Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more
Blog Security Bulletins

Threat Update 53 – ProxyShell and PetitPotam and Ransomware… Oh My!

Technology grows, evolves, and changes over time, but most organizations often need to support legacy systems. In the Microsoft world, this typically means keeping legacy authentication protocols like NTLM authentication…
Kilian Englert
1 min read
Last updated January 17, 2023

Contents

    Technology grows, evolves, and changes over time, but most organizations often need to support legacy systems. In the Microsoft world, this typically means keeping legacy authentication protocols like NTLM authentication around despite their known shortcomings. The new PetitPotam attack exploits some of these legacy protocols to take over Windows domains.

    Join Kilian and Kyle Roth from the Varonis Incident Response team as they discuss the background of the PetitPotam attack, how attackers and ransomware operators are weaponizing it, and tips to help defend against it.

    Articles referenced in this episode:

    New PetitPotam attack allows take over of Windows domains 

    LockFile ransomware uses PetitPotam attack to hijack Windows domains

    https://github.com/topotam/PetitPotam

    👉To learn how else we can help, please visit us at:  https://www.varonis.com/help/

     

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
    Kilian Englert
    Kilian Englert Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cybersecurity and technology best practices.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    mixed-messages:-busting-box’s-mfa-methods
    Mixed Messages: Busting Box’s MFA Methods
    mixed-messages:-busting-box’s-mfa-methods
    Tal Peleg
    January 18, 2022
    Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
    threat-update-31-–-now-are-the-zero-days-of-our-discontent
    Threat Update 31 – Now are the Zero Days of our Discontent
    threat-update-31-–-now-are-the-zero-days-of-our-discontent
    Kilian Englert
    March 25, 2021
    Three new Zero Day vulnerabilities recently discovered in F5 products, and Microsoft Office 365 let attackers skip the password and authentication completely.
    kerberos-authentication-explained
    Kerberos Authentication Explained
    kerberos-authentication-explained
    Michael Buckbee
    March 29, 2020
    Learn more about Kerberos Authentication, the widely-used authorization technology. Contact us today to learn how Varonis monitors Kerberos, and more.
    threat-update-68---box-mfa-bypass-and-the-need-for-defense-in-depth
    Threat Update 68 - Box MFA Bypass and the Need for Defense in Depth
    threat-update-68---box-mfa-bypass-and-the-need-for-defense-in-depth
    Kilian Englert
    December 9, 2021
    Multi-Factor Authentication (MFA) is a critical security control in the increasingly cloud-first world, but like all software, there can be vulnerabilities.