FlagThis

CyberSecurity updates
Updated: 2024-10-22 05:25:43 Pacfic
info@thehackernews.com (The Hacker News) @ The Hacker News
Vulnerability in Roundcube Webmail Used for Phishing Attacks - 1d

Read more: thehackernews.com

A vulnerability in the open-source Roundcube webmail software has been exploited in phishing attacks. The flaw, tracked as CVE-2024-37383, allows attackers to steal user credentials by sending malicious emails that appear to be from legitimate sources. The vulnerability has been patched, but users of Roundcube webmail are advised to update their software immediately. Threat actors targeted user accounts of Roundcube Webmail users, specifically with the goal of stealing their login credentials. The attack involved sending emails with malicious links that, when clicked, would redirect users to a fake website designed to look like the real Roundcube login page. Users who entered their credentials on the fake website had them stolen by the attackers, compromising their accounts and potentially exposing sensitive data.

References:
  • ciso2ciso.com - Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials – Source:thehackernews.com - 1d
  • The Hacker News - This article details how hackers are exploiting a vulnerability in Roundcube to steal user credentials. - 1d
  • Security Affairs - This newsletter discusses the XSS vulnerability in Roundcube webmail. - 1d
  • @jos1264 - Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials – Source:thehackernews.com - 1d
  • Security Archives - Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign - 20h
  • All CISA Advisories - CISA adds one new vulnerability to its Known Exploited Vulnerabilities Catalog - 14h
  • Malware Analysis, News and Indicators - Attackers targeted a government organization in a country part of the Commonwealth of Independent States with an email containing a concealed attached document and distinct tags within its body that f - 11h
  • SCM feed for Risk Assessments/Management - SC World reported on the Roundcube webmail exploitation. - 9h

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find Flathis at Mastodon.