Threat Research
Caught in the Net: Unmasking Advanced Phishing Tactics
Nov 26, 2024
Learn new, advanced phishing tactics being used by attackers and how your organization can combat them.
Varonis Discovers New Vulnerability in PostgreSQL PL/Perl
Nov 14, 2024
Varonis discovered a vulnerability (CVE-2024-10979) in the Postgres trusted language extension PL/Perl that allows setting arbitrary environment variables in PostgreSQL session processes.
New Organizational Messages Feature in Microsoft 365 a Potential Risk
Nov 10, 2024
The new organizational messages feature for Microsoft 365 enhances how IT and security teams communicate with users at scale, but also generates risks.
New CVEs in OpenPrinting CUPS Software
Sep 26, 2024
A series of vulnerabilities in OpenPrinting CUPS Software indicates an attack vector for RCE, one of the worst possible consequences for a vulnerability.
Data Theft in Salesforce: Manipulating Public Links
Sep 16, 2024
Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data.
The Power and Peril of RMM Tools
Jul 18, 2024
Discover real-world examples of remote monitoring and management (RMM) tool exploits and how to protect your organization from these attacks.
OpenSSH 'RegreSSHion' RCE Vulnerability
Jul 02, 2024
A critical vulnerability in OpenSSH's server, dubbed 'regreSSHion,' raises the risk of remote code execution with root privileges.
Targeted Campaign Against Snowflake Customers: What You Need to Know
Jun 04, 2024
Recent data breaches of prominent Snowflake cloud customers highlight the risks of compromised cloud storage accounts.
Dropbox Sign Data Breach: What You Need to Know
May 03, 2024
Dropbox Sign's recent data breach highlights how non-human identities are driving more profound breaches.
Palo Alto Networks PAN-OS Zero-Day Active Exploit: What You Need to Know
Apr 12, 2024
Palo Alto Networks issued a warning on April 12, 2024, that a critical, unpatched vulnerability in their PAN-OS firewall is being actively exploited.
Sisense Data Breach: What You Need to Know
Apr 11, 2024
The U.S. Cybersecurity and Infrastructure Agency (CISA) issued an alert this week warning Sisense customers of a data breach. Here's what you need to know.
Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection
Apr 09, 2024
Varonis Threat Labs discovered two techniques in SharePoint that allow users to circumvent audit logs and avoid triggering download events while exfiltrating files.
Try Varonis free.
Deploys in minutes.