Let’s say your organization has the best security. Your employees are trained to never fall victim to phishing. You have SSO and it’s very hard to take over your acc...
Let’s say your organization has the best security. Your employees are trained to never fall victim to phishing. You have SSO and it’s very hard to take over your acc...
What’s more dangerous than hackers running amok in your corporate email? How about if they had global access to your salesforce.com account? Salesforce.com [$CRM] i...
In yet another example of a phishing campaign impersonating Microsoft’s voicemail notification, we see an HTML attachment that leads to a credential-harvesting URL. ...
Hackers are using Microsoft Azure Blob Storage to specifically attack Office 365 admins to take over the Office 365 environment. Although windows.net phishing attack...
The average person interacts with HTML every day while surfing the internet. Unless they are a UX developer or designer, however, they probably shouldn’t expect to r...
Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail fl...
Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and...
Executive Summary: The name Z-WASP references the zero-width space () that hackers added to the middle of a malicious URL within the RAW HTML of the email. Wi...
Over the past two weeks, we detected (and blocked) a new SharePoint scam phishing attack that affected about 10% of Avanan's Office 365 customers. We estimate this...
Emails with fake invoices has been one of the most popular attack vectors against Office 365 email users for the past several years. The malicious emails are disguis...
For several weeks, we detected (and blocked) an attack targeting one of the largest municipalities in the U.S. that bypassed Office 365 default security, using a sim...
Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft's phishing scans. The tactic, whi...
Update: Microsoft has repaired this vulnerability on 5/16/18, two weeks after we first reported it to them. We recently uncovered what may be the largest security fl...
We started tracking a new method hackers use to bypass Gmail's SPF check for spear-phishing. The hackers send from an external server, the user receives the email fr...
Avanan has been catching multiple attacks against its customers using a new phishing method called Mailsploit. We have observed this attack on both Office 365 and Gm...