Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more
View by category
Data Security Threat Research Varonis Products DSPM AI Security Cloud Security Ransomware Active Directory Privacy & Compliance
Blog

Threat Research

PAN-OS Zero-Day Active Exploit

Palo Alto Networks PAN-OS Zero-Day Active Exploit: What You Need to Know
Varonis Threat Labs

Varonis Threat Labs

Apr 12, 2024

Palo Alto Networks issued a warning on April 12, 2024, that a critical, unpatched vulnerability in their PAN-OS firewall is being actively exploited.

Sisense Data Breach: What You Need to Know
Varonis Threat Labs

Varonis Threat Labs

Apr 11, 2024

The U.S. Cybersecurity and Infrastructure Agency (CISA) issued an alert this week warning Sisense customers of a data breach. Here's what you need to know.

hand tries accessing SharePoint files

Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection
Eric Saraga

Eric Saraga

Apr 09, 2024

Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files.

XZ Backdoor: Supply Chain Jump Scare
Varonis Threat Labs

Varonis Threat Labs

Apr 05, 2024

While the XZ backdoor is scary, most companies learned from SolarWinds

hand coming out of Invanti logo to symbolize threat actor

Increased Threat Activity Targeting Ivanti Vulnerabilities
Jason Hill

Jason Hill

Mar 20, 2024

A recent surge in activity targeting Ivanti Connect Secure (ICS) involves chaining two vulnerabilities that give threat actors the ability to execute arbitrary commands remotely.

Security Vulnerabilities in Apex Code Could Leak Salesforce Data
Nitay Bachrach

Nitay Bachrach

Feb 20, 2024

Varonis' threat researchers identified high- and critical-severity vulnerabilities in Apex, a programming language for customizing Salesforce instances.

microsoft NTLM leaks

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
Dolev Taler

Dolev Taler

Jan 18, 2024

Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.

Microsoft Word document surrounded by storm clouds

Taking Microsoft Office by "Storm"
Jason Hill

Jason Hill

Jul 18, 2023

The “Storm-0978” ransomware group is actively exploiting an unpatched Microsoft Office and Windows HTML remote code execution vulnerability.

Imposter Syndrome: UI Bug in Visual Studio Lets Attackers Impersonate Publishers
Dolev Taler

Dolev Taler

Jun 07, 2023

Varonis Threat Labs found a bug in Microsoft Visual Studio installer that allows an attacker to impersonate a publisher and issue a malicious extension to compromise a targeted system

Ghost Sites: Stealing Data From Deactivated Salesforce Communities
Nitay Bachrach

Nitay Bachrach

May 31, 2023

Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.

HardBit 2.0 Ransomware
Jason Hill

Jason Hill

Feb 20, 2023

HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data. Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023.

Neo4jection: Secrets, Data, and Cloud Exploits
Nitay Bachrach

Nitay Bachrach

Feb 08, 2023

With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.

Prev

1 2 3 4 5

Next

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Get started View sample