NSA warns of new Sandworm attacks on email servers

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://www.zdnet.com/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/
The U.S. National Security Agency (NSA) says that Russian military threat actors known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019.

The vulnerability tracked as CVE-2019-10149 and named "The Return of the WIZard" makes it possible for unauthenticated remote attackers to execute arbitrary commands as root on vulnerable mail servers — for some non-default server configurations — after sending a specially crafted email.
"When the patch was released last year, Exim urged its users to update to the latest version," the agency says. "NSA adds its encouragement to immediately patch to mitigate against this still current threat."
Click to expand...
www.zdnet.com

NSA warns of new Sandworm attacks on email servers

NSA says Russia's military hackers have been attacking Exim email servers to plant backdoors since August 2019.
www.zdnet.com www.zdnet.com
www.bleepingcomputer.com

NSA: Russian govt hackers exploiting critical Exim flaw since 2019

The U.S. National Security Agency (NSA) says that Russian military threat actors tracked as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Mercenary, silversurfer, bayasdev and 4 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
www.bleepingcomputer.com

Critical Exim bugs being patched but many servers still at risk

Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely.
www.bleepingcomputer.com www.bleepingcomputer.com
Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely.

Close to a million Exim servers are currently exposed and vulnerable, although the number is gradually getting lower every day. Exim 4.93 is currently considered a safe release.
Click to expand...
 
  • Like
  • +Reputation
  • Applause
Reactions: harlan4096, [correlate], upnorth and 1 other person
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
Millions of Exim mail servers exposed to zero-day RCE attacks
Replies
0
Views
1,345
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
Replies
0
Views
1,063
News Archive
silversurfer
silversurfer
CyberTech
    • +Reputation
    • Like
Atlassian warns of exploit for Confluence data wiping bug, get patching
Replies
0
Views
637
News Archive
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top