Marcel SIneM(S)USOct 27, 2023
Webmailer #Roundcube: Attacken auf Zero-Day-Lücke | Security https://www.heise.de/news/Webmailer-Roundcube-Attacken-auf-Zero-Day-Luecke-9343924.html #Exploit #Patchday #CyberCrime #CrossSiteScripting #XSS #APT28 #WinterVivern #Sednit #Russland #Russia #Belarus #Weissrussland #Hacking
Webmailer Roundcube: Attacken auf Zero-Day-Lücke

Im Webmailer Roundcube missbrauchen Cyberkriminelle eine Sicherheitslücke, um verwundbare Einrichtungen anzugreifen. Ein Update schließt das Leck.

heise online
Éric FreyssinetOct 26, 2023
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions
"Previously unknown #XSS in #Roundcube let #WinterVivern steal government emails."
@arstechnica
https://arstechnica.com/security/2023/10/pro-russia-hackers-target-inboxes-with-0-day-in-webmail-app-used-by-millions/
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions

Previously unknown XSS in Roundcube let Winter Vivern steal government emails.

Ars Technica
FreemindOct 25, 2023

The attack chains orchestrated by Winter Vivid begin with a phishing message that includes a Base64-encoded payload in HTML source code.

#Cybersecurity #HackerGroup #Vulnerability #APT #WinterVivern

https://cybersec84.wordpress.com/2023/10/25/winter-vivern-apt-group-exploiting-zero-day-vulnerability-in-roundcube-email-client/

Winter Vivern APT Group Exploiting Zero-Day Vulnerability in Roundcube Email Client

Cybercriminals under the pseudonym Winter Vivern have been caught exploiting a zero-day vulnerability in the Roundcube webmail sharing software. The attacks were first recorded on October 11 of thi…

CyberSec84 | Cybersecurity news.
Jessica BeffaOct 25, 2023
ICYMI~ ESET Research discovered a zero-day XSS vulnerability (#CVE-2023-5631) in Roundcube Webmail servers. It is actively used in the wild by #WinterVivern to target governments and a think tank in Europe. The exploit was contained in a legitimate-looking email about Outlook. Check it out. 👀https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.

Jon GreigOct 25, 2023

A hacking group known as Winter Vivern is exploiting a zero-day vulnerability in Roundcube Webmail software to attack governments across Europe

Roundcube patched CVE-2023-5631 on October 14

#Roundcube #WinterVivern #Russia

https://therecord.media/winter-vivern-hackers-roundcube-webmail-zero-day

Espionage group uses webmail server zero-day to target European governments

Researchers at security firm ESET said they have been tracking a new campaign by Winter Vivern, which typically supports Russia and Belarus.

DomainToolsJul 19, 2023
It may be summer, but #WinterVivern is spotted abusing Zimbra bugs to breach government email systems. Read more from The Register here: https://www.theregister.com/2023/07/17/patch_zimbra_alert/
Quick: Manually patch this Zimbra bug that's under attack

Smells like Russian cyber spies (again)

The Register
Mustafa Kaan DemirhanApr 9, 2023
Winter Vivern APT is now targeting government entities in Europe and the US in an ongoing cyber espionage campaign. The group leverages an unpatched Zimbra vulnerability in publicly facing webmail portals. #WinterVivern #cybersecurity#ZimbraVulnerabilityhttps://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html
securityaffairsMar 31, 2023
Russian #APT group #WinterVivern targets emails portals of #NATO and diplomats
https://securityaffairs.com/144263/hacking/winter-vivern-emails-portals-nato.html
#securityaffairs #hacking
Russian APT group Winter Vivern targets emails portals of NATO and diplomats

Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw […]

Security Affairs
Mathew J. SchwartzMar 30, 2023

Phishing campaign tied to Russia/Belarus-supporting #cyberespionage team #TA473 (aka #WinterVivern, #UAC-0114) demonstrates "resource-limited but highly creative" use of simple tactics/tools, penchant for hitting unpatched #Zimbra installations, and dedication to crafting unique payloads for various targets. 👀
https://www.databreachtoday.com/phishing-campaign-tied-to-russia-aligned-cyberespionage-a-21567

Analysis: @proofpoint @SentinelLabs @DomainTools

Phishing Campaign Tied to Russia-Aligned Cyberespionage

A hacking group with apparent ties to Russia or Belarus has been using "simple yet effective attack techniques and tools" to gain access to multiple