Video
The zero-day exploit deployed by the Winter Vivern APT group solely requires that the goal views a specifically crafted message in an internet browser
27 Oct 2023
This week, ESET analysis described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to focus on European governmental entities and a suppose tank. ESET researchers uncovered the assaults on October 11th whereas monitoring Winter Vivern’s cyberespionage operations, which generally take intention at governments in Europe and Central Asia. They promptly reported the safety loophole to the Roundcube crew on October 12th, who launched safety updates for the vulnerability 4 days later.
The safety flaw (CVE-2023-5631) will be exploited by way of specifically crafted e-mail messages. Organizations are strongly really useful to replace their installations of Roundcube Webmail to the most recent model post-haste.
Discover out extra within the video and in our blogpost.
