Security News > 2024 > February > CISA: Roundcube email server bug now exploited in attacks
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting attacks.
The security flaw is a persistent cross-site scripting bug that lets attackers access restricted information via plain/text messages maliciously crafted links in low-complexity attacks requiring user interaction.
CISA also ordered U.S. Federal Civilian Executive Branch agencies to secure Roundcube webmail servers against this security bug within three weeks, by March 4, as mandated by a binding operational directive issued in November 2021.
The same bug was used by the Russian APT28 cyber-espionage group, part of Russia's General Staff Main Intelligence Directorate, to breach Roundcube email servers belonging to the Ukrainian government.
CISA warns of patched iPhone kernel bug now exploited in attacks.
- Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now (source)
- Nearly 11 million SSH servers vulnerable to new Terrapin attacks (source)
- Hackers target Apache RocketMQ servers vulnerable to RCE attacks (source)
- Uncovering the hidden dangers of email-based attacks (source)
- Hackers target Microsoft SQL servers in Mimic ransomware attacks (source)
- CISA warns agencies of fourth flaw used in Triangulation spyware attacks (source)
- CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack (source)
- Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack (source)
- Atlassian Confluence Server RCE attacks underway from 600+ IPs (source)
- Over 5,300 GitLab servers exposed to zero-click account takeover attacks (source)