InfoSecBulletin Cybersecurity for mankind
Censys has warned that more than 1.5 million Exim mail transfer agent (MTA) instances are vulnerable to a critical security issue. This vulnerability allows threat actors to bypass security filters.
Exim developers fixed a security flaw, tracked as CVE-2024-39929, impacting versions up to 4.97.1.
BCSI officially announce National Vulnerability Disclosure Program (NVDP)
CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs
CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available
Splunk targets Bangladeshi market: Investing in local talent
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
The vulnerability is caused by not parsing multiline RFC2231 header filenames correctly, allowing remote attackers to send harmful executable attachments to end users’ mailboxes by bypassing the protection mechanism.
“If a user were to download or run one of these malicious files, the system could be compromised,” Censys warned, adding that “a PoC is available, but no active exploitation is known yet.”
“As of July 10, 2024, Censys observes 1,567,109 publicly exposed Exim servers running a potentially vulnerable version (4.97.1 or earlier), concentrated mostly in the United States, Russia, and Canada,” the company added.
59% of the 409,255 mail servers on the Internet were running Exim, which is more than 241,000 instances.
According to Shodan, there are over 3.3 million Exim servers exposed online, most in the United States, followed by Russia and the Netherlands. Censys found 6,540,044 public mail servers online, with roughly 74% of them running Exim.
