Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Linux Exim mail servers version 4.87 – 4.91 (inclusive) is at risk of exploitation via CVE-2019-10149 . This vulnerability is currently being exploited by threat actors in the wild . Successful exploitation of CVE-2019-10149 allows remote, unauthenticated threat actors to perform remote code execution on vulnerable systems. Attacks in the wild include a wormable exploit, which after successful exploitation may spread to additional vulnerable EXIMservers.
There is a high confidence rating that vulnerable Linux EXIM mail servers will be affected by this exploit. Organizations need to apply the official security patch as soon as possible to avoid potential compromise.
eSentire has not observed attacks against client companies at this time.
What we’re doing about it
What you should do about it
CVE-2019-10149 was weaponized by threat actors rapidly; the vulnerability was announced publicly on June 3rd and exploited by June 9th. The fast adoption rate isdue to both the wide availability of vulnerable servers and the potential,high value of remote command execution. Based on Shodan scans, there are approximately 3,134,631 vulnerable servers exposed to the web at the time of writing.
Current externally observed campaigns leveraging this vulnerability have been identified as crypto-mining campaigns, but remote code execution could be used to necessitate further compromise of any impacted system.