CyberSecurityBoard
Sponsor Register Login

SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols

A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms.
SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC Consult, a cybersecurity consultancy that is part of digital transformation company Eviden.
The attack technique, whose details were disclosed on Monday, targets the Simple Mail Transfer Protocol, which is widely used by mail servers to send, receive, and relay emails.
Longin and SEC Consult showed that an attacker can abuse differences in the way outbound and inbound SMTP servers interpret a sequence indicating the end of message data.
Using SMTP Smuggling, an attacker can send out a spoofed email purporting to come from a trusted domain and bypass the SPF, DKIM and DMARC email authentication mechanisms, which are specifically designed to prevent spoofing and its use in spam and phishing attacks.
An analysis found that the attack technique could allow an attacker to send emails spoofing millions of domains, including ones belonging to high-profile brands such as Microsoft, Amazon, PayPal, eBay, GitHub, Outlook, Office365, Tesla, and Mastercard.
The attack was demonstrated by sending spoofed emails apparently coming from the address 'admin(at)outlook.com'.
Attacks against these domains are possible - or were possible, because some vendors have applied patches - due to the way a handful of major email service providers set up SMTP servers.
The vendors identified by the researchers are GMX, Microsoft and Cisco.
The findings were reported to these vendors in late July.
Microsoft assigned it a 'moderate severity' rating and rolled out a patch sometime in the middle of October.
Cisco, on the other hand, does not view it as a vulnerability and SEC Consult says SMTP Smuggling still works against the default configuration of Cisco Secure Email instances.
Changing the configuration of the product prevents SMTP Smuggling attacks.
The cybersecurity firm pointed out that while SMTP Smuggling can help bypass email authentication mechanisms, spam filters may still catch the spoofed emails based on their content or other factors.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 18 Dec 2023 14:43:07 +0000


Cyber News related to SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols

SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
1 year ago Securityweek.com
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
1 year ago Packetstormsecurity.com
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin - On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability ...
1 year ago Wordfence.com
CVE-2024-27305 - aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By ...
1 year ago
Selecting an Authentication Protocol for Your Business - Authentication protocols serve as the backbone of online security, enabling users to confirm their identities securely and access protected information and services. The protocols exchange information to verify the validity of the authentication ...
1 year ago Darkreading.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
10 Best Anti-Phishing Tools in 2025 - What is Good?What Could Be Better?Real-time email threat detection and response using AI and machine learning.Limited customer support optionsAutomates incident response to stop phishing attacks quickly.The training module is not entirely ...
2 months ago Cybersecuritynews.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
HTTP Smuggling Attack: What You Need to Know - HTTP Smuggling Attack is a sophisticated cyber threat exploiting inconsistencies in HTTP protocol parsing between front-end and back-end servers. This vulnerability allows attackers to bypass security controls, manipulate web traffic, and potentially ...
1 month ago Cybersecuritynews.com CVE-2023-12345 CVE-2024-67890 APT29 Lazarus Group
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
How many types of Network Security protocols exist - Network Security protocols are designed to safeguard computer networks from unauthorized access, data breaches, and other cyber threats. Secure Sockets Layer / Transport Layer Security: SSL and its successor TLS are cryptographic protocols that ...
1 year ago Cybersecurity-insiders.com
CVE-2024-27938 - Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming ...
1 year ago
Critical Zimbra RCE flaw exploited to backdoor servers using emails - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
1 year ago Bleepingcomputer.com CVE-2024-45519
Russian-Backed Hackers Target High-Value US, European Entities - Hackers linked to Russia's military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North ...
1 year ago Securityboulevard.com CVE-2023-23397 CVE-2023-38831 Fancy Bear APT28
How to Encrypt Emails in Outlook? - If you are sending out a confidential email and are scared of its content getting tampered with in transit, then you should learn how to encrypt an email in Outlook. As of 2023, the global email encryption market size is USD 6.2 billion, which is ...
1 year ago Securityboulevard.com
Critical Zimbra RCE flaw actively exploited to take over servers - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
1 year ago Bleepingcomputer.com CVE-2024-45519
Security Boulevard - With the rising volume of fraudulent emails and AI-enhanced phishing scams, industry giants such as Google, Yahoo, and Microsoft have doubled their email security efforts. DMARC builds on two existing email authentication technologies: Sender Policy ...
1 year ago Securityboulevard.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
1 year ago Darkreading.com
How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
1 year ago Securityboulevard.com
Hackers Use Fake DocuSign Templates to Scam Organizations - A surge in phishing attacks that use emails appearing to be from DocuSign is being fueled by a Russian dark web marketplace that has a wide range of take templates and login credentials. Eventually, the search led them to the Russian marketplace, ...
1 year ago Securityboulevard.com
New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes - PRESS RELEASE. 20 December 2023 - New data from EasyDMARC has revealed the increasing threat of phishing as emails intercepted by the DMARC software grew over 7.5% from January 2022 to November 2023 proportionally. The new research conducted by the ...
1 year ago Darkreading.com
Google to block mass emails to its Gmail users from April 2024 - In April 2024, Google has announced a significant move to block all mass emails targeted at its Gmail users. This decision, made official by Alphabet Inc.'s subsidiary, signifies a shift in digital communication practices and imposes stricter ...
1 year ago Cybersecurity-insiders.com
1000+ New Fake Domains Mimic Amazon Prime Day Registered to Hunt Online Shoppers - These attacks range from fake calls and phishing emails to malicious links and spoofed websites, all designed to trick shoppers into revealing sensitive account information or making fraudulent payments. During Amazon’s Big Spring Sale in March ...
3 months ago Cybersecuritynews.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)