Back to bundle

Zscaler Research

The Zscaler Research Team is focused on bleeding edge web security research in the cloud computing era. This blog provides an opportunity for us to share our thoughts and ideas and interact with the community at-large. We welcome your feedback and en
755 followers 0 articles/week
Follow
Frenchy – Shellcode in the Wild

For the past few months, the Zscaler ThreatLabZ research team has seen a number of AutoIt and .NET samples from different malware families using what is being called Frenchy shellcode. The name is so given because of the mutex name it creates: frenchy_shellcode_{version}. In this blog, we will provide a brief analysis of a .NET sample using the Frenchy...

Mon Jan 27, 2020 19:20
FTCODE Ransomware — New Version Includes Stealing Capabilities

Recently, the Zscaler ThreatLabZ team came across PowerShell-based ransomware called “FTCODE,” which targets Italian-language users. An earlier version of FTCODE ransomware was being downloaded using a document file that contained malicious macros. In the recent campaign, the ransomware is being downloaded using VBScript. Figure 1: FTCODE downloaders...

Thu Jan 16, 2020 19:09
Critical Windows Update - CryptoAPI Spoofing, Windows Remote Desktop vulnerabilities

Background Earlier today Microsoft released several security updates as part of its regular monthly updates known as Patch Tuesday. Some of the issues that were patched in today's update are critical and has prompted an emergency directive from Cybersecurity and Infrastructure Security Agency (CISA) for certain U.S. government agencies. It is important...

Wed Jan 15, 2020 02:29
Remote Access VPNs Have Ransomware on Their Hands

Another day and, unfortunately, another cyberattack accidentally introduced by VPN. According to a Computer Weekly article, Travelex was hit by Sodinokibi ransomware, which disabled the foreign exchange company’s IT systems on New Year’s Eve. The attack was made possible when the company forgot to patch its Pulse Secure VPN servers.  Sadly, these...

Tue Jan 7, 2020 21:42
A look at the recent BuleHero botnet payload

Ever since the 2017 outbreak of WannaCry, NotPetya, and BadRabbit ransomware, as well as the WannaMine cryptocurrency campaign, there has been a steep increase in malware that uses the now infamous ShadowBroker’s leaked exploits—EternalBlue, EternalChampion, EternalRomance, and EternalSynergy—for lateral propagation. Alongside these exploits, many...

Thu Dec 12, 2019 19:08
A Big Day for Phishing

We hope you enjoyed your own Black Friday and found everything you wanted as you were shopping the sales. The threat actors certainly attempted to take advantage of the zeal of holiday shoppers. As a follow-up to our previous blog on shopping scams, we’d like to show some of the other attacks we saw during the Thanksgiving break. We’ll highlight a few...

Thu Dec 5, 2019 16:55

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account