Threat Research
New Organizational Messages Feature in Microsoft 365 a Potential Risk
Nov 10, 2024
The new organizational messages feature for Microsoft 365 enhances how IT and security teams communicate with users at scale, but also generates risks.
New CVEs in OpenPrinting CUPS Software
Sep 26, 2024
A series of vulnerabilities in OpenPrinting CUPS Software indicates an attack vector for RCE, one of the worst possible consequences for a vulnerability.
Data Theft in Salesforce: Manipulating Public Links
Sep 16, 2024
Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data.
The Power and Peril of RMM Tools
Jul 18, 2024
Discover real-world examples of remote monitoring and management (RMM) tool exploits and how to protect your organization from these attacks.
OpenSSH 'RegreSSHion' RCE Vulnerability
Jul 02, 2024
A critical vulnerability in OpenSSH's server, dubbed 'regreSSHion,' raises the risk of remote code execution with root privileges.
Targeted Campaign Against Snowflake Customers: What You Need to Know
Jun 04, 2024
Recent data breaches of prominent Snowflake cloud customers highlight the risks of compromised cloud storage accounts.
Dropbox Sign Data Breach: What You Need to Know
May 03, 2024
Dropbox Sign's recent data breach highlights how non-human identities are driving more profound breaches.
Palo Alto Networks PAN-OS Zero-Day Active Exploit: What You Need to Know
Apr 12, 2024
Palo Alto Networks issued a warning on April 12, 2024, that a critical, unpatched vulnerability in their PAN-OS firewall is being actively exploited.
Sisense Data Breach: What You Need to Know
Apr 11, 2024
The U.S. Cybersecurity and Infrastructure Agency (CISA) issued an alert this week warning Sisense customers of a data breach. Here's what you need to know.
Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection
Apr 09, 2024
Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files.
XZ Backdoor: Supply Chain Jump Scare
Apr 05, 2024
While the XZ backdoor is scary, most companies learned from SolarWinds
Increased Threat Activity Targeting Ivanti Vulnerabilities
Mar 20, 2024
A recent surge in activity targeting Ivanti Connect Secure (ICS) involves chaining two vulnerabilities that give threat actors the ability to execute arbitrary commands remotely.
Try Varonis free.
Deploys in minutes.