Featured content

You already know that Data Classification Cloud brings Varonis' best-in-class classification capabilities to the most popular cloud storage apps, including Amazon Web Services (AWS), Google Workspace, Box, and AWS Simple Storage Solution (S3). With Varonis, organizations receive accurate, automated data classification in both SaaS and IaaS platforms.

Stories like Catch Me If You Can (the tale of how con artist Frank Abagnale duped everyone in his orbit) envoke a desire in many people to be as clever and confident as Frank, who used his charm and wit to convince people of just about anything. After a big data breach, it’s natural to look for a similar story about how an attacker used craft and cunning to trick their victim into “letting them in.” We imagine the attacker calling the victim with a convincing cover story. Something along the lines of, “This is Bill from IT, and I work with Janet— you know Janet? Well…I’m sorry you’re getting all those notifications on your phone at 3 a.m. If you give me that pin code, I’ll get it sorted for you.”

Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk.

You don't have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.

Cybercriminals continue to change their techniques, but their ultimate objectives are the same — they’re after sensitive data. Whether that’s personally identifiable information, customer information, or company intellectual property, all of it can be held for ransom.

As a wide-eyed junior in college, my chance encounter with an IDOR vulnerability introduced me to the world of ethical hacking.

The most frequent issue developers have to contend with when it comes to securing communication between different services and devices is the management and securement of credentials, keys, certificates, and secrets within their cloud-native applications. However, storing these credentials, secrets, and keys directly within the application code can expose the app to security threats.

Some people love taking risks — swimming with great white sharks, climbing El Capitan without a rope, camping in grizzly bear territory with an open jar of peanut butter, and scariest of all, assuming your SaaS data is secure and protected in the cloud.

Digital payments are expected to reach an all-time high this year. Projections have digital payment transactions increasing by upwards of 24 percent in 2020 year-over-year, a trend that shows no signs of slowing down. That’s precisely why PCI DSS requirements are more critical than ever, as merchants and payment processors need to ensure the privacy and security of every transaction.

We’ve all seen it happen. A developer accidentally stores plain-text credentials in a source code file accessible to every employee. A few weeks later, an attacker enters the network, finds the leaked secret, and begins using the credentials to access the company’s AWS account — racking up infrastructure bills and exfiltrating critical data. In 2021 alone, for every 400 developers at an organization, approximately 1,050 passwords, API keys, and other secrets were leaked.

For the past several years, as part of security assessments and live attack scenarios, operators have attempted to pull off the well-known, but difficult-to-execute, Golden Ticket attack.

Salesforce complexity breeds risk and creates headaches for admins. With complicated Profiles, Roles, Permission sets, and Groups, it is incredibly difficult and time-consuming to understand what a user can and cannot do in the CRM tool.