December 18, 2023 at 03:20PM
Attackers have developed a novel method called “SMTP smuggling” to exploit vulnerabilities in email servers, allowing them to send spoofed emails from legitimate domains and bypass email security checks. This technique affects servers from Microsoft, GMX, and Cisco, potentially putting organizations at risk for targeted phishing attacks. Microsoft and GMX have patched their flaws, but Cisco has not.
From the meeting notes, the key takeaways are:
1. A new method called “SMTP smuggling” allows attackers to exploit vulnerabilities in the SMTP protocol used for sending emails, putting organizations and individuals at risk for targeted phishing attacks.
2. The technique exploits zero-day flaws in messaging servers from Microsoft, GMX, and Cisco, allowing attackers to send spoofed emails from millions of domains to millions of SMTP servers.
3. Microsoft and GMX have patched their vulnerabilities, but a potential misconfiguration in Cisco Secure Email remains unaddressed.
4. SMTP smuggling allows malicious emails to bypass email protection protocols such as DMARC, SPF, and DKIM, enabling threat actors to send advanced phishing mails or create spear-phishing attacks.
5. The researchers recommend that organizations using Cisco Secure Email Gateway to change the default settings to protect against potential attacks.
6. Organizations are advised to maintain vigilance and perform periodic awareness trainings to avoid compromise through this attack vector.