- Exim Internet Mailer Found Vulnerable to RCE And DoS Bugs; Patch Now
Exim is a mail transfer agent (MTA) for hosts that are running UNIX or Unix-like operating systems. It was designed on the assumption that it would be run on hosts that are permanently connected to the Internet. If you are using Exim mail transfer agent (MTA), bad news for you. According to the latest report, a security researcher has discovered and publicly disclosed two critical vulnerabilities in the popular Internet mail message transfer agent Exim, one of which could allow a remote attacker to execute malicious code on the targeted server. The first vulnerability, identified as CVE-2017-16943, is a use-after-free bug which could be exploited to remotely execute arbitrary code in the SMTP server by crafting a sequence of BDAT commands. The second vulnerability, identified as CVE-2017-16944, is a denial of service (DoS) flaw that could allow a remote attacker to hang Exim servers even the connection is closed by forcing it to run in an infinite loop without crashing. The flaw exists due to improper checking for a ‘.’ character to signify the end of an email when parsing the BDAT data header. Both vulnerabilities reside in Exim version 4.88 and 4.89.
Cyber Security Tips: Administrators are strongly recommended that to update their mail transfer agent application Exim version 4.90 released on GitHub.
- World’s Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware
The year 2017 is a year of ransomware, previously Petya ransomware and WannaCry ransomware targeted millions of systems over the word. According to the latest report now started spreading a new version of Scarab ransomware. According to the latest report, A massive malicious email campaign that stems from the world’s largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. According to F-Secure, Necurs botnet is the most prominent deliverer of spam emails with five to six million infected hosts online monthly and is responsible for the biggest single malware spam campaigns. According to a blog post published by security firm Forcepoint, the massive email campaign spreading Scarab ransomware virus started at approximately 07:30 UTC on 23 November (Thursday) and sent about 12.5 million emails in just six hours. The scarab ransomware is spreading through emails. The spam email contains a malicious VBScript downloader compressed with 7zip that pulls down the final payload, with one of these subject lines:
- Scanned from Lexmark
- Scanned from Epson
- Scanned from HP
- Scanned from Canon
Cyber Security Tips: To prevent these malware users are strongly recommended that do not open emails which contains one of the subject lines mentioned above. Users are also recommended to use updated antivirus, keep your systems up-to-date, never click on spam emails and be alert while online.