globally, more than 300 merchants use AliPay. It also supports transactions in 14 major foreign currencies.

Zscaler's cloud security platform provides full inline threat protection to guard against cyber attacks, prevent data leakage and enable the safe usage of cloud applications. CloudLock delivers crowdsourced-based application risk scores (CloudLock Community Trust ratings) for more than 101,000 applications, six times as many as any other CASB vendor.

There's probably no more embarrassing way to get a phone bricked by ransomware than through an inability to curb certain, ahem, urges while on the go. But that is exactly what's happening according to researchers at Zscaler who have found that certain porn apps on android are actually no more than a masquerade for ransomware. Even worse, some of them are automatically taking unauthorized selfies of users and using those in ransom letters to make sure they pay up.

Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot, also known as Kasidet, via spearphishing emails. Over the past two weeks, attackers have been using the same visual basic for applications (VBA) macros found in Microsoft Office that have been leveraged to place Dridex to drop Neutrino as well, according to a Jan. 29 security post. 

Today, vendors are emerging with solutions to deliver guaranteed application performance to the modern users and workloads of the hybrid enterprise, by applying the SDN principles to the WAN in the form of so-called SD-WAN solutions. A simple interface to Zscaler or other cloud-based security services enabling local Internet breakouts without requiring further investment in on-premises Internet security appliances.

Zscaler looks to bring the best of cloud computing to the Internet security market. With a per-user subscription model based fully in the cloud, Zscaler acts as a "check post" between an enterprise and the Internet, scanning traffic using its solutions for Internet security, advanced persistent threat protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence.

The Neutrino bot is getting a new boost of rejuvenation from a retro form of distribution that's been making a huge comeback lately. According to research last week out from Zscaler, Neutrino--also known as Kasidet--has spiked again in the wild with the help of malicious Microsoft Office macros. This latest example of VBA-related malware is another piece of evidence that a once forgotten class of malware has roared back to life in the last 18 months. The delivery of Kasidet backdoors is the continuation of a months-long series of campaigns to drop the Dridex banking malware on victim computers using malicious macros, Zscaler researchers say.

What makes this announcement interesting is that it comes hot on the heels of yet another malware, in this case Kasidet, being exposed by Zscaler and being distributed by macros. The risk is that by claiming white lists are the magic bullet Glasswall, and Sim in particular, are at risk of oversimplifying the security message.

It’s well documented that attackers have reignited their love affair with the Office macro, using it as a vector for spreading banking malware and even the BlackEnergy Trojan as of late. According to researchers at the San Jose security company Zscaler, the bot Kasidet, also known as Neutrino, has also adopted this technique. Attackers peddling the bot have stepped it up over the past two weeks, according to a trio of researchers, Abhay Yadav, Avinash Kumar and Nirmal Singh, with the company.

As companies embrace local Internet breakouts, they must also strengthen their security environments in the branches themselves. To do so, enterprises typically implement secure Web gateways (SWGs) that analyze specific ports such as HTTP/HTTPS and often use SWGs in combination with advanced threat detection (ATD) to detect the more advanced attacks. Now these capabilities are becoming available as a cloud service. Interfacing with a security-service provider such as Zscaler enables local Internet breakouts without requiring further investment in on-premises Internet security appliances.

Early in the year, VeloCloud added complementary cloud security from Zscaler and Websense (now Forcepoint).

Zscaler made a list of the 20 riskiest applications, in terms of actual (attempted) user victimisation and based on data from one of Zscaler’s cloud-based data sets over a period of 180 days from the beginning of 2015. Facebook, Skype and Twitter top the list of sites containing the most malware. Often, users click on or unwittingly download malicious applications without realising they have put themselves and the organisation in danger.

Malvertising, or "malicious advertising," is not a new threat, and just a few weeks into 2016 ThreatLabZ has observed a malvertising campaign injecting iframes into banner advertisements that lead to Angler Exploit Kit. Surprisingly, the Angler operators took some vacation for the New Year, as noted by F-Secure, and have only recently resumed operations, so we were surprised to see a malvertising campaign so soon after their break

Commenting on the investment, Cisco vice president and general manager of the enterprise infrastructure and solutions group said the company "is committed to open networking, and interoperability with the VeloCloud solution will provide our joint customers with additional enhancements for application and cloud services performance." In addition to Cisco, VeloCloud’s vendor partners include BroadSoft, Equinix, Hewlett Packard Enterprise, IIx Console, Intel, VMware, Websense and Zscaler.

Venture capitalists last year rushed to fund start-ups touting potential solutions to increasingly widespread and sophisticated cyber attacks. Private cyber security companies including Crowdstrike, Illumio and Zscaler raised rounds of $100m, at valuations thought to be above $1bn in 2015. Tanium’s valuation grew from $1.7bn to $3.5bn in six months last year, according to a person familiar with their fundraising.

Jeff Reed, vice president and general manager of Cisco's enterprise infrastructure and solutions group, noted in a statement that the company "is committed to open networking, and interoperability with the VeloCloud solution will provide our joint customers with additional enhancements for application and cloud services performance." VeloCloud is growing its vendor partnerships list, which now includes Cisco, BroadSoft, Equinix, Hewlett Packard Enterprise, IIx Console, Intel, VMware, Websense and Zscaler.

En 2016, les ransomware devraient de plus en plus toucher le monde de l'entreprise et il y a fort à parier que ces dernières devront s'acquitter de sommes nettement plus élevées que les particuliers. En effet, les criminels qui mènent ces campagnes de racket ne sont pas nés de la dernière pluie, et lorsqu'ils se rendent compte qu'ils ont verrouillé un code source et des documents financiers qui n'ont pas été correctement sauvegardés, vous pouvez avoir la certitude que le montant demandé pourra être des plus excessifs.

Zscaler détecte et publie régulièrement sur son blog des billets concernant les applications malveillantes provenant d’app-stores Android parallèles. Google devra restreindre les autorisations accessibles aux applications non homologuées par le processus de soumission de Google Play. Les applications chargées hors Google Play et qui demandent une autorisation de niveau administrateur devraient prochainement disparaitre. Google va également commencer à imposer des délais acceptables pour les correctifs et les mises à jour de firmware, lesquels sont en grande partie contrôlés par ses partenaires OEM.

Die Idee, Sicherheits-Appliances in einem Datencenter zu installieren, um die Mitarbeiter zu schützen, stammt aus den 1990er Jahren – und ist überholt. Statt an einem festen Arbeitsplatz sitzen diese nämlich heute zum Beispiel mit ihren Laptops in Cafés und arbeiten über die Cloud. Herkömmliche Sicherheits-Appliances sind nicht nur Altlasten aus traditionellen Standortkonzepten, sie engen den Geschäftsalltag ein, anstatt ihn zu fördern. Zudem sind sie oft nur für eine einzige Sicherheitsfunktion gebaut. Dadurch sprießen neue Appliances in den Datenzentren nur so aus dem Boden – für jede neue Bedrohung ein neues Gerät. Und jedes einzelne muss gekauft, installiert, gewartet und aktualisiert werden.

Az elmúlt évben két jelentősebb hibát is kiszűrtek a rendszerben. Tavaly augusztusban a Zscaler kutatói figyeltek fel arra, a WordPress egyik biztonsági hibáját kihasználva az ilyen weboldalakon keresztül terjesztették tömegesen a Neutrino exploit kitet. Ez a kiberbűnözők egyik legfelkapottabb exploitja, amelybe nagyon gyorsan belekerül minden új lehetőség, amivel akár a nulladik napi sérülékenységek is kihasználhatók.

“Users are all too willing to begrudgingly pay an expensive but not excessive ransom in exchange for the return of their precious data,” Sutton says. “Even the FBI are recommending that it’s easier to pay than fight. The wildly profitable CryptoLocker has attracted many clones since it was largely knocked offline following Operation Tovar.” Many of these clones, including more popular variants such as CryptoWall and TorrentLocker largely followed the proven formula, but we’re starting to see variations such as mobile and Linux focused ransomware. “The latter is especially important as it’s more likely to impact the websites and code repositories of enterprises, who in our experience are also very willing to pay up rather than risk losing critical intellectual property,” says Sutton.

As Deepen Desai, director of security research at Zscaler explained, “The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor. This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

Zscaler found that the C&C server may send a host of commands to infected machines. These include collecting information about the infected system and the files found on it, as well as deleting, executing or renaming a specified file. A specified file can be uploaded to the C&C and so can a screenshot of the desktop. Enabling or disabling video recording can also be performed.

“There are a lot of security vendors who do not perform SSL inspection. You have to do SSL man in the middle inspection,” Zscaler head of security research Deepen Desai told SCMagazine.com. “A lot of these advanced attacks are multi-stage attacks trying to exploit this scenario.” Once executed, the code logs user keystrokes and prevents the user from terminating the malware through system tools like TaskMgr, Procexp, ProcessHacker and Taskkill.

Besides using digital certificates to hide from antivirus software, Spymel also has some extra tricks up its sleeve. The trojan comes with a module called ProtectMe, which, when loaded, has the ability to prevent the user from terminating the malware's process via the taskkill shell command and tools like Process Explorer, Task Manager, and Process Hacker. Zscaler researchers say that Spymel's C&C server is located somewhere in Germany, at android.sh (213.136.92.111), on port 1216. This is probably a rented server, and its owner's real location is somewhere else.

“The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor,” says Deepen Desai, director of security research at Zscaler. “This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

In late December, security experts at Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. “ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate.” states a blog post published by Zscaler.

With more than 140 million downloads, WordPress is the most popular CMS on the Web, but it’s also the most attacked. It’s not uncommon for malicious actors to exploit vulnerabilities in both WordPress itself and various plugins. In August, security firm Zscaler reported that thousands of WordPress websites had been compromised and abused to redirect visitors to Neutrino exploit kit sites set up to serve malware.

Password reuse attacks will begin to decline, thanks in large part to the smartphone, said Zscaler CISO Michael Sutton. "Smartphones can be many things but they make for a handy, secure, always with you, data repository. As such, people are starting to adopt password managers such as 1Password and LastPass and other user friendly smartphone apps that present a convenient option for always having sensitive data such as passwords within easy reach," he said.