NSA Warns of New Sandworm Attacks on Email Servers (zdnet.com) 21
The US National Security Agency (NSA) has published a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia's most advanced cyber-espionage units. From a report: The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA). Also known as "Sandworm," this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability tracked as CVE-2019-10149, the NSA said in a security alert shared today with ZDNet. "When Sandworm exploited CVE-2019-10149, the victim machine would subsequently download and execute a shell script from a Sandworm-controlled domain," the NSA says.
Re: (Score:2, Interesting)
They are getting ready for the election.
Re: (Score:1)
Who are the Russians going to make us vote for this time? Is there a mailing list where they send out the announcement?
Re: (Score:1)
If Biden wins it’s a completely accurate vote that proves that America hates Trump.
If Trump wins it’s further proof that he stole the election with help from Russia and we must investigate and recount until Trump loses and if Trump still wins then he must be impeached again for working with Russia for winning.
This is Democracy as it’s practiced now.
Re: (Score:1)
You forgot to blame the Democrats for the fake COVID-19 pandemic.
I know, I know, it's a busy time and you're having a hard time keeping up with all the conspiracy theories. Fortunately there are lots of online tools designed to help you stay organized - just be sure to avoid the ones which are tracking you and attempting to steal your life force.
Re: (Score:2)
Election or not Election, this is budget time. Of course the bit they left out, how they found those pesky Russian IPs attacking (like any respectable spy agency would used IPs out of their own headquarters address range, they would use random IPs and MACs plucked from far and wide randomly), they noticed them when the NSA was hacking those severs themselves, probably using servers in Russia as the attack machines, they can rent them just like any one else across the entire planet.
Can't resist... (Score:3)
"Usul, We have worm sign the likes of which even GOD has never seen!"
Re:Can't resist... (Score:5, Funny)
Re: (Score:1)
I was thinking more along the lines of:
Beetlejuice!
BeetleJuice!!
BEETLEJUICE!!!
Re: (Score:2)
How are we supposed to know that? All Russians are vodka soaked slobs.
Scared me for a minute (Score:2)
Re: (Score:2)
I could use a sandworm attack right now, it would be a nice diversion!
Reminds me.... (Score:2)
I have to get my copy of Dune out to re-read in time for the remake.
Thanks for the reminder.
Re: (Score:1)
Another remake? My Sci-fi-Fu has failed me, I hadn't heard..
The patch has been out for months (Score:2)
exim.org CVE-2019-10149 (Score:3, Informative)
https://www.exim.org/static/doc/security/CVE-2019-10149.txt [exim.org]
Timeline
We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.
A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.
The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.
Exim 4.92 is not vulnerable.
Popular ? (Score:1)
Re: (Score:1)
Exim is the default on Debian based distros.