Threat Research
![](https://info.varonis.com/hubfs/Blog_URLSpoofing_BlogHero_FNL.png)
Spoofing SaaS Vanity URLs for Social Engineering Attacks
![Tal Peleg](https://info.varonis.com/hubfs/tal-peleg.jpg)
May 11, 2022
SaaS vanity URLs can be spoofed and used for phishing campaigns and other attacks. In this article, we’ll showcase two Box link types, two Zoom link types, and two Google Docs link type that we were able to spoof.
![](https://info.varonis.com/hubfs/Blog_HiveRansomware_BlogHero_202204_V1.png)
Hive Ransomware Analysis
![Nadav Ovadia](https://info.varonis.com/hubfs/nadav.png)
Apr 19, 2022
Learn how Hive ransomware exploits public servers, spreads through your network, encrypts sensitive files, and exports victims for cryptocurrency.
![](https://info.varonis.com/hubfs/LAPSUS$%20Hero.png)
Defending Your Cloud Environment Against LAPSUS$-style Threats
![Nathan Coppinger](https://info.varonis.com/hubfs/nathan-coppinger.jpg)
Mar 29, 2022
Varonis breaks down the recent LAPSUS$ hacks and provides best practices for defending your cloud environment against LAPSUS$ style threats
![SID injection attack](https://info.varonis.com/hubfs/Blog_SyntheticSIDAttack_202203_FNL.png)
Is this SID taken? Varonis Threat Labs Discovers Synthetic SID Injection Attack
![Eric Saraga](https://info.varonis.com/hubfs/eric-saraga-1.jpg)
Mar 11, 2022
A technique where threat actors with existing high privileges can inject synthetic SIDs into an ACL creating backdoors and hidden permission grants.
![](https://info.varonis.com/hubfs/Blog_Contileaks_Var2_BlogHero_202202_FNL.png)
ContiLeaks: Ransomware Gang Suffers Data Breach
![Jason Hill](https://info.varonis.com/hubfs/jason-hill.jpg)
Mar 04, 2022
Conti, a prolific ransomware group, has suffered a leak of both internal chat transcripts and source code being shared by a reported Ukrainian member
![](https://info.varonis.com/hubfs/Blog_MalwareRansomwareTrends_FNL.png)
Ransomware Year in Review 2021
![Varonis Threat Labs](https://info.varonis.com/hubfs/VTL_ProfileImage.png)
Feb 03, 2022
In this post, we dive into six ransomware trends that shaped 2021.
![](https://info.varonis.com/hubfs/Blog_PowerAutomate_BlogHero_FNL.png)
Using Power Automate for Covert Data Exfiltration in Microsoft 365
![Eric Saraga](https://info.varonis.com/hubfs/eric-saraga-1.jpg)
Feb 02, 2022
How threat actors can use Microsoft Power Automate to automate data exfiltration, C2 communication, lateral movement, and evade DLP solutions.
![](https://info.varonis.com/hubfs/Blog_BlackCat_Hero_FNL.png)
BlackCat Ransomware (ALPHV)
![Jason Hill](https://info.varonis.com/hubfs/jason-hill.jpg)
Jan 26, 2022
Varonis has observed the ALPHV (BlackCat) ransomware, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide.
![](https://info.varonis.com/hubfs/Blog_BoxSMSMFA_BlogHero_202201_FNL.png)
Mixed Messages: Busting Box’s MFA Methods
![Tal Peleg](https://info.varonis.com/hubfs/tal-peleg.jpg)
Jan 18, 2022
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
![](https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Imported_Blog_Media/MicrosoftTeams-image-9.png)
Bypassing Box's Time-based One-Time Password MFA
![Tal Peleg](https://info.varonis.com/hubfs/tal-peleg.jpg)
Dec 02, 2021
The Varonis research team discovered a way to bypass Box's Time-based One-Time Password MFA for Box accounts that use authenticator applications.
![](https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Imported_Blog_Media/Blog_JiraThreatResearch_202111_FNL.png)
No Time to REST: Check Your Jira Permissions for Leaks
![Omri Marom](https://info.varonis.com/hubfs/OmriMarom.png)
Nov 17, 2021
Varonis researchers enumerated a list of 812 subdomains and found 689 accessible Jira instances. We found 3,774 public dashboards, 244 projects, and 75,629 issues containing email addresses, URLs, and IP...
![](https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Imported_Blog_Media/Blog_EinsteinsWormhole_202110_ProximaNova_V1-01.png)
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
![Nitay Bachrach](https://info.varonis.com/hubfs/nitay-bachrach.jpg)
Nov 02, 2021
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...
Try Varonis free.
Deploys in minutes.