Cyber security news for all


    The NSA accused GRU for being behind the wave of cyberattacks

    Russian special forces from the military intelligence agency are actively exploiting a security vulnerability in the widespread Exim email server that has been publicly known for almost a year. At least that’s what NSA expects, which is not only a technical secret service, but also a US cybersecurity agency.

    The Attack Wave Is Said To Come From The GRU Team

    According to the NSA warning, the group has been attacking the Exim server at least for 8 months. The GRU unit uses the vulnerability to download and run a shell script from a website it controls. This would enable them to obtain privileged user rights, switch off network security settings, update configurations and thus open up additional access options remotely. In addition, another script was launched with the aim of making the attacked machine easy to use in the future.

    The NSA is now warning private and government organizations to update their Exim servers to version 4.93 and look for signs of compromise. Indicators of compromise are available in the NSA’s PDF, linked above.

    Administrators Should Update Their Exim Servers

    NSA says that administrators should update their Exim servers to at least version 4.93 and look out for a compromised system. The US secret service connects the IP addresses and domains. The IT security community must take the case seriously. NSA therefore did not want to provide information on the number of affected computers or particularly affected regions. Almost half of the email servers worldwide use Exim. According to an overview from the beginning of May, only half of them were at least at the level of version 4.93 protected against the vulnerability. The United States and other members of the western secret service referred for a number of years to cyberattacks apparently of Russian origin and the suspected actors.

    The fact that the agency accuses a Russian secret service is a sign that it can at least initially operate outside of the direct political pressure of Trump. National Security Agency officials have insisted that their agency should be able to act non-politically without the political influence changing its intelligence judgments.

    Recent Articles

    Cyber threats become more dangerous to secure the digitization

    The pandemic has provided a boost to digital world. But now it is important to secure it. Examples of developments in the pandemic are...

    Sopra Steria was encrypted with Ryuk ransomware

    Last week, there was a successful ransomware on the servers of the French provider Sopra Steria. In an extremely brief statement, the company only...

    Emotet takes unusual approaches and loads new malware

    Even those who are not concerned with the security have mostly heard of Emotet. The malware has been up to mischief for several years,...

    Cyber criminals could exploit the Oracle network

    The software manufacturer Oracle network only holds its updates every three months. Oracle speaks of security gaps - Due to the extensive product range...

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox