Top open source email platform hacked to steal user details

Trending 1 month ago
  1. Home
  2. Technology
  3. Top open source email platform hacked to steal user details
email
(Image credit: Image by Muhammad Ribkhan from Pixabay)

Hackers are abusing a vulnerability successful nan Roundcube Webmail to bargain emails and different delicate data, caller reports person claimed.

Cybersecurity experts from Positive Technologies sounded nan alarm, saying nan celebrated email client carries a flaw that is being actively exploited against authorities organizations successful nan Commonwealth of Independent States (CIS) region (former Soviet Union).

Roundcube Webmail is simply a celebrated browser-based email customer pinch a user-friendly interface that mimics nan look and consciousness of a desktop application. It supports modular email protocols for illustration IMAP and SMTP, and offers features specified arsenic connection search, interaction management, and plugin customization.

Hiding pinch HTML

The bug is tracked arsenic CVE-2024-37383, and described arsenic a medium-severity stored cross-site scripting (XSS) flaw, allowing nan execution of malicious JavaScript connected nan Roundcube page.

To trigger nan vulnerability, nan crooks would draught and nonstop a unsocial email. The email’s assemblage appears empty, and only comes pinch a .DOC attachment. But nan attackers would hide harmful codification successful nan email utilizing circumstantial HTML tags (in this case, nan tag), which is processed by nan email client, while being invisible to nan target user.

The payload is simply a portion of JavaScript codification masquerading arsenic a ‘href’ value. It downloads a decoy .DOC file, while injecting an unauthorized login shape into nan HTML page, which requests messages from nan message server. The shape prompts nan unfortunate for their username and password, which are past relayed to nan attackers.

All versions up to 1.5.6, arsenic good arsenic versions betwixt 1.6 and 1.6.6. were said to beryllium susceptible to nan flaw. Versions 1.5.7 and 1.6.7, released connected May 19, are nan earliest ones to person addressed nan bug, and users are advised to upgrade their clients arsenic soon arsenic possible.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Via BleepingComputer

More from TechRadar Pro

  • Thousands of Zimbra servers attacked pursuing email relationship compromise
  • Here's a database of nan best firewalls today
  • These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

More
Source Technology
Technology

Related Article

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

2 weeks ago
Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

2 weeks ago
The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

2 weeks ago

Popular Article

Soundcore’s newest clip-style earbuds focus on comfort

Soundcore’s newest clip-style earbuds focus on comfort

1 month ago
Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

1 month ago
AirPods Pro 2's hearing health features will arrive as a software update starting next week

AirPods Pro 2's hearing health features will arrive as a software update starting next week

1 month ago
The iPhone SE might serve an unexpected surprise next year

The iPhone SE might serve an unexpected surprise next year

1 month ago
The best budget laptops for 2024

The best budget laptops for 2024

1 month ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions ·

©2024 Latest Tech News.
All Rights Reserved.