web analytics

Split Tunnel SMTP Exploit Allows an Attacker to Inject Payloads Into Email Servers

29th May 2017  By Catalin Cimpanu

 

There is a way to inject malicious content into email servers running email encryption appliances, a technique that allows attackers to go around email security products.

 

Email encryption appliances (EEAs) are hardware or virtualized devices that work together with email servers to encrypt and decrypt messages. EEAs are usually found in enterprise networks and are used to protect sensitive information exchanged via email, even if only one of the email correspondents is on a secure network.

 

Two security researchers from Securolytics — Vikas Singla & Jason Morris — discovered last week a flaw in how EEAs work, a flaw which allows an attacker to inject custom malicious emails inside EEAs. Once these emails inserted in the EEA, they flow inside a company’s internal email network infrastructure, reaching users’ inboxes.

 

                                                 Attack #1

 

Full Article.

Take a look at the best antivirus, anti-malware, anti-spy, etc. software

Powered by WPeMatico