A sophisticated phishing campaign exploiting authentication vulnerabilities in a major email service provider has security leaders on alert, as threat actors demonst...
A sophisticated phishing campaign exploiting authentication vulnerabilities in a major email service provider has security leaders on alert, as threat actors demonst...
More than 90% of cyber attacks start with a malicious email. Although security leaders need to invest heavily in technical controls, they also need to attend to the ...
I bet you would never have guessed you’d hear those words out of my mouth. But the truth really is competition makes us all better. With competition we are incented ...
A sophisticated phishing campaign exploiting authentication vulnerabilities in a major email service provider has security leaders on alert, as threat actors demonst...
In a troubling trend sweeping across the business landscape, cyber criminals are turning to invoice fraud in order to target small and medium-sized businesses. These...
Overview: A sophisticated new supply chain attack, dubbed PoisonSeed, is systematically compromising customer relationship management (CRM) and bulk email providers ...
Since the initial discovery of Morphing Meerkat, a Phishing-as-a-Service (PhaaS) platform first identified in 2020, the platform has evolved significantly.
In 2024, 259 million Americans, or 76% of the population, experienced the effects of health-related data breaches. Nearly 50% of cyber security professionals in the ...
Cyber criminals have launched a sophisticated phishing campaign that exploits the trusted reputation of Semrush — an SEO firm that's captured 40% of Fortune 500 bran...
Around the world, organizations are leveraging QR codes to simplify the way in which they conduct business. Whether that means offering QR code-based rebates, coupon...
The March 31st deadline for PCI DSS 4.0 compliance is rapidly approaching. Across the globe, organizations are racing to ensure that their systems meet the new manda...
Overview: Federal cybersecurity agencies have issued an urgent warning about the growing threat of Medusa ransomware, which has significantly expanded its operations...
Overview: A sophisticated phishing operation has emerged as a significant concern for the hospitality sector. The campaign leverages innovative social engineering te...
Email security isn’t just another box to check – it’s the digital front door to your organization, where more than 90% of cyber attacks begin. As cyber threats conti...
Overview: The U.S. Federal Bureau of Investigation (FBI) has recently released an urgent advisory pertaining to a sophisticated email-based extortion campaign. The c...
Overview: Cyber security researchers have discovered a new and sophisticated cyber attack campaign that’s predicated on social engineering and remote access tool use...
Overview: A sophisticated botnet comprised of over 130,000 compromised devices is orchestrating large-scale password spraying attacks against Microsoft 365 accounts ...
Overview: In a newly observed scam, Check Point researchers found 200,000 phishing emails that abused URL information to obfuscate phishing links. The scam was first...
Check Point researchers have discovered an extremely sophisticated attack, perpetrated by nation state threat actors, that targeted the CEO and a high-ranking employ...
Facebook is the most popular social network worldwide, outperforming every other competitor for reach and active users, according to Statista. Further, according to ...
Recently, within the span of a week, a new and extensive phishing campaign compromised more than 7,300 businesses and 40,000 individuals around the world. The most h...
Starting in October of 2024, cyber security researchers have observed the Black Basta ransomware group’s deployment of new payloads – Zbot and DarkGate malware – via...
Overview: As the holiday shopping season reaches its peak with Cyber Monday, organizations are contending with high levels of cyber risk.
Overview: In a campaign targeting hundreds of organizations worldwide, cyber criminals are exploiting Microsoft Visio files (.vsdx) and SharePoint to execute two-ste...
Campaign Overview:
Attack overview: A novel cyber threat, known as an “email bomb” attack, is affecting organizations and individuals around the globe. The threat involves flooding use...
The U.S. Federal Bureau of Investigation has issued a new warning around the cyber criminal theft of “remember me” cookies. What’s Happening Cyber criminals are dire...
Cyber security researchers from Avanan have recently identified a concerning phishing campaign that leverages Google Apps Script macros – a tool used to automate tas...
What is a BEC Threat? Business Email Compromise (BEC) is a type of cyber threat that aims to manipulate people into acting in the interests of a cyber criminal. Thes...
EXECUTIVE SUMMARY: Software-as-a-Service platforms and their clients face an insidious type of phishing-based threat. Organizations that fail to get ahead of it can ...
The recent global computer outage caused by a CrowdStrike update stands as a poignant reminder of the profound pressures faced by professionals in this field. While ...
Earlier this year, we reported on Zero-Click Attacks in Microsoft Outlook that could compromise a user without them taking any action. Cyber Security News recently r...
Microsoft Teams is a popular communication channel for many organizations.
Quishing—QR code phishing—is a rapidly evolving threat. Starting around August, when we saw the first rapid increase, we’ve also seen a change in the type of QR code...
The 2024 Verizon Data Breach Investigations Report (DBIR) is always one of the most hotly anticipated cyber security reports and this year it has been released chock...
When it comes to innovation in email security, no one can come close to our track record.
Shein is one of the most popular shopping apps in the world. In fact, it’s the second most downloaded shopping app globally, with over 251 million downloads.
QR Code phishing—or Quishing—has continued to be a hot topic in email security.
Since our inception, we've prided ourselves on "catching what Microsoft misses." We scan every email that Microsoft lets through and give it a thumbs up or down, pro...
In today's rapidly evolving digital landscape, email remains a critical artery of communication for organizations worldwide. However, this indispensable tool is also...
As we navigate deeper into the digital age, the omnipresence of AI (Artificial Intelligence) in cybersecurity narratives has become undeniable. With every vendor cla...
The digital transformation journey has led many organizations toward cloud-based email systems, a move that has significantly altered the cybersecurity landscape. Th...
Miercom assessed the five top security vendors' Zero Trust Platforms, comparing their security efficacy, ease of use, breadth and comprehensiveness.
Ransomware and malware remain a primary concern for organizations. In 2023, 1 in every 10 organizations worldwide was hit with an attempted ransomware attack, a 33% ...
Mail Exchange records—or MX Records—is a public way of notating the mail server responsible for receiving and sending messages. Think of it like a public address, si...
New research by Check Point has found a significant security vulnerability in Microsoft Outlook, known as the #MonikerLink bug. The bug exploits the way Outlook proc...
Are you frustrated with the lack of effectiveness in your email security measures? Despite investing in various solutions, you may still be vulnerable to cyber threa...
Temu, an international online e-commerce store that has quickly gained prominence, offers discounted goods directly shipped to consumers without intermediate distrib...
Phishing attacks have become increasingly sophisticated, and one of the latest threats targeting Microsoft 365 users is the fake invoice phishing scam. This scam aim...
Account takeover is a growing concern in the world of email security. Cybercriminals are constantly finding new ways to gain unauthorized access to email accounts, a...
Hackers will try just about anything to get you to click on a malicious link.
Over the summer, we saw a somewhat unexpected rise in QR-code-based phishing attacks.
Q4 2023 has come and gone, but the threat of phishing attacks remains on the rise, with "brand phishing" taking the lead. According to Check Point's 2024 Brand Phish...
In the digital age, email has become an indispensable tool for communication, especially within organizations. Services like Outlook are integral for scheduling meet...
It is officially 2024, and hearing the phrase, "new year, new you," is expected and typically indicates change (e.g., bad habits, personal development, exercise, etc...
A new report by Check Point Research illustrates a concerning rise in advanced phishing attacks that target blockchain networks by using wallet-draining techniques.
In March of 2023, Microsoft confirmed a zero-click attack in Outlook that would compromise the end-user without them doing anything. They don’t need to click a link ...
Would you believe that many API-based email security solutions don't look at malware?
Many Phishing attacks include password-protected attachments as a means to avoid inspection. These attacks often employ very simple techniques to prevent security so...
You have a spam and phishing problem.
Need to improve your email security? It doesn't take long. In just a few clicks, you can set up Avanan and immediately see the results. Don't believe us? See it for ...
We’ve been writing extensively about BEC 3.0 attacks.
Threat actors have long taken advantage of current events -- from natural disasters to regional holidays and cultural moments -- to deceive people.
Recently, we've seen a large rise in QR-code, or Quishing, attacks. These QR codes are delivered via email and contain a link to a malicious credential harvesting pa...
One person's spam is another person's newsletter. These differing opinions in how end-users view emails fall into a larger category called graymail. It could be a sp...
Cybercriminals are launching incredibly sophisticated "quishing” campaigns armed with malicious QR codes. Attack volumes have grown 2,400% since May, including an at...
Recently, we've seen a lot of news about Quishing--or QR Code phishing. This is when the link behind a QR code is malicious, but the QR code itself is not. There was...
The hottest trend in the world of email security is quishing or QR Code phishing.
When someone takes over an account via email, they usually do one of the following actions:
DLP serves as a crucial tool for preventing and controlling the sharing of sensitive information with external parties.
Account takeovers happen when an outside actor gains access to an email account. This can happen through a number of ways, from standard brute force to more complex ...
We've been continually writing about how hackers are utilizing Google as a springboard to launch phishing attacks. The latest version of this is through Google Colle...
Recently, Check Point Research (CPR) made an alarming discovery in Latin America - an ongoing campaign deploying a fresh variant of the BBTok banking malware. This n...
Recently, we've seen a lot of news about Quishing--or QR Code phishing. This is when the link behind a QR code is malicious, but the QR code itself is not. There was...
We've been writing more and more about the ways in which hackers are utilizing Google services to launch phishing attacks. One of the ways they are doing this is by ...
BEC attacks are financially damaging and difficult to stop. It's why hackers continually launch these attacks. In this video, we break down one example of a BEC atta...
In an account takeover (ATO) attack, an attacker gains unauthorized access to the credentials for a user’s online account. This access can then be used for identity ...
Check Point researchers recently discovered a large-scale phishing campaign in Colombia targeting over 40 prominent companies. The attackers aimed to discreetly inst...
We've written a lot recently about how Google services are being utilized by hackers as a springboard for carrying out phishing attacks. One of those services is Goo...
We've written a lot about how scammers are using PayPal for BEC 3.0 scams. This means tat hackers are sending invoices directly from PayPal, not a spoofed site. That...
We’ve been talking about it week after week—hackers are using legitimate services for illegitimate means.
We first wrote about ZeroFont phishing a few years ago, and it remains one of our most viewed stories here. Why? Because it's an innovative technique that hackers ha...
A stunning new development in the world of Teams phishing was announced by Microsoft.
A new phishing campaign is taking off in MIcrosoft Teams.
Last week, we wrote about how hackers are utilizing Google Looker Studio to carry out phishing campaigns.
HTML and HTM attachments make up 50% of malicious attachments. Why are hackers resorting to this attachment form? In this video, we break it down:
Microsoft Teams is quickly becoming a burgeoning attack vector. We've written about a few new attacks recently. In this video, we break down one of them:
Today, we’re writing about cyberattacks we’re seeing via Google Looker Studio and other Google applications. Google Looker Studio is a powerful data visualization so...
By now, you know full well what BEC is. It's receiving a message, usually from someone pretending to be a higher-up, and asking for information. These are incredibly...
Zelle, the money-transfer service, is a favorite of hackers to spoof. We've written about it in detail. In this video, we walk you through what a typical Zelle scam ...
Interested in switching from your SEG and moving on to Avanan? The transition in super easy. Here's how you do it:
Whack-a-Mole is fun at the arcade--less fun if it's a staple of your email security program. But with many API solutions, playing whack-a-mole is the only option. An...
The word ransomware is enough to cause fear in any organization. But it doesn't have to be fear-inducing. Our guide provides five security measures that you can impl...
Business Email Compromise is the most financially damaging phishing attack in cybersecurity. How can your organization ensure it doesn't cause damage? This is a guid...
Our product is comprehensive, but our customers continually come to us for the following five key security issues.
We're lucky to have a ton of talented employees here at Avanan. One of them, Sr. Solutions Engineer Michael Hansen, has a wide variety of skills, including coding. A...
The NIST (National Institute of Standards and Technology) Cybersecurity Framework is a widely recognized framework that provides guidelines for improving the cyberse...
NOBELIUM--aka Midnight Blizzard, APT29, Cozy Bear--the group behind the sprawling SolarWinds attack, is at it again, with a new attack utilizing Teams.
The hottest trend in the phishing world is leveraging legitimate services to send illegitimate messages.
We’ve been writing recently about how hackers are utilizing legitimate services to send out phishing campaigns.
One of our customers uses Slack for a lot of their daily communication. The company holds a lot of data about customers, and often this is shared internally to facil...
Ads make the internet go round. And nobody does more with online ads than Google.
Google Collection is a cool tool that allows you to save links, images and videos and share them with others.
Last year, we wrote about a story we heard. Someone who was using an API-based competitor for email security told us about a mail rule they have: every email that go...
According to our own Michael Hansen, one of our Security Engineers, "One user's newsletter is another user's spam."
Executive Summary A new cyber attack targeting NATO countries supporting Ukraine during the NATO Summit shows why only a comprehensive email security solution can st...
Using the comment feature in Google Docs represents another instance in the evolution of BEC 3.0. Utilizing legitimate sites makes it easy for hackers to end up in t...
Phishing through URL-based scams is a deceitful tactic used by hackers to obtain confidential information from users by creating fake links that mimic legitimate one...
This month, Check Point celebrated 30 years as a company. This is an incredible achievement for any company.
Last week, we wrote about a new Teams malware variant making the rounds. As we wrote, the vulnerability essentially allows hackers to bypass all security measures an...
Cybercriminals have a sneaky technique up their sleeves - brand phishing, also known as brand impersonation or brand spoofing. This tactic involves assuming the iden...
A recently discovered vulnerability in Microsoft Teams has opened the door for non-employees to effortlessly send harmful files to employees without undergoing any s...
In recent months, Check Point Research has observed a surge in phishing attacks that exploit reputable online form builder services like Formspark, Formspree, EmailJ...
It is widely acknowledged in the market that organizations require an extra layer of email security to complement Microsoft's existing protection.
In June, 43% of all malicious files were PDFs, indicating a significant rise in their use for malicious purposes.
Mark Ostrowski is Head of Engineering, US East, Check Point. He has 20 years’ experience in IT security and has helped design and support some of the largest securit...
URL-based phishing tricks users into providing sensitive information to hackers through fake links that imitate legitimate ones. We've been looking at some examples ...
A majority of our customers--90%--use our patented inline mode for email security.
One of the key capabilities of an email security solution is the ability to detect anomalies. When something happens that's out of the ordinary, it can be a sign tha...
One of the biggest problems with online security is URL-based phishing. These attacks involve fake links that mimic legitimate ones, tricking users into entering sen...
Our research has revealed that credential harvesting remains the top attack vector, responsible for 59% of attacks. This malicious tactic also plays a significant ro...
Soda PDF is a popular PDF editing tool. It allows for the easy editing of PDFs–which is not always an easy thing to do–as well as various features like conversion to...
We're proud to be named a Leader in The Forrester Wave™: Enterprise Email Security, Q2 2023 report. Harmony Email & Collaboration (HEC) received the highest scor...
Botswana Power Corporation (BPC) struggled with protecting its operation and strategic infrastructure as email became the prevalent attack vector. Their needs requir...
Mark Ostrowski is Head of Engineering, US East, Check Point. He has 20 years’ experience in IT security and has helped design and support some of the largest securit...
AESI is a consulting service to electric utility generation, transmission, distribution, and independent system operators. After testing their email security effecti...
Lightbeam Health solutions help unify claims and clinical data to healthcare solutions.
GIMV secures critical investment data for many financial services. However, their challenge to protect their cloud IT strategies and manage an ever-changing landscap...
Ayesa is a technology solution to assist engineering, technology, and consulting agencies. After facing multiple sophisticated threats to their cloud-based platforms...
Aalborg Kommune wanted a solution providing consistent email security covering Microsoft 365 and cloud-based platforms. However, to relieve the burden from their sup...
A large manufacturing company, Midwest Rubber, needed to protect their company from malware, phishing, and malicious attacks while simplifying management complexity....
Successful hacks rarely spell out what’s about to happen.
When it comes to spear-phishing, the force a threat actor takes to impact its victim can produce equal (if not greater) damage, and one way of doing so is using the ...
We've talked a lot about the Zero-Click attack that was recently propagated on Outlook. It allows for a damaging attack that steals NTLM hashes (the form in which Wi...
ChatGPT doesn't actually "know" anything (it's a statistical program), but if it's going to have a sentient sense of anything, it's probably going to be about AI its...
Canal Bank helps protect Panama's commercial clients. With sensitive data to protect, Canal Bank needed a solution to defend its Office 365 users from malware, phish...
Email threats continue to increase. In the first half of 2022, according to Check Point Research, email-delivered attacks reached 89% of all in-the-wild attacks.
Regina Miracle is a leading intimate wear, sportswear, and personal protective equipment manufacturer. After failed attempts from Microsoft to protect their Office 3...
Quectel is a global IoT solution based in Shanghai and has faced increasing risks for cyber-attacks, with ransomware being the primary weapon. Needing a comprehensiv...
One of our key features for blocking compromised accounts is our auto-blocking feature.
There is an AI arms race in all industries, and nowhere is that more apparent than in email security.
Organizations know that today’s email threats mandate layered security and require the deployment of another email security solution on top of Microsoft’s, whether i...
We have been tracking the next wave of Business Email Compromise attacks. It relies on the use of legitimate services to unleash attacks. There’s nothing fake or spo...
Data loss prevention is a key part of any email security solution. Preventing sensitive data from getting into the wrong hands is an essential part of what we do.
We've written extensively about the tremendous wave of attacks that are being originated from PayPal.
UPDATE, 5/2/23: On Tuesday, 5/2/23, Avanan researchers and members of Linktree’s security and trust team spoke via video conference. The two companies spoke in more ...
Zelle, the widely used and highly acclaimed money-transfer service, is now a prime target for cybercriminals. The simplicity of sending funds to friends or businesse...
The new wave of phishing that we’ve talked a lot about is BEC 3.0. Essentially, it’s the ability for hackers to sign up for a free account somewhere, send out an inv...
One of the key tenants of email security is detecting anomalies. When something happens that's out of the ordinary, it can be a sign that malicious behavior is afoot...
We’ve redefined email security a number of times.
Customers that use gateways like Mimecast, Proofpoint, Barracuda and IronPort might be susceptible to email attacks that other Office 365 and Gmail customers are not...
Email messages aren’t always what they seem. We talk often about how hackers obfuscate text and code within messages. That can be an effective way to bypass security...
Ever feel like you're playing whack-a-mole when it comes to your email security? Ever feel like you're Bill Murray chasing after that gopher?
Avanan started in 2015 with a simple premise, that securing email in the cloud required a new approach. We did that with our patented solution, securing Microsoft 36...
Proofpoint ,Mimecast, Barracuda and IronPort are traditional email security gateways that redirect traffic through a cloud-based proxy before it reaches the email se...
The Check Point and Avanan ethos has always been Prevention First. We've explained to customers the importance of blocking attacks before an end-user has a chance to...
The majority of companies still use legacy gateways to protect their email. More and more, however, companies, are realizing the limitations of this approach, was or...
Before email services like Office 365 and Gmail became popular, gateway architecture was the only deployment model for email security. Unfortunately, it is just not ...
Let’s be honest. From being a noun or a verb to describing social media or fashion, “what’s trending” is a term gaining steam. However, whether the trend is popular,...
One of the most spoofed brands in phishing attacks is Microsoft.
Avanan customers are protected against a new vulnerability, CVE-2023-23397.
Business Email Compromise (BEC) attacks have overwhelmed traditional email security providers because they don’t rely on URLs or malicious attachments to compromise ...
Email gateways were designed to scan and block inbound messages. Their visibility and enforcement is limited to just email. They are unable to take action against an...
According to Gartner, only 7% of organizations inspect their internal email. This is despite the fact that the last five years have seen a rise in internal threat ac...
Both Microsoft 365 and G-Suite include their own email filters for spam, phishing and malware. When you deploy an external email gateway, however, you must put them ...
We see phishing campaigns all the time--dedicated, long-standing attempts to hit end-users.
Hackers always try to prey on end-users’ fear, uncertainty, and doubt. It’s all about tricking end-users into doing something they don’t want to do–namely, handing o...
Do you have a handle on how your SOC is handling phishing? More specifically, do you know how they are responding to end-user requests to restore messages and report...
Amazon is beyond convenient.
Ransomware. The word is enough to send shivers down any IT professional's spine.
The state of email security is a growing concern among IT and security decision-makers.
Governments are among the most attacked industries in the world. Why? Because they hold incredible amounts of data. That data is gold for hackers.
Traditional phishing emails have followed the same set-up for decades – a malicious attachment or URL embedded in the email.
Security services have a problem and it’s called BEC 3.0.
Dynamics 365 Customer Voice is a Microsoft product that is used primarily to gain feedback from customers.
We have all had the unpleasant experience of dealing with a used car salesperson. We all know the drill. They try to strongarm you with multiple different tactics th...
An individual’s inbox is a mixture of personal and professional information that many organizations feel is safe with complex passwords and security questions.
One of the most financially devastating attacks is Business Email Compromise (BEC). In 2021, the FBI found that BEC-related complaints added up to $2.4 billion. For ...
Business Email Compromise attacks are one of the fastest-growing and most difficult-to-stop attacks in the cybersecurity space. There are a number of variants, but i...
Experience the power & simplicity.
Contact Sales
Contact Support
