CyberWire Daily - Code beneath the sand.
Episode Date: September 17, 2025A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phis...hing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBI’s cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Abhishek Agrawal, CEO and Co-Founder of Material Security, discussing challenges of securing the Google Workspace. You can hear Abhishek’s full conversation here. Selected Reading Self-Replicating Worm Hits 180+ Software Packages (Krebs on Security) Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader (Help Net Security) Fancy Bear attacks abuse Office macros, legitimate cloud services (SC Media) VoidProxy phishing operation targets Microsoft 365, Google accounts (SC Media) UK telco Colt’s cyberattack recovery seeps into November (The Register) Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack (The Register) Senators, FBI Director Patel clash over cyber division personnel, arrests (CyberScoop) House lawmakers move to extend two key cyber programs, for now (The Record) BreachForums founder caged after soft sentence overturned (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
The DMV has established itself as a top-tier player in the global cyber industry.
DMV rising is the premier event for cyber leaders and innovators
to engage in meaningful discussions and celebrate the innovation happening in and around the Washington
D.C. area. Join us on Thursday, September 18th, to connect with the leading minds shaping
our field and experience firsthand why the Washington, D.C. region is the beating heart of cyber
innovation. Visit DMV Rising.com to secure your spot.
certificates lifespans will be cut in half, meaning double today's renewals.
And in 2029, certificates will expire every 47 days, demanding between 8 and 12 times the renewal
volume.
That's exponential complexity, operational workload, and risk, unless you modernize your strategy.
CyberArk, proven in identity security, is your partner in certificate security.
CyberArk simplifies life cycle management with visibility, automation, and control at scale.
Master the 47-day shift with CyberArk. Scan for vulnerabilities, streamline operations, scale security.
Visit cyberark.com slash 47-day. That's cyberark.com slash the numbers 47-D-A-Y.
A new self-replicating malware infects the NPM repository.
Microsoft and Cloudflare disrupt a fishing-as-a-service platform.
Researchers uncover a new fancy bear backdoor campaign.
The Void proxy platform targets Microsoft 365 and Google accounts.
A British telecom says it's ransomware.
recovery may stretch into November. A new Rohammer attack variant targets DDR5 memory. Democrats
warn proposed budget cuts could slash the FBI's Cyber Division staff by half at a heated Senate
Judiciary Committee hearing. On our industry voices segment, we're joined by Abyshek Agrawal from
Material Security, discussing challenges of securing the Google workspace, and Pom-Pum Huram heads to prison.
It's Wednesday, September 17th, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today. It's great as always to have you with us.
A duplicating malware called Shai Halud has infected at least 187 packages in the JavaScript repository NPM, named after the sandworms in Dune, the worm steals developer credentials and publishes them in public GitHub repositories.
Security firm Akito reports the malware spreads by hijacking NPM tokens, injecting itself into the 20 most popular packages linked to a victim's account, and releasing.
altered versions. The attack briefly compromised Crowdstrike managed packages, but they were
quickly removed. Unlike past NPM breaches, Shai Halud self-propagates, using tools like
Trufflehog to harvest secrets and spread further. Researchers warn the worm mimics a living virus
capable of lying dormant before flaring up again. Experts say stronger two-factor authentication
for publishing packages is needed to prevent future outbreaks.
Microsoft and Cloudflare have disrupted Raccoon 0365
of Fishing-as-a-Service platform that sold subscription kits
to steal Microsoft 365 credentials.
With a court order, Microsoft seized 338 websites tied to the operation,
cutting off attackers' infrastructure.
Raccoon 0365, also known as,
Storm 2246 enabled low-skilled criminals to impersonate brands like DocuSign and SharePoint,
creating fake Microsoft login pages. The kit used adversary in the middle tactics to capture passwords
and session cookies, bypassing MFA protections. Investigators tracked cryptocurrency payments
after discovering the group's leaked wallet, identifying Nigerian programmer Joshua Ogudipay
as the ringleader.
He marketed the service on Telegram and, along with associates, sold tiered subscription plans
ranging from $355 to $999.
The group made at least $100,000.
Microsoft has filed suit and referred Ogundipay to international law enforcement.
Researchers at Sequoia I.O.
have discovered a new APT-28 Fancy Bear campaign, dubbed Operation Fendipa.
NetVoxel that uses malicious Microsoft Office documents to deliver advance-back doors.
The attack, aimed at Ukrainian military officials via signal spearfishing,
tricks victims into enabling macros. These drop a DLL and a PNG image that hides shell
code, which then loads an HTTP grunt stager from the open-source Covenant Framework.
This establishes command and control through the cloud service Kufor, where attackers use folders named
Tansfering and keeping to manage tasks and exfiltrated data.
A second backdoor, Beard Shell, uses Ice Drive for C2 and executes PowerShell commands.
Researchers also linked APT28 to Slim Agent Spyware, enabling key logging and screenshots.
At least 42 hosts may be compromised.
since late 2024, highlighting Fancy Bear's growing reliance on blended open source and legitimate
cloud services for stealth and persistence.
Researchers at OCTA have uncovered void proxy of phishing-as-a-service targeting Microsoft 365
and Google accounts. The operation uses adversary-in-the-middle techniques to intercept
log-ins, capturing credentials, MFA codes, and session tokens for use in business email
compromise, fraud, and data theft.
Experts warn void proxy is part of a growing wave of attacker-in-the-middle-driven fishing-as-a-service
tools, following kits like evil jinx.
Security leaders stress an identity-first approach, reducing excessive privileges and monitoring
identity interactions, since identity-based attacks are harder to detect and exploit user-trust
directly.
British Telecom Colt Technology Services says recovery from its August ransomware attack
may not finish until late November, marking over three months of disruption.
The Warlock Group claimed responsibility, allegedly exfiltating Colt's data.
While core network infrastructure remains operational, customer portals, hosting APIs,
billing, and some voice services are still affected.
Colt has engaged external experts, filed reports with authorities in 27 countries, and continues phased system restoration.
Investigators suggest the attack may have exploited SharePoint vulnerabilities, followed by data theft and extortion attempts.
Researchers from Google and ETH Zurich have discovered a new Rohhammer attack variant, dubbed Phoenix, that targets DDR5 memory,
Rohammer exploits memory's tendency to leak electrical charges, allowing attackers to corrupt adjacent cells, degrade performance, or escalate privileges by repeatedly accessing specific rows.
While DDR5 was thought resistant, researchers found S.K. Heinex DDR5 vulnerable when tested on an AMD Zen 4 system.
The attack is complex and resource intensive, but effective.
Phoenix, with a 7.1 CVSS score, highlights gaps in DDR5 protections, particularly the absence of J-Dex per row activation counting defense.
ETH Zurich responsibly disclosed the flaw to memory and CPU vendors in June.
AMD has since released a bios update, and cloud providers were notified to mitigate risks.
Yesterday, at a heated Senate Judiciary Committee hearing, Democrats warned that proposed Trump-era cuts could slash the FBI's Cyber Division staff by half, undermining defenses against foreign threats and ransomware.
Senator Dick Durbin cited a proposed $500 million FBI budget cut, while Senator Alex Padilla argued shifting resources to immigration and politically motivated probes hurt course.
cyber missions. FBI director Cash Patel countered that arrests rose 42% with 409 arrests and 169
convictions in the past year and insisted no resources were diverted from election security or
counterterrorism. Patel highlighted ongoing efforts against Chinese hacking groups like
Salt Typhoon and Volt Typhoon as well as ransomware. Senator Amy Klobuchar raised concerns about
AI-driven election interference, which Patel attributed to loosely organized overseas actors.
Meanwhile, House lawmakers introduced a short-term funding bill to extend two key cyber programs,
the 2015 Cybersecurity Information Sharing Act, and the state and local cybersecurity grant program
until November 21st. Both were set to expire September 30th. The extension gives Congress more time to negotiate long
term renewals, with the House proposing a 10-year extension, and the Senate, led by Senator Rand Paul,
expected to push for a shorter timeline with fewer safeguards for private entities sharing
threat data. Uncertainty remains over bipartisan support.
Coming up after the break, my conversation with Abyshek Agrawal.
from Material Security.
We're discussing challenges
of securing the Google
workspace.
And Pomporum
heads to prison.
Stay with us.
And now, a word
from our sponsor.
The Johns Hopkins University
Information Security Institute
is seeking qualified applicants
for its innovative Master of Science and Security Informatics degree program.
Study alongside world-class interdisciplinary experts
and gain unparalleled educational research and professional experience
in information security and assurance.
Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program,
which covers tuition, textbooks, and a laptop,
as well as providing a $34,000 additional annual.
stipend. Apply for the fall
2026th semester and for this scholarship by February
28th. Learn more at
c.j.j.u.edu
slash MSSI.
We've all been there.
You realize your business needs.
to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use Indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job post noticed.
Indeed's sponsored jobs helps you stand out and hire fast.
Your post jumps to the top of search results,
so the right candidates see it first.
And it works.
Sponsored jobs on Indeed get 45% more applications than non-sponsored ones.
One of the things I love about Indeed is how fast it makes hiring.
And yes, we do actually use Indeed for hiring here at N2K Cyberwire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs, there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according to Indeed data worldwide.
there's no need to wait any longer speed up your hiring right now with indeed and listeners to this show will get a seventy five dollar sponsored job credit to get your jobs more visibility at indeed dot com slash cyberwire just go to indeed dot com slash cyberwire just go to indeed dot com slash cyberwire just go to indeed is all you need
Abyshech Agrawal is CEO and co-founder of material security,
and in today's sponsored industry voices segment,
we discuss the challenges of securing the Google workspace.
The way I like to describe it is that if you think about a company's office suite or a productivity
suite, whether it's Google Workspace or Office 365, they're kind of not a company until they
have a Google Workspace or Office 365, right? It's like one of the first things you set up
when you get started literally as a company because you're giving email to employees and
like where they do their work. But from like a security context, it just is such a mission
critical surface because it's where kind of a lot of the institutional knowledge of the company
exists. It serves as identity. It's obviously where a lot of sensitive content resides. And
And kind of the first app you get and the last one that gets taken away when you leave.
So it's a critical piece of infrastructure.
Well, being so mission critical, where does it stand in terms of the security that it provides out of the box?
So the infrastructure is actually fairly secure out of the box.
There's a lot of things that they do well.
I think the challenge becomes when as an organization and as a security team,
you're looking for additional controls or customization or granularity.
Those are the types of areas in which as an organization scales,
they might start hitting roadblocks with some of the out-of-box tooling.
So it's less about security kind of at the infrastructure level,
and it's more about tooling that a security operations team might need
or a detection and response team might need when they're doing investigations
or when they're thinking about specific threats that are relevant to their
organization. You know, we often hear folks say that identity is the new perimeter. How does that
play out with Google Workspace? Yeah, I mean, I think that statement is very true and has been for a long
time. And the way it plays out in Google Workspace is often Google Workspace is acting as identity.
So, you know, if you think about your Google account, it's how you log into things. It's how you
prove you are who you are in many cases. Even if you're using a third-party IDP, like an
octa, you're still often connecting that as a source of truth to your Google directory.
So it absolutely serves as identity. If you think about OAuth applications and signing into them
with like a Google account. And the way we like to talk about it is that if you're thinking
about an account in Google workspace, it actually is consolidating a lot of different pieces
of context, right? Who that person is in the org, what files they have access to, what their
function is, what messages they send out. And at the end of the day, that's kind of what identity
means. Well, help me understand here. Once an attacker gets inside, what does it look like? What does
lateral movement look like within workspace? Yeah, there are so many different opportunities
to move laterally, you know, so backing up for a second, there may be many different ways that
an attacker gets in in the first place from an initial access perspective. For example, by far,
one of the most common is some type of credential theft, whether it's fishing or, you know,
looking for stolen credentials. But the point is that once they are in, there's actually just
not really any additional controls to stop them from moving laterally. So, for example, if I compromise
an email account. Nothing stops me from using that same session to go now look at Google Drive and
understand what files are in there or pivot over to other applications that might be using that
Google account for identity. There are lots of different paths that one can take. The other thing is
attackers often are very interested in establishing some persistence. It's not just about the initial
access or lateral movement. It's about making sure that they can continue having their presence.
So, for example, the kinds of things that we see very often are an account gets compromised.
The attacker will start setting up things like mail rules for forwarding all email that's coming into that account.
They might go try to change the MFA settings.
They might assign delegate accounts.
So these are all different methods for establishing some sort of long-term persistence.
Well, let's talk about data sprawl.
I think about my own experience with Google Drive.
and I think there's an impulse to be a bit of a pack rat.
Yeah, absolutely.
Yeah, it's not just in Google Drive.
I think with email, it's the same thing,
but basically the cost of storage has gotten so low
that all of us, many, many years ago at this point,
stopped deleting things for the most part, right?
Certainly in our consumer lives,
probably at work as well,
where you may as well hold on to something,
there's a chance you might need it,
and there's not really any incentive to delete it.
Unfortunately, what that means
is, yeah, one, you are collecting a sort of ever-growing treasure trove of data,
which you may not even need, but poses a lot of risk.
But secondly, for something like Google Drive, in particular, often that data is shared, right?
So it's shared internally inside the organization, but it might be shared externally.
It might have very wide sharing permissions like being publicly accessible.
And when you put these two things together, the vast amount of data.
sprawl that you kind of don't really have a handle on anymore. And then also the fact that a lot of
it might be shared in a way that at the time was fine. But, you know, with time you've kind of
forgotten about, it leads to this kind of pretty large exposure surface, right, that can be
exploited. And often it's just very hard to get a handle on. Well, in terms of the built-in tools
that the Google Suite comes with, in what ways do they fall short? Right. As I
saying earlier, there are built-in tools that kind of will do some of the basics, but the minute
that you really need to configure them to be more granular or take more specific actions that
are appropriate for the context of your organization, that's where that flexibility is often not
there. So to take an example for Google Drive, you know, Google has a built-in DLP offering
that will actually help you identify certain types of sensitive data in Drive files, and
and then take some sort of remediation action on files that have that data.
Both the detection and the remediation is very, very blunt, right?
Security is never as simple as black and white.
So by the time you need a lot of these controls,
what we see is that customers end up not being able to use the built-in tools
and instead are kind of trying to hack things together
either through third-party tools or by trying to use the APIs themselves.
The general point is just a lack of flexibility
and a lack of granularity.
And I think there's also a sense
that a lot of things are sort of incomplete.
You know, the out-of-the-box tools,
they get to kind of an 80%
but when you try to use them
in real-world scenarios,
there's kind of obvious gaps
that you run into.
Well, I know an analogy that you like to use
is to look back at sort of the history
of security when it comes to email
and some of the lessons we can take from that.
Can you unpack that for us?
Yeah.
I think the way we think about email security at Material is very related to how the company actually got started.
And that was that we got started after some very high profile email accounts were compromised in the 2016 U.S. election cycle.
And that led us to think about a very basic question, which is that why is it that all of email security is so focused on the perimeter,
which is essentially blocking malicious emails from getting in.
That's really, really important,
but it's not really the only way that someone can get into an email account.
And when someone gets into an email account,
there's actually a lot of things that they can do
that sort of are unrelated to how they got in.
So whether I did a phishing email,
whether I stole credentials some other way,
maybe I did an OAuth grant,
the point is if I'm inside in mailbox,
there's actually a lot of additional damage I can do
and the email security industry
didn't really focus on that problem.
As we thought about this problem,
what we realized is that there's actually a perfect analogy
to how the antivirus market evolved into EDR.
So back in the day,
the AV market was really about signature-based malware detection
on the endpoint.
And it was very black and white.
It was like either you try to catch the malware
or you don't.
And if you kind of missed, if you actually, there was some malware that you wasn't in your kind of signature directory, there wasn't really anything else that that product was trying to do after that fact, right? It was very much like a hit or miss. What we sort of learned by that is that nothing's ever going to be 100%. It's not really going to be the case that you're going to detect every single malware ever. And so you need to have a plan for other types of detection and response capabilities that you can do on the endpoint.
that's what led to EDR.
I think there's a very similar evolution happening with email.
You know, the sort of marginal benefit of catching one more fishing email is going down.
Just simply thinking about catch rate as the only metric is sort of not that useful anymore
because no product is claiming that they will catch all malicious emails ever.
So we kind of need to take an EDR mentality, which is how can we broaden to thinking about not just the perimeter,
but some of the sort of adjacent use cases, right?
So how can we add controls that work even in the event of an account compromise?
How can we add controls that actually help us harden processes within our companies
that might rely on email in an unsecure way?
And when you kind of put these things together,
it's sort of leading to a view on email security
that goes way beyond simply blocking the initial delivery of malicious emails
and actually prioritizing things like visibility, context,
joining with other signals throughout the workspace,
helping you remediate things not just by blocking emails,
but taking more granular controls within the mailbox.
And so, yeah, I think there's a very necessary evolution
that has to take place.
Yeah.
You know, we mentioned Google Drive,
and I think a lot of people will call Google Drive a goldmine for attackers.
Can we dig into some of the specific risks here that people face?
There's kind of maybe two large categories of risks.
So the one is more from kind of an insider perspective.
You might end up in a scenario where employees have access to a lot of information.
And as you scale, you have to think about, okay, what does that mean from an insider perspective, right?
The first kind of class of risks is really about your own employees and what information.
they have access to and whether they can either maliciously or accidentally access information that
they're not supposed to. The second class of risk is really about attackers and adversary. So if
someone does compromise a mailbox or does compromise a Google identity, obviously one of the first
stores of content that they're going to go after is Google Drive just because of the nature of
data that ends up there. You know, legal documents, financial reports, PII, PCI, regulated data of all
sorts. And that is information that can be monetized. It's information that can be ransomwareed.
In that scenario, there's also kind of a risk not just from an account compromise, but from
an account compromise that is external. So those are kind of like the two big buckets I would put
the risk in. Yeah. Well, I mean, given everything that we've talked about here, what are your
recommendations? I mean, how do you and your colleagues there at material come at these specific
issues. One of the best things about Google Workspace is that they have very, very powerful
APIs. And so even though there are some shortcomings in the security products that are
out of the box, the APIs make it so that a lot of this information is available. Now, the
difficulty is that to consume these APIs on your own can be challenging. You have to stand-up
services. There's an infrastructure. There's many different APIs that can be hard to
understand the kind of approach that, you know, the top security teams that we work with use is that
they're using these APIs to consolidate a lot of the data in one place and then building their
own kind of detections and response capabilities on top of that data and leveraging the APIs for
that. Now, the problem is that, you know, the average company simply doesn't have the bandwidth to
take on a project like that. They don't have the headcount necessary to do that. If I'm a CISO and
I decide that this is something that I want to take on, that my Google workspace needs these
extra levels of protection. What does that transition look like for me and my team?
So I think the first piece of advice is narrowing the problem and really starting to prioritize
what aspects of workspace are we going to kind of start getting our arms around first.
You know, from there, again, what these APIs do let you do is in a fairly
low impact to users' way, start experimenting with getting some visibility and getting some
basic controls in place over the risks. The key is to sort of take it one step at a time and again
start with kind of a prioritized view on what the highest levels of risk in your workspace are.
What does it look like on the other side? Once I'm fully up and running with something like this,
as a security leader in my organization.
The goal with something like material
is to free up resources for the security team
so that they can go spend their time
on more impactful things.
And what that looks like is really two things.
One, it's having confidence
that you sort of have visibility
into what's going on.
The second and more important thing
is that you've set up a lot of auto-remediations.
So when things do happen,
instead of your team having to ingest some alert
and now spend hours investigating it,
and then eventually taking some remediative action,
whether it's a phishing email that automatically gets blocked
or an externally shared file
where the permissions automatically get revoked
after confirming with the user.
These are the kind of automated workflows
that you really want to enable.
Because at that point, the sort of like dream
is that you're living in a world where a lot of the security
is kind of taking care of itself
and when there are problems,
they're sort of self-healing.
That's Abyshek Agrawal, CEO and co-founder of Material Security.
At Talas, they know cybersecurity can be tough and you can't protect everything,
but with Talas, you can secure what matters most.
With Talis's industry-leading platforms, you can protect critical applications, data, and identities, anywhere and at scale with the highest ROI.
That's why the most trusted brands and largest banks, retailers, and healthcare companies in the world rely on Talis to protect what matters most.
Applications, data, and identity.
That's Talas.
T-H-A-L-E-S.
Learn more at Talisgroup.com slash cyber.
With Amex Platinum, access to exclusive Amex pre-sale tickets can score you a spot trackside.
So being a fan for life turns into the trip of a lifetime.
That's the powerful backing of Amex.
Pre-sale tickets for future events subject to availability and varied by race.
Terms and conditions apply.
Learn more at amex.ca.org.
And finally, Connor Brian Fitzpatrick, better known to the underworld as Pom Pom Porin,
has finally discovered that running the Internet's largest English-language data breach bazaar
doesn't come with frequent flyer miles, it comes with prison time.
The 22-year-old Breach Forum's founder originally got off with 17 days served,
a sentence so light, an appeals court labeled it substantively unreasonable,
which is judge-speak for,
Are You Kidding Me?
Now, he'll serve three years,
far short of the 15 prosecutors wanted,
but a notable upgrade from a long weekend behind bars.
During Breach Forum's year-long reign,
Fitzpatrick facilitated the sale of 14 billion stolen records
and made nearly $700,000,
proving crime pays just not sustainably.
He'll surrender his domains,
devices, and crypto stash, while the FBI reminds cybercriminals, if your business model depends on
VPNs and stolen identities, the retirement plan is usually an extended stay at Club Fed.
And that's the CyberWire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast app.
Please also fill out the survey and the show notes
or send an email to Cyberwire at N2K.com.
N2K's senior producer is Alice Caruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin.
Peter Kilby is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
attention security startups there's less than a week left to apply for the 2025 data tribe challenge
this unique program accelerates early stage cyber companies refine your messaging with startup veterans
then pitch to top venture firms shaping the future of cyber the live pitch competition
takes center stage at cyber innovation day november fourth in washington dc
Applying is easy, go to challenge.data tribe.com, share your company info, and upload your pitch.
Submissions closed September 19th. Submit your entries today.
And now a word from our sponsor, Threat Locker, the powerful zero-trust enterprise solution that stops ransomware in its tracks.
Allow listing is a deny-by-default software that makes application control simple and fast.
Ring fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources, and other applications they truly need to function.
Shut out cybercriminals with world-class endpoint protection from threat locker.