Featured content

As we’ve been writing about forever, hackers are relying more on malware-free techniques to fly below the radar. They’re using standard Windows software to live off the land, thereby getting around AV or other anti-malware monitoring tools. We as defenders now have to deal with an unfortunate consequence of this savvy hacking technique: a well-positioned employee can also use the same LoL ideas to sneakily steal data (corporate IP, credit card numbers). If they take their time, and go low and slow, it’s very difficult — not impossible if you have the right mindset and software — for IT security to detect their activities.

Who do Americans trust with their information?

We’re thrilled to announce interoperability between Varonis DataPrivilege and RSA® Identity Governance and Lifecycle, with a new Implementation Blueprint. This Implementation Blueprint will help the business to quickly detect security and compliance access risks and amend access entitlement issues associated with unstructured data.

Each year, Varonis conducts thousands of data risk assessments for organizations that want a clearer picture of their security posture and develop a roadmap to reducing risk to sensitive data. The 2019 Data Risk Report analyzes a random sample of nearly 800 risk assessments, giving you an inside look at the state of data security.

You may have heard that Microsoft changed their guidance on password expiration policies. On May 23, 2019, they released a blog post explaining their decisions.

Remember last May when our favorite sites were suddenly asking our consent to collect cookie information? The answer given by the media and other experts for this flurry of cookie consent pop-ups was this was a result of the General Data Protection Regulation (GDPR). That’s partially true.

Microsoft Teams is the lynchpin in the Office 365 portfolio. It brings all the other products together, gets users collaborating, and opens several lines of communication all from a single interface.

The “Right to be Forgotten” (RTBF) is a key element of the new EU General Data Protection Regulation (GDPR), but the concept pre-dates the latest legislation by at least five years. It encompasses the consumers’ rights to request that all personal data held by the company —or “controller” in GDPR-speak — be removed on request. But it goes further: the GDPR rules (see its article 17 ) says that search engines (like Google) have to delete references to personal data that comes up publically in search results.

This article is part of the series "Fileless Malware". Check out the rest: Adventures in Fileless Malware, Part I Adventures in Fileless Malware, Part II: Sneaky VBA Scripts Adventures in Fileless Malware, Part III: Obfuscated VBA Scripts for Fun and Profit Adventures in Fileless Malware, Part IV: DDE and Word Fields Adventures in Fileless Malware, Part V: More DDE and COM Scriplets Adventures in Fileless Malware: Closing Thoughts

This article is part of the series "Fileless Malware". Check out the rest: Adventures in Fileless Malware, Part I Adventures in Fileless Malware, Part II: Sneaky VBA Scripts Adventures in Fileless Malware, Part III: Obfuscated VBA Scripts for Fun and Profit Adventures in Fileless Malware, Part IV: DDE and Word Fields Adventures in Fileless Malware, Part V: More DDE and COM Scriplets Adventures in Fileless Malware: Closing Thoughts

GDPR goes into effect in less than 85 days – but there’s still time to prepare. The first step in getting ready for the upcoming deadline is to discover and classify your GDPR data.

Identity and Access Management (IAM) is a core discipline for any information technology operational group. The first element is identity, which means verifying that a user is the person they claim to be. The second is access, which involves determining which users can access which resources inside a network.