Cisco Talos has issued an alert regarding active attacks targeting Cisco’s Secure Email Gateway and Secure Email and Web Manager, previously known as ESA and SMA. These appliances are critical for filtering email threats and managing security policies within organisations. Attackers are exploiting vulnerabilities to seek privileged access, exfiltrate sensitive data, and bypass defences—risks include data loss, ransomware, and regulatory repercussions.
Immediate recommendations include updating firmware, applying security patches promptly, isolating management tools from the public internet, and regularly auditing logs for suspicious activities. Organisations relying on these systems should review update routines and consult Cisco support for mitigation guidance. Maintaining robust appliance security is vital to defending against evolving email-based threats.
Cisco Email Security Appliances Under Active Attack: Immediate Steps for Protection
