image credit: Unsplash

Linux servers under attack via latest Exim flaw

June 14, 2019

It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149).

Amit Serper, Cybereason’s head of security research, warned on Thursday about attackers exploiting the flaw to gain permanent root access via SSH to target Linux servers.

“The campaign uses a private authentication key that is installed on the target machine for root authentication,” he noted.

“Once remote command execution is established, it deploys a port scanner to search for additional vulnerable servers to infect. It subsequently removes any existing coin miners on the target along with any defenses against coinminers before installing its own.”

Read More on Help Net Security