<img alt="" src="https://secure.leadforensics.com/110471.png" style="display:none;">
Yoav Nathaniel

Yoav Nathaniel



White-Listing-Featured

When Whitelists Pile-Up: Email Security and Technical Debt

Recently, I analyzed the inboxes of a company representing a typical enterprise account of more than 10,000 email users. I found something alarming. Because of whitelisting configu...

Read more

Root Domain Exploit featured

Root Domain Hack Impacts 70% of Email Gateway Customers

Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail flow accepts emai...

Read more

featured image NoRelationship Phishing Attack

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and PowerPoint (.p...

Read more

Z-WASP Image

Z-WASP Vulnerability Used to Phish Office 365 and ATP

Executive Summary: The name Z-WASP references the zero-width space (‌) that hackers added to the middle of a malicious URL within the RAW HTML of the email. With all these sp...

Read more

Blog Post2FWebinar Images (61)

ZeroFont Phishing: Manipulating Font Size to Get Past Office 365 Security

Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft's phishing scans. The tactic, which we are calli...

Read more

baseStriker-featured-1

baseStriker: Office 365 Security Fails To Secure 100 Million Email Users

Update: Microsoft has repaired this vulnerability on 5/16/18, two weeks after we first reported it to them. We recently uncovered what may be the largest security flaw in Office 36...

Read more

Reagan Attack Featured

The "Ronald Reagan" Attack Allows Hackers to Bypass Gmail's Anti-phishing Security

We started tracking a new method hackers use to bypass Gmail's SPF check for spear-phishing. The hackers send from an external server, the user receives the email from an internal ...

Read more

Blog Post2FWebinar Images (34).png

What to Do After You Have Fallen Victim to a Phishing Attack

Even if you could block 100% of malware and phishing, it is still possible to have a compromised account: a lost post-it note, a massive Linkedin-type password breach, a re-used pa...

Read more

Attack Report: Excel Phishing Attack that Bypasses Office 365

This targeted phishing attack against Office 365 Outlook customers impersonates Excel Online in an HTML attachment in order to trick users into entering their credentials. Avanan s...

Read more

Attack Report: Office 365 Security Hacked Using Google Redirect

A new widespread phishing attack against Office 365 email customers uses Google's App-Engine website to redirect victims to download malicious files. Avanan security analysts confi...

Read more

Blog Post2FWebinar Images (23).png

Part II: Why Proofpoint and Mimecast Can't Secure Office 365 and Gmail

In part one of this series, we explained why Proofpoint and Mimecast customers might be susceptible to email attacks that other Office 365 and Gmail customers are not. After receiv...

Read more

Attack Report: Office 365 Security Bypassed Using Hexadecimal Escape Characters

In several past blogs, we described how hackers bypass Office 365 Security with Punycode encoding, and then Unicode characters. In this attack report we discuss an attack against O...

Read more

Screen Shot 2017-08-02 at 11.28.08 AM-1.png

Attack Report: Unicode-Based Phishing

This is a large scale phishing attack against Office 365 that we have been seeing across the majority of our Office 365 customers. The attack takes advantage of Office 365's blindn...

Read more

14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial