View by category
Data Security Threat Research Varonis Products DSPM AI Security Cloud Security Ransomware Active Directory Privacy & Compliance
Blog

Threat Research

Varonis Discovers New Vulnerability in PostgreSQL PL/Perl

Varonis Discovers New Vulnerability in PostgreSQL PL/Perl
Varonis Threat Labs

Varonis Threat Labs

Nov 14, 2024

Varonis discovered a vulnerability (CVE-2024-10979) in the Postgres trusted language extension PL/Perl that allows setting arbitrary environment variables in PostgreSQL session processes.

New Microsoft 365 Organizational Messages Cause for Concern

New Organizational Messages Feature in Microsoft 365 a Potential Risk
Shawn Hays

Shawn Hays

Nov 10, 2024

The new organizational messages feature for Microsoft 365 enhances how IT and security teams communicate with users at scale, but also generates risks.

New CVEs in OpenPrinting CUPS Software, breaking news coverage

New CVEs in OpenPrinting CUPS Software
Varonis Threat Labs

Varonis Threat Labs

Sep 26, 2024

A series of vulnerabilities in OpenPrinting CUPS Software indicates an attack vector for RCE, one of the worst possible consequences for a vulnerability.

Manipulating Public links in Salesforce, original threat research by Varonis

Data Theft in Salesforce: Manipulating Public Links
Nitay Bachrach

Nitay Bachrach

Sep 16, 2024

Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data.

Remote Management Tools

The Power and Peril of RMM Tools 
Tom Barnea

Tom Barnea

Jul 18, 2024

Discover real-world examples of remote monitoring and management (RMM) tool exploits and how to protect your organization from these attacks. 

Varonis Threat Labs

OpenSSH 'RegreSSHion' RCE Vulnerability
Jason Hill

Jason Hill

Jul 02, 2024

A critical vulnerability in OpenSSH's server, dubbed 'regreSSHion,' raises the risk of remote code execution with root privileges.

Targeted Campaign Against Snowflake Customers: What You Need to Know
Varonis Threat Labs

Varonis Threat Labs

Jun 04, 2024

Recent data breaches of prominent Snowflake cloud customers highlight the risks of compromised cloud storage accounts.

Dropx Sign Data Breach

Dropbox Sign Data Breach: What You Need to Know
Omri Marom

Omri Marom

May 03, 2024

Dropbox Sign's recent data breach highlights how non-human identities are driving more profound breaches.

PAN-OS Zero-Day Active Exploit

Palo Alto Networks PAN-OS Zero-Day Active Exploit: What You Need to Know
Varonis Threat Labs

Varonis Threat Labs

Apr 12, 2024

Palo Alto Networks issued a warning on April 12, 2024, that a critical, unpatched vulnerability in their PAN-OS firewall is being actively exploited.

Sisense Data Breach: What You Need to Know
Varonis Threat Labs

Varonis Threat Labs

Apr 11, 2024

The U.S. Cybersecurity and Infrastructure Agency (CISA) issued an alert this week warning Sisense customers of a data breach. Here's what you need to know.

hand tries accessing SharePoint files

Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection
Eric Saraga

Eric Saraga

Apr 09, 2024

Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files.

XZ Backdoor: Supply Chain Jump Scare
Varonis Threat Labs

Varonis Threat Labs

Apr 05, 2024

While the XZ backdoor is scary, most companies learned from SolarWinds

Prev

1 2 3 4 5

Next

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Get started View sample