<img alt="" src="https://secure.leadforensics.com/110471.png" style="display:none;">

Avanan Attack Report


Hackers are bypassing email security gateways (ESGs) with a very simple root domain exploit. News of this Office 365 attack method was recently published in an article by...

Read more

featured image NoRelationship Phishing Attack

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and PowerPoint (.p...

Read more

Z-WASP Image

Z-WASP Vulnerability Used to Phish Office 365 and ATP

Executive Summary: The name Z-WASP references the zero-width space (‌) that hackers added to the middle of a malicious URL within the RAW HTML of the email. With all these sp...

Read more

Blog Post2FWebinar Images (91)

PhishPoint: New SharePoint Phishing Attack Affects an Estimated 10% of Office 365 Users

  Over the past two weeks, we detected (and blocked) a new phishing attack that affected about 10% of Avanan's Office 365 customers. We estimate this percentage applies to Office 3...

Read more

Blog Post2FWebinar Images (87)

Fake Invoices: Why Does Office 365 Keep Missing These Phishing Attacks?

Emails with fake invoices has been one of the most popular attack vectors against Office 365 email users for the past several years. The malicious emails are disguised as invoices ...

Read more

mailsploit-featured.png

Why Mailsploit Is One of the Most Dangerous New Phishing Schemes

Avanan has been catching multiple attacks against its customers using a new phishing method called Mailsploit. We have observed this attack on both Office 365 and Gmail customers. ...

Read more

Attack Report: Phishing Your HR Platform in the Cloud

Avanan’s security analysts recently tracked an increased number of attacks against cloud-based HR systems such as ADP, Workday, Zenefits and Justworks, to compromise HR accounts an...

Read more

Attack Report: Gmail Vulnerable to Nickname Impersonation Spearphishing

The Basics of the Nickname Email Spoof Attack We have trained our users to distrust a sender's nickname and validate an identity by looking at the original email address. Most emai...

Read more

Attack Report: Excel Phishing Attack that Bypasses Office 365

This targeted phishing attack against Office 365 Outlook customers impersonates Excel Online in an HTML attachment in order to trick users into entering their credentials. Avanan s...

Read more

Attack Report: Office 365 Security Hacked Using Google Redirect

A new widespread phishing attack against Office 365 email customers uses Google's App-Engine website to redirect victims to download malicious files. Avanan security analysts confi...

Read more

Attack Report: Office 365 Security Bypassed Using Hexadecimal Escape Characters

In several past blogs, we described how hackers bypass Office 365 Security with Punycode encoding, and then Unicode characters. In this attack report we discuss an attack against O...

Read more

Attack Report: Office 365 Sharepoint from China

This attack report covers a massive attack on Office 365 users that leverages the trust Office 365 puts in its own links. 

Read more

Screen Shot 2017-08-02 at 11.28.08 AM-1.png

Attack Report: Unicode-Based Phishing

This is a large scale phishing attack against Office 365 that we have been seeing across the majority of our Office 365 customers. The attack takes advantage of Office 365's blindn...

Read more

Attack Report: The Long-term Phish

  “One question was what exactly were the hackers after? They had compromised at least one account, yet they still weren’t done. What was next? But the big question was - how to ge...

Read more

Blog Post2FWebinar Images

Attack Report: How Google Drive Propagates Malware

This attack report covers a phishing attack against Gmail and Google Drive customers that leverages both services and exploits a blind spot in the G Suite service.

Read more

14-DAY FREE TRIAL

Get 100% visibility into your cloud right now. No risk. No obligation. No effect on your users.

START YOUR  FREE TRIAL