Weekly Detection Enhancements - Week of May 29
Enhanced coverage of nested email attachments and SVG-based phishing that hides encoded content
Improved detection of phishing from new senders that disguise malicious links behind innocuous-looking text
Strengthened protection against first-time-sender phishing by correlating sender history with rare infrastructure signals
Launched detections for reply-to redirection attacks combined with anomalous content patterns uncommon to recipient’s organization
Added detections for suspicious help-desk-driven MFA resets where the actor initiating the reset is not the target user
Deployed multi-signal detections that link help-desk social engineering to follow-on sign-ins from unfamiliar IPs
