Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Researcher warns that Cisco Secure Email Gateways can easily be circumvented

A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. The researcher pointed out […]

Cisco Catalyst

A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails.

An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails.

The researcher pointed out that the attack complexity is low, it also added that working exploits have already been published by a third party. The expert disclosed the technique within a coordinated disclosure procedure.

Cisco Secure Email Gateway

“This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame.” wrote the researcher on the Full Disclosure mailing list. “As the attack complexity is low and exploits have already been published by a third party there must be no further delay in making the threads publicly known.”

The researchers explained that Cisco Secure Email Gateways can be circumvented by a remote attacker that leverages error tolerance and different MIME decoding capabilities of email clients.

The methods disclosed by the researcher could allow attackers to bypass Cisco Secure Email Gateway, they work against several email clients, such as Outlook, Thunderbird, Mutt, and Vivaldi.

The three methods are:

  • Method 1: Cloaked Base 64 – This exploit was successfully tested with a zip file containing the Eicar test virus and Cisco Secure Email Gateways with AsyncOS 14.2.0-620, 14.0.0-698, and others. The method impacts several Email Clients, including Microsoft Outlook for Microsoft 365 MSO (Version 2210 Build 16.0.15726.20070) 64-bit, Mozilla Thunderbird 91.11.0 (64-bit), Vivaldi 5.5.2805.42 (64-bit), Mutt 2.1.4-1ubuntu1.1, and others.
  • Method 2: yEnc Encoding – This exploit was successfully tested with a zip file containing the Eicar test virus and Cisco Secure Email Gateways with AsyncOS 14.2.0-620, 14.0.0-698, and others. The method impacts Mozilla Thunderbird 91.11.0 (64-bit) email client.
  • Method 3: Cloaked Quoted-Printable – This exploit was successfully tested with a zip file containing the Eicar test virus and Cisco Secure Email Gateways with AsyncOS 14.2.0-620, 14.0.0-698, and others. The method impacts Vivaldi 5.5.2805.42 (64-bit) and Mutt 2.1.4-1ubuntu1.1 Email Clients.

Cisco published a bug report warning of an issue in the Sophos and McAfee scanning engines of Cisco Secure Email Gateway that could allow an unauthenticated, remote attacker to bypass specific filtering features.

“The issue is due to improper identification of potentially malicious emails or attachments. An attacker could exploit this issue by sending a malicious email with malformed Content-Type headers (MIME Type) through an affected device.” reads the alert. “An exploit could allow the attacker to bypass default anti-malware filtering features based on the affected scanning engines and successfully deliver malicious messages to the end clients.”

The issues impact devices running with a default configuration.

The researcher explained that the code employing the attack methods, and many similar techniques to manipulate MIME encoding, are implemented in an open-source Toolkit for generating and testing bad MIME that is available on GitHub.

known for many years and have been found in the products of several vendors.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco Secure Email Gateways)

[adrotate banner=”5″]

[adrotate banner=”13″]