All news with #forcepoint tag

CASB Buying Guide: Key Capabilities, Vendors, and Questions

🔒 A Cloud Access Security Broker (CASB) sits between enterprise endpoints and cloud services to deliver visibility, enforce access controls and detect threats. This guide summarizes core CASB functions — visibility, control, data protection and compliance — and contrasts deployment modes (API vs proxy). It profiles major vendors such as Netskope, Microsoft Defender for Cloud Apps, Palo Alto Networks and others, and presents 16 practical questions to assess internal readiness and evaluate providers against SSE/SASE roadmaps.

XWorm Campaign Signals Rise in Fileless In-Memory Attacks

🔒 Forcepoint Labs describes a multi-stage phishing campaign that delivers the XWorm remote-access trojan via an Office .xlam attachment embedding an OLE native stream. An encrypted shellcode launches a .NET dropper that uses steganography and reflective DLL loading to unpack successive in-memory stages, minimizing on-disk artifacts. Attackers leverage API hashing, unhooked calls and layered encryption to evade sandboxes and traditional scanners; Forcepoint provides IoCs and detection recommendations.