Blank computer screen

Miscommunication as a Cybersecurity Threat

There was a great interview in WSJ this weekend with Blackstone’s CISO Jay Leek.  They asked Mr. Leek a question that I love asking people in high-level security roles: WSJ: What most worries you? LEEK: The No. 1 most significant risk to every organization is your well-intentioned, nonmalicious insider who is trying to do the…

Continue Reading

Using PowerShell to Combat CryptoLocker

On the Varonis blog, we recently wrote about how CryptoLocker—the malware that encrypts your local files and holds them for a Bitcoin ransom—has better marketing than many companies. However, we thought it would be helpful to also offer some tactical advice for dealing with CryptoLocker using our sysadmin tool of choice: PowerShell. What follows are…

Continue Reading

POODLE!

POODLE SSL Bug Scanner

As you may have noticed, there’s been widespread attention on this new POODLE SSL attack (CVE-2014-3566) that lets attackers spy on your traffic to any website that is vulnerable. As a public service, we’ve made a free, easy-to-use site that lets you scan any URL to see if it’s vulnerable and offers some helpful links to…

Continue Reading

399px-Buckingham-palace-guard-11279634947G5ru

Getting Ready for PCI DSS 3.0 and Beyond: A New Focus on Testing

To get a sense of where the PCI Data Security Standard (DSS) is heading, it helps to take a look beyond the actual language in the requirements.  In August, PCI published a DSS 3.0 best practices document that provided additional context for the 12 DSS requirements and their almost 300 sub-controls. It’s well worth looking at. The…

Continue Reading

How can I find out which Active Directory groups I’m a member of?

The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization. There are a number of different ways to determine which groups a user belongs to. First, you can take the GUI approach: Go to “Active Directory Users and Computers”. Click on “Users” or the folder that…

Continue Reading

locks

CryptoLocker: The Marketing Behind the Malware

CryptoLocker is a frightening piece of malware that, when executed, encrypts your local and network files until a ransom is paid. CryptoLocker has well-implemented encryption that is generally considered unfeasible to brute force, as well as a multitude of distribution vectors—botnets, emails, Trojans, etc.  But what really sets CryptoLocker apart as ransomware, which has existed…

Continue Reading

Test_(student_assessment)

PCI Penetration Testing and Vulnerability Scanning: There’s Room for Improvement

One of the criticisms against PCI DSS is that it isn’t keeping up with the dynamic threat environment. As we all know, phishing, APTs, and PoS malware have been especially effective in the retail sector. The Verizon PCI report I mentioned in my last post has some revealing data as to why this may be…

Continue Reading

[VIDEO] Why Work At Varonis

Below you’ll find a video we’re really happy to share with you. While watching the video, you’ll get a real sense of what it’s like to work at Varonis. You’ll hear directly from employees on the company culture, and perks – while getting a glimpse of our offices in the heart of Manhattan. We hope…

Continue Reading

creepometer

How to Avoid Being Known as a Creepy Company

While data breaches have been driving news headlines this year, privacy concerns have been riding shotgun. Unfortunately, for lack of a better word, “creepy” has been the word often used to describe the way companies have been leveraging our personal data, whether it is with passive location tracking, apps secretly absorbing your personal address book,…

Continue Reading

money

What’s Your Reputation Worth?

During this past year, we’ve been reminded (too) many times that data breaches are costly and damaging to a company’s reputation. According to the Ponemon Institute’s 2014 Cost of Data Breach Study, the average total cost of a data breach—which can include credit monitoring, legal fees, remediation, and customer loss—for the companies who participated in…

Continue Reading