all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

Add to bookmarks
Oct. 25, 2023, 11:44 a.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can be done remotely by sending a specially crafted email message,” the researchers noted. “No manual interaction other than viewing the message in a web browser is required.” Exploting CVE-2023-5631 Roundcube is an open-source browser-based email client … More


The post …

0 day apt communications cve don't miss email entities eset europe exploitation exploited exploiting government government-backed attacks hot stuff message open source researchers roundcube roundcube webmail servers spy tank vulnerability webmail winter winter vivern xss zero-day zero-day vulnerability

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Triangulation fraud: The costly scam hitting online retailers 3 hours ago | www.helpnetsecurity.com
ai-powered america artificial intelligence attacks +33
Tracecat: Open-source SOAR 4 hours ago | www.helpnetsecurity.com
ai models alerts automation best practices +20
Why the automotive sector is a target for email-based cyber attacks 4 hours ago | www.helpnetsecurity.com
abnormal abnormal security advanced attacks +28
Passwords under seven characters can be easily cracked 5 hours ago | www.helpnetsecurity.com
algorithms can characters crack +17
Security analysts believe more than half of tasks could be automated 5 hours ago | www.helpnetsecurity.com
analysts anomali artificial intelligence automated +22
eBook: Do you have what it takes to lead in cybersecurity? 6 hours ago | www.helpnetsecurity.com
can cybersecurity cybersecurity field cybersecurity teams +15
UK enacts IoT cybersecurity law 18 hours ago | www.helpnetsecurity.com
act and telecommunications consumer cybersecurity +35
Silobreaker empowers users with timely insight into key cybersecurity incident filings 20 hours ago | www.helpnetsecurity.com
8-k addition alerting analysis +19
Okta warns customers about credential stuffing onslaught 21 hours ago | www.helpnetsecurity.com
abuse access account hijacking account protection +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Architect - Identity and Access Management Architect (80-100% | Hybrid option)

@ Swiss Re | Madrid, M, ES
View on infosec-jobs.com

Alternant - Consultant HSE (F-H-X)

@ Bureau Veritas Group | MULHOUSE, Grand Est, FR
View on infosec-jobs.com

Senior Risk/Cyber Security Analyst

@ Baker Hughes | IN-KA-BANGALORE-NEON BUILDING WEST TOWER
View on infosec-jobs.com

Offensive Security Engineer (University Grad)

@ Meta | Bellevue, WA | Menlo Park, CA | Seattle, WA | Washington, DC | New York City
View on infosec-jobs.com

Senior IAM Security Engineer

@ Norfolk Southern | Atlanta, GA, US, 30308
View on infosec-jobs.com
View more jobs