Saturday, December 30, 2023
HomeCyber SecurityRoundcube zero-day exploited in assaults on European governments – Week in safety...

Roundcube zero-day exploited in assaults on European governments – Week in safety with Tony Anscombe


The zero-day exploit deployed by the Winter Vivern APT group solely requires that the goal views a specifically crafted message in an online browser

This week, ESET analysis described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to focus on European governmental entities and a suppose tank. ESET researchers uncovered the assaults on October 11th whereas monitoring Winter Vivern’s cyberespionage operations, which usually take goal at governments in Europe and Central Asia. They promptly reported the safety loophole to the Roundcube group on October 12th, who launched safety updates for the vulnerability 4 days later.

The safety flaw (CVE-2023-5631) could be exploited by way of specifically crafted electronic mail messages. Organizations are strongly beneficial to replace their installations of Roundcube Webmail to the newest model post-haste.

Discover out extra within the video and in our blogpost.

Join with us on FbTwitterLinkedIn and Instagram.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments