Avanan Blog Attack Briefs


Amazon 'Crime': Hackers Are After Your Prime Credentials

E-commerce sales have skyrocketed during the pandemic as people are looking to stock up on goods without going into a store. Amazon, of course, has been one of the b...

Read more

Netflix and Steal: New Attack Targets Streaming Credentials and Payment Info

If you're like most people over the six months, you've spent a lot of time watching and binging shows on Netflix.

Read more

Microsoft SafeLinks Redirect: TattleToken Script

Attackers are using 'smart' redirect servers to hide malicious websites from post-delivery protections like Microsoft SafeLinks and Chrome browser filters.  Summary:...

Read more

SiteCloak Phishing: Office 365's Safe Links is Under Attack

Highlights: Attackers have expanded the battleground from the inbox to the web This is the hacker’s response to click-time protection and the technique is able to by...

Read more

SiteCloak: Hackers Take Phish Obfuscation to the Next Level

We are seeing a rise in the number of phishing attacks that bypass Office 365 due to the attackers’ use of obfuscation techniques on the credential harvesting websit...

Read more

SYLKin Attack: New Malicious .slk files are bypassing Microsoft 365 Security, Risking 200M+ Users

A new attack method bypasses both Microsoft 365 default security (EOP) and advanced security (ATP). At the time of writing, Microsoft 365 is still vulnerable and the...

Read more

Why Slack and Microsoft Teams Are Not as Secure as You Think

Highlights Avanan protects Slack  and Microsoft Teams with one click.   Despite many users thinking otherwise, Slack and Microsoft Teams have no inherent security pr...

Read more

CoronaPhishing: Hackers are using COVID-19 to Attack Your Users

Starting Today: Stop shaking hands. Stop clicking on any email that mentions Coronavirus! Our security analysts have seen a significant rise in phishing emails that ...

Read more

Cybercriminals Use Microsoft Sway to Phish Office 365 Security and Your Well-Trained Users

Have you heard of Microsoft Sway? If you haven’t, there’s a good chance your users don’t know about it either. That’s why this content creation service is used in ph...

Read more

QR-Code-Attack-Featured

QReep: Sextortion campaign uses QR codes to link to bitcoin wallets instead of URLs

Avanan has uncovered a new sextortion attack that uses QR codes instead of URLs to avoid bitcoin wallet detection. To drive the attack, hackers claim they have foota...

Read more

Metamorph-Featured-Image

Update — HTML Attachment Attack on Office 365

This summer, we reported that hackers were bypassing Office 365 EOP and ATP with an ingeniously simple attack that uses HTML attachments in email to launch phishing ...

Read more

5-Things-Everyone-Should-Know-About-the-2016-DNC-Email-Breach

5 Things Security Professionals Should Know About the DNC Email Breach

As we enter the 2020 election season, we are once again discussing the possibility of foreign intervention, which puts the 2016 hack of the Democratic National Commi...

Read more

featured-image-reploy

Re:Ploy Email Chain Hijack Attack

Let’s say your organization has the best security. Your employees are trained to never fall victim to phishing. You have SSO and it’s very hard to take over your acc...

Read more

salespharce-featured-image

SalesPharce: Hackers Exploit Salesforce, Phish Partners and Customers

What’s more dangerous than hackers running amok in your corporate email?  How about if they had global access to your salesforce.com account? Salesforce.com [$CRM] i...

Read more

Metamorph-Featured-Image

MetaMorph HTML Obfuscation Phishing Attack

In yet another example of a phishing campaign impersonating Microsoft’s voicemail notification, we see an HTML attachment that leads to a credential-harvesting URL. ...

Read more

1 2 3
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial