Featured content

This report is a monthly round-up from the Varonis Forensics Team documenting activity observed while responding to incidents, performing forensics, and reverse engineering malware samples. This report is intended to help you better understand the evolving threat landscape and adapt your defenses accordingly.

Hospitals, biotech firms and pharma companies are entrusted to protect sensitive information—from personal patient data to valuable proprietary research–from skilled adversaries looking to grab sensitive data to steal, sell, or extort from victim organizations.

As an Azure administrator or architect, you are sometimes asked the question: “How can we safely deploy internal business applications to Azure App Services?”

If your company’s data is altered or deleted, and you have no way of knowing how, when and by whom, it can have a major impact on data-driven business decisions. This is why data integrity is essential. To understand the importance of data integrity to a company’s bottom line, let us examine what it is, why it’s significant, and how to preserve it.

Imagine you’re the CISO of a 10,000-person organization where users create millions of files and emails each day. Some of that information is highly sensitive—if leaked or stolen, you’re facing a headline-making breach and seven-figure penalties. Most of the data created each day, however, could be published on the front page of the Times without incident.

The Netcat utility program supports a wide range of commands to manage networks and monitor the flow of traffic data between systems. Computer networks, including the world wide web, are built on the backbone of the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Think of it as a free and easy companion tool to use alongside Wireshark, which specializes in the analysis of network packets. The original version of Netcat was released back in 1995 and has received a number of iterative updates in the decades since.

Over the past year, working from home has gone from a temporary necessity to the new normal for many industries. United States federal government and Department of Defense (DoD) workers are no exception. The only difference is the highly sensitive information that federal agency workers handle, making work from home data handling particularly risky.

Stack memory is a section in memory used by functions to store data such as local variables and parameters that will be used by the malware to perform its nefarious activity on a compromised device.

Understanding how to use Autoruns means you may be able to detect if your home PC is infected with unwanted software.

One of the age-old questions in cybersecurity is, “Are my endpoint controls enough?” Spoiler alert, unfortunately not! Kilian and Brian discuss scenarios we’ve seen where sophisticated attack groups deliberately leverage attack vectors to bypass the endpoint, and answer the best questions during the event.

PowerShell uses variables to store information that can be useful later on. Variables also make it easy to change values in multiple places by changing the variable’s definition. You can store information such as names, paths, and the results of commands in a variable.

Our team has recently led several high-profile investigations of attacks attributed to an up-and-coming cybercrime group, Darkside. These highly targeted campaigns were conducted in several phases over weeks or months, ultimately targeting theft and encryption of sensitive data, including backups. In this technical blog post, we will review the tactics, techniques, and procedures (TTPs) we’ve observed.