menu

Contact Us

1 (800) 723-1166 |

All Blogs

Roses are red

Violets are blue

I love my data

And so should you

 

Valentine’s Day marks 100 days until the EU GDPR comes into enforcement – news that is likely to set some people’s hearts racing…and not in a good way! But May 25, 2018, is a date we all need to keep close to our hearts.

Let’s be honest with each other, regulation is never something you’re going to fall in... Read More

Forcepoint recently published a whitepaper related to how DanderSpritz/PeddleCheap communicates with malicious implants. This is a follow-up blog post related to evasions used in DoublePulsar and DanderSpritz.

There are some very interesting network-level evasions used related to DoublePulsar and DanderSpritz. We were not able to find a complete resource with focus on these evasion techniques. So as a spin-off from the DanderSpritz/PeddleCheap research, we decided to assemble... Read More

Forcepoint’s channel momentum is gaining steam! In the last three months alone Forcepoint has been recognized by CRN on their 20 Coolest Cloud Security Vendors of the 2018 Cloud 100 and 2017 Products of the Year for Forcepoint CASB. And, today I am honored and humbled to have been named to the prestigious list of CRN 2018 Channel Chiefs, an award I could not accept without acknowledging our global partner community and the support they add to the Forcepoint organization.

It is... Read More

Over the weekend reports were made of a cryptocurrency mining script injected into government owned and run websites across the US, UK and Australia.

The affected websites had a common theme – a script included in all that made a request to a JavaScript file hosted on BrowseAloud<dot>com.  This script, ba.js, was seemingly modified by a malicious actor to include obfuscated code that made an additional request to a cryptocurrency mining tool CoinHive. End-users who visited... Read More

In the current era of mass malware it's becoming increasingly rare to find something beyond the ‘usual suspects’ we see being spread by high-profile botnets on a regular basis: Dridex spread by Necurs, the ever-increasing number of ransomware families, cryptocurrency miners, credential stealers… the list goes on. These sorts of malware generally make up the majority of incoming malicious samples and are, from a researcher's standpoint, typically not very interesting.

However, in... Read More

Forcepoint’s operating system (OS) lockdown tool, formerly known as Security Blanket, is now an open source project called “OS Lockdown.”

This powerful tool is used to harden systems by aligning settings with published STIGs (Security Technical Implementation Guide), custom profiles built from STIGs or from scratch. OS Lockdown provides the ability to audit systems against variations from those profiles.

We are excited to support and collaborate with the open source... Read More

Forcepoint continues its focus on the unique needs and challenges found in the most highly regulated and mission-critical sectors. After over 20 years of protecting US and Five-Eyes critical classified information and networks, Forcepoint expanded the government business charter to bring human-centric cybersecurity to governments around the world in 2017.

As we enter 2018, Forcepoint continues to evolve our human-centric cybersecurity view through the integrated Human Point... Read More

Background

In April 2017, a hacker group named The Shadow Brokers released some very advanced cyber weapons. The leaked tools allegedly originate from the hacking arsenal of a powerful intelligence agency.

One of the tools in the leak is a post-exploitation framework called DanderSpritz, which is used for communicating with compromised computers. Forcepoint™ has analyzed the PeddleCheap module of this DanderSpritz framework. The research focuses on network-level communications... Read More

Every year on January 28 the world sets its sights on the privacy of individuals and the protection of data.  Now celebrated in over 50 countries, the original goal set out over 11 years ago was to raise awareness of what personal data is collected and processed and why, and what an individual’s rights are in respect to that. 

The history of Data Privacy Day (aka Data Protection Day)

To give the Council of Europe (aka Conseil de L’Europe) their dues, it was back in 2006... Read More

Data Privacy Day will be observed on January 28th across the globe to increase awareness and promote privacy and data protection best practices amongst businesses as well as individuals. Data Privacy Day, in a way, recognizes the increasing—and often neglected—need to strengthen security to protect data and privacy.

In a hyper-connected world where consumers are willing to provide their personal data in order to get a service or a good deal online, data breaches have become a... Read More