A new attack method bypasses both Microsoft 365 default security (EOP) and advanced security (ATP). At the time of writing, Microsoft 365 is still vulnerable and the...
A new attack method bypasses both Microsoft 365 default security (EOP) and advanced security (ATP). At the time of writing, Microsoft 365 is still vulnerable and the...
Highlights Avanan protects Slack and Microsoft Teams with one click. Despite many users thinking otherwise, Slack and Microsoft Teams have no inherent security pr...
Starting Today: Stop shaking hands. Stop clicking on any email that mentions Coronavirus! Our security analysts have seen a significant rise in phishing emails that ...
Have you heard of Microsoft Sway? If you haven’t, there’s a good chance your users don’t know about it either. That’s why this content creation service is used in ph...
Avanan has uncovered a new sextortion attack that uses QR codes instead of URLs to avoid bitcoin wallet detection. To drive the attack, hackers claim they have foota...
This summer, we reported that hackers were bypassing Office 365 EOP and ATP with an ingeniously simple attack that uses HTML attachments in email to launch phishing ...
As we enter the 2020 election season, we are once again discussing the possibility of foreign intervention, which puts the 2016 hack of the Democratic National Commi...
Let’s say your organization has the best security. Your employees are trained to never fall victim to phishing. You have SSO and it’s very hard to take over your acc...
What’s more dangerous than hackers running amok in your corporate email? How about if they had global access to your salesforce.com account? Salesforce.com [$CRM] i...
In yet another example of a phishing campaign impersonating Microsoft’s voicemail notification, we see an HTML attachment that leads to a credential-harvesting URL. ...
Hackers are using Microsoft Azure Blob Storage to specifically attack Office 365 admins to take over the Office 365 environment. Although windows.net phishing attack...
The average person interacts with HTML every day while surfing the internet. Unless they are a UX developer or designer, however, they probably shouldn’t expect to r...
Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail fl...
Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and...
Executive Summary: The name Z-WASP references the zero-width space () that hackers added to the middle of a malicious URL within the RAW HTML of the email. Wi...