Threat Research

Increased Threat Activity Targeting Ivanti Vulnerabilities

Jason Hill

Mar 20, 2024

A recent surge in activity targeting Ivanti Connect Secure (ICS) involves chaining two vulnerabilities that give threat actors the ability to execute arbitrary commands remotely.

Security Vulnerabilities in Apex Code Could Leak Salesforce Data

Nitay Bachrach

Feb 20, 2024

Varonis' threat researchers identified high- and critical-severity vulnerabilities in Apex, a programming language for customizing Salesforce instances.

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes

Dolev Taler

Jan 18, 2024

Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.

Taking Microsoft Office by "Storm"

Jason Hill

Jul 18, 2023

The “Storm-0978” ransomware group is actively exploiting an unpatched Microsoft Office and Windows HTML remote code execution vulnerability.

Imposter Syndrome: UI Bug in Visual Studio Lets Attackers Impersonate Publishers

Dolev Taler

Jun 07, 2023

Varonis Threat Labs found a bug in Microsoft Visual Studio installer that allows an attacker to impersonate a publisher and issue a malicious extension to compromise a targeted system

Ghost Sites: Stealing Data From Deactivated Salesforce Communities

Nitay Bachrach

May 31, 2023

Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.

HardBit 2.0 Ransomware

Jason Hill

Feb 20, 2023

HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data. Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023.

Neo4jection: Secrets, Data, and Cloud Exploits

Nitay Bachrach

Feb 08, 2023

With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.

VMware ESXi in the Line of Ransomware Fire

Jason Hill

Feb 07, 2023

Servers running the popular virtualization hypervisor VMware ESXi have come under attack from at least one ransomware group over the past week, likely following scanning activity to identify hosts with Open Service Location Protocol (OpenSLP) vulnerabilities.

CrossTalk and Secret Agent: Two Attack Vectors on Okta's Identity Suite

Tal Peleg and Nitay Bachrach

Jan 23, 2023

Varonis Threat Labs discovered and disclosed two attack vectors on Okta's identity suite: CrossTalk and Secret Agent.

Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk

Tal Peleg

Nov 15, 2022

Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk.

The Logging Dead: Two Event Log Vulnerabilities Haunting Windows

Dolev Taler

Oct 25, 2022

You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.