Security News > 2020 > May > It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously
The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists.
The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent that was fixed last June.
"The Russian actors, part of the General Staff Main Intelligence Directorate's Main Center for Special Technologies, have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attacker's dream access - as long as that network is using an unpatched version of Exim MTA," the NSA said.
Because Exim is widely used on millions of Linux and Unix servers for mail, bugs in the MTA are by nature public-facing and pose an attractive target for hackers of all nations.
The exploit of CVE-2019-10149 by the Sandworm crew has been on-going since August, the NSA said.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/29/nsa_warns_of_gru/
Related news
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-05 | CVE-2019-10149 | OS Command Injection vulnerability in multiple products A flaw was found in Exim versions 4.87 to 4.91 (inclusive). | 9.8 |