Avanan Blog Attack Briefs (6)


The Universal Language of Phishing

It's reasonable to expect that phishing emails that come to your inbox will be in your native tongue.

Read more

SEG Miss of the Week: 2/4/21

This week's SEG miss of the week follows a targeted social engineering attack. Proofpoint missed this attack.

Read more

ATP Miss of the Week: 2/4/21

Today’s ATP Miss of the Week is yet another credential harvesting attack that flew by Microsoft’s security. We have seen this exact attack over 900 times in 20 diffe...

Read more

ATP Miss of the Week: Credential Harvesting Attack

This week, we uncovered a simple credential harvesting attack. We saw this in over 30 organizations, suggesting something targeted.

Read more

ATP Miss of the Week: 1/20/2021

This week, we uncovered an attack that uses both Microsoft Forms and Typeform.  We saw this across multiple organizations.

Read more

ATP Miss of the Week: 1/13/2021

This week, we uncovered an attack that uses a Zoom notification.  We saw this across multiple organizations and in multiple weeks. 

Read more

ATP Miss of the Week: 1/7/2021

This week, we uncovered an attack that claims a password is about to expire.  We saw this across multiple organizations.

Read more

ATP Miss of the Week: 12/22/2020

This week, we uncovered an attack that utilizes a link for documents. We saw this across multiple organizations.

Read more

BioNTech COVID-19 Vaccine Spoofed in Email Campaign

As happens with all major news events, Avanan is tracking a tremendous number of fake sites, emails and even phone calls and texts which all offer an insider's acces...

Read more

Microsoft Teams: Spoofing Notifications to Steal Credentials

As Microsoft Teams continues to skyrocket in growth, hackers are going to flock to the service. We wrote recently about how a compromise at a partner organization al...

Read more

ATP Miss of the Week: 12/16/2020

This week, we uncovered an attack that utilizes a voice message file. We saw this across multiple organizations.

Read more

Come On In: LinkedIn Used for Spoofing

Quick quiz: which social media platform are hackers impersonating most effectively? If you guessed LinkedIn, good for you.  Yes, LinkedIn has quietly become a haven ...

Read more

Slack Continues to Be Top of Mind for Hackers' Malicious Links Attacks

A few months ago, we wrote about a Slack-based attack making waves. In the attack, hackers utilized a Slack redirect to bypass Microsoft SafeLinks. It looks like thi...

Read more

ATP Miss of the Week: 12/09/2020

This week, we uncovered an "eFax" email across multiple organizations. The email comes across as an eFax with a link to view documents. 

Read more

Global Financial Institution's Microsoft Teams Account Compromised by Malware

Summary A compromised Microsoft Teams account at a partner organization fooled users at a global financial institution into sharing insider information. After exfilt...

Read more

SPAM-EGY Takes on EDU

Highlights: Avanan researchers have identified an aggressive attack against higher-education targets that uses a number of obfuscation techniques developed by the SP...

Read more

Hackers Targeting G-Suite via DocuSign

Remote work has been a boon for a number of companies and DocuSign is no different. The e-signature company has seen 61% year-over-year growth. As companies to work-...

Read more

Not-So-Sweet Home: Mortgage Wire Fraud Scams Explode

  You're about to close on a house. Congrats! But it's not all dream-come-true. You have to be on the lookout for mortgage wire fraud.

Read more

MFA Is Not The Cure-All

According to official Microsoft guidance, multi-factor authentication can solve everything. Seriously. Read on:

Read more

Passing Notes: Phishing Attack Leverages OneNote

One of the most appealing parts of the Microsoft suite is all that you can do with it. Spreadsheets in Excel. Presentations in PowerPoint. Note taking in OneNote. Bu...

Read more

14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial