Blog / Security Bulletins
Threat Update 56 – SSO Imposter: Targeting Box
Sep 20, 2021
In the final part of the series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team walk through how attackers could target Box. They investigate how an attacker…
Threat Update 55 – SSO Imposter: Targeting Google
Sep 15, 2021
In part two of this three-part series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team investigate how an attacker who compromised a single sign-on admin account can…
Threat Update 54 – SSO Imposter: Intrusion
Sep 07, 2021
Virtually every organization leveraging more than a few cloud offerings has a single sign-on solution to simplify the management of their various cloud apps. With a little careful planning, attackers…
Threat Update 53 – ProxyShell and PetitPotam and Ransomware… Oh My!
Aug 31, 2021
Technology grows, evolves, and changes over time, but most organizations often need to support legacy systems. In the Microsoft world, this typically means keeping legacy authentication protocols like NTLM authentication…
Threat Update 52 – 2021 SaaS Risk Report
Aug 23, 2021
Cloud solutions have changed the way we do business, allowing organizations to leverage the scale and flexibility of SaaS, and IaaS platforms, and support an increasingly mobile “work from anywhere...
Threat Update 49 – SeriousSAM & Black Hat 2021
Jul 30, 2021
Cybersecurity folks find themselves in a “Zero-Daze” as they get hit with another new 0-day attack, called SeriousSAM, that allows attackers to get access to the Windows Security Account Manager (SAM) file containing hashed account passwords from a system.
Memory Forensics for Incident Response
Jul 26, 2021
When responding to a cybersecurity incident I’ve always found memory forensics to be a great skill to have. By capturing the memory of a compromised device you can quickly perform…
Threat Update 47 – Ransomware Early Warning: Data Exfiltration
Jul 19, 2021
Thought ransomware couldn’t get any worse? Ransomware gangs are now stealing victim’s data before unleashing ransomware – forcing victims to pay up or deal with the fallout when attackers post…
Threat Update 46 – Ransomware Early Warning: Data Discovery
Jul 09, 2021
Ransomware gangs are in it for the payout. To ensure maximum “conversion” rates for their victims to pay up, they often try to find as much sensitive or valuable data to steal before unleashing an attack and encrypting the victim's data.
REvil Ransomware Attack on Kaseya VSA: What You Need to Know
Jul 06, 2021
A malicious hotfix was released by Kaseya VSA servers resulting in the compromise and encryption of thousands of nodes at hundreds of businesses by REvil.
Threat Update 45 – Ransomware Early Warning: AD Attacks
Jul 02, 2021
Attackers leverage a number of techniques, but two of the most common are password spray attacks and kerberoasting. Join Kilian and Kyle Roth from the Varonis Incident Response team as they discuss how and why attackers leverage each technique and look at a real-life example of each type of attack from one of our attack lab scenarios.
Threat Update 44 – Ransomware Early Warning: DNS Recon
Jun 28, 2021
Join Kilian and Kyle Roth from the Varonis Incident Response team as they discuss what DNS is, how it works, and how attackers can “live off the land” to map out an organization’s network using a few command-line tools built into every OS.
No overhead. Just outcomes.