Avanan Blog Attack Briefs (28)


Root-Domain-Hack-Impacts-70-of-Email-Gateway-Customers-Featured

Root Domain Hack Impacts 70% of Email Gateway Customers

Hackers are bypassing email security gateways and sending phishing emails directly to Google and Office 365 root domains. If you’re using a gateway, and your mail fl...

Read more

The-NoRelationship-Attack-Bypasses-Office-365-Email-Attachment-Security-Featured

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Avanan identified a new phishing attack that bypasses EOP (Exchange Online Protection) URL filters, which scan Office documents like Word (.docx), Excel (.xlsx), and...

Read more

Z-WASP-Vulnerability-Used-to-Phish-Office-365-and-ATP-Featured

Z-WASP Vulnerability Used to Phish Office 365 and ATP

Executive Summary: The name Z-WASP references the zero-width space (‌) that hackers added to the middle of a malicious URL within the RAW HTML of the email. With all...

Read more

Blog Post2FWebinar Images (91)

PhishPoint: New SharePoint Phishing Scam Affects an Estimated 10% of Office 365 Users

Over the past two weeks, we detected (and blocked) a new SharePoint scam phishing attack that affected about 10% of Avanan's Office 365 customers. We estimate this p...

Read more

Blog Post2FWebinar Images (87)

Fake Email Invoices: Why Office 365 Keeps Missing These Phishing Attacks?

Emails with fake invoices has been one of the most popular attack vectors against Office 365 email users for the past several years. The malicious emails are disguis...

Read more

Blog Post2FWebinar Images (84)

ACE Archives: Microsoft finally closes hole that allowed trojans to bypass Office 365 default security

For several weeks, we detected (and blocked) an attack targeting one of the largest municipalities in the U.S. that bypassed Office 365 default security, using a sim...

Read more

ZeroFont-Phishing-Manipulating-Font-Size-to-Get-Past-Office-365-Security-Featured

ZeroFont Phishing: Manipulating Font Size to Get Past Office 365 Security

Recently, we have been seeing a number of phishing attacks using a simple strategy to get their blatant email spoofs past Microsoft's phishing scans. The font manipu...

Read more

baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured

baseStriker: Office 365 Security Fails To Secure 100 Million Email Users

Update: Microsoft has repaired this vulnerability on 5/16/18, two weeks after we first reported it to them. We recently uncovered what may be the largest security fl...

Read more

Reagan Attack Featured

The "Ronald Reagan" Attack Allows Hackers to Bypass Gmail's Anti-phishing Security

We started tracking a new method hackers use to bypass Gmail's SPF check for spear-phishing. The hackers send from an external server, the user receives the email fr...

Read more

mailsploit-featured.png

Why Mailsploit Is One of the Most Dangerous New Phishing Schemes

Avanan has been catching multiple attacks against its customers using a new phishing method called Mailsploit. We have observed this attack on both Office 365 and Gm...

Read more

14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial