ThreatLabZ uncovers attacks that target WordPress vulnerabilities and job-seekers in August

ThreatLabZ uncovers attacks that target WordPress vulnerabilities and job-seekers in August

As cybersecurity stewards of the Zscaler Zero Trust Exchange, the ThreatLabZ team led by CISO and VP Security Research & Operations Deepen Desai oversees more than 120 billion data transactions per day. That gives ThreatLabZ researchers a unique, front-row view of new and subversive cyber activities threatening the global community of internet users. In August, ThreatLabZ researchers discovered, deconstructed, documented, and blocked new attacks that:

  • Tricked job-searchers into providing LinkedIn account credentials on a seemingly-credible yet malicious website.
  • Exploited unpatched WordPress instances to redirect site visitors to an information-stealing website.
  • Distributed a new Russian-hacking-group-developed infostealer called PurpleWave that harvests client-stored credentials, auto-fill data, credit-card info, cookies, and browser histories.
  • Targeted fans of two African soccer clubs via spyware-embedded Android apps.   

To learn more about the threats Zscaler discovered last month, read Deepen’s blog on the latest August 2020 ThreatLabZ research.

As companies move infrastructure, software, and assets to the cloud, cybercriminals are shifting tactics to follow them. For companies still employing legacy “castle-and-moat” cybersecurity, the necessary (and often overdue) move to the cloud extends the threat surface. But preserving perimeter security becomes untenable when data traffics the open internet. Hackers know this and target enterprises still trying to defend networks with legacy hardware appliances.

No alt text provided for this image

A SASE architecture employing Zero Trust security principles secures data traffic for the new cloud-first, work-from-anywhere (WFA), device-agnostic enterprise. The Zscaler Zero Trust Exchange exemplifies the SASE architecture and Zero Trust best practices. Its identity-based authentication model leverages SSL inspection, cloud firewall, DLP, CSBM, and CASB technologies to block new threats. The Zscaler Zero Trust Exchange is the largest cloud security platform in the world, processing more than 120 billion transactions daily and detecting about 100 million threats per day from users across 185 countries. Zscaler customers benefit from a (massive) threat-prevention "cloud effect": A cyber attack countered for one Zscaler user is immediately blocked for every Zscaler user worldwide. 

Using its extensive monitoring of the global Zscaler Zero Trust Exchange, the ThreatLabZ team produces the Global Internet Threats Insights dynamic dashboard. For more information on Zscaler ThreatLabZ cybersecurity research, check out published reports here.

Sam C. M.

Program/Project Manager --- deliver with delight!

4 年

Hacker will move in direction of migration and where resources are committed and needed - Cloud is the obvious choice, public, private, hybrid, perimeter (networking), ecommerce (web commerce), mail (communication), SSO infrastructures. Constant risk assessment is needed and architecture hardened to prevent penetration. The vendor with a differentiated USP shall win the dollars from the customer. Great work by Jay/team ZScaler!!

回复
PJ Joubert

Account Executive - SLED

4 年

Threatlabz is one of the key assets of Zscaler. I wish we did a weekly newsletter of the key new findings as Threatlabz is a phenomenal resource.

... and the best thing is that this threat intelligence plus counter measure implementation comes all ?out of the box‘ when you have implemented Zscaler Internet Access. What a new world and a calming thought for CXO.

要查看或添加评论,请登录

Jay Chaudhry的更多文章

  • Lessons Learned from the State of Silicon Valley Start-ups

    Lessons Learned from the State of Silicon Valley Start-ups

    I recently read a compelling article in Business Insider entitled, “Silicon Valley is bracing for a ‘Darwinian moment…

    11 条评论
  • Dispatch from Zenith Live Berlin

    Dispatch from Zenith Live Berlin

    On the heels of a successful @Zscaler #ZenithLive user conference in Las Vegas last month, we continued our momentum…

    2 条评论
  • Updates from Zenith Live ‘23

    Updates from Zenith Live ‘23

    It was fantastic to see everyone at Zenith Live ‘23 this week in Las Vegas where customers, partners, media and…

    7 条评论
  • Zenith Live 2023: Redefining Secure Digital Transformation

    Zenith Live 2023: Redefining Secure Digital Transformation

    Technology leaders, IT practitioners, security analysts, and other industry watchers will soon gather at Zscaler's…

  • Observations from RSAC 2023

    Observations from RSAC 2023

    We recently wrapped up an exciting and highly engaging week at #RSAC. I couldn’t be more energized and inspired by the…

    3 条评论
  • Making a Positive Impact By Giving Back

    Making a Positive Impact By Giving Back

    When I founded Zscaler over 15 years ago, I wanted to build an iconic technology company that would fundamentally…

    10 条评论
  • Reflections on My Trip to India

    Reflections on My Trip to India

    This month, I had the opportunity to visit several cities in India to interact with customers, partners and Zscaler…

    9 条评论
  • Observations from My Trip to Japan

    Observations from My Trip to Japan

    I have been meaning to return to Japan since it is a critical country for us, so I was excited to have the opportunity…

    4 条评论
  • Sincere Thanks to Zscaler Customers & Partners

    Sincere Thanks to Zscaler Customers & Partners

    As we begin 2023, I want to express my sincere thanks and appreciation to our Customers and Partners for their…

    14 条评论
  • Zscaler Once Again Recognized on 2022 Deloitte Technology Fast 500 List

    Zscaler Once Again Recognized on 2022 Deloitte Technology Fast 500 List

    One of only three companies in the Bay Area to have made the list five years in a row I am extremely proud of the…

    30 条评论

社区洞察