Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security IT Technology

NSA Warns of New Sandworm Attacks on Email Servers (zdnet.com) 21

The US National Security Agency (NSA) has published a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia's most advanced cyber-espionage units. From a report: The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA). Also known as "Sandworm," this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability tracked as CVE-2019-10149, the NSA said in a security alert shared today with ZDNet. "When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain," the NSA says.
This discussion has been archived. No new comments can be posted.

NSA Warns of New Sandworm Attacks on Email Servers

Comments Filter:
  • by the_skywise ( 189793 ) on Friday May 29, 2020 @11:51AM (#60121308)

    "Usul, We have worm sign the likes of which even GOD has never seen!"

  • I misread that as "NASA Warns of New Sandworm Attacks..." at first. Damn sandworms.
  • I have to get my copy of Dune out to re-read in time for the remake.

    Thanks for the reminder.

  • Upgrade! No fuss, no muss, apply the patch and go.
  • by olfdag_kerfunke ( 6260520 ) on Friday May 29, 2020 @01:27PM (#60121744)

    https://www.exim.org/static/doc/security/CVE-2019-10149.txt [exim.org]

    Timeline

    * 2019-05-27 Report from Qualys to exim-security list
    * 2019-05-27 Patch provided by Jeremy Harris
    * 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat
    * 2019-06-03 This announcement to exim-users, oss-security
    * 2019-06-04 10:00 UTC Grant restricted access to the non-public Git repo.
    * 2019-06-04 This announcement to exim-maintainers, exim-announce, distros
    * 2019-06-05 15:15 UTC Release the fix to the public

    We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.

    A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

    The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

    Exim 4.92 is not vulnerable.

  • How popular is exim ? Isn't postfix the installed default on many distros.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...