Email security, Vulnerability Management, Threat Intelligence

Attacks leveraging Roundcube email server flaw underway

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing attacks exploiting a cross-site scripting vulnerability impacting various versions of the Roundcube email server, tracked as CVE-2023-43770, reports BleepingComputer. No further details regarding the intrusions were provided but federal agencies were urged to remediate the flaw by March 4. While more than 132,000 Roundcube servers, most of which are in the U.S., were noted by a Shodan search to be exposed to the internet, the number of instances susceptible to attacks leveraging the XSS bug remains uncertain. Such vulnerability exploitation comes after Russian hacking operation Winter Vivern, also known as TA473, was reported to have leveraged another Roundcube XSS bug, tracked as CVE-2023-5631, in October attacks against European government organizations and think tanks. Another XSS flaw impacting Roundcube servers, tracked as CVE-2020-35730, had also been used by Winter Vivern and Russian cyberespionage operation APT28 in earlier attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.