Russian hackers are exploiting bug that gives control of US servers

by
Dan Goodin
from Ars Technica - All content on (#541TD)
GettyImages-981636794-800x533.jpg

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

A Russian hacking group tied to power-grid attacks in Ukraine, the world's most destructive data wiper worm, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners.

In an advisory published on Thursday, the US National Security Agency said that the Sandworm group was actively exploiting a vulnerability in Exim, an open source mail transfer agent, or MTA, for Unix-based operating systems. Tracked as CVE-2019-10149, the critical bug makes it possible for an unauthenticated remote attacker to send specially crafted emails that execute commands with root privileges. With that, the attacker can install programs of their choosing, modify data, and create new accounts.

A patch CVE-2019-10149 has been available since last June. The attacks have been active since at least August. NSA officials wrote:

Read 6 remaining paragraphs | Comments

index?i=-hvseDW0gMs:ljZVYhRDsCE:V_sGLiPB index?i=-hvseDW0gMs:ljZVYhRDsCE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments