Connect with us

Hi, what are you looking for?


Email Security

Flaws in Email and Web Filtering Solutions Expose Organizations to Attacks: Researcher

Today at the Black Hat security conference in Las Vegas, a researcher demonstrated how weaknesses in email and Web filtering solutions can be leveraged by attackers to gather valuable information which they can use in their operations.

Today at the Black Hat security conference in Las Vegas, a researcher demonstrated how weaknesses in email and Web filtering solutions can be leveraged by attackers to gather valuable information which they can use in their operations.

In his presentation, Ben Williams, a senior security consultant at global information assurance specialist NCC Group, showed that while email and Web filtering products and services play an important role in protecting an organization against cyber threats, their flaws can be leveraged in the reconnaissance phase of an attack.

Last year, at Black Hat Europe, Williams revealed that email and Web gateways, firewalls, remote access servers, UTM systems and other security appliances from leading vendors are riddled with vulnerabilities that could be easily exploited by a malicious actor. Now, the expert has demonstrated that if attackers can find out how an organization’s filtering solutions are configured, they can bypass security controls and efficiently target employees without being detected.

“These are vital security controls for the majority of companies, but it can be trivial for an attacker to bypass them if they know exactly what products and services are in use and how they are configured,” Williams said. “The techniques researched and developed by NCC Group provide a clear picture of the solutions’ weaknesses in advance of an attack. Organizations should reduce information disclosure and improve both policy and configuration in order to reduce potential threats from client-side attacks.”

The researcher published two whitepapers in which he presents the tools and techniques needed for the automated enumeration of email and web filtering services, products and policies.

For example, an external attacker can determine version information, hostnames, internal IP addresses and proxy ports associated with the email/Web filtering services, software and appliances that are in use. An attacker can also access information on filtering policies, which can enable him to identify policy or configuration loopholes. The ability of products and services to handle the identification of hidden threats in more “challenging” formats can also be determined, Williams noted in his papers.

In the case of Web filtering solutions, an attacker can also find out whether any inspection or blocking is being done for HTTPS, and he can detect installed desktop antivirus products through their browser plugins.

Advertisement. Scroll to continue reading.

Williams believes that the enumeration techniques he has identified can be very useful to IT security teams for spotting weaknesses and misconfiguration, and to help them assess the capabilities of filtering products and services. Detailed recommendations are included in both whitepapers.

The whitepapers on email filtering solutions and web filtering solutions are available for download.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.