Threat Research
ContiLeaks: Ransomware Gang Suffers Data Breach
Mar 04, 2022
Conti, a prolific ransomware group, has suffered a leak of both internal chat transcripts and source code being shared by a reported Ukrainian member
Ransomware Year in Review 2021
Feb 03, 2022
In this post, we dive into six ransomware trends that shaped 2021.
Using Power Automate for Covert Data Exfiltration in Microsoft 365
Feb 02, 2022
How threat actors can use Microsoft Power Automate to automate data exfiltration, C2 communication, lateral movement, and evade DLP solutions.
BlackCat Ransomware (ALPHV)
Jan 26, 2022
Varonis has observed the ALPHV (BlackCat) ransomware, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide.
Mixed Messages: Busting Box’s MFA Methods
Jan 18, 2022
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
Bypassing Box's Time-based One-Time Password MFA
Dec 02, 2021
The Varonis research team discovered a way to bypass Box's Time-based One-Time Password MFA for Box accounts that use authenticator applications.
No Time to REST: Check Your Jira Permissions for Leaks
Nov 17, 2021
Varonis researchers enumerated a list of 812 subdomains and found 689 accessible Jira instances. We found 3,774 public dashboards, 244 projects, and 75,629 issues containing email addresses, URLs, and IP...
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
Nov 02, 2021
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...
BlackMatter Ransomware: In-Depth Analysis & Recommendations
Nov 02, 2021
CISA has issued a security bulletin regarding the BlackMatter 'big game hunter' ransomware group following a sharp increase in cases targeting U.S. businesses. To mitigate these attacks, it is recommended...
Abusing Misconfigured Salesforce Communities for Recon and Data Theft
Oct 21, 2021
Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
Good for Evil: DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools
Oct 19, 2021
A group known as "DeepBlueMagic" is suspected of launching a ransomware attack against Hillel Yaffe Medical Center in Israel, violating a loose "code of conduct" that many ransomware groups operate...
Lessons from the Twitch Data Leak
Oct 07, 2021
What happened? Increasingly covered by the mainstream press throughout Wednesday, October 6, 2021, the impact of the recent Twitch leak will undoubtedly grow as bad actors take advantage of the...
Try Varonis free.
Deploys in minutes.