Contact Us

1 (800) 723-1166 |

All Blogs

Forcepoint™ Security Labs frequently identify new, unusual, or otherwise interesting pieces of malware. Sometimes these turn out to be elements of large, APT-driven campaigns (e.g. our report into the MONSOON campaign from August 2016:; other times these can be more 'niche', as is the case with this miniature Monero mining botnet.

Much as the California Gold Rush attracted amateurs lured by the promise of easy... Read More

For many, ‘virtual’ currencies such as Bitcoin remain a mystery primarily associated with online criminals, despite no longer being far removed from the monetary system and transactions we’re used to.

This article is intended to serve as a primer, rather than one of our more usual technical analyses: cryptocurrencies continue to play a key role in many areas of cyber-crime being used for everything from online marketplace transactions to ransomware demands. However, with a number of ... Read More

Researchers at Google and CWI have been the first to create a practical collision attack against the SHA-1 cryptographic hash function.  Previously a collision was only possible in theory with the premise that a significant amount of computing power would be necessary to generate a collision.  Now it seems as though that computing power has been harnessed by the team who have named the collision issue “SHAttered”.

Cryptographic hash functions such as SHA-1 are used... Read More

As of February 23, 2017, we’ve successfully closed on the acquisition of Imperva’s Skyfence product line, now known as Forcepoint CASB (Cloud Access Security Broker). This acquisition plays a pivotal role in our strategy to deliver cybersecurity systems that help our customers understand people’s behaviors and intent as they interact with data and IP wherever it may reside, including fast-growing cloud applications.

The acquisition of a CASB product creates new opportunities for... Read More

Sometimes old threats continue to remain relevant for a long period of time. The longevity of the x86 CPU architecture means that rootkits leveraging its features to achieve stealth on compromised systems may have a long shelf life and enable attackers to evade detection over an extended period. In this article, we look at “Subversive” (, a Linux rootkit that uses x86 debug registers to hook the operating system kernel. Despite the last change in... Read More

On the last full day of RSA, Forcepoint CEO Matt Moynahan delivered a keynote on the importance of breaking from a focus on endpoints and walls to the critical human point of interaction between people, content and data.

Matt emphasized that though the cybersecurity industry has invested billions in technology, little progress has been made in recognizing and preventing cyber breaches.  Critical business data is now everywhere and the notion of boundaries and walls are increasingly... Read More

Panel moderator Dr. Richard Ford with panelists Nate Cardozo, Matt Heine, and Matt Bishop

Wednesday at RSA, Forcepoint CTO Dr. Richard Ford moderated the panel ‘Could US Anti-Hacking Laws Handicap Cybersecurity?’ Panelists included Senior Staff Attorney at the Electronic Frontier Foundation Nate Cardozo; Matt Bishop, professor with the department of computer science at the University of California, Davis; and Raytheon Principal Software Engineer and Deep Red team member Matt Heine.... Read More

As we begin the second full day at this year’s RSA conference, a look back at day one.

We spoke with Forcepoint’s Jim Fulton, senior director of product marketing and Dan Valez, director of insider threat operations to find out what’s on the minds of visitors to the Forcepoint booth.

Jim Fulton:

“Attendees are looking for something that breaks out of the norm. They’re not interested in scare tactics. In our case, they’re really connecting with our message of... Read More

Forcepoint Security Labs™ came across a malicious reconnaissance campaign that targets websites. It is unknown what is the intent behind the campaign as of this writing, however, the profile of the targets resembles those that are common targets of Advanced Persistent Threat (APT) actors. As the attack is currently active, it effectively turns compromised sites into attack surfaces against their visitors.

Furthermore, the injections resemble those used by the Turla group, such as... Read More

Forcepoint Security Labs™ recently investigated a trojanized RTF document which we tied to the Carbank criminal gang. The document contains an encoded Visual Basic Script (VBScript) typical of previous Carbanak malware. Recent samples of the malware have now included the ability to use Google services for command-and-control (C&C) communication. We have notified Google of the abuse and are working with them to share additional information.

Carbanak (also known as Anunak) are a... Read More