News

New research from Zscaler highlights an online scam to obtain credit card information from Magento’s eCommerce platform. Over the last three months, hackers have compromised over 400 retail sites that run Magento. The hackers injected malicious JavaScripts into the sites, and users are taken to a fake payment page where their information is stolen after it is entered.

"Burning questions still need answers," said Chris Hodson, an expert at cybersecurity firm Zscaler, which has worked with everyone from the UK's National Health Service (NHS) to the United States Marines. "With no technical details included in Yahoo's report about how the data was exfiltrated, just that it was, it's impossible to assess credibility of the 'state sponsored' claim without this," he said. In this instance, we can only speculate that the 'state sponsored actor' claim was made with a view to placating the general public.

“There are the countries who actively fund organised groups. But there is also state-aware hacking where governments know it's going on but, potentially for their own benefit, there is a plausible deniability. However the targets of some of these cases are key. If you look at motive, there was a lot of scandal around Russian doping before the Olympics and then around a month or two later there was a large data breach of the doping association,” says Chris Hodson, from cyber security company Zscaler.

Internet security platforms like Zscaler offer IoT devices protection against security breaches with a cloud based solution. You can route the traffic through the platform and set policies for the devices so they won’t communicate with unnecessary servers.

“Overall, we are seeing a rise in malicious activity involving commercial keyloggers, which makes it very easy for a naive user with malicious intent to conduct successful attacks,” said Deepen Desai, director of security research at Zscaler. 

“This extradition ruling could well be setting a new precedent for cyber-crime convictions. The penalties for cyber-crime have historically been disproportionate to in-person crime. However, this verdict could see that change, as cyber-crime is now more frequent and more damaging to nation states and businesses than ever before,” Chris Hodson, CISO EMEA at Zscaler said. 

By its very nature, hacking and online crime is complex and difficult to track, making attribution a tricky area for authorities. Even more so, when it comes to organized, financially-motivated criminal syndicates. The real challenge for courts and nation states is how they catch and prosecute the organized criminal syndicates that consistently cause economic loss and political havoc.

“Zscaler is growing, and so is its team, with the announcement that Chris Stephens will now become the company's senior marketing manager for the Asia Pacific region.”

Face à cette pénurie de compétences, les DSI et les chefs d’entreprise doivent externaliser les mécanismes de protection et de sécurité. Alors que les applications quittent les datacenters au profit du Cloud, la meilleure approche consiste à déployer des mesures de sécurité qui fonctionnent également sur le nuage

Researchers at Zscaler recently discovered a new spyware campaign that used cybersquatting techniques to host, distribute and command-and-control the AgentTesla keylogger via a domain whose name was strikingly similar to Chesapeake, Virginia-based consulting and services firm Diode Technologies.

Zscaler said that it first learned about the keylogger when it landed in a customer’s cloud sandbox and was flagged for review. Upon further analysis, the company learned about the attackers’ cybersquatting tactics that were used to deliver the malware.

Wir erleben viele Infektionsversuche dieser Malware-Familie in unserer Cloud. Diese häufigen Änderungen weisen auf eine aktive Malware-Entwicklung hin, die sich stetig verändert – was es zur häufigsten Bedrohung für Android-Geräte macht.

With the growing security concerns around mobile malware, this distribution is an attempt to lure users into downloading fake mobile firmware updates to infect their device. There's a bit of irony here too – users think they are downloading an update to protect their device, when in fact it's actually a malicious application designed to cause harm.

Manufacturers are looking for hardware components which are affordable and increase profit margins. Cheap, lightweight components in IoT devices often lack the capability to provide fundamental security services, such as encryption, as its hardware simply cannot support it.

Zscaler was bashing the competition – literally – at Black Hat 2016. The cloud security company had set up a booth where attendees could suit up and take a hammer to security appliances, highlighting its own 100 percent cloud-based internet security solutions.

“At previous Games, Zscaler found that 80 percent of Olympic web domains were found to be scams and spams. This is an easy win for cyber-criminals, so I expect Phishing to be ripe again in 2016,” says Chris Hodson, CISO EMEA at Zscaler.

When you look at the way that stuff has been done in the past, companies have always used a VPN and the problem with a VPN is that it includes the letter ‘N’ which is ‘Network’ — it is a Virtual Private Network. Basically I have a client which runs on my machine and that creates a network tunnel and places me as a roaming user on that network. So I might only need to access one application but I have access to the entire network.

“In den vergangenen Jahren hat das Threatlabz Team von Zscaler festgestellt, dass 80 Prozent aller „olympischen“ Webseiten betrügerisch waren oder Spam beinhalteten, wie ap-verlag.de berichtete. Grund genug, dass Unternehmen besonders aufmerksam sein sollten. Die Risiken verbergen sich in Phishing und Malware-Attacken sowie in mobilen Applikationen.”

Businesses need to ensure that they are able to identify phishing sites and detect scripts which are running in webpages which could be malicious. Relying on URL filtering and reputation off-site is no longer an appropriate cybersecurity defense framework. Streaming sites should be enabled on a whitelist-only approach.

The truth is that although security measures may work, industry professionals can’t set them and forget them — or operate under false assumptions. Only when security professionals become aware of what they don’t know, can they start asking the right questions and implementing the right security controls.

CISOs are increasingly worried that cloud computing and data loss go hand-in- hand. This does not have to be the case, but it is all too common. Business stakeholders are demanding the cost and elasticity benefits of cloud, and we need to make sure that a core set of security capabilities exist to support cloud adoption.

More warnings about Pokemon Go, this time via Zscaler ThreatlabZ. In a blog post out today, researchers found an Android SMS Trojan disguised as the Pokemon Go app, which once downloaded secretly sends SMS to premium numbers costing the victim money, as well as malware that downloaded an autoclicker onto the phone that opens several pages and clicks on advertisements.

“This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user,” Zscaler said. In the case of email, it could result in a malicious application getting access to all your email. Worse, it could gain access to a site that stores more personal and confidential information about you.

“As with most attacks, user awareness plays a huge part. The malware in question was not digitally signed. A vigilant user could have picked this up although it is more realistic to expect the organization to block the running of unsigned executables,” Zscaler EMEA CISO, Chris Hodson said.

The biggest problem of typical VPN deployment is opening the entire network for the user - not just to a few required applications. The more the network is increased through a VPN tunnel, the more potential security holes can occur.

Michael Sutton opens the feature with an overview of the culture change and the threat landscape’s impact on roles (this follows an interview between Michael and Tony Morbin last month).

The world of IT security has undergone tremendous transformation, sparked by the consumerisation of the enterprise, the adoption of cloud computing, the ubiquity of mobile and BYOD devices and the evolution of threats, which are more serious today than they have ever been before.

Last September Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. That app had to be accessed from non Google sites, and offered pornographic videos. But in reality, when it was opened, it secretly took pictures of the user with the phone’s front-facing camera, before the device was locked and displayed a demand for $500 (£330).

Making a decision between one [managed security service] provider or another is not something that should be left to mainstream IT today. A dedicated security professional is needed to understand, interact, manage and monitor service providers.

A comment by Zscaler about Shadow IT, why it is not a solution to simply block applications and solution approaches.

Die Verantwortlichen in Unternehmen haben daher die neue Aufgabe, auch Zweigstellen und mobile Mitarbeiter so gut wie möglich abzusichern. Allerdings ist die Einrichtung von Hardware-basierten Firewalls in jedem Branch-Office teuer, steigert die Komplexität und geht meist mit untragbarem Verwaltungsaufwand für die nötigen Upgrades einher.

L’app apparaît comme étant celle de la banque Sberbank et demande des privilèges administrateurs une fois installée, comme indiqué ci-dessous : l’équipe Zscaler a tenté d’installer l’application originale Sberbank à partir du Play Store Google, et il est difficile de différencier l’app malveillante de l’originale. Pour respecter notre travail, merci de ne reprendre que l'intro. Pour lire la suite de cet article original direction.

Mais les DSI et les RSSI ne doivent pas pour autant interdire les applications cloud dans leur globalité : ils peuvent trouver des moyens empêchant la création de ces failles. Pour rester à la page, les services informatiques doivent passer du dilemme « bloquer ou autoriser » à une approche de type « gérer et surveiller ».

Die integrierte Security Plattform von Zscaler liefert ganzheitlichen Schutz und beste Performance dank Advanced Threat Protection, Bandbreitenmanagement, Remote Access, Next Generation Firewall und Web Security. Dieser Ansatz geht wesentlich weiter und schützt damit alle User, Branch Offices und die Unternehmenszentrale völlig ohne den Einsatz von Hardware am Perimeter.

Scott Robertson, vice-president, Asia Pacific and Japan, Zscaler, has a different view. "While Symantec’s intent to buy Blue Coat validates the need for secure web gateway solutions, it does not align with where the market is going because it is essentially just a consolidation of the old paradigm – legacy appliances and on-premise software. With a distributed mobile workforce moving data and applications to the cloud, neither endpoints nor appliances are enough to keep enterprises secure today. The only viable way forward is a purpose-built cloud security platform to eliminate the need to buy, deploy and manage security appliances.

Für letzteren hat Blue Coat im November 2015 den Spezialanbieter Elastica für 280 Millionen Dollar übernommen. Durch die Integration von dessen Cloud Application Security Broker (CASB) wollte der Spezialist für Unternehmenssicherheit das Portfolio vor allem für Cloud-Szenarien erweitern. Er reagierte damit offensichtlich auf den Druck durch Firmen wie Zscaler, die die Absicherung diverser und komplexer Cloud-Nutzungszenarien besser beherrechen und in den Vordergrund stellen.

Pour la sixième année consécutive, Zscaler, spécialiste de la sécurité sur Internet, est le leader du Magic Quadrant de Gartner dans la catégorie des passerelles web sécurisées (Secure Web Gateways).

Zscaler said that attackers are now making use of macros, which of course are pieces of code embedded inside Microsoft Office documents (usually written in Visual Basic). Microsoft Office disables macros by default, but attackers are now apparently ‘using clever social engineering tactics to lure the user into enabling the macros.

The malware author makes an assumption here that most clean virtual environment snapshots will be taken after a fresh Microsoft Office install with probably one or two document files opened for testing the installation,’” Desai said. “’Alternately, a standard user system with Office applications should have at least 3 or more recently accessed document files

The arrests were announced the same day researchers at security company Zscaler disclosed their analysis of a malicious Android application posing as the Sberbank mobile app. The malicious app steals credentials and requests extensive privileges on compromised devices. The app is worrisome because it can steal SMS messages and monitor incoming calls, two avenues by which banks send one-time passwords and PINs used as a second authentication factor.

“What advice would you give to a new CISO standing in front of the board for the first time?” “You have to be able to translate your world into theirs. You’re in a world with technical risk – we had this many incidents and this many computers were infected. You need to translate that into language the board can understand. For example – you had 20 infections on computers. What does that mean to them? But it’s straightforward to translate that. We had this many breaches that caused this much downtime and resulted in this much productivity loss. That’s something the board can understand.”  

“Rather than prohibiting applications, CIOs and CISOs must find alternative ways to close the gaps. To keep pace, IT must go from ‘block or allow’ to ‘manage and monitor.’ It’s all too easy for businesses to feel overwhelmed at the new technology coming to the market, or new consumer apps penetrating the workplace.”

Der Internet Security Spezialist Zscaler stellt dem traditionellen VPN-Konzept einen neuen Cloud-basierten Ansatz entgegen: Zscaler Private Access (ZPA). Auf Basis seiner globalen Cloud-Security-Infrastruktur wird eine Remote-Verbindung von einem bestimmten Anwender zu einer spezifischen Applikation möglich, ohne den Zugriff auf das gesamte Netzwerk zu öffnen.

Cela comporte toutefois des risques… Preuve en est que la société Zscaler, spécialisée dans la sécurité des systèmes informatiques, reporte qu’un nouveau spyware se propage dans les mises à jour d’application Android de ces magasins en se faisant passer pour une nouvelle version de Chrome en version mobile.

L’équipe de recherche en sécurité de Zscaler a détecté une activité importante dans le cloud liée à un malware voleur d’information infostealer se déguisant en mise à jour de Google Chrome. Ce malware est capable de récupérer l’historique des appels, les données SMS, l’historique de navigation ainsi que les informations bancaires, pour les envoyer à un serveur C&C. Il est, par ailleurs, à même de détecter les antivirus installés et de les neutraliser pour éviter d’être repéré.

Zscaler Private Access ermögliche es durch die zugrunde liegende Zscaler-Cloud-Infrastruktur gleichzeitig auf interne Anwendungen im Netzwerk sowie auf Apps im Cloud-Rechenzentrum des Unternehmens zuzugreifen. Eine solche flexible Zugriffsoption sei bei klassischen VPNs nur über eine kostentreibende Umleitung des Datenverkehrs durch das unternehmenseigene Rechenzentrum möglich. Im Unterschied dazu erlaube Zscaler Private Access dem Anwender einen schnellen und automatisierten Zugriff auf seine intern oder extern gehosteten Anwendungen – der Datenverkehr werde durch die Zscaler Security Cloud gesichert.

When this malware is installed, the data that it can potentially steal is transferred to a remote C2 (command & control server). As per the analysis of Zscaler, this malware can also detect and even terminate any antivirus app that is installed on the target computer. In fact, it is so resilient that the victim cannot delete it permanently from the device unless factory resets action is performed.

Cloud security vendor Zscaler Inc. is hoping to unseat the Virtual Private Network (VPN) in the enterprise world. Traditionally, organizations provide remote access to corporate apps via a VPN in order to protect their networks from remote attacks, but VPNs can be a tricky beast to use. Zscaler’s alternative is something called Zscaler Private Access, a new service that allows organizations to provide access to internal apps and services while ensuring they are secure, without any sign of a VPN. 

Zscaler Private Access  ZPA, built on Zscaler’s cloud, delivers per-user application access, for apps in the datacenter, public cloud or both. Unlike VPNs, users are never “on-net,” and can only see authorized apps.

There's a new piece of nasty Android malware floating around that Android users should be on the lookout for. Masquerading as a update for Google's mobile Chrome browser, the malware is hosted on webpages designed to look like they are official Google or Android landing pages. Originally spotted by the security firm Zscaler, the malware is designed to monitor call logs, browser history, text messages and banking information. Once installed, the malware logs the aforementioned data and sends it all back to a remote command and control server. What's more, Zscaler notes that the malware is capable of checking if a user has any antivirus apps installed, and if so, "terminating them to evade detection."

Director of Security Research at Zscaler, Deepen Desai, was interviewed by ZDNet and he said that “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” Users are advised to stay away from dubious websites and to no click OK no matter how tempting it is. Desai added that “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

Criminals continue devoting attention to mobile malware. Zscaler finds information stealing Android malware circulating in the wild posing as a Chrome update.

It’s been hiding, say researchers at Zscaler, in multiple domains similar to Google update paths. Each URL stays online only for a shot time, to be replaced by a new one regularly to avoid detection.

BT has directly connected Zscaler access points to the company’s global network so that BT customers can benefit from lower latency and better performing applications. The improved interconnectivity reduces the need to move traffic over great distances to access Zscaler nodes for secure internet access.

Zscaler has been working on the Private Access technology for nearly three years, according to Patrick Foxhoven, CIO and vice president of Emerging Technologies at Zscaler. He added that Private Access is functionally different from a traditional Internet Protocol Security (IPsec) or Secure Sockets Layer VPN (SSL-VPN). "The VPN space hasn't been disrupted in a meaningful way in over a decade," Foxhoven told eWEEK. "We wanted to bring a disruptive cloud-scale approach to the challenge of remote access.”

Security researchers discovered malware targeting Android devices that disguises as a Google Chrome update package in an attempt to fool users and lower their defenses.

Android Infostealer was first found by Zscaler inside third-party Android app stores in China, which are notorious for serving up malware disguised as legitimate apps. However, Zscaler found new instances of it in April, disguised as an update to the browser Google Chrome. Several rogue URLs were offering a download file titled Update_chrome.apk. When the user installs the APK, it prompts for administrative access. Worryingly, the malware payload is capable of checking for installed security applications and terminating them. Zscaler saw hard coded checks for antivirus applications like Kaspersky, ESET, Avast and Dr. Web.

According to Zscaler’s Director of Security Research Deepen Desai, Update_chrome.apk is spreading via “compromised or malicious websites using scareware tactics or social engineering.” Desai told ZDNet that the firm has seen Android malware use “scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection."

“The service is also designed to replace the need for stacks of security gear at individual data centers, to protect traffic going between data centers, as often exists today. ‘If enterprises are looking at moving some of their applications out to an AWS or Google Compute or Azure, they have to extend their network out to those public clouds in order to provide connectivity,’ Wessels says. ‘They want to embrace the agility of the cloud and put their private applications there. But they are having to use old legacy network plumbing tools to be able to extend that connectivity.’”

“The VPN hasn’t changed in 20 years,” says Zscaler’s engineering sales director Mark Ryan as he sets out the case for something called Private Access, his firm’s reinvention of the VPN in a form it believes is more suitable for a world of remote access to cloud applications. 

Der Anbieter erweitert damit seine cloud-basierenden Security-Dienste. Statt wie diese Geräte mit dem Netzwerk zu verbinden, sorgt Zscaler Private Access für den Zugriff von Personen auf Applikationen. So soll Komplexität reduziert und Sicherheit erhöht werden.

Zscaler Private Access takes a new approach by decoupling applications from the physical network to deliver granular, per-user access to apps and services running on the internal corporate network, in a data center or in a public cloud. The service is based on Zscaler’s existing global cloud, so there is no requirement for additional hardware or forklift upgrades of existing hardware. Customers are already using this technology in the wild, and they seem pretty happy: MAN Diesel & Turbo ‘is always looking for the state of the art in security technology and have been searching for an alternative to our global VPN solution,’ said Tony Fergusson, IT Infrastructure Architect for MAN Diesel & Turbo. ‘In general, legacy VPN technology is extremely complex, doesn't scale well and, most importantly, lacks application-centric security. Traditional VPNs extend the network perimeter to any user that connects, which is a security risk. Zscaler Private Access allows me to give users access to a single application and not to my entire network. This granular application control is also perfect for the growing demand of contractors and partner access.’”

Intended as an alternative to traditional VPNs that are difficult to set up and maintain, Zscaler Private Access routes traffic via secure tunnels through a global network of data centers based on which of those data centers will provide the lowest network latency, says Denzil Wessels, senior director of product management for emerging technologies at Zscaler. As part of that process, a Zscaler policy engine ensures that the traffic moving through those tunnels is limited to the applications that any given user has permission to access.

Cloud security provider Zscaler today announced the introduction of Zscaler Private Access, a new service that enables organizations to provide access to internal applications and services while ensuring the security of their networks.

Denzil Wessels, senior director of product management for emerging technologies at Zscaler, said that one of the big use cases was third-parties and independent contractors who need access to apps. With a traditional VPN, their access was only as good as the rules that were defined for them. But, ZPA offers per-application access by user, which means they'll only be able to access the apps they need.

Businesses need to employ sandboxing technology and dynamic data analysis in order to counter-act aggressive corporate ransomware attempts. In the coming months, we will continue to see ransomware become increasingly corporate focused, and as it does, enterprises won’t get away with paying consumer prices. Hackers will narrow their attacks to target enterprise servers and in doing so, will demand much, much more. The criminals behind ransomware campaigns are savvy and now that they’re realising that they can lock up enterprise source code and important financial documents, they know they’re in for a big payday.

We’ve added four contributing members since then. The contributing members are Reversing Labs, Barracuda, Zscaler and Eleven Paths. We sort of put a cap on it last year while we got our act together. We had to learn how to trust each other and we had to build some infrastructure to allow efficient sharing.

Skyhigh a d’ores et déjà établi un partenariat avec Bay Dynamics, Bitsight, Centrify, Checkpoint, Cisco, Cyphort, Exabeam, Gemalto, HPE, IBM, Ionique, Juniper Networks, Logrhythm, Microsoft, Mobileiron, Okta, Onelogin, Ping Identity, Titus, Vera, VMware, et Zscaler. 

In September, Google invested in Zscaler, an Internet security company, in a $25 million continuation of its Series D round. In total in that round Zscaler raised $110 million.

Skyhigh a d’ores et déjà établi un partenariat avec Bay Dynamics, Bitsight, Centrify, Checkpoint, Cisco, Cyphort, Exabeam, Gemalto, HPE, IBM, Ionique, Juniper Networks, Logrhythm, Microsoft, Mobileiron, Okta, Onelogin, Ping Identity, Titus, Vera, VMware, et Zscaler. 

Locky ist eine der aktivsten und lukrativsten Malware-Varianten, die in den letzten drei Jahren ihre Kreise gezogen hat. Die Ransomware folgt dem bereits bekannten Modell der asymmetrischen Verschlüsselung, um die Dokumente des Nutzers zu sperren und Lösegeld für die Entschlüsselung zu erpressen. Es ließ sich darüber hinaus eine Überschneidung zwischen den URLs feststellen, die zur Auslieferung der Locky- und Dridex-Payloads benutzt wurden.

Details regarding the actual attack and what government systems were infected is scant. Government officials said it knew the initial attack occurred in 2011, but are unaware of who specifically is behind the attacks. “Given the nature of malware payload involved and the duration of this compromise being unnoticed – the scope of lateral movement inside the compromised network is very high possibly exposing all the critical systems,” Deepen said. 

These currently include devices from Blue, Cisco, Zscaler, Fortigate, Palo Alto, McAfee, Check Point, Squid, Juniper, Sophos, Websense, and Microsoft.

Supported devices include firewalls and proxies from most major vendors, among them Blue Coat, Cisco, Zscaler, Fortigate, Palo Alto, Check Point, Websense, Juniper, and Microsoft’s own Forefront Threat Management Gateway.

Making that jump, however, drove Somerville/ISNet to reconsider how its SECaaS services – which bundle commercial antivirus, intrusion prevention, VPN and other security tools from the likes of Cisco Systems, McAfee, IronPort Systems, Zscaler, and Check Point Security Systems – could keep up with surging demand.

In both attacks, cyber criminals used the same ransomware known as Locky, which arrives via email attachments and encrypts all the data on an infected system and deletes the originals. Security firm Zscaler says it has blocked around 75 unique and new payloads from this ransomware family in the past month alone.

Elsewhere in the security world, Zscaler has discovered new instances of the Locky ransomware that was used to target the Hollywood Hospital last month.

Zscaler delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world.

TPG Growth, the middle market growth equity platform of TPG, has partnered with companies such as Airbnb, Domo, Uber and Zscaler and recently led the incubation and launch of STX Entertainment.

Internet Protect Pro is a cloud-based firewall based on software from Zscaler. For its German customers, Deutsche Telekom will run it in its own data centers in Biere, Germany, ensuring that their data doesn't leave the country.

Die neue Einheit Telekom Security, die vom 1. Januar 2017 an offiziell als eigener Geschäftsbereich starten soll, wird den Angaben zufolge die Sicherheitsbereiche aus verschiedenen Konzerneinheiten bündeln. Das Ziel: die Schlagkraft des Bonner Konzerns am Markt für Cybersecurity erhöhen. Dabei geht man auch neue Wege - zum Beispiel mit der Sicherheitslösung „Internet Protect Pro“ in Kooperation mit dem amerikanischen Hersteller Zscaler. 

Zscaler delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world.

Researchers said they captured over 50 unique payloads from this campaign serving a fake adobe flash player for watching porn. The goal of the malware is to steal the user's financial information from a phishing page designed to mimic the Google Play store payment page that supposedly needs to be filled out before a victim can access the “content,” researchers said.  

Rather, the Android Marcher Trojan uses a fake version of an Adobe Flash Player installer to infect users. "The majority of the Marcher Trojan downloads that we are blocking in the cloud are from porn sites," Deepen Desai, head of security research at Zscaler, told eWEEK. This appears to be a popular social engineering tactic where the user is prompted to install the Flash Player update to view the porn video and the attack cycle can start with an email or SMS."

At the 2016 RSA Conference, CSO's Steve Ragan chats with Zscaler CEO Jay Chaudhry about the Apple/FBI case, and whether there's a way to have encryption backdoors without letting everyone in.

Zscaler is the only true integrated cloud security platform. It delivers carrier-grade internet security, advanced persistent threat (APT) protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence – all without the need for on-premise hardware, appliances or software. Zscaler’s cloud-based Next Generation Firewall fills the security whitespace, allowing for better visibility, control and protection for the entire extended enterprise, with a total cost of ownership up to 90 percent lower than hardware-based protections.

“It made sense for us to have someone who can evangelize the message,” says Jay Chaudhry, Zscaler’s founder, chief exec, and chairman, on a call with Fortune. “Quite often a (chief information officer) will say, I like what you’re saying but I’m nervous about moving to the cloud. It’s a major change and the whole business depends on it.” Chaudhry says he met Biagini four years ago while courting GE and that the two got along well. Now Biagini has been enlisted to help steer Zscaler’s marketing and product strategy, Chaudhry says.

"What Zscaler does is see who is coming in and going out. If your PC is calling a host in Korea, you cut it off and inform the IT department," Jay says. "In the competitive world of IT security - there is a shouting match, we cover more threats, we're up to speed. It is a race to the bad guys but being in the cloud is very beneficial. We're set apart. Security boxes inspect traffic but they don't inspect everything because it uses more cycles. They say look at the header, they may look at source, they may look at behaviour. But we put our R&D into inspecting every byte that goes in and out. Tracking a phone call is easy but inspecting the content of the conversation is hard. That's what we do. We inspect the content. So my software does it better than any box."

Evidently, research by Zscaler shows the phony application contains one sinister Trojan that steals SMS. The malware claims itself to be a 'security control' and so tricks victims that they believe it is an application for making AliPay more powerful. AliPay is described as the East's PayPal having zero transaction fees. Worldwide, over 300 traders are AliPay users. The online payment service enables transactions through fourteen prominent foreign currencies.

ИБ-эксперты компании Zscaler предупредили пользователей Android-устройств о новой угрозе. Вредоносное ПО маскируется под функцию безопасности популярного приложения для осуществления online-платежей AliPay, но на самом деле представляет собой троян для перехвата SMS-сообщений. Пользователи загружают вредонос в полной уверенности, будто скачивают приложение, усиливающее защиту AliPay. Через три секунды после установки трояна его иконка удаляется, однако сама программа никуда не исчезает. Незаметно для жертвы вредонос регистрирует сервисы Android, способные работать в фоновом режиме и выполнять задачи с длительным временем реализации.

Selon Julien Sobrier, « l’un des gros problèmes, c’est d’avoir une vue d’ensemble de tous les objets connectés et de l’endroit où ils sont situés dans le réseau ». En effet, les entreprises n’ont pas encore conscience de la multitude d’objets qui peuvent se connecter au réseau comme la photocopieuse, les smart TV, les systèmes de climatisation et autres éléments de domotique ou encore les badges d’accès. Julien Sobrier a pu observer « dans des études, que dans une banque par exemple, le système réseau pour la climatisation était sur le même réseau que les appareils qui s’occupaient des cartes de crédit ».

Standalone SMS-stealing trojans are strange because there's not that much they can do. Zscaler suspects that this trojan may be part of a larger cybercrime campaign, alongside other Android hacking tools. SMS stealers are often used together with other malware families, allowing attackers to intercept two-factor authentication codes and payment verification codes for online banking operations.

According to Zscaler research, the fake app is a malicious SMS stealer Trojan. It portrays itself as "security controls," tricking victims into thinking it’s an app enhancing AliPay. AliPay, the PayPal of the East, is a third-party online payment platform with no transaction fees, supporting more than 65 financial institutions including Visa as well as MasterCard. Globally, more than 300 merchants use AliPay. It also supports transactions in 14 major foreign currencies.

Zscaler's cloud security platform provides full inline threat protection to guard against cyber attacks, prevent data leakage and enable the safe usage of cloud applications. CloudLock delivers crowdsourced-based application risk scores (CloudLock Community Trust ratings) for more than 101,000 applications, six times as many as any other CASB vendor.

There's probably no more embarrassing way to get a phone bricked by ransomware than through an inability to curb certain, ahem, urges while on the go. But that is exactly what's happening according to researchers at Zscaler who have found that certain porn apps on android are actually no more than a masquerade for ransomware. Even worse, some of them are automatically taking unauthorized selfies of users and using those in ransom letters to make sure they pay up.

Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot, also known as Kasidet, via spearphishing emails. Over the past two weeks, attackers have been using the same visual basic for applications (VBA) macros found in Microsoft Office that have been leveraged to place Dridex to drop Neutrino as well, according to a Jan. 29 security post. 

Today, vendors are emerging with solutions to deliver guaranteed application performance to the modern users and workloads of the hybrid enterprise, by applying the SDN principles to the WAN in the form of so-called SD-WAN solutions. A simple interface to Zscaler or other cloud-based security services enabling local Internet breakouts without requiring further investment in on-premises Internet security appliances.

Zscaler looks to bring the best of cloud computing to the Internet security market. With a per-user subscription model based fully in the cloud, Zscaler acts as a "check post" between an enterprise and the Internet, scanning traffic using its solutions for Internet security, advanced persistent threat protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence.

The Neutrino bot is getting a new boost of rejuvenation from a retro form of distribution that's been making a huge comeback lately. According to research last week out from Zscaler, Neutrino--also known as Kasidet--has spiked again in the wild with the help of malicious Microsoft Office macros. This latest example of VBA-related malware is another piece of evidence that a once forgotten class of malware has roared back to life in the last 18 months. The delivery of Kasidet backdoors is the continuation of a months-long series of campaigns to drop the Dridex banking malware on victim computers using malicious macros, Zscaler researchers say.

What makes this announcement interesting is that it comes hot on the heels of yet another malware, in this case Kasidet, being exposed by Zscaler and being distributed by macros. The risk is that by claiming white lists are the magic bullet Glasswall, and Sim in particular, are at risk of oversimplifying the security message.

It’s well documented that attackers have reignited their love affair with the Office macro, using it as a vector for spreading banking malware and even the BlackEnergy Trojan as of late. According to researchers at the San Jose security company Zscaler, the bot Kasidet, also known as Neutrino, has also adopted this technique. Attackers peddling the bot have stepped it up over the past two weeks, according to a trio of researchers, Abhay Yadav, Avinash Kumar and Nirmal Singh, with the company.

As companies embrace local Internet breakouts, they must also strengthen their security environments in the branches themselves. To do so, enterprises typically implement secure Web gateways (SWGs) that analyze specific ports such as HTTP/HTTPS and often use SWGs in combination with advanced threat detection (ATD) to detect the more advanced attacks. Now these capabilities are becoming available as a cloud service. Interfacing with a security-service provider such as Zscaler enables local Internet breakouts without requiring further investment in on-premises Internet security appliances.

VMware, Zscaler, Websense and more all joined in to deliver new features and areas of operations to VeloCloud and further drive that impressive new year.

Zscaler made a list of the 20 riskiest applications, in terms of actual (attempted) user victimisation and based on data from one of Zscaler’s cloud-based data sets over a period of 180 days from the beginning of 2015. Facebook, Skype and Twitter top the list of sites containing the most malware. Often, users click on or unwittingly download malicious applications without realising they have put themselves and the organisation in danger.

Malvertising, or "malicious advertising," is not a new threat, and just a few weeks into 2016 ThreatLabZ has observed a malvertising campaign injecting iframes into banner advertisements that lead to Angler Exploit Kit. Surprisingly, the Angler operators took some vacation for the New Year, as noted by F-Secure, and have only recently resumed operations, so we were surprised to see a malvertising campaign so soon after their break

Commenting on the investment, Cisco vice president and general manager of the enterprise infrastructure and solutions group said the company "is committed to open networking, and interoperability with the VeloCloud solution will provide our joint customers with additional enhancements for application and cloud services performance." In addition to Cisco, VeloCloud’s vendor partners include BroadSoft, Equinix, Hewlett Packard Enterprise, IIx Console, Intel, VMware, Websense and Zscaler.

Venture capitalists last year rushed to fund start-ups touting potential solutions to increasingly widespread and sophisticated cyber attacks. Private cyber security companies including Crowdstrike, Illumio and Zscaler raised rounds of $100m, at valuations thought to be above $1bn in 2015. Tanium’s valuation grew from $1.7bn to $3.5bn in six months last year, according to a person familiar with their fundraising.

Jeff Reed, vice president and general manager of Cisco's enterprise infrastructure and solutions group, noted in a statement that the company "is committed to open networking, and interoperability with the VeloCloud solution will provide our joint customers with additional enhancements for application and cloud services performance." VeloCloud is growing its vendor partnerships list, which now includes Cisco, BroadSoft, Equinix, Hewlett Packard Enterprise, IIx Console, Intel, VMware, Websense and Zscaler.

En 2016, les ransomware devraient de plus en plus toucher le monde de l'entreprise et il y a fort à parier que ces dernières devront s'acquitter de sommes nettement plus élevées que les particuliers. En effet, les criminels qui mènent ces campagnes de racket ne sont pas nés de la dernière pluie, et lorsqu'ils se rendent compte qu'ils ont verrouillé un code source et des documents financiers qui n'ont pas été correctement sauvegardés, vous pouvez avoir la certitude que le montant demandé pourra être des plus excessifs.

However, new findings published by Zscaler's ThreatLabZ revealed that a new malware family is using compromised digital certificates to avoid detection. The way it works is it monitors the activity on an infected PC and conveys that information back to cyber criminals. In order to spread the virus, a phishing campaign is sent around via email. Known as Spymel, the malware is often difficult to spot as it uses legitimate certificates that were issued by DigiCert.

Die Idee, Sicherheits-Appliances in einem Datencenter zu installieren, um die Mitarbeiter zu schützen, stammt aus den 1990er Jahren – und ist überholt. Statt an einem festen Arbeitsplatz sitzen diese nämlich heute zum Beispiel mit ihren Laptops in Cafés und arbeiten über die Cloud. Herkömmliche Sicherheits-Appliances sind nicht nur Altlasten aus traditionellen Standortkonzepten, sie engen den Geschäftsalltag ein, anstatt ihn zu fördern. Zudem sind sie oft nur für eine einzige Sicherheitsfunktion gebaut. Dadurch sprießen neue Appliances in den Datenzentren nur so aus dem Boden – für jede neue Bedrohung ein neues Gerät. Und jedes einzelne muss gekauft, installiert, gewartet und aktualisiert werden.

Az elmúlt évben két jelentősebb hibát is kiszűrtek a rendszerben. Tavaly augusztusban a Zscaler kutatói figyeltek fel arra, a WordPress egyik biztonsági hibáját kihasználva az ilyen weboldalakon keresztül terjesztették tömegesen a Neutrino exploit kitet. Ez a kiberbűnözők egyik legfelkapottabb exploitja, amelybe nagyon gyorsan belekerül minden új lehetőség, amivel akár a nulladik napi sérülékenységek is kihasználhatók.

“Users are all too willing to begrudgingly pay an expensive but not excessive ransom in exchange for the return of their precious data,” Sutton says. “Even the FBI are recommending that it’s easier to pay than fight. The wildly profitable CryptoLocker has attracted many clones since it was largely knocked offline following Operation Tovar.” Many of these clones, including more popular variants such as CryptoWall and TorrentLocker largely followed the proven formula, but we’re starting to see variations such as mobile and Linux focused ransomware. “The latter is especially important as it’s more likely to impact the websites and code repositories of enterprises, who in our experience are also very willing to pay up rather than risk losing critical intellectual property,” says Sutton.

As Deepen Desai, director of security research at Zscaler explained, “The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor. This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

Zscaler found that the C&C server may send a host of commands to infected machines. These include collecting information about the infected system and the files found on it, as well as deleting, executing or renaming a specified file. A specified file can be uploaded to the C&C and so can a screenshot of the desktop. Enabling or disabling video recording can also be performed.

“There are a lot of security vendors who do not perform SSL inspection. You have to do SSL man in the middle inspection,” Zscaler head of security research Deepen Desai told SCMagazine.com. “A lot of these advanced attacks are multi-stage attacks trying to exploit this scenario.” Once executed, the code logs user keystrokes and prevents the user from terminating the malware through system tools like TaskMgr, Procexp, ProcessHacker and Taskkill.

Besides using digital certificates to hide from antivirus software, Spymel also has some extra tricks up its sleeve. The trojan comes with a module called ProtectMe, which, when loaded, has the ability to prevent the user from terminating the malware's process via the taskkill shell command and tools like Process Explorer, Task Manager, and Process Hacker. Zscaler researchers say that Spymel's C&C server is located somewhere in Germany, at android.sh (213.136.92.111), on port 1216. This is probably a rented server, and its owner's real location is somewhere else.

“The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor,” says Deepen Desai, director of security research at Zscaler. “This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.

“The malware monitors application like Task Manager, Process Explorer, and Process Hacker. It uses GetForegroundWindow() API to get the handle of active window and changes it's functionality if process is from the above list,” Zscaler researchers explained. Attackers can use the C&C server to send various commands to the malware, including for collecting information about the infected system and the files found on it, deleting, executing or renaming a specified file, uploading a specified file to the C&C, capturing a screenshot of the desktop, and enabling or disabling video recording.

Deutsche Unternehmen fragen verstärkt nach einer effizienten Lösung für die Sicherheit von Unternehmensdatenverkehr im Internet für alle Mitarbeiter, unabhängig von deren Standort – das berichtet EBF. Genau diesen Bedarf will das Kölner Beratungs- und Softwarehaus jetzt adressieren und hat dafür ein Partnerschaftsabkommen mit dem Security-Anbieter Zscaler unterzeichnet.

Password reuse attacks will begin to decline, thanks in large part to the smartphone, said Zscaler CISO Michael Sutton. "Smartphones can be many things but they make for a handy, secure, always with you, data repository. As such, people are starting to adopt password managers such as 1Password and LastPass and other user friendly smartphone apps that present a convenient option for always having sensitive data such as passwords within easy reach," he said.