Explore top 10 tips to secure your open-source projects now. Read More
×Server-side exploitation is possible when the attacker connects to the OpenSMTPD server and sends an email that creates a bounce. When OpenSMTPD connects back to deliver the bounce, the attacker can take advantage of the client-side vulnerability. . Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system. OpenSMTPD is present on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS). The link for this article located at Bleeping Computer is no longer available. . Recent security flaw in OpenSMTPD introduces potential for remote code execution, creating significant risks for Linux operating platforms.. OpenSMTPD Vulnerability, Remote Code Execution, Email Server Threats. . Brittany Day
Are you an Exim user? A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Learn more about the vulnerability in a great The Hacker News article: . Exim maintainers today released an urgent security update—Exim version 4.92.3—after publishing an early warning two days ago, giving system administrators an early head-up on its upcoming security patches that affect all versions of the email server software from 4.92 up to and including then-latest version 4.92.2. Exim is a widely used, open source mail transfer agent (MTA) developed for Unix-like operating systems like Linux, Mac OSX or Solaris, which runs almost 60 percent of the Internet's email servers today for routing, delivering and receiving email messages. The link for this article located at The Hacker News is no longer available. . A significant vulnerability in Postfix exposes mail servers to external threats. A prompt update has been issued to address this issue.. Exim Vulnerability, Email Server Security, Remote Exploits. . Brittany Day
Researchers have spotted a major new cyber-attack campaign targeting millions of Linux email servers around the world with a cryptomining malware payload. . Exim accounts for over half (57%) of the globe’s internet email servers. Over 3.5 million are at risk from a vulnerability discovered last week, CVE-2019-10149, according to security vendor Cybereason. There appears to be two waves of attack: the first involved attackers initially pushing out exploits from a command and control (C2) server on the clear web. However, the second seems to be more sophisticated. The link for this article located at InfoSecurity is no longer available. . Numerous Linux mail servers face threats from recently uncovered cryptomining malware aimed at Exim applications.. Linux Email Security, Cryptomining Attack, Email Server Threat. . LinuxSecurity.com Team
Computer security experts said they've found a new encryption flaw closely related to one found earlier this year that puts Web surfers' data at risk. . The flaw, called LogJam, can allow an attacker to significantly weaken the encrypted connection between a user and a Web or email server, said Matthew D. Green, an assistant research professor in the department of computer science at Johns Hopkins University. The link for this article located at CSO Online is no longer available. . HeartBleed is an emerging vulnerability that poses a threat to encrypted communications, jeopardizing users' data safety during online interactions and email exchanges.. LogJam Flaw, Encryption Issue, Cybersecurity Threat. . LinuxSecurity.com Team
The "contact us" feature on many websites is often insecure and makes it easy to launch denial of service attacks on corporate mail servers, according to UK-based security consultancy SecureTest. . The "contact us" feature is usually a form that allows surfers to submit comments to the people running a website. According to SecureTest, these forms can be used to launch denial of service attacks through endemic security weaknesses that have largely been overlooked. The link for this article located at The Register is no longer available. . The 'contact us' feature is usually a form that allows surfers to submit comments to the people runn. 'contact, feature, websites, often, insecure, makes, launch, denial. . LinuxSecurity.com Team
A crafty way of knocking out any email server using a few carefully constructed emails has been identified by a team of computer security experts. The trick involves sending forged emails that contain thousands of incorrect addresses in the "copy to" fields that are normally used to send duplicate messages. Researchers at UK-based NGSSoftware sent these emails to the largest email servers on the internet, and found they could force huge quantities of unwanted email to pour into another mail server of their choice. . . .. A crafty way of knocking out any email server using a few carefully constructed emails has been identified by a team of computer security experts. The trick involves sending forged emails that contain thousands of incorrect addresses in the "copy to" fields that are normally used to send duplicate messages. Researchers at UK-based NGSSoftware sent these emails to the largest email servers on the internet, and found they could force huge quantities of unwanted email to pour into another mail server of their choice. The exploit depends on finding a server configured to return an email plus its attachments to each incorrect address. But this can be tested by sending just a single message. The next step is to forge an email so it appears to come from the mail server that is to be the target of the attack. This is also relatively simple trick. Finally, the forged email, complete with the thousands of incorrect addresses is sent. The resulting avalanche of "bounced" messages sent to the target server would almost certainly cause it to crash, and leave its users without access to their mail. "With one 10 kilobyte email I could then send 100 megabytes back to a server of my choosing," says Gunter Ollman, one of the researchers who identified the potential attack. Fortune 500 The researchers tested the email servers of all Fortune 500 companies and found that 30 per cent could be used to launch this type of attack. The link for this article located at newscientist.com is no longer available. .Uncover a tactic to compromise messaging systems through counterfeit emails and a strategy that takes advantage of server setups.. Email Exploit, Server Attack, Email Security, Cybersecurity Threat, Denial of Service. . LinuxSecurity.com Team
It is amazing how much easier it is to get through an inbox uncluttered by unwanted messages. After a week of email nearly free of spam and viruses, the time and effort it took to configure a Linux mail server with . . . . It is amazing how much easier it is to get through an inbox uncluttered by unwanted messages. After a week of email nearly free of spam and viruses, the time and effort it took to configure a Linux mail server with SpamAssassin, MIMEDefang, and sendmail seem well worth the trouble. This process started when I decided to see if my Linux skills had advanced enough to replace an ailing Mac OS X 10.1 mail server. The Mac was easy to set up and administer, but AppleMail was just not stable, rarely running longer than a week without crashing, and Apple's suggested fix -- upgrade to server 10.2 or 10.3 -- carried a $500 price tag. Ouch The link for this article located at Newsforge is no longer available. . Set up your Linux mail management system to ensure a clean and secure inbox, leveraging robust applications and strategies.. Linux Email Server, Spam Filtering, Mail Server Configuration, Virus Elimination, Open Source Solutions. . LinuxSecurity.com Team
Federal and state law enforcement agencies pledged to take an aggressive new approach to fighting spam: identifying "open relay" mail servers that serve as conduits for massive quantities of junk e-mail. . .. Federal and state law enforcement agencies pledged to take an aggressive new approach to fighting spam: identifying "open relay" mail servers that serve as conduits for massive quantities of junk e-mail . At an event in Dallas on Thursday, representatives of the agencies said they--in tandem with officials from Australia, Canada and Japan--had sent letters to operators of over 1,000 e-mail servers around the globe warning that an open relay "creates problems for consumers worldwide, for law enforcement and for your organization." "Spammers hunt these open relays down and hijack their resources," said Marc Groman, a staff attorney at the Federal Trade Commission, which has created a Web site devoted to open relays. "They avoid filters. They avoid law enforcers. They also damage the reputation of innocent parties. Therefore we want the open relays around the world closed." . Local and national law enforcement organizations are focusing on unsecured email servers to fight against spam on a worldwide scale.. Email Security, Anti-Spam, Network Threats, Law Enforcement, Security Measures. . Anthony Pell
Get the latest Linux and open source security news straight to your inbox.