InfoSecBulletin Cybersecurity for mankind
Censys has warned that more than 1.5 million Exim mail transfer agent (MTA) instances are vulnerable to a critical security issue. This vulnerability allows threat actors to bypass security filters.
Exim developers fixed a security flaw, tracked as CVE-2024-39929, impacting versions up to 4.97.1.
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
Dahua patches multiple critical vulnerabilities in its products
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
The vulnerability is caused by not parsing multiline RFC2231 header filenames correctly, allowing remote attackers to send harmful executable attachments to end users’ mailboxes by bypassing the protection mechanism.
“If a user were to download or run one of these malicious files, the system could be compromised,” Censys warned, adding that “a PoC is available, but no active exploitation is known yet.”
“As of July 10, 2024, Censys observes 1,567,109 publicly exposed Exim servers running a potentially vulnerable version (4.97.1 or earlier), concentrated mostly in the United States, Russia, and Canada,” the company added.
59% of the 409,255 mail servers on the Internet were running Exim, which is more than 241,000 instances.
According to Shodan, there are over 3.3 million Exim servers exposed online, most in the United States, followed by Russia and the Netherlands. Censys found 6,540,044 public mail servers online, with roughly 74% of them running Exim.
