The Email Security Blog

What-We-Learned-At-Blackhat-Featured

Lessons from Black Hat: End-to-End Security Culture

This month marked the 23rd Black Hat conference. If you’ve never made the trip to Las Vegas, the event typically focuses on the technical aspects of the latest threats from the point of view of front-line ...

Read more

Metamorph-Featured-Image

MetaMorph HTML Obfuscation Phishing Attack

In yet another example of a phishing campaign impersonating Microsoft’s voicemail notification, we see an HTML attachment that leads to a credential-harvesting URL. ...

Read more

Validator-Featured-Image

Office 365 Credential Validator Phishing Attack

Hackers are using Microsoft Azure Blob Storage to specifically attack Office 365 admins to take over the Office 365 environment. Although windows.net phishing attack...

Read more

Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured

Why Multi-Factor Authentication Isn't Foolproof

When 2-factor authentication (2FA) is combined with password managers like 1Password and LastPass, it can help people securely access their personal and work account...

Read more

Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured

HTML Attachments: The Latest Phishing Trend Targeting Office 365

The average person interacts with HTML every day while surfing the internet. Unless they are a UX developer or designer, however, they probably shouldn’t expect to r...

Read more

Cloud-Email-Security-Supplements-Address-SaaS-Vulnerabilities-Featured

Cloud Email Security Supplements Address SaaS Vulnerabilities

Gartner recognizes a new segment of email security focused on filling gaps in existing advanced threat protection. “Protecting the perimeter” was the refrain for con...

Read more

Phishing-Infographic-Featured-new

How Email Became the Weakest Link [Infographic]

See why phishing has became one of cyber security's most common threats, and what can be done about it. Lots of numbers, percentages, and costs are associated with p...

Read more

Top-Takeaways-from-the-2019-Gartner-Security-Risk-Management-Summit-Featured

Top Takeaways from the 2019 Gartner Security & Risk Management Summit

Gartner’s 25th annual Summit for CISOs, security architects, and data practitioners ended last week. There was a  focus on organizational culture rather than pieceme...

Read more

What-Were-Looking-Forward-to-at-Gartner-Security-Risk-Management-Summit-2019-Featured

What We’re Looking Forward to at Gartner Security & Risk Management Summit 2019

I’ve been to 15 Gartner Summit Events. The 2019 Gartner Security & Risk Management Summit, however, will be my first time attending their security-focused conference...

Read more

6-Things-You-Need-to-Know-About-Microsoft-Security-in-Office-365-Featured

6 Things You Need to Know About Microsoft Security in Office 365

Microsoft Office 365 is the most popular target and vector for email phishing attacks. Office 365 Security is Microsoft’s best — especially compared to its 30-year c...

Read more

How-Default-Email-Configurations-Help-Hackers-Featured

How Default Email Configurations Help Hackers

Recently, I talked about an unexplored, but potentially devastating issue in InfoSecurity magazine: default Software-as-a-Service (SaaS) configurations. Sure, they'r...

Read more

Podcast-Avanan-Report-Reveals-25-of-Phishing-Emails-Bypass Office-365-Security-Featured

[Podcast] Avanan Report Reveals 25% of Phishing Emails Bypass Office 365 Security

In this podcast, hosted by Neil C. Hughes, we discuss the Global Phish Report that analyzed 55.5 million emails sent to organizations using Microsoft Office 365 and ...

Read more

When-Whitelists-Pile-Up-Email-Security-and-Technical-Debt-Featured

When Whitelists Pile-Up: Email Security and Technical Debt

Recently, I analyzed the inboxes of a company representing a typical enterprise account of more than 10,000 email users. I found something alarming. Because of white...

Read more

How-Avanan-Catches-Phishing-That-Others-Miss-Featured

How Avanan Catches Phishing That Others Miss

Why does conventional email security fail to catch some sophisticated impersonation, spear phishing, credential harvesting, and malware? The rapid adoption of the cl...

Read more

Global-Phish-Report-blog

2019 Avanan Global Phish Report

To create the 2019 Global Phish Report, Avanan security scientists analyzed 55.5 million emails to surface key insights on how hackers target Office 365 and Gmail.

Read more

Root-Domain-Hack-Impacts-70-of-Email-Gateway-Customers-Featured

Root Domain Hack Impacts 70% of Email Gateway Customers

Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail fl...

Read more

avanan-wins-awards-featured

Avanan Wins Anti-Phishing Award from Cyber Defense Magazine

New York, March 11, 2019 — At the RSA Conference on March 4th, Cyber Defense Magazine announced Avanan as a recipient of the 2019 Infosec Awards, which honors "bold,...

Read more

The-NoRelationship-Attack-Bypasses-Office-365-Email-Attachment-Security-Featured

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and...

Read more

Z-WASP-Vulnerability-Used-to-Phish-Office-365-and-ATP-Featured

Z-WASP Vulnerability Used to Phish Office 365 and ATP

Executive Summary: The name Z-WASP references the zero-width space (‌) that hackers added to the middle of a malicious URL within the RAW HTML of the email. Wi...

Read more

ATP-Anti-Phishing-Compared-to-Avanan-Featured

ATP Anti-Phishing Compared to Avanan

Microsoft Advanced Threat Protection (ATP) serves a real need when it comes to fortifying the basic anti-phishing, anti-virus, and anti-malware that make up EOP, whi...

Read more

1 2 3 4 5
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial