SL-Access_card

PoS Malware Mitigation Advice from the Pros

There’s still much we don’t know about the attacks that targeted retailers’ PoS systems over the last year. We do know for certain that Backoff, BlackPos, and its variants were used as the RAM scraping software, and the hackers had considerable time to remove or exfiltrate the data. But there are still questions about how…

Continue Reading

ediscovery

How Varonis Helps with e-Discovery

If you’ve ever had the misfortunate of participating in litigation of any sort, you know that e-Discovery can be a massive pain for IT. It can be distracting, time-consuming, and stressful. Varonis can help you successfully navigate the e-Discovery process by automatically discovering (and quarantining) relevant information in file servers, SharePoint sites, and email. To…

Continue Reading

health-spreadsheet-tilted

The Worst Assumption You Can Make About Healthcare Information

There’s a common misconception that HIPAA only applies to database records. It’s somewhat understandable because “health record” is used frequently on the Health and Human Services (HHS) web site. However, if you read the actual language of HIPAA more closely, you’ll see that the rules cover protected health information (PHI) in any electronic format. Have…

Continue Reading

Traitorware

PoS Cyber Attack Insight: Malware Isn’t What You Think It is

As headlines over the last few months have shown, hackers are becoming more and more resourceful at getting through corporate firewalls to directly attack retail terminals and back-end PoS servers. If IT can’t stop them from getting through the front door, is there a second line of defense to, at a minimum, contain the cyber-thieves…

Continue Reading

Exchange Public Folder Migration Guide

Many organizations rely on Exchange’s public folders to store emails, documents, calendars, tasks, and more.  Over time, with substantial and frequent use, emails pile up, and many organizations want to know: Is anyone using all of this content? Who does it belong to? Is the sensitive stuff protected? Should we get rid of it or…

Continue Reading

Unique Offerings + Rapid Growth = Prestigious Industry Recognition for Varonis

Much of the recent talk in the IT industry has revolved around the fates of traditional IT giants. Rumors of mergers, breakups, and divestments often miss one of the underlying factors creating this turbulence: customers want innovation and they are finding it with fresh approaches from newer players. Our relentless passion to innovate for our…

Continue Reading

dhs - backoff

Driving a Stake through Backoff and other PoS Malware

Despite a US CERT warning and several well-publicized hacking incidents over the summer, Backoff malware continues to add new corporate victims. Krebs has been on the case and has more details on the most recent attacks against two well-known brands. The government warning pointed out that anti-virus vendors may not have the latest signatures for…

Continue Reading

Blank computer screen

Miscommunication as a Cybersecurity Threat

There was a great interview in WSJ this weekend with Blackstone’s CISO Jay Leek.  They asked Mr. Leek a question that I love asking people in high-level security roles: WSJ: What most worries you? LEEK: The No. 1 most significant risk to every organization is your well-intentioned, nonmalicious insider who is trying to do the…

Continue Reading

Using PowerShell to Combat CryptoLocker

On the Varonis blog, we recently wrote about how CryptoLocker—the malware that encrypts your local files and holds them for a Bitcoin ransom—has better marketing than many companies. However, we thought it would be helpful to also offer some tactical advice for dealing with CryptoLocker using our sysadmin tool of choice: PowerShell. What follows are…

Continue Reading

POODLE!

POODLE SSL Bug Scanner

As you may have noticed, there’s been widespread attention on this new POODLE SSL attack (CVE-2014-3566) that lets attackers spy on your traffic to any website that is vulnerable. As a public service, we’ve made a free, easy-to-use site that lets you scan any URL to see if it’s vulnerable and offers some helpful links to…

Continue Reading