European govt email servers hacked using Roundcube zero-day

[malcontent]

Quote:

The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks since at least October 11.

The Roundcube development team released security updates fixing the Stored Cross-Site Scripting (XSS) vulnerability (CVE-2023-5631) reported by ESET researchers on October 16.

These security patches were pushed five days after the Slovak cybersecurity company detected Russian threat actors using the zero-day in real-world attacks.

European govt email servers hacked using Roundcube zero-day

[jarland]

See I have a big problem with the way bleepingcomputer phrased this article. Their language leaves no room for interpretation: "email servers hacked." It means there was an intrusion into their servers.

But that's not what XSS does. Besides, an XSS vulnerability in Roundcube is about as common as lunch. The moment I saw that there was a CVE my first thought was "Oh look another XSS." Sure enough...

[Bamb0]

Isnt is sad Mr Jarland??

Any email server is open to an attack and nothing seems to be able to be done

[jarland]

Quote:

Originally Posted by Bamb0

Isnt is sad Mr Jarland??

Any email server is open to an attack and nothing seems to be able to be done

It's been patched. XSS vulnerabilities have their correlations in desktop email clients as well, and the whole concept around attacking someone by this type of vulnerability is a very common one. But this won't be the last XSS vulnerability, always be careful opening shady emails.

[Bamb0]

Yea thats how it should be but sadly it wont ever be perfect (1 person might still open one)