Mitigate Log4Shell and remote code execution risk with deception
The Log4J vulnerability in Apache’s popular logging library—known as Log4Shell—was disclosed on Dec 09, 2021. Security teams around the world spent the next five days either patching, fending off...
View ArticleThreatlabz analysis - Log4shell CVE-2021-44228 exploit attempts
The Zscaler Threatlabz team has been actively monitoring exploit attempts related to the Apache log4j 0-day Remote Code Execution Vulnerability (CVE-2021-44228), also known as “Log4Shell.” In this blog...
View ArticleNew DarkHotel APT attack chain identified
Summary In November 2021, ThreatLabz identified a previously undocumented variant of an attack chain used by the South Korea-based Dark Hotel APT group. We also discovered new activity on the...
View ArticleSecuring Publicly Exposed AWS S3 Buckets with Auto-remediation
Amazon S3 storage is incredibly flexible and easy to use, but securing S3 has proven difficult for many organizations. Breaches related to S3 buckets are frighteningly common, exposing sensitive...
View ArticleWeekly Roundup: What We’ve Learned About the Log4j Vulnerability
ON-DEMAND: Hear from our CISO, Deepen Desai, and Sr. Product Director, Rick Miles, as they discuss Log4Shell and steps your organization should take. It’s been a long week for IT and security...
View ArticleGartner’s New Security Service Edge: Real-World Applications
This blog is the second in a three-part series covering Gartner's new market category called security service edge (SSE). Read the first blog here. Now that we’ve established what Gartner’s new...
View ArticleCybersecurity Lessons to Carry Into 2022
The end of the year is a time for reflection. In the world of cybersecurity, that means looking back at how the threat landscape has evolved and what changes we can make to better prepare for the year...
View ArticleThree Cybersecurity Tips for a Safe and Happy Holiday
Security researchers have long marveled at one of the most pervasive and persistent threats that hits each year in late December. Dubbed “Santa Claus,” this North Pole-based adversary uses a Chimney...
View ArticleBuilding a Greener Security Cloud
In November 2021, we announced the achievement of 100% renewable energy being used to operate our offices and data centers, which is a critical milestone for us, our customers, and the future impact on...
View ArticleThe Zscaler Data Protection Tour: Enhancing DLP with Exact Data Match
In this blog series, we’re taking our readers on a tour of the various challenges faced in enterprise data security today. As we do so, we will detail the ins and outs of each subject, describe why...
View ArticleHow Zero Trust Contributes to Building Greener Aircraft
When you serve discerning purchasers of luxury goods, data privacy and security are always a top priority. It’s the same at Bombardier, where we create and support business jets that lead our industry...
View ArticleZscaler Named a Glassdoor Best Place to Work for Second Year
The last two years have been difficult for us all in many ways; individually, professionally, and globally. Zscaler has made a point to address these challenges that may be weighing on our workforce,...
View ArticleSASE Vs. SSE: The Ever-Growing Bowl of Alphabet Soup in Cybersecurity
When it comes to the cybersecurity space, there is no shortage of acronyms. With DLP, CASB, SSL, IPS, ATP, CIEM, ZTNA, CSPM, ML, SWG, and a myriad of others, the alphabet soup can simply become too...
View ArticleHow to Choose a Security Service Edge Platform
This is the third installment of our security service edge (SSE) blog series. Our first blog explored what SSE is as a platform, and the second looked at the top use cases. In this blog, we’ll explore...
View ArticleMLK Jr. Day 2022: What His Legacy Means to Us at Zscaler
Martin Luther King Jr. Day is an opportunity for us, every year, to not only reflect on the life and legacy of Dr. King, but also assess how we are honoring him and his message, and embodying his work...
View ArticleThe Zscaler Data Protection Tour: How to Secure Key Documents
In this blog series, we are taking our readers on a tour of various challenges to enterprise data security. As we do so, we will detail the ins and outs of each subject, describe why they all matter...
View ArticleActive Defense with MITRE Engage
Background In the cybersecurity world, MITRE is perhaps best known for ATT&CK, a free knowledge base of adversary tactics and techniques that have been extracted from real-world observations....
View ArticleNew espionage attack by Molerats APT targeting users in the Middle East
Introduction In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. These files...
View ArticleAnalysis of Xloader’s C2 Network Encryption
Introduction Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016. In October 2020, Formbook was rebranded as Xloader and...
View ArticleAnalysis of Adobe Acrobat Pro DC Solid Framework Out-of-Bounds Read...
Summary In October 2021, Adobe released a security update for vulnerabilities in Adobe Acrobat and Reader. Among these vulnerabilities is an out-of-bounds read (CVE-2021-40729) that was discovered by...
View Article