Blog

Threat Research

HardBit 2.0 Ransomware

Jason Hill

Jason Hill

HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data. Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023.

Neo4jection: Secrets, Data, and Cloud Exploits

Nitay Bachrach

Nitay Bachrach

With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.

VMware ESXi in the Line of Ransomware Fire

Jason Hill

Jason Hill

Servers running the popular virtualization hypervisor VMware ESXi have come under attack from at least one ransomware group over the past week, likely following scanning activity to identify hosts with Open Service Location Protocol (OpenSLP) vulnerabilities.

CrossTalk and Secret Agent: Two Attack Vectors on Okta's Identity Suite

Tal Peleg and Nitay Bachrach

Tal Peleg and Nitay Bachrach

Varonis Threat Labs discovered and disclosed two attack vectors on Okta's identity suite: CrossTalk and Secret Agent.

Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk

Tal Peleg

Tal Peleg

Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk.

The Logging Dead: Two Event Log Vulnerabilities Haunting Windows

Dolev Taler

Dolev Taler

You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.

Fighting Golden Ticket Attacks with Privileged Attribute Certificate (PAC)

Masha Garmiza

Masha Garmiza

Learn how and why to control the Active Directory Environment state with PACRequestorEnforcement, the implications of doing so and how to detect Golden Ticket attacks happening in your network.

Anatomy of a SolidBit Ransomware Attack

Jason Hill

Jason Hill

Solidbit is a ransomware variant derived from Yashma and containing elements of LockBit. Discover how Solidbit's capabilities, execution, what file types it targets, and how to tell if you're been infected.

Anatomy of a LockBit Ransomware Attack

Joseph Avanzato

Joseph Avanzato

A detailed case study of the exact techniques and methods that threat actors used in a real-life ransomware attack.

Rogue Shortcuts: LNK'ing to Badness

Jason Hill

Jason Hill

Learn how threat actors continue to manipulate Windows shortcut files (LNKs) as an exploit technique.

Spoofing SaaS Vanity URLs for Social Engineering Attacks

Tal Peleg

Tal Peleg

SaaS vanity URLs can be spoofed and used for phishing campaigns and other attacks. In this article, we’ll showcase two Box link types, two Zoom link types, and two Google Docs link type that we were able to spoof.

Hive Ransomware Analysis

Nadav Ovadia

Nadav Ovadia

Learn how Hive ransomware exploits public servers, spreads through your network, encrypts sensitive files, and exports victims for cryptocurrency.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.