Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more
Blog Security Bulletins

Threat Update 55 – SSO Imposter: Targeting Google

In part two of this three-part series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team investigate how an attacker who compromised a single sign-on admin account can…
Kilian Englert
1 min read
Last updated January 17, 2023

Contents

    In part two of this three-part series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team investigate how an attacker who compromised a single sign-on admin account can leverage those rights to impersonate a targeted end-user with a Google Workspace account to find and exfiltrate sensitive data.

    Ryan and Kilian also discuss tips on what to watch for and how to spot signs of data collaboration platform misuse. Watch more attack scenarios here: https://www.varonis.com/webinars/ To learn how else we can help, please visit us at: https://www.varonis.com/help/

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
    Kilian Englert
    Kilian Englert Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cybersecurity and technology best practices.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    threat-update-50-–-critical-salesforce-misconfiguration
    Threat Update 50 – Critical Salesforce Misconfiguration
    threat-update-50-–-critical-salesforce-misconfiguration
    Kilian Englert
    August 11, 2021
    Salesforce is the lifeblood of many organizations. The amount of critical, and sensitive information stored within is astronomical – however, there are parts of the solution designed to be accessed by non-corporate users, such as the Community module.
    threat-update-56-–-sso-imposter:-targeting-box
    Threat Update 56 – SSO Imposter: Targeting Box
    threat-update-56-–-sso-imposter:-targeting-box
    Kilian Englert
    September 20, 2021
    In the final part of the series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team walk through how attackers could target Box. They investigate how an attacker…
    threat-update-23---bypassing-endpoint-controls-using-office-macros
    Threat Update 23 - Bypassing Endpoint Controls Using Office Macros
    threat-update-23---bypassing-endpoint-controls-using-office-macros
    Kilian Englert
    February 1, 2021
    So many attacks start with a simple booby-trapped document that runs malicious code. Crafty attackers can even customize the payload to bypass endpoint controls! Don’t believe us? Check out this...
    brute-force:-anatomy-of-an-attack
    Brute Force: Anatomy of an Attack
    brute-force:-anatomy-of-an-attack
    Ofer Shezaf
    March 29, 2020
    The media coverage of NotPetya has hidden what might have been a more significant attack: a brute force attack on the UK Parliament.  While for many it was simply fertile...