InfoSecBulletin Cybersecurity for mankind
Censys has warned that more than 1.5 million Exim mail transfer agent (MTA) instances are vulnerable to a critical security issue. This vulnerability allows threat actors to bypass security filters.
Exim developers fixed a security flaw, tracked as CVE-2024-39929, impacting versions up to 4.97.1.
Microsoft’s Alarming Report: 600 Million Cyberattacks perday
CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX
Over 90 Zero-Days, 40+ N-Days Exploited In The Wild
Oracle Security Update, 334 Vulnerabilities Patched
Chrome 130 Launches with Patches for 17 Security Vulnerabilities
Researchers Break RSA Encryption with Quantum Computing
Shadowserver's data
87000+ Fortinet devices still open to attack?
Gmail Scam Alert
Billions of Gmail users at risk from sophisticated new AI hack
RansomHub Targets Bangladeshi Confidence Group
Hackers using ChatGPT create malware, OpenAI confirm
The vulnerability is caused by not parsing multiline RFC2231 header filenames correctly, allowing remote attackers to send harmful executable attachments to end users’ mailboxes by bypassing the protection mechanism.
“If a user were to download or run one of these malicious files, the system could be compromised,” Censys warned, adding that “a PoC is available, but no active exploitation is known yet.”
“As of July 10, 2024, Censys observes 1,567,109 publicly exposed Exim servers running a potentially vulnerable version (4.97.1 or earlier), concentrated mostly in the United States, Russia, and Canada,” the company added.
59% of the 409,255 mail servers on the Internet were running Exim, which is more than 241,000 instances.
According to Shodan, there are over 3.3 million Exim servers exposed online, most in the United States, followed by Russia and the Netherlands. Censys found 6,540,044 public mail servers online, with roughly 74% of them running Exim.
