Encircle News!

Biz & IT, roundcube, Security, Tech Industry, Tech News, winter vivern, xss, zero-day

Pro-Russia hackers target inboxes with 0-day in webmail app used by millions

October 25, 2023

Dan Goodin

Pro-Russia hackers target inboxes with 0-day in webmail app used by millions

A relentless team of pro-Russia hackers has been exploiting a zero-day vulnerability in widely used webmail software in attacks targeting governmental entities and a think tank, all in Europe, researchers from security firm ESET said on Wednesday.

The previously unknown vulnerability resulted from a critical cross-site scripting error in Roundcube, a server application used by more than 1,000 webmail services and millions of their end users. Members of a pro-Russia and Belarus hacking group tracked as Winter Vivern used the XSS bug to inject JavaScript into the Roundcube server application. The injection was triggered simply by viewing a malicious email, which caused the server to send emails from selected targets to a server controlled by the threat actor.

No manual interaction required

“In summary, by sending a specially crafted email message, attackers are able to load arbitrary JavaScript code in the context of the Roundcube user’s browser window,” ESET researcher Matthieu Faou wrote. “No manual interaction other than viewing the message in a web browser is required.”

Read 7 remaining paragraphs | Comments

https://arstechnica.com/?p=1978806

July 2024
M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 986: Our Dope GPS! – Supreme Court Decisions, Snapdragon X Elite Tests – This Week in Tech (Audio)

Supreme Court Decisions, Snapdragon X Elite Tests Murthy Decision Should Not Foreclose Cases Against Actual First Amendment Violations What SCOTUS just did to broadband, the right to repair, the environment, and more Nearly 4,000 arrested in global police crackdown on online scam networks Mark Cuban's public email was hacked after receiving call from a fake Google rep The Julian Assange Saga Is Finally Over Microsoft's bundling of Office and Teams breaks antitrust law, EU says EU Competition Commissioner says Apple's decision to pull AI from EU shows anticompetitive behavior Microsoft says it's okay to steal content published on the web Microsoft's Surface Laptop 7 Copilot+ PC is finally the best clamshell laptop on the market after 8 years of iterations Tested: Don't buy a Snapdragon X Elite laptop for PC gaming Signal 65 Snapdragon battery testing The RIAA's lawsuit against generative music startups will be the bloodbath AI needs Wherein The Copia Institute Asks The Second Circuit To Stand Up For Fair Use, The Internet Archive, And Why We Bother To Have Copyright Law At All Redbox's owner files for bankruptcy after repeatedly missing payments and payroll Host: Leo Laporte Guests: Cathy Gellis, Ryan Shrout, and Doc Rock Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: lookout.com 1password.com/twit