-
Nov 17, 2021
No Time to REST: Check Your Jira Permissions for Leaks
Varonis researchers enumerated a list of 812 subdomains and found 689 accessible Jira instances. We found 3,774 public dashboards, 244 projects, and 75,629 issues containing email addresses, URLs, and IP...
Omri Marom
4 min read
-
Nov 02, 2021
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...
Nitay Bachrach
3 min read
-
Nov 02, 2021
BlackMatter Ransomware: In-Depth Analysis & Recommendations
CISA has issued a security bulletin regarding the BlackMatter 'big game hunter' ransomware group following a sharp increase in cases targeting U.S. businesses. To mitigate these attacks, it is recommended...
Dvir Sason
6 min read
-
Oct 21, 2021
Abusing Misconfigured Salesforce Experiences for Recon and Data Theft
Our research team has discovered numerous publicly accessible Salesforce Experiences (formerly Salesforce Communities) that are misconfigured and expose sensitive information.
Nitay Bachrach
11 min read
-
Oct 19, 2021
Good for Evil: DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools
A group known as "DeepBlueMagic" is suspected of launching a ransomware attack against Hillel Yaffe Medical Center in Israel, violating a loose "code of conduct" that many ransomware groups operate...
Jason Hill
7 min read
-
Oct 07, 2021
Lessons from the Twitch Data Leak
What happened? Increasingly covered by the mainstream press throughout Wednesday, October 6, 2021, the impact of the recent Twitch leak will undoubtedly grow as bad actors take advantage of the...
Dvir Sason
5 min read
-
Mar 18, 2021
Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign
Our team has recently led several high-profile investigations of attacks attributed to an up-and-coming cybercrime group, Darkside ransomware
Snir Ben Shimol
7 min read
-
Mar 17, 2021
How to Unpack Malware with x64dbg
This article is an x64dbg tutorial in which reverse engineering malware methodology will be explained and demonstrated.
Neil Fox
11 min read
-
Dec 18, 2020
SolarWinds SUNBURST Backdoor: Inside the Stealthy APT Campaign
Learn how detect and defend against the SolarWinds Sunburst malware that has compromised versions of SolarWinds’ Orion solution
Snir Ben Shimol
7 min read
-
Sep 25, 2020
Exploiting BGInfo to Infiltrate a Corporate Network
This post details how a clever attacker can embed a path to a malicious script within a BGInfo config file (.bgi), bypass email security, and execute code remotely.
Dolev Taler
3 min read
-
Aug 12, 2020
A Queen’s Ransom: Varonis Uncovers Fast-Spreading “SaveTheQueen” Ransomware
A new strain of ransomware encrypts files and appends them with the extension, “.SaveTheQueen,” and propagates using the SYSVOL share on Active Directory Domain Controllers. Our customers encountered this malware...
Ben Zion Lavi
4 min read
-
Apr 22, 2020
Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials
We created a proof-of-concept that manipulates the Azure authentication function to give us a ‘skeleton key’ password that will work for all users, and dump all real clear-text usernames and passwords into a file.
Eric Saraga
6 min read