Yoav Nathaniel

Yoav Nathaniel



salespharce-featured-image

Salesforce Attack: Hackers Use Phishing Email Invoices to Scam Users

What’s more dangerous than hackers running amok in your corporate email? How about if they had global access to your salesforce.com account? Salesforce.com [$CRM] is...

Read more

Metamorph-Featured-Image

MetaMorph HTML Obfuscation Phishing Attack

In yet another example of a phishing campaign impersonating Microsoft’s voicemail notification, we see an HTML attachment that leads to a credential-harvesting URL. ...

Read more

Validator-Featured-Image

Office 365 Credential Validator Phishing Attack

Hackers are using Microsoft Azure Blob Storage to specifically attack Office 365 admins to take over the Office 365 environment. Although windows.net phishing attack...

Read more

Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured

HTML Attachments: The Latest Phishing Trend Targeting Office 365

The average person interacts with HTML every day while surfing the internet. Unless they are a UX developer or designer, however, they probably shouldn’t expect to r...

Read more

When-Allow-Lists-Pile-Up-Email-Security-and-Technical-Debt

When Allow Lists Pile-Up: Email Security and Technical Debt

Recently, I analyzed the inboxes of a company representing a typical enterprise account of more than 10,000 email users. I found something alarming. Because of Allow...

Read more

Root-Domain-Hack-Impacts-70-of-Email-Gateway-Customers-Featured

Root Domain Hack Impacts 70% of Email Gateway Customers

Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail fl...

Read more

The-NoRelationship-Attack-Bypasses-Office-365-Email-Attachment-Security-Featured

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and...

Read more

Z-WASP-Vulnerability-Used-to-Phish-Office-365-and-ATP-Featured

Z-WASP Vulnerability Used to Phish Office 365 and ATP

Executive Summary: The name Z-WASP references the zero-width space (‌) that hackers added to the middle of a malicious URL within the RAW HTML of the email. With all...

Read more

ZeroFont-Phishing-Manipulating-Font-Size-to-Get-Past-Office-365-Security-Featured

ZeroFont Phishing: Manipulating Font Size to Get Past Office 365 Security

Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft's phishing scans. The font manipu...

Read more

baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured

baseStriker: Office 365 Security Fails To Secure 100 Million Email Users

Update: Microsoft has repaired this vulnerability on 5/16/18, two weeks after we first reported it to them. We recently uncovered what may be the largest security fl...

Read more

1 2
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial