Avanan Attack Briefs


Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured

HTML Attachments: The Latest Phishing Trend Targeting Office 365

The average person interacts with HTML every day while surfing the internet. Unless they are a UX developer or designer, however, they probably shouldn’t expect to receive HTML attachments in their emails....

Read more

Root-Domain-Hack-Impacts-70-of-Email-Gateway-Customers-Featured

Root Domain Hack Impacts 70% of Email Gateway Customers

Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail fl...

Read more

The-NoRelationship-Attack-Bypasses-Office-365-Email-Attachment-Security-Featured

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and...

Read more

Z-WASP-Vulnerability-Used-to-Phish-Office-365-and-ATP-Featured

Z-WASP Vulnerability Used to Phish Office 365 and ATP

Executive Summary: The name Z-WASP references the zero-width space (‌) that hackers added to the middle of a malicious URL within the RAW HTML of the email. Wi...

Read more

Blog Post2FWebinar Images (91)

PhishPoint: New SharePoint Phishing Scam Affects an Estimated 10% of Office 365 Users

  Over the past two weeks, we detected (and blocked) a new SharePoint scam phishing attack that affected about 10% of Avanan's Office 365 customers. We estimate this...

Read more

Blog Post2FWebinar Images (87)

Fake Email Invoices: Why Office 365 Keeps Missing These Phishing Attacks?

Emails with fake invoices has been one of the most popular attack vectors against Office 365 email users for the past several years. The malicious emails are disguis...

Read more

Blog Post2FWebinar Images (84)

ACE Archives: Microsoft finally closes hole that allowed trojans to bypass Office 365 default security

For several weeks, we detected (and blocked) an attack targeting one of the largest municipalities in the U.S. that bypassed Office 365 default security, using a sim...

Read more

ZeroFont-Phishing-Manipulating-Font-Size-to-Get-Past-Office-365-Security-Featured

ZeroFont Phishing: Manipulating Font Size to Get Past Office 365 Security

Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft's phishing scans. The tactic, whi...

Read more

baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured

baseStriker: Office 365 Security Fails To Secure 100 Million Email Users

Update: Microsoft has repaired this vulnerability on 5/16/18, two weeks after we first reported it to them. We recently uncovered what may be the largest security fl...

Read more

Reagan Attack Featured

The "Ronald Reagan" Attack Allows Hackers to Bypass Gmail's Anti-phishing Security

We started tracking a new method hackers use to bypass Gmail's SPF check for spear-phishing. The hackers send from an external server, the user receives the email fr...

Read more

mailsploit-featured.png

Why Mailsploit Is One of the Most Dangerous New Phishing Schemes

Avanan has been catching multiple attacks against its customers using a new phishing method called Mailsploit. We have observed this attack on both Office 365 and Gm...

Read more

Attack Report: Phishing Your HR Platform in the Cloud

Avanan’s security analysts recently tracked an increased number of attacks against cloud-based HR systems such as ADP, Workday, Zenefits and Justworks, to compromise...

Read more

Attack Report: Gmail Vulnerable to Nickname Impersonation Spearphishing

The Basics of the Nickname Email Spoof Attack We have trained our users to distrust a sender's nickname and validate an identity by looking at the original email add...

Read more

Attack Report: Excel Phishing Attack that Bypasses Office 365

This targeted phishing attack against Office 365 Outlook customers impersonates Excel Online in an HTML attachment in order to trick users into entering their creden...

Read more

Attack Report: Office 365 Security Hacked Using Google Redirect

A new widespread phishing attack against Office 365 email customers uses Google's App-Engine website to redirect victims to download malicious files. Avanan security...

Read more

Attack Report: Office 365 Security Bypassed Using Hexadecimal Escape Characters

In several past blogs, we described how hackers bypass Office 365 Security with Punycode encoding, and then Unicode characters. In this attack report we discuss an a...

Read more

Attack Report: Office 365 Sharepoint from China

This attack report covers a massive attack on Office 365 users that leverages the trust Office 365 puts in its own links. 

Read more

Screen Shot 2017-08-02 at 11.28.08 AM-1.png

Attack Report: Unicode-Based Phishing

This is a large scale phishing attack against Office 365 that we have been seeing across the majority of our Office 365 customers. The attack takes advantage of Offi...

Read more

Attack Report: The Long-term Phish

“One question was what exactly were the hackers after? They had compromised at least one account, yet they still weren’t done. What was next? But the big question wa...

Read more

Blog Post2FWebinar Images (2).png

5 Phishing Attacks Office 365 and Gmail Didn't Detect in July

In the past 30 days, the Avanan platform has detected and blocked thousands of unique phishing attacks against our customers. The most interesting are those that byp...

Read more

1 2
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial