Russian agents have been hacking major email program

The US National Security Agency (NSA) has issued a cybersecurity advisory warning that the Russian military hacking group responsible for interfering in the 2016 presidential election has been exploiting a critical vulnerability in Exim since last August or earlier.

For those unfamiliar with Exim, the software is a mail transfer agent (MTA) that runs in the background of email servers. The software is currently the most popular MTA and a big reason for this is due to the fact that it is bundled with many popular Linux distros including Debian and Red Hat.

The timing of the NSA's advisory is a bit strange though as the critical vulnerability in Exim was identified 11 months ago and a patch has already been released to fix the issue. 

According to the president of Rendition Infosec and former US government hacker, Jake Williams who spoke with the Associated Press, Exim is so widely used that some companies and government agencies that run the software may have not yet patched the vulnerability. He believes that the NSA may have issued its new advisory to bring attention to the Russian military group known as Sandworm which has exploited the critical vulnerability in Exim in its attacks.

Sandworm

In its advisory, the NSA provided further details on the vulnerability in Exim that Sandworm is actively exploiting, saying:

“The vulnerability being exploited, CVE-2019-10149, allows a remote attacker to execute commands and code of their choosing. The Russian actors, part of the General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attacker’s dream access – as long as that network is using an unpatched version of Exim MTA.”

While the NSA did not reveal who the Russian military hackers have targeted, in recent months senior US intelligence officials have warned that Kremlin agents are currently engaged in activities online that could threaten the integrity of the country's 2020 presidential election.

Organizations and government agencies that use Exim should apply this patch immediately if they have not already done so to avoid falling victim to any potential attacks.

Via MSN



from TechRadar - All the latest technology news https://ift.tt/36KFbjX
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us