๐ Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. ๐ฅ
โ
Login
Home
News
Messages
Startup Showcase
Trackers
Premium
Premium Content
Jobs
Notifications
Settings
Try our Valuation Calculator โ
Log In
News on Medial
Critical vulnerabilities in Exim threaten over 250k email servers worldwide
Arstechnica
ยท
1y ago
Medial
Critical vulnerabilities have been discovered in Exim, the mail transfer agent used by approximately 253,000 servers worldwide. Zero Day Initiative reported the vulnerabilities, which allow remote execution of malicious code. The bugs have severity ratings ranging from 7.5 to 9.8 out of 10. Exim has released patches for three of the vulnerabilities in a private repository, but the status of patches for the remaining three is unknown. The vulnerabilities were not transparently disclosed, leading to criticism of both Exim and ZDI. Hackers have previously exploited Exim vulnerabilities to compromise networks.
View Source
Related News
Exim vulnerability affecting 1.5 million servers lets attackers attach malicious files
Arstechnica
ยท
1y ago
Medial
Around 1.5 million email servers running vulnerable versions of the Exim mail transfer agent are at risk of attacks. The servers have a critical vulnerability, known as CVE-2024-39929, which makes it easy for threat actors to send attachments that can install apps or execute code, bypassing normal protections. While no active exploitation has been reported yet, the sheer number of vulnerable servers and the ease of the attack make it likely that active targeting will occur. Admins are advised to update to the latest version of Exim to mitigate this risk.
View Source
Spies hack high-value mail servers using an exploit from yesteryear
Arstechnica
ยท
2m ago
Medial
Security firm ESET reports that Kremlin-backed hacking group Sednit exploited XSS vulnerabilities in mail server software to access high-value email accounts. Targeting mail servers from Roundcube, MDaemon, Horde, and Zimbra, Sednit used spearphishing emails with embedded malicious HTML to execute JavaScript, leaking contacts and emails to attacker-controlled servers. While some vulnerabilities were patched, attackers exploited unaddressed and zero-day flaws, affecting defense contractors and governmental organizations across Bulgaria, Romania, Africa, the EU, and South America.
View Source
Roundcube email flaw is being exploited, so patch now, US government warns
Techradar
ยท
1y ago
Medial
The US government is warning about an actively exploited vulnerability in the Roundcube email server platform. The bug, a persistent cross-site scripting (XSS) flaw, is being abused via custom-built plain/text messages and links. The vulnerability affects Roundcube email servers versions between 1.4.14 and 1.5.4, as well as versions between 1.6.0 and 1.6.3. While the government agencies have until March 4 to patch the vulnerability, private sector organizations are also at risk, as there are over 130,000 Roundcube servers on the internet.
View Source
Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack
TechCrunch
ยท
1y ago
Medial
Security researchers have discovered two vulnerabilities in ConnectWise ScreenConnect, a popular remote-access tool used by over a million companies. Hackers are mass exploiting these flaws to deploy ransomware and steal sensitive data. The vulnerabilities include an authentication bypass issue and a path-traversal vulnerability allowing attackers to remotely plant malicious code. Although ConnectWise disclosed the flaws and urged customers to install patches, thousands of servers remain vulnerable. Cybersecurity firms have observed various threat actors exploiting the flaws, deploying password stealers, back doors, and ransomware. The scope of the vulnerabilities' impact is currently unknown.
View Source
Actively exploited vulnerability gives extraordinary control over server fleets
Arstechnica
ยท
1m ago
Medial
A maximum-severity vulnerability in AMI MegaRAC, a firmware package used in servers from various manufacturers, is being actively exploited, giving attackers full control over tens of thousands of servers. This vulnerability allows remote control of servers without authentication, impacting mission-critical data centers. The flaw lets attackers evade traditional security measures, potentially implant malicious code in firmware, and cause operational disruptions. While some vendors have released patches, affected organizations are urged to secure their systems promptly.
View Source
Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn | TechCrunch
TechCrunch
ยท
1y ago
Medial
Security experts are warning that hackers are taking advantage of vulnerabilities in the widely used remote access tool ConnectWise ScreenConnect to deploy the LockBit ransomware. Two high-risk flaws in the tool, including an authentication bypass vulnerability and a path traversal vulnerability, are being actively exploited by hackers. Despite recent law enforcement action against the LockBit gang, it appears that some affiliates are still able to operate. The exact number of affected users is unknown, but the Shadowserver Foundation has reported widespread exploitation of the vulnerabilities, with over 8,200 servers remaining vulnerable.
View Source
Bugs in Moovit gave hackers free rides and access to personal information
Startup News FYI
ยท
1y ago
Medial
A security researcher has discovered vulnerabilities in the popular transportation app Moovit that could have allowed hackers to take control of user accounts, gain free rides, and access personal information, according to recent reports. Exploitation of Vulnerabilities and Collection of Sensitive Data Omer Attias, a security researcher at SafeBreach, identified three critical vulnerabilities.
View Source
3 million iOS and macOS apps were exposed to potent supply-chain attacks
Arstechnica
ยท
1y ago
Medial
Vulnerabilities in the CocoaPods repository for macOS and iOS apps have left millions of users at risk of supply-chain attacks. The vulnerabilities, which were fixed last October, allowed hackers to add malicious code to apps and gain access to sensitive information such as credit card details and medical records. The vulnerabilities were related to an insecure verification email mechanism and an active programming interface for abandoned pods. These vulnerabilities underscore the need for robust security measures in app development and the importance of regularly updating software.
View Source
Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate
Arstechnica
ยท
5m ago
Medial
VMware has patched three critical vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. These vulnerabilities allow attackers to escape from a virtual machine to the hypervisor, potentially compromising all VMs on that hypervisor. With severity ratings up to 9.3, these vulnerabilities, already exploited in the wild, pose significant security threats. Organizations using affected products should investigate and secure their environments promptly to mitigate these risks.
View Source
VMware sandbox escape bugs are so critical, patches are released for end-of-life products
Arstechnica
ยท
1y ago
Medial
VMware has issued an urgent patch for critical vulnerabilities that could allow hackers to bypass security protections in ESXi, Workstation, Fusion, and Cloud Foundation products. The vulnerabilities, which have severity ratings of 9.3 out of 10, enable a hypervisor escape, compromising the effectiveness of the virtual machine's segmentation from the host machine. VMware is recommending immediate action to address this security issue and has provided a matrix showing how the vulnerabilities affect different product versions. The company has not yet observed any active exploitation of these vulnerabilities.
View Source
Trackers
Active Indian VCโs
OG Capital
Email
With a hands-on approach, OG Capital aims to invest in over 20 promising...
Accel Partners
Email
Early and growth-stage investments in disruptive technology companies with...
Blume
Email
Early-stage venture capital firm investing in technology startups in India. Focus on...
Access All Trackers
Startup Showcase Winners
June 2025
Buddy
Helping your parents when you are miles away
BiteStop
The Pit Stop Your Cravings Deserve
Bloomer
The next generation E-commerce platform
Enter Ongoing Startup Showcase
Top Users
Trending News on Medial
Download the medial app to read full posts, comements and news.
Go to Medial App
Not Now
Know everything thatโs happening in the startup ecosystem, first.
Enable Notifications?
No, thanks
Count me in