Video
The zero-day exploit deployed by the Winter Vivern APT group solely requires that the goal views a specifically crafted message in an online browser
27 Oct 2023
This week, ESET analysis described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to focus on European governmental entities and a assume tank. ESET researchers uncovered the assaults on October 11th whereas monitoring Winter Vivern’s cyberespionage operations, which usually take intention at governments in Europe and Central Asia. They promptly reported the safety loophole to the Roundcube workforce on October 12th, who launched safety updates for the vulnerability 4 days later.
The safety flaw (CVE-2023-5631) might be exploited by way of specifically crafted electronic mail messages. Organizations are strongly advisable to replace their installations of Roundcube Webmail to the newest model post-haste.
Discover out extra within the video and in our blogpost.