Security News > 2024 > February > CISA: Roundcube email server bug now exploited in attacks
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting attacks.
The security flaw is a persistent cross-site scripting bug that lets attackers access restricted information via plain/text messages maliciously crafted links in low-complexity attacks requiring user interaction.
CISA also ordered U.S. Federal Civilian Executive Branch agencies to secure Roundcube webmail servers against this security bug within three weeks, by March 4, as mandated by a binding operational directive issued in November 2021.
The JavaScript payload dropped in the October attacks allowed the Russian hackers to steal emails from compromised Roundcube webmail servers belonging to government entities and think tanks in Europe.
The same bug was used by the Russian APT28 cyber-espionage group, part of Russia's General Staff Main Intelligence Directorate, to breach Roundcube email servers belonging to the Ukrainian government.
CISA warns of patched iPhone kernel bug now exploited in attacks.
News URL
Related news
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)