Video
The zero-day exploit deployed by the Winter Vivern APT group only requires the target to view a specially crafted message in a web browser.
October 27, 2023
This week, ESET research described how the Winter Vivern APT group exploited a zero-day XSS vulnerability in Roundcube webmail servers to target European government entities and a think tank. ESET researchers discovered the October 11 attacksth while monitoring Winter Vivern’s cyberespionage operations, which typically target governments in Europe and Central Asia. They quickly reported the security breach to the Roundcube team on October 12.thwhich released security updates for the vulnerability four days later.
The security flaw (CVE-2023-5631) can be exploited via specially crafted email messages. It is strongly recommended that organizations update their Roundcube Webmail installations to the latest version without delay.
Find out more in the video and in our blog post.
Connect with us on Facebook, Twitter, LinkedIn And Instagram.