Rclone is a data syncing tool often used by threat actors to exfiltrate data during a ransomware attack. Typically, the actors deploy Rclone after gaining remote access to the victim’s network. However, recently, Kroll experts have noted the use of Rclone in M365, using credentials stolen through network compromises or phishing attacks with minimal privileges to stealthily exfiltrate large amounts of SharePoint/OneDrive data.

Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.

By Nate Smolenski In May, the National Institute of Standards and Technology (NIST) released the white paper, “Planning for a Zero Trust Architecture,” which illustrates how agencies can make this transition by leveraging the seven steps of the NIST Risk Management Framework (RMF): Prepare, categorize, select, implement, assess, authorize, and monitor.

Red teams, blue teams, and purple teams, oh my! Many of us have heard these terms, but what exactly do they mean? And where does our individual interest and expertise place us? There are many niche roles within security, but this post will cover the basics of red, blue, and purple teams, and explain how they work together to enhance an organization’s security posture.

You can’t protect your system if you don’t know where the vulnerabilities lie or what aspects of your security architecture are being targeted by threats. Intelligence is everything in security — it’s how CISO’s make large-scale operational decisions, how IT teams prioritize projects, and how responders restore and remediate a system during and after an incident.

The 21st century has seen a dramatic increase in the number and sophistication of cybersecurity threats. Here are the 7 biggest threats that businesses and individuals need to be aware of.

Passwords are difficult to remember and have ever-more-complex criteria set by individual platforms. They are also the main culprits for data leaks. 85% of data breaches are caused by human mistakes, and credential compromise is a key contributing element, according to the 2021 Verizon Data Breach Investigations Report. With AI enabled technologies like Face ID, more and more companies and users are opting for Identity Verification over traditional password verification.

Java is a prominent and highly prevalent language in which thousands of software are regularly designed. From social media platforms to popular desktop applications, Java is used to build truly great applications. However, to ensure the safety of Java applications from malware, owners need to obtain a Java code signing certificate. It helps assert the software publisher’s identity to its users and affirm file integrity.

It’s with great pleasure that we announce that Forescout has been awarded with “Overall IoT Security Solution of the Year” for our Forescout Continuum Platform in the 6th annual CyberSecurity Breakthrough Awards. This is the second consecutive year Forescout has been an award recipient in the CyberSecurity Breakthrough Awards in recognition of the support we offer to our customers and the larger cybersecurity industry.

LimaCharlie’s endpoint detection and response (EDR) service is based on our unique approach to cybersecurity, which is why our EDR is so different from traditional EDRs. In this post, we’ll explain the differences—and why they matter for security teams.