Have you heard of Microsoft Sway? If you haven’t, there’s a good chance your users don’t know about it either. That’s why this content creation service is used in ph...
Have you heard of Microsoft Sway? If you haven’t, there’s a good chance your users don’t know about it either. That’s why this content creation service is used in ph...
Avanan has uncovered a new sextortion attack that uses QR codes instead of URLs to avoid bitcoin wallet detection. To drive the attack, hackers claim they have foota...
This summer, we reported that hackers were bypassing Office 365 EOP and ATP with an ingeniously simple attack that uses HTML attachments in email to launch phishing ...
As we enter the 2020 election season, we are once again discussing the possibility of foreign intervention, which puts the 2016 hack of the Democratic National Commi...
Let’s say your organization has the best security. Your employees are trained to never fall victim to phishing. You have SSO and it’s very hard to take over your acc...
What’s more dangerous than hackers running amok in your corporate email? How about if they had global access to your salesforce.com account? Salesforce.com [$CRM] i...
In yet another example of a phishing campaign impersonating Microsoft’s voicemail notification, we see an HTML attachment that leads to a credential-harvesting URL. ...
Hackers are using Microsoft Azure Blob Storage to specifically attack Office 365 admins to take over the Office 365 environment. Although windows.net phishing attack...
The average person interacts with HTML every day while surfing the internet. Unless they are a UX developer or designer, however, they probably shouldn’t expect to r...
Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail fl...
Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and...
Executive Summary: The name Z-WASP references the zero-width space () that hackers added to the middle of a malicious URL within the RAW HTML of the email. With all...
Over the past two weeks, we detected (and blocked) a new SharePoint scam phishing attack that affected about 10% of Avanan's Office 365 customers. We estimate this...
Emails with fake invoices has been one of the most popular attack vectors against Office 365 email users for the past several years. The malicious emails are disguis...
For several weeks, we detected (and blocked) an attack targeting one of the largest municipalities in the U.S. that bypassed Office 365 default security, using a sim...
Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft's phishing scans. The font manipu...
Update: Microsoft has repaired this vulnerability on 5/16/18, two weeks after we first reported it to them. We recently uncovered what may be the largest security fl...
We started tracking a new method hackers use to bypass Gmail's SPF check for spear-phishing. The hackers send from an external server, the user receives the email fr...
Avanan has been catching multiple attacks against its customers using a new phishing method called Mailsploit. We have observed this attack on both Office 365 and Gm...
Avanan’s security analysts recently tracked an increased number of attacks against cloud-based HR systems such as ADP, Workday, Zenefits and Justworks, to compromise...