Exim servers, estimated to run nearly 57% of the internet’s email servers, are now under a heavy barrage of attacks from hacker groups trying to exploit a recent security flaw in order to take over vulnerable servers, ZDNet has learned. At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Both groups are using an exploit for CVE-2019-10149, a security flaw that was publicly disclosed on June 5. The vulnerability, nicknamed “Return of the WIZard,” allows remotely-located attackers to send malicious emails to vulnerable Exim servers and run malicious code under the Exim process’ access level, which on most servers is root.
Source: ZDNet