9 Key Areas to Monitor for Potential Security Threats

The old "castle-and-moat" approach to security is a thing of the past. Your organization's perimeter is no longer a single, defensible line; it's a distributed and porous collection of remote employees, cloud services, and third-party vendors. Every connection is a potential entry point, and your...

PT-2025-12837

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 134.0.6998.177. Description A zero-day vulnerability, tracked as CVE-2025-2783, has been discovered in Google Chrome's Mojo IPC component, allowing remote attackers to escape the browser's sandbox on Windows...

Using Velociraptor for large-scale endpoint visibility and rapid threat hunting

TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks 150k+ Deployments aren’t unheard of Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and encourages...

The Velociraptor 2023 Annual Community Survey

By Dr. Mike Cohen & Carlos Canto Velociraptor is an open-source project led and shaped by the community. Over the years, Velociraptor has become a real force in the field of DFIR, making it an obvious choice for many operational situations. Rapid7 is committed to continue making Velociraptor the...

EDR vs MDR vs XDR – What’s the Difference?

Cyberattacks are rapidly evolving, leaving businesses and their IT security teams to handle immense workloads. Keeping up with todays cyberthreats not only involves staying up to date in an ever-changing threat landscape, it also involves managing complex security infrastructure and technologies...

How VMware Carbon Black Helps Agencies Meet CDM Requirements

When a crime is committed, one of the first things the police do is collect evidence from any security cameras nearby, and these days, cameras are everywhere. That’s a model that federal agencies want to apply to cybersecurity. This constant monitoring of systems to catch bad actors provides the...

Tips for Securing Remote Workers

As more and more employees are mandated to work from home, security and non-security professionals alike are left wondering what they can do to keep their data and systems safe. To help with this, we’ve compiled a list of some of the key things you can do to ensure your defenses are up—on or off...

GHSA-C289-47QF-RVRR Cross Site Scripting (XSS) vulnerability in easymon

easymon version 1.4 and earlier contains a Cross Site Scripting XSS vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim mus...

CVE-2018-1000855

easymon version 1.4 and earlier contains a Cross Site Scripting XSS vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim mus...

Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...

Monitoring Windows Console Activity (Part 1)

Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP such as the command prompt, PowerShell, and sometimes custom command and control C2 console tools...