New covert SharePoint data exfiltration techniques revealed

Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditio… Continue reading New covert SharePoint data exfiltration techniques revealed

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM… Continue reading Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

Infosec products of the month: February 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, BackBox, Center for Internet Security, Cisco, CompliancePro Solutions, Cyberhaven, LOKKER, ManageEngine, Metomic, OPSWAT, Pindrop, ProcessUnity, Qualy… Continue reading Infosec products of the month: February 2024

Attackers can steal NTLM password hashes via calendar invites

A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Ta… Continue reading Attackers can steal NTLM password hashes via calendar invites

New infosec products of the week: December 8, 2023

Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, and Varonis. Varonis enhances DSPM capabilities with Azure and AWS support Varo… Continue reading New infosec products of the week: December 8, 2023

Infosec products of the month: November 2023

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, Enzoic, Fortanix, GitHub, Illumio, Immuta, IRONSCALES, Kasada, Lacework, Malwar… Continue reading Infosec products of the month: November 2023