Exchange Public Folder Migration Guide

Many organizations rely on Exchange’s public folders to store emails, documents, calendars, tasks, and more.  Over time, with substantial and frequent use, emails pile up, and many organizations want to know: Is anyone using all of this content? Who does it belong to? Is the sensitive stuff protected? Should we get rid of it or…

Continue Reading

Unique Offerings + Rapid Growth = Prestigious Industry Recognition for Varonis

Much of the recent talk in the IT industry has revolved around the fates of traditional IT giants. Rumors of mergers, breakups, and divestments often miss one of the underlying factors creating this turbulence: customers want innovation and they are finding it with fresh approaches from newer players. Our relentless passion to innovate for our…

Continue Reading

dhs - backoff

Driving a Stake through Backoff and other PoS Malware

Despite a US CERT warning and several well-publicized hacking incidents over the summer, Backoff malware continues to add new corporate victims. Krebs has been on the case and has more details on the most recent attacks against two well-known brands. The government warning pointed out that anti-virus vendors may not have the latest signatures for…

Continue Reading

Blank computer screen

Miscommunication as a Cybersecurity Threat

There was a great interview in WSJ this weekend with Blackstone’s CISO Jay Leek.  They asked Mr. Leek a question that I love asking people in high-level security roles: WSJ: What most worries you? LEEK: The No. 1 most significant risk to every organization is your well-intentioned, nonmalicious insider who is trying to do the…

Continue Reading

Using PowerShell to Combat CryptoLocker

On the Varonis blog, we recently wrote about how CryptoLocker—the malware that encrypts your local files and holds them for a Bitcoin ransom—has better marketing than many companies. However, we thought it would be helpful to also offer some tactical advice for dealing with CryptoLocker using our sysadmin tool of choice: PowerShell. What follows are…

Continue Reading

POODLE!

POODLE SSL Bug Scanner

As you may have noticed, there’s been widespread attention on this new POODLE SSL attack (CVE-2014-3566) that lets attackers spy on your traffic to any website that is vulnerable. As a public service, we’ve made a free, easy-to-use site that lets you scan any URL to see if it’s vulnerable and offers some helpful links to…

Continue Reading

399px-Buckingham-palace-guard-11279634947G5ru

Getting Ready for PCI DSS 3.0 and Beyond: A New Focus on Testing

To get a sense of where the PCI Data Security Standard (DSS) is heading, it helps to take a look beyond the actual language in the requirements.  In August, PCI published a DSS 3.0 best practices document that provided additional context for the 12 DSS requirements and their almost 300 sub-controls. It’s well worth looking at. The…

Continue Reading

How can I find out which Active Directory groups I’m a member of?

The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization. There are a number of different ways to determine which groups a user belongs to. First, you can take the GUI approach: Go to “Active Directory Users and Computers”. Click on “Users” or the folder that…

Continue Reading

locks

CryptoLocker: The Marketing Behind the Malware

CryptoLocker is a frightening piece of malware that, when executed, encrypts your local and network files until a ransom is paid. CryptoLocker has well-implemented encryption that is generally considered unfeasible to brute force, as well as a multitude of distribution vectors—botnets, emails, Trojans, etc.  But what really sets CryptoLocker apart as ransomware, which has existed…

Continue Reading

Test_(student_assessment)

PCI Penetration Testing and Vulnerability Scanning: There’s Room for Improvement

One of the criticisms against PCI DSS is that it isn’t keeping up with the dynamic threat environment. As we all know, phishing, APTs, and PoS malware have been especially effective in the retail sector. The Verizon PCI report I mentioned in my last post has some revealing data as to why this may be…

Continue Reading