Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

    justmattgBy justmattgOctober 25, 2023No Comments2 Mins Read

    [ad_1]

    Oct 25, 2023NewsroomThreat Intelligence / Vulnerability

    Roundcube Webmail Software

    The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts.

    “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube,” ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs-of-concept are available online.”

    Cybersecurity

    Winter Vivern, also known as TA473 and UAC-0114, is an adversarial collective whose objectives align with that of Belarus and Russia. Over the past few months, it has been attributed to attacks against Ukraine and Poland, as well as government entities across Europe and India.

    The group is also assessed to have exploited another flaw Roundcube previously (CVE-2020-35730), making it the second nation-state group after APT28 to target the open-source webmail software.

    Roundcube Webmail Software

    The new security vulnerability in question is CVE-2023-5631 (CVSS score: 5.4), a stored cross-site scripting flaw that could allow a remote attacker to load arbitrary JavaScript code. A fix was released on October 14, 2023.

    Attack chains mounted by the group commence with a phishing message that incorporates a Base64-encoded payload in the HTML source code that, in turn, decodes to a JavaScript injection from a remote server by weaponizing the XSS flaw.

    “In summary, by sending a specially crafted email message, attackers are able to load arbitrary JavaScript code in the context of the Roundcube user’s browser window,” Faou explained. “No manual interaction other than viewing the message in a web browser is required.”

    Cybersecurity

    The second-stage JavaScript (checkupdate.js) is a loader that facilitates the execution of a final JavaScript payload that allows the threat actor to exfiltrate email messages to a command-and-control (C2) server.

    “Despite the low sophistication of the group’s toolset, it is a threat to governments in Europe because of its persistence, very regular running of phishing campaigns, and because a significant number of internet-facing applications are not regularly updated although they are known to contain vulnerabilities,” Faou said.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleEx-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
    Next Article As Citrix Urges Its Clients to Patch, Researchers Release an Exploit
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑