Latest articles
OpenSSH 'RegreSSHion' RCE Vulnerability
Jul 02, 2024
A critical vulnerability in OpenSSH's server, dubbed 'regreSSHion,' raises the risk of remote code execution with root privileges.
Increased Threat Activity Targeting Ivanti Vulnerabilities
Mar 20, 2024
A recent surge in activity targeting Ivanti Connect Secure (ICS) involves chaining two vulnerabilities that give threat actors the ability to execute arbitrary commands remotely.
Taking Microsoft Office by "Storm"
Jul 18, 2023
The “Storm-0978” ransomware group is actively exploiting an unpatched Microsoft Office and Windows HTML remote code execution vulnerability.
HardBit 2.0 Ransomware
Feb 20, 2023
HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data. Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023.
VMware ESXi in the Line of Ransomware Fire
Feb 07, 2023
Servers running the popular virtualization hypervisor VMware ESXi have come under attack from at least one ransomware group over the past week, likely following scanning activity to identify hosts with Open Service Location Protocol (OpenSLP) vulnerabilities.
Anatomy of a SolidBit Ransomware Attack
Aug 22, 2022
Solidbit is a ransomware variant derived from Yashma and containing elements of LockBit. Discover how Solidbit's capabilities, execution, what file types it targets, and how to tell if you're been infected.
Rogue Shortcuts: LNK'ing to Badness
Jun 16, 2022
Learn how threat actors continue to manipulate Windows shortcut files (LNKs) as an exploit technique.
ContiLeaks: Ransomware Gang Suffers Data Breach
Mar 04, 2022
Conti, a prolific ransomware group, has suffered a leak of both internal chat transcripts and source code being shared by a reported Ukrainian member
BlackCat Ransomware (ALPHV)
Jan 26, 2022
Varonis has observed the ALPHV (BlackCat) ransomware, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide.
Good for Evil: DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools
Oct 19, 2021
A group known as "DeepBlueMagic" is suspected of launching a ransomware attack against Hillel Yaffe Medical Center in Israel, violating a loose "code of conduct" that many ransomware groups operate...
Try Varonis free.
Deploys in minutes.