Intrusions leveraging an addressed medium severity Roundcube webmail software cross-site scripting vulnerability, tracked as CVE-2024-37383, have been launched as part of a phishing campaign in an attempt to exfiltrate user credentials, The Hacker News reports.
Attackers targeted a government organization in a country part of the Commonwealth of Independent States with an email containing a concealed attached document and distinct tags within its body that facilitate arbitrary JavaScript execution, a Positive Technologies analysis revealed. Such JavaScript would enable the retrieval of mail server messages via the ManageSieve plugin, as well as the displaying of an HTML page luring targets into providing their Roundcube credentials, which are later exfiltrated to a Cloudflare-hosted remote server. "While Roundcube webmail may not be the most widely used email client, it remains a target for hackers due to its prevalent use by government agencies. Attacks on this software can result in significant damage, allowing cybercriminals to steal sensitive information," said the report.
