Threat Research

Mixed Messages: Busting Box’s MFA Methods

Tal Peleg

Jan 18, 2022

Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.

Bypassing Box's Time-based One-Time Password MFA

Tal Peleg

Dec 02, 2021

The Varonis research team discovered a way to bypass Box's Time-based One-Time Password MFA for Box accounts that use authenticator applications.

No Time to REST: Check Your Jira Permissions for Leaks

Omri Marom

Nov 17, 2021

Varonis researchers enumerated a list of 812 subdomains and found 689 accessible Jira instances. We found 3,774 public dashboards, 244 projects, and 75,629 issues containing email addresses, URLs, and IP...

Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug

Nitay Bachrach

Nov 02, 2021

If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...

BlackMatter Ransomware: In-Depth Analysis & Recommendations

Dvir Sason

Nov 02, 2021

CISA has issued a security bulletin regarding the BlackMatter 'big game hunter' ransomware group following a sharp increase in cases targeting U.S. businesses. To mitigate these attacks, it is recommended...

Abusing Misconfigured Salesforce Communities for Recon and Data Theft

Nitay Bachrach

Oct 21, 2021

Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.

Good for Evil: DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools

Jason Hill

Oct 19, 2021

A group known as "DeepBlueMagic" is suspected of launching a ransomware attack against Hillel Yaffe Medical Center in Israel, violating a loose "code of conduct" that many ransomware groups operate...

Lessons from the Twitch Data Leak

Dvir Sason

Oct 07, 2021

What happened? Increasingly covered by the mainstream press throughout Wednesday, October 6, 2021, the impact of the recent Twitch leak will undoubtedly grow as bad actors take advantage of the...

Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign

Snir Ben Shimol

Mar 18, 2021

Our team has recently led several high-profile investigations of attacks attributed to an up-and-coming cybercrime group, Darkside ransomware

How to Unpack Malware with x64dbg

Neil Fox

Mar 17, 2021

This article is an x64dbg tutorial in which reverse engineering malware methodology will be explained and demonstrated.

February 2021 Malware Trends Report

Ben Zion Lavi

Feb 18, 2021

This Februrary 2021 malware trends report is intended to help you better understand the evolving threat landscape and adapt your defenses accordingly.  

SolarWinds SUNBURST Backdoor: Inside the Stealthy APT Campaign

Snir Ben Shimol

Dec 18, 2020

Learn how detect and defend against the SolarWinds Sunburst malware that has compromised versions of SolarWinds’ Orion solution