Companies are under pressure to keep data safe, plus act both swiftly and transparently in the event of a data breach. Slow responses to breaches result in fines from (sometimes multiple) federal entities, loss of customer trust, time lost to the breach instead of business operations, and so much more. These breaches seem to become more public and far reaching as time goes on. One positive thing we can pull from this is the opportunity…
Privacy is top of mind for many people these days. Unclear privacy policies, rampant data collection and high-profile data breaches can lead us to second guess our information’s safety — even when it’s guarded by respected institutions. In fact, Americans reportedly trust credit card companies more than the federal government to protect their personal information. To combat this uncertainty, security experts commonly recommend using virtual private networks (VPNs) and secure browsers to keep your browsing history…
In February, Varonis launched the ‘Varonis Elite’ program. An initiative that brings cybersecurity and Varonis enthusiasts together, to learn more from one another and engage with Varonis in new ways that were never possible before. Members were nominated by internal account teams based on their knowledge of Varonis and the cybersecurity industry. We are excited to welcome the first round of members! We have an awesome group of customers and certified services partners that span…
Looking for a different take on the data security landscape? Join our multi-disciplinary team of experts as they discuss the laws, ethics, and defensive techniques behind data protection and privacy. Over four Tuesdays starting March 12, you’ll be briefed on the intersection of red team thinking and diversity, how basic pen testing ideas can change your security practices, the secret Privacy by Design ingredient in GDPR compliance, and how to bring professional ethics into the data security lifecycle. And there will be coffee: we’re…
The Varonis Security Research team discovered a global cyber attack campaign leveraging a new strain of the Qbot banking malware. The campaign is actively targeting U.S. corporations but has hit networks worldwide—with victims throughout Europe, Asia, and South America—with a goal of stealing proprietary financial information, including bank account credentials. During the analysis, we reversed this strain of Qbot and identified the attacker’s active command and control server, allowing us to determine the scale of the attack.…
Researchers recently uncovered a vulnerability in Exchange that allows any domain user to obtain Domain admin privileges that allow them to compromise AD and connected hosts. Here’s how the attack works: Attacker uses a compromised mail-enabled domain user to subscribe to the exchange push notification feature Attacker uses an NTLM relay to impersonate the exchange server: The Exchange server authenticates to the compromised user’s host using NTLM over HTTP, which the attacker users to authenticate…
At Varonis, we sometimes highlight external articles, especially when they provide independent insight into our solution. Dr. Edward G. Amoroso, former Senior Vice President and Chief Security Officer of AT&T, and now current Founder and Chief Executive Officer of TAG Cyber, recently penned an independent article on our platform after two technical sessions with our team. “If you care about whether your sensitive data protection policies are being met – or if you just want…
The Group Policy Editor is a Windows administration tool that allows users to configure many important settings on their computers or networks. Administrators can configure password requirements, startup programs, and define what applications or settings other users can change on their own. This blog will deal mostly with the Windows 10 version of Group Policy Editor (gpedit), but you can find it in Windows 7, 8, and Windows Server 2003 and later. There are plenty…
Data security is an all-encompassing term. It covers processes and technologies for protecting files, databases, applications, user accounts, servers, network logins, and the network itself. But if you drill down a little in your thinking, it’s easy to see that data security is ultimately protecting a file somewhere on your system—whether desktops or servers. While data security is a good umbrella term, we need to get into more details to understand file security. File Security…
Who do Americans trust with their information? In light of massive data breaches, Americans have doubts about the safety of their personal data. Events like the Facebook Cambridge Analytica hack that affected 87 million Facebook profiles and the Marriott data breach that exposed data of up to 500 million guests are enough to get anyone guessing who they can trust with their sensitive information. Consumer mistrust is also prevalent when companies aren’t clear about the…
Hackers are getting savvier. They’re constantly finding new ways to abuse system vulnerabilities and sneak into our networks. The worst part? The likelihood of a cyber attack is now higher than a home invasion. Most people don’t notice when their data has been compromised until it’s too late. The silver lining is that the rise in attacks allows us to analyze the patterns hackers follow and strengthen our defenses. Major cybersecurity attacks of the past…
![[Online Conference] Varonis Coffee Series: Unique Insights Into Data Security and Privacy](https://blogvaronis2.wpengine.com/wp-content/uploads/2019/03/pexels-photo-302899-400x141.jpeg)
