Blog / Security Bulletins
Security Bulletins
Threat Update 43 – Ransomware Early Warning: Brute Force
Jun 23, 2021
With the proliferation of more sophisticated, human-operated ransomware, attackers can live inside an organization for days, weeks, or months - finding and exfiltrating data before making their presence known by detonating ransomware.
Threat Update 42 – Hidden Costs of a Breach
Jun 11, 2021
The American Accounting Association performed a study on how data breaches impact businesses beyond the immediate costs of recovery and brand damage.
April 2021 Malware Trends Report
May 24, 2021
This report is a monthly round-up from the Varonis Forensics Team documenting activity observed while responding to incidents, performing forensics, and reverse engineering malware samples. This report is intended to…
Threat Update 39 – Let Me Google That PII On You
May 20, 2021
Cloud collaboration tools like Google Drive are ubiquitous, but in our work from anywhere world, IT and security often face challenges understanding how and where personal accounts intermingle with corporate accounts.
YARA Rules Guide: Learning this Malware Research Tool
May 17, 2021
YARA rules are used to classify and identify malware samples by creating descriptions of malware families based on textual or binary patterns.
Threat Update 36 – A Supply Chain Attack By Any Other Name
Apr 30, 2021
Kilian and Ryan look at a supply chain attack that silently stole cloud credentials for several months before detection.
Threat Update 34 – Isn't the Internet Supposed to be Bombproof?
Apr 15, 2021
Kilian & Ryan dissect what could happen if a major data center went down, and how organizations leveraging cloud technology or solutions can prepare for business continuity.
Threat Update 33 – S3 Security Suggestions & Cyber Insurance Targets
Apr 08, 2021
Kilian, and Ryan from the Varonis Incident Response Team discuss controls to detect ransomware threats quickly while potentially lowering cyber insurance premiums.
Threat Update 32 - Lemon Duck Floats on Exchange ProxyLogon Vulnerability
Apr 01, 2021
Hear how the Lemon Duck cryptomining botnet targets Exchange servers vulnerable to ProxyLogon.
The 2021 Healthcare Data Risk Report Reveals 1 Out of Every 5 Files is Open to All Employees
Mar 29, 2021
The Varonis 2021 Healthcare Data Risk Report found 20% of all files at hospitals, biotech firms and pharma companiesare open to every employee.
Threat Update 31 – Now are the Zero Days of our Discontent
Mar 25, 2021
Three new Zero Day vulnerabilities recently discovered in F5 products, and Microsoft Office 365 let attackers skip the password and authentication completely.
How to Use Autoruns to Detect and Remove Malware on Windows
Mar 22, 2021
This article acts as a tutorial on how to use Sysinternals Autoruns to detect potentially unwanted software that is installed and running automatically on your device.
No overhead. Just outcomes.