<img alt="" src="https://secure.leadforensics.com/110471.png" style="display:none;">

Avanan Blog

AlternateInboxFeaturedImage-1.png

When Phishing Succeeds: The Alternate Inbox Method

Michael Landewe | October 16, 2017 | Filed Under: Blog | Read More »

Before you continue reading, you should check to see if your email address is one of millions that has already been compromised: HaveIBeenPwned.com. An attacker could have your acc...

Gmail Users Vulnerable to Nickname Impersonation Spearphishing Attack

Michael Landewe | October 11, 2017 | Filed Under: Blog | Read More »

The Basics of the Nickname Email Spoof Attack We have trained our users to distrust a sender's nickname and validate an identity by looking at the original email address. Most emai...

Blog Post2FWebinar Images (36).png

Avanan Partner Series: How Lastline Detects Malware

Michael Landewe | October 11, 2017 | Filed Under: Blog | Read More »

With each day bringing new and different threats, we are always seeking out the next-gen technology that can defend against these next generation attacks. This is the first in our ...

Blog Post2FWebinar Images (35).png

Can a CASB Protect you from Phishing or Ransomware?

Michael Landewe | October 6, 2017 | Filed Under: Blog | Read More »

"Is Avanan a CASB?"   After joining a recent CASB panel with the Cloud Security Alliance I found myself answering this question over and over again. The answer depends upon whether...

Blog Post2FWebinar Images (34).png

Post-Breach Protection: What to Do When You're Already Compromised

Yoav Nathaniel | September 28, 2017 | Filed Under: Blog | Read More »

Even if you could block 100% of malware and phishing, it is still possible to have a compromised account: a lost post-it note, a massive Linkedin-type password breach, a re-used pa...

Attack Report: Excel Phishing Attack that Bypasses Office 365

Yoav Nathaniel | September 19, 2017 | Filed Under: Blog, Attack Report | Read More »

This targeted phishing attack against Office 365 Outlook customers impersonates Excel Online in an HTML attachment in order to trick users into entering their credentials. Avanan s...

Attack Report: Office 365 Security Hacked Using Google Redirect Vulnerability

Yoav Nathaniel | September 14, 2017 | Filed Under: Blog, Attack Report | Read More »

A new widespread phishing attack against Office 365 email customers uses Google's App-Engine website to redirect victims to download malicious files. Avanan security analysts confi...

Blog Post2FWebinar Images (23).png

Part II: Why Proofpoint and Mimecast Can't Secure Office 365 and Gmail. Technical Details

Yoav Nathaniel | September 6, 2017 | Filed Under: Blog | Read More »

In part one of this series we explained why customers of Proofpoint and Mimecast might be susceptible to email attacks that other Office 365 and Gmail customers are not. (Read Part...

Attack Report: Hexadecimal Escape Characters

Yoav Nathaniel | August 24, 2017 | Filed Under: Blog, Attack Report | Read More »

In several past blogs, we described how hackers bypass Office 365 Security with Punycode encoding, and then Unicode characters. In this attack report we discuss an attack against O...

Attack Report: Office 365 Sharepoint from China

Dylan Press | August 24, 2017 | Filed Under: Blog, Attack Report | Read More »

This attack report covers a massive attack on Office 365 users that leverages the trust Office 365 puts in its own links. 

Part I: Why Proofpoint and Mimecast Can't Secure Office 365 and Gmail

Gil Friedrich | August 11, 2017 | Filed Under: Blog | Read More »

Proofpoint and Mimecast have been the best email security solutions for our legacy on-prem email platforms - Exchange, Lotus Notes, etc. But to use them for Office 365 or Gmail act...

Attack Report: Unicode-Based Phishing

Yoav Nathaniel | August 2, 2017 | Filed Under: Blog, Attack Report | Read More »

This is a large scale phishing attack against Office 365 that we have been seeing across the majority of our Office 365 customers that takes advantage of Office 365's blindness to ...

Attack Report: The Long-term Phish

Gil Friedrich | July 24, 2017 | Filed Under: Blog, Attack Report | Read More »

  “One question was what exactly were the hackers after? They had compromised at least one account, yet they still weren’t done. What was next? But the big question was - how to ge...

Blog Post2FWebinar Images (2).png

5 Phishing Attacks Office 365 and Gmail Didn't Detect in July

Dylan Press | July 19, 2017 | Filed Under: Blog | Read More »

In the past 30 days, the Avanan platform has detected and blocked thousands of unique phishing attacks against our customers. The most interesting are those that bypass the built-i...

450421681.jpg

How to Identify a Phishing Email in Gmail

Dylan Press | July 14, 2017 | Filed Under: Blog | Read More »

Phishing is the most popular way for attackers to gain access to your Google Cloud. It can be difficult to keep up with all the methods for detecting phishing attacks on your own a...

anti-casb linkedin ad.png

What's Wrong with CASBs?

Dylan Press | July 6, 2017 | Filed Under: Blog | Read More »

CASB vendors have been around for the past 5-7 years, VCs have invested over $500M into these companies and Gartner has been promoting them with very bullish growth predictions. Bu...

Attack Report: How Google Drive Propagates Malware

Gil Friedrich | June 14, 2017 | Filed Under: Blog, Attack Report | Read More »

This attack report covers a phishing attack against Gmail and Google Drive customers that leverages both services and exploits a blind spot in the G Suite service.

Untitled presentation (1).png

NHS Hit by International Ransomware Attack

Dylan Press | May 12, 2017 | Filed Under: Blog | Read More »

May 12th, 2017 The NHS has been hit by a ransomware attack today, affecting at least 16 of their trusts in the UK according to The Guardian. This is a widespread attack affecting b...

Untitled presentation-1.png

Jaff: New Ransomware Attack Blasting 5 Million Emails Per Hour

Dylan Press | May 12, 2017 | Filed Under: Blog | Read More »

WannaCry infected over 200,000 computers in 150 countries. The large-scale ransomware attack infected a large number of global companies such as FedEx, LATAM airlines, Renault, and...

google-doc-attack-authenticate.png

Attack Report: API-based Phishing Attack in Gmail

Michael Landewe | May 3, 2017 | Filed Under: Blog | Read More »

This attack report covers a very sophisticated phishing scheme that came in the form of an invitation to open a Google Doc.