CyberSecurityBoard
Sponsor Register Login

SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols

A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms.
SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC Consult, a cybersecurity consultancy that is part of digital transformation company Eviden.
The attack technique, whose details were disclosed on Monday, targets the Simple Mail Transfer Protocol, which is widely used by mail servers to send, receive, and relay emails.
Longin and SEC Consult showed that an attacker can abuse differences in the way outbound and inbound SMTP servers interpret a sequence indicating the end of message data.
Using SMTP Smuggling, an attacker can send out a spoofed email purporting to come from a trusted domain and bypass the SPF, DKIM and DMARC email authentication mechanisms, which are specifically designed to prevent spoofing and its use in spam and phishing attacks.
An analysis found that the attack technique could allow an attacker to send emails spoofing millions of domains, including ones belonging to high-profile brands such as Microsoft, Amazon, PayPal, eBay, GitHub, Outlook, Office365, Tesla, and Mastercard.
The attack was demonstrated by sending spoofed emails apparently coming from the address 'admin(at)outlook.com'.
Attacks against these domains are possible - or were possible, because some vendors have applied patches - due to the way a handful of major email service providers set up SMTP servers.
The vendors identified by the researchers are GMX, Microsoft and Cisco.
The findings were reported to these vendors in late July.
Microsoft assigned it a 'moderate severity' rating and rolled out a patch sometime in the middle of October.
Cisco, on the other hand, does not view it as a vulnerability and SEC Consult says SMTP Smuggling still works against the default configuration of Cisco Secure Email instances.
Changing the configuration of the product prevents SMTP Smuggling attacks.
The cybersecurity firm pointed out that while SMTP Smuggling can help bypass email authentication mechanisms, spam filters may still catch the spoofed emails based on their content or other factors.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 18 Dec 2023 14:43:07 +0000


Cyber News related to SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols

SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
6 months ago Securityweek.com
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms. SMTP Smuggling was discovered by Timo Longin, a researcher known for DNS attacks, in collaboration with SEC ...
6 months ago Packetstormsecurity.com
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin - On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability ...
5 months ago Wordfence.com
CVE-2024-27305 - aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By ...
3 months ago
Selecting an Authentication Protocol for Your Business - Authentication protocols serve as the backbone of online security, enabling users to confirm their identities securely and access protected information and services. The protocols exchange information to verify the validity of the authentication ...
2 months ago Darkreading.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
4 months ago Gbhackers.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
6 months ago Securityboulevard.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
1 year ago Heimdalsecurity.com
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
4 months ago Feeds.dzone.com
How many types of Network Security protocols exist - Network Security protocols are designed to safeguard computer networks from unauthorized access, data breaches, and other cyber threats. Secure Sockets Layer / Transport Layer Security: SSL and its successor TLS are cryptographic protocols that ...
5 months ago Cybersecurity-insiders.com
Russian-Backed Hackers Target High-Value US, European Entities - Hackers linked to Russia's military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North ...
6 months ago Securityboulevard.com
CVE-2024-27938 - Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming ...
3 months ago
How to Encrypt Emails in Outlook? - If you are sending out a confidential email and are scared of its content getting tampered with in transit, then you should learn how to encrypt an email in Outlook. As of 2023, the global email encryption market size is USD 6.2 billion, which is ...
6 months ago Securityboulevard.com
How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
5 months ago Securityboulevard.com
Security Boulevard - With the rising volume of fraudulent emails and AI-enhanced phishing scams, industry giants such as Google, Yahoo, and Microsoft have doubled their email security efforts. DMARC builds on two existing email authentication technologies: Sender Policy ...
5 months ago Securityboulevard.com
How to report Gmail messages as spam to improve your life and make you a hero - At the same time, I've seen the continual rise of spam. We all know what spam is and nobody enjoys having to constantly sift through those unwanted emails to get to those we want to read. And yet so many simply delete spam from the inbox and think ...
6 months ago Zdnet.com
Hackers Use Fake DocuSign Templates to Scam Organizations - A surge in phishing attacks that use emails appearing to be from DocuSign is being fueled by a Russian dark web marketplace that has a wide range of take templates and login credentials. Eventually, the search led them to the Russian marketplace, ...
1 month ago Securityboulevard.com
New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes - PRESS RELEASE. 20 December 2023 - New data from EasyDMARC has revealed the increasing threat of phishing as emails intercepted by the DMARC software grew over 7.5% from January 2022 to November 2023 proportionally. The new research conducted by the ...
6 months ago Darkreading.com
Google to block mass emails to its Gmail users from April 2024 - In April 2024, Google has announced a significant move to block all mass emails targeted at its Gmail users. This decision, made official by Alphabet Inc.'s subsidiary, signifies a shift in digital communication practices and imposes stricter ...
4 months ago Cybersecurity-insiders.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
4 months ago Darkreading.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
5 months ago Securityzap.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
6 months ago Techtarget.com
Integris Health patients get extortion emails after cyberattack - Integris Health patients in Oklahoma are receiving blackmail emails stating that their data was stolen in a cyberattack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors. Integris ...
6 months ago Bleepingcomputer.com
CVE-2023-38686 - Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via ...
10 months ago
Biometric Authentication: Advancements and Challenges - Advancements in technology are driving the world of biometric authentication into a realm where one's very being serves as the key to accessing secure systems. The Evolution of Biometric Technology has significantly transformed the landscape of ...
3 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)