InfoSecBulletin Cybersecurity for mankind
Around 3.3 million servers are running POP3/IMAP email services without encryption (TLS) enabled, the Shadowserver Foundation, a nonprofit security organization, has discovered. Most of these servers reside in the US, Germany, and Poland.
POP3 (Post Office Protocol version 3) is an aging protocol used by email clients to retrieve emails from a mail server. It is often used alongside the newer protocol IMAP (Internet Message Access Protocol).
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets
Evaly E-commerce Platform Allegedly Hacked
The Shadowserver Foundation tracks 3.3 million POP3/IMAP servers along the globe that do not have TLS encryption.
“It’s time to retire those services!” the organization warns.
“We have started notifying about hosts running POP3/IMAP services without TLS enabled, meaning usernames/passwords are not encrypted when transmitted. We see around 3.3M such cases with POP3 & a similar amount with IMAP (most overlap).”
Almost 900,000 of these servers are from the US, while Germany follows in second place with 523,000 servers. Poland and Japan are next on the list, with 381,800 and 301,800 unprotected servers, respectively.
Users of such email services should be aware that anyone with basic network monitoring tools can intercept their communications and steal their credentials.
“Note that regardless of whether TLS is enabled or not, service exposure may enable password-guessing attacks against the server,” the Shadowserver Foundation said.
