Blog
Three Ways Varonis Helps You Fight Insider Threats
What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by insiders. In each case, the motivations and methods varied, but the risk...
Microsoft Releases Patch Updates for Five New Zero-Day Vulnerabilities
The three actively exploited zero-day vulnerabilities, including a Windows SmartScreen bypass and privilege escalation flaws, emphasize the need for users to exercise caution when interacting with internet shortcuts and hyperlinks.
VMware Discloses Critical VCD Appliance Authentication Bypass With No Patch
VMware has disclosed a critical authentication bypass vulnerability (CVE-2023-34060) affecting its Cloud Director appliance deployments. The flaw only affects upgraded versions of the VCD Appliance 10.5.
Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure...
Microsoft Fixes Critical Azure CLI Flaw That Leaked Credentials in Logs
Users are advised to avoid exposing Azure CLI output in logs, regularly rotate keys and secrets, and review best practices for securing Azure Pipelines and GitHub Actions to prevent accidental exposure of sensitive information.
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four...
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been...
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The...
Researchers Uncover Info-Stealing Campaign Targeting Gaming Community
A targeted campaign against the gaming community exploits Discord channels and fake download sites to distribute types of information-stealing malware. Multiple information stealer families, including BBy Stealer, Nova Sentinel, Doenerium, and Epsilon Stealer, were...
Researchers Uncover Info-Stealing Campaign Targeting Gaming Community
A targeted campaign against the gaming community exploits Discord channels and fake download sites to distribute types of information-stealing malware. Multiple information stealer families, including BBy Stealer, Nova Sentinel, Doenerium, and Epsilon Stealer, were...
FREE GUIDE