Machine Identity in the Cloud - Bypassing All Security Controls
Modern public cloud environments provide great flexibility, agility, and benefits to companies of all sizes. In addition to operational benefits and cost reductions, the public cloud offers great...
View ArticleThe Next-Gen Firewall is Dead. Long Live Cloud-Gen Firewall!
For a large part of the last two decades, I have been designing, developing, and deploying firewalls. Initially, the industry was happy with 5-tuple, port-based stateful firewalls. In the mid-2000s,...
View ArticleBeyond the Perimeter 2022: Defending Against Ransomware with a Zero Trust...
Accommodating a hybrid workforce is now a reality for many organizations. But giving remote workers anywhere, anytime, any device access to enterprise assets and data raises a new systemic challenge...
View ArticleSecuring Infrastructure by Embedding Infrastructure As Code (IaC) Security...
Infrastructure as Code (IaC) is widely adopted by organizations to easily manage and provision their infrastructures on the cloud and automate their deployment process. It allows engineers to quickly...
View ArticleMy First Year as a Sales Engineer at Zscaler
A sales engineer at Zscaler is, first and foremost, a contact partner to help future customers get their modernisation of security off the ground and provide transformative advice about network and...
View ArticleUncovering new techniques and phishing attack trends from the cloud
Download your free copy of the 2022 ThreatLabz Phishing Report, and check out our infographic. For decades, phishing has been a complex and time-consuming challenge for every security team. As the...
View ArticleZscaler ThreatLabz Discovers Multiple Product Bugs in Adobe Acrobat
In April 2022, Adobe released security update APSB22-16. This update fixed five product bugs that Zscaler’s ThreatLabz reported in Adobe Acrobat that are related to EMF (Enhanced Metafile Format)...
View ArticleA "Naver"-ending game of Lazarus APT
Zscaler’s ThreatLabz research team has been closely monitoring a campaign targeting users in South Korea. This threat actor has been active for more than a year and continues to evolve its tactics,...
View ArticleThe Top 3 Lessons We’ve Learned from Embracing the Zero Trust Exchange
When you’re in the business of producing confections that bring a ray of sunshine into people’s everyday lives, disrupting your manufacturing operations to recover from a malware attack is...
View ArticlePeeking into PrivateLoader
Key Points PrivateLoader is a downloader malware family that was first identified in early 2021 The loader’s primary purpose is to download and execute additional malware as part of a pay-per-install...
View ArticleTargeted attack on Thailand Pass customers delivers AsyncRAT
The Zscaler ThreatLabz research team has recently discovered a malware campaign targeting users applying for Thailand travel passes. The end payload of many of these attacks is AsyncRAT, a Remote...
View ArticleThe Four Key Drivers of Data Loss and How You Can Respond
Protecting data in the modern business world is no small task. The widespread adoption of cloud-based resources like SaaS apps, the rise of bring your own device (BYOD), and much more have introduced a...
View ArticleAI in Cybersecurity: The Hardware Problem
Artificial Intelligence (AI) has gotten a lot of attention in recent years as its adoption has skyrocketed across industries and use cases, effectively forging its way into a “mainstream technology.”...
View ArticleBest Practices for Securing Infrastructure as Code
Organizations are rapidly adopting Infrastructure as Code (IaC) to automate the process of deploying, configuring, and decommissioning cloud-based infrastructure. IaC helps to avoid configuration drift...
View ArticleAnalysis of BlackByte Ransomware's Go-Based Variants
Key Points BlackByte is a full-featured ransomware family that first emerged around July 2021 The ransomware was originally written in C# and later redeveloped in the Go programming language around...
View ArticleVPN vs ZTNA: Five Lessons Learned by Making the Switch from VPN to Zero Trust...
In the late 1990s, VPN technology took the corporate world by storm. The network could be extended into every household and users could work from home as if they were in the office. But just like...
View ArticleWelcome to Networkrassic Park
In Jurassic World, where giant dinosaurs ruled, cultivated the land, and maintained the natural balance, these creatures were a perfect species for that environment that served a purpose. Similarly,...
View ArticleBest Practices for Securing Infrastructure as Code (IaC)
Organizations are rapidly adopting Infrastructure as Code (IaC) to automate the process of deploying, configuring, and decommissioning cloud-based infrastructure. IaC helps to avoid configuration drift...
View ArticleCISA Must Update its latest OT Security Warning and Guidance to Include Zero...
On April 14, 2022, CISA published a warning regarding potential denial-of-service attacks that could exploit vulnerabilities in certain OT assets. Specifically, CISA warned that an OpenSSL TLS server...
View ArticleHow to Resolve Data Protection Woes With SSE
The outdated security approaches of yesterday are no longer a good fit for protecting today’s data. These traditional security tactics were centered around the data center, but users, apps, data, and...
View Article