Securolytics claims it has devised an exploit that allows an attacker to bypass an organization’s email security gateway and directly unload malware on the email server by using the encryption device as a backdoor. Attackers can use the exploit to inject any payload that supports MIME encoding including ransomware, macro viruses and password protected ZIP files. The company tested the exploit against two organizations and was able to bypass email security controls in both cases and have malicious email reach the server. The only way for organizations using encryption appliances to mitigate the threat is to disable transparent gateway-to-gateway encryption.”]