Security News

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking
2021-05-08 04:47

Exim is a popular mail transfer agent used on Unix-like operating systems, with over 60% of the publicly reachable mail servers on the Internet running the software. A Shodan search reveals nearly four million Exim servers that are exposed online.

Raft of Exim Security Holes Allow Linux Mail Server Takeovers
2021-05-05 18:15

A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution, gaining root privileges and worm-style lateral movement, according to researchers. "Exim Mail Servers are used so widely and handle such a large volume of the internet's traffic that they are often a key target for hackers," Jogi said, noting that last year, a vulnerability in Exim was a target of the Russian advanced persistent threat known as Sandworm.

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk
2021-05-05 17:20

Researchers at security biz Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain "a full remote unauthenticated code execution and gain root privileges on the Exim Server." Exim is a mail transfer agent, responsible for receiving and forwarding email messages.

21 vulnerabilities found in Exim, update your instances ASAP!
2021-05-05 09:10

A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4.94.2, and the software maintainers advise users to update their instances as soon as possible, as all versions of Exim previous to version 4.94.2 are now obsolete.

Qualys Flags Gaping Security Holes in Exim Mail Server
2021-05-04 19:31

Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws. Security researchers at Qualys have discovered multiple gaping security holes in Exim, a widely deployed mail server that has been targeted in the past by advanced nation state-based threat actors.

Critical 21Nails Exim bugs expose millions of servers to attacks
2021-05-04 15:46

Newly discovered critical vulnerabilities in the Exim mail transfer agent software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations. All versions released before Exim 4.94.2 are vulnerable to attacks attempting to exploit the 21Nails vulnerabilities.

Several Exim Vulnerabilities Exploited in Russia-Linked Attacks
2020-06-02 16:24

Several vulnerabilities affecting the Exim mail transfer agent have been exploited by Russia-linked hackers, and administrators have been urged to patch immediately, but hundreds of thousands of servers remain unpatched. The U.S. National Security Agency issued an alert last week to urge users to update their Exim servers to version 4.93 or newer, as earlier versions are impacted by vulnerabilities that have been exploited by a hacker group with ties to the Russian military.

NSA Publishes IOCs Associated With Russian Targeting of Exim Servers
2020-05-29 15:31

The U.S. National Security Agency on Thursday published information on the targeting of Exim mail servers by the Russia-linked threat actor known as Sandworm Team. The open-source Exim mail transfer agent is used broadly worldwide, powering more than half of the Internet's email servers and also being pre-installed in some Linux distributions.

NSA warns about Sandworm APT exploiting Exim flaw
2020-05-29 10:36

The Russian APT group Sandworm has been exploiting a critical Exim flaw to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday. Attackers started exploiting it to compromise Linux servers and instal cryptocoin miners on them, and Microsoft warned about a Linux worm leveraging the flaw to target Azure virtual machines running affected versions of Exim.

It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously
2020-05-29 06:08

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists. The American surveillance super-agency said [PDF] on Thursday the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent that was fixed last June.