Roundcube Webmail servers under attack – Week in security with Tony Anscombe

by admin 0 Comments

Cyber Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Video

The zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browser

27 Oct 2023

This week, ESET research described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to target European governmental entities and a think tank. ESET researchers uncovered the attacks on October 11th while monitoring Winter Vivern’s cyberespionage operations, which typically take aim at governments in Europe and Central Asia. They promptly reported the security loophole to the Roundcube team on October 12th, who released security updates for the vulnerability four days later.

The security flaw (CVE-2023-5631) can be exploited via specially crafted email messages. Organizations are strongly recommended to update their installations of Roundcube Webmail to the latest version post-haste.

Find out more in the video and in our blogpost.

Connect with us on FacebookTwitterLinkedIn and Instagram.

This article was originally published by Welivesecurity.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
Cybersecurity Incident Hits Fidelity National Financial
North Korean Hackers Amass $3bn in Cryptocurrency Heists
N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

Leave a Reply

Your email address will not be published. Required fields are marked *