Blog

Threat Research

New Microsoft 365 Organizational Messages Cause for Concern

New Organizational Messages Feature in Microsoft 365 a Potential Risk

Shawn Hays

Shawn Hays

The new organizational messages feature for Microsoft 365 enhances how IT and security teams communicate with users at scale, but also generates risks.

New CVEs in OpenPrinting CUPS Software, breaking news coverage

New CVEs in OpenPrinting CUPS Software

Varonis Threat Labs

Varonis Threat Labs

A series of vulnerabilities in OpenPrinting CUPS Software indicates an attack vector for RCE, one of the worst possible consequences for a vulnerability.

Manipulating Public links in Salesforce, original threat research by Varonis

Data Theft in Salesforce: Manipulating Public Links

Nitay Bachrach

Nitay Bachrach

Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data.

Remote Management Tools

The Power and Peril of RMM Tools 

Tom Barnea

Tom Barnea

Discover real-world examples of remote monitoring and management (RMM) tool exploits and how to protect your organization from these attacks. 

Varonis Threat Labs

OpenSSH 'RegreSSHion' RCE Vulnerability

Jason Hill

Jason Hill

A critical vulnerability in OpenSSH's server, dubbed 'regreSSHion,' raises the risk of remote code execution with root privileges.

Targeted Campaign Against Snowflake Customers: What You Need to Know

Varonis Threat Labs

Varonis Threat Labs

Recent data breaches of prominent Snowflake cloud customers highlight the risks of compromised cloud storage accounts.

Dropx Sign Data Breach

Dropbox Sign Data Breach: What You Need to Know

Omri Marom

Omri Marom

Dropbox Sign's recent data breach highlights how non-human identities are driving more profound breaches.

PAN-OS Zero-Day Active Exploit

Palo Alto Networks PAN-OS Zero-Day Active Exploit: What You Need to Know

Varonis Threat Labs

Varonis Threat Labs

Palo Alto Networks issued a warning on April 12, 2024, that a critical, unpatched vulnerability in their PAN-OS firewall is being actively exploited.

Sisense Data Breach: What You Need to Know

Varonis Threat Labs

Varonis Threat Labs

The U.S. Cybersecurity and Infrastructure Agency (CISA) issued an alert this week warning Sisense customers of a data breach. Here's what you need to know.

hand tries accessing SharePoint files

Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection

Eric Saraga

Eric Saraga

Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files.

XZ Backdoor: Supply Chain Jump Scare

Varonis Threat Labs

Varonis Threat Labs

While the XZ backdoor is scary, most companies learned from SolarWinds

hand coming out of Invanti logo to symbolize threat actor

Increased Threat Activity Targeting Ivanti Vulnerabilities

Jason Hill

Jason Hill

A recent surge in activity targeting Ivanti Connect Secure (ICS) involves chaining two vulnerabilities that give threat actors the ability to execute arbitrary commands remotely.

Prev

1 2 3 4 5

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.