The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend. […] Read More
The all in one place for non-profit security aid.
The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend. […] Read More
Roundcube Webmail XSS Vulnerability Exposes Sensitive Data
RoundCube Webmail is a browser-based, multilingual IMAP client. Its extensive feature set includes MIME support, address books, folder manipulation, message searching, spell checking, and more.
A cross-site scripting (XSS) vulnerability tracked as CVE-2023-43770 in Roundcube has been found, which might result in information leakage through malicious link references in plain/text communications.
Roundcube Webmail 1.6.3 is now available. It offers a patch for a recently discovered XSS vulnerability reported by Niraj Shivtarkar.
“We just published a security update to version 1.6 of Roundcube Webmail. According to the release notes, it provides a fix to a recently reported XSS vulnerability”.
Among other features, Roundcube Webmail supports internationalized domain names, shared folders and namespaces, and SMTP delivery status notifications. Also, the IMAP folders’ user interface has been changed to allow more space for extensions and plug-ins.
Document
FREE Demo
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file (#9051)
Update jQuery-UI to version 1.13.2 (#9041)
Fix regression that broke use_secure_urls feature (#9052)
Fix potential PHP fatal error when opening a message with message/rfc822 part (#8953)
Fix bug where a duplicate <title> tag in HTML email could cause some parts to be cut off (#9029)
Fix bug where a list of folders could have been sorted incorrectly (#9057)
Fix regression where LDAP addressbook ‘filter’ option was ignored (#9061)
Fix wrong order of a multi-folder search result when sorting by size (#9065)
Fix so install/update scripts do not require PEAR (#9037)
Fix regression where some mail parts could have been decoded incorrectly, or not at all (#9096)
Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097)
Fix PHP8 deprecation warning in the reconnect plugin (#9083)
Fix “Show source” on mobile with x_frame_options = deny (#9084)
Fix various PHP warnings (#9098)
Fix deprecated use of ldap_connect() in password’s ldap_simple driver (#9060)
Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages
The remote Debian 10 host has packages installed that are affected by this vulnerability.
Roundcube Webmail 1.6.3 is considered stable and it is recommended to update all productive installations of Roundcube 1.6.x with it.
For Debian 10 buster, this problem has been fixed in version 1.3.17+dfsg.1-1~deb10u3.
Hence, it is recommended that you upgrade your roundcube packages.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Roundcube Webmail XSS Vulnerability Exposes Sensitive Data appeared first on Cyber Security News.
Cyber Security News
UK Electoral Commission Hacked – 40 Million Britons Data Exposed
The UK Electoral Commission, entrusted with safeguarding voter information, recently faced a complex breach that triggered a vital public notification.
In a digital age, securing sensitive data is paramount, yet even the most robust systems can be vulnerable to cyber-attacks.
This article delves into the technical intricacies of the incident, its impact on data subjects, and the Commission’s response to fortify its defenses.
In October 2022, the Electoral Commission discovered a breach stemming from suspicious activities detected on its systems.
Closer scrutiny revealed that malevolent actors had illicitly accessed the systems as far back as August 2021.
This incursion exposed sensitive data, raising concerns about data subjects’ privacy and security.
During the cyber-attack, the perpetrators infiltrated the Commission’s servers, granting them access to significant repositories, including email systems, control systems, and copies of the electoral registers.
Crucially, they were able to extract reference copies of these registers, which held information about UK voters between 2014 and 2022, excluding details of anonymous registrants.
Moreover, the Commission’s email system was also compromised.
In collaboration with the Information Commissioner’s Office, it was assessed that the compromised data, including names, addresses, and contact information, didn’t present an immediate high risk.
Nevertheless, concerns were raised about the potential combination of this data with publicly available information to infer behavior patterns and individual profiles.
Importantly, the breach didn’t disrupt the electoral process, citizens’ access to democracy, or their registration status.
Following the breach’s discovery, the Commission diligently partnered with security specialists to investigate the incident and bolster system defenses.
Several actions were taken to mitigate future risks:
Strengthened network login requirements.
Enhanced monitoring and alert systems for active threats.
Review and update firewall policies.
Collaboration with external security experts and the National Cyber Security Centre.
Document
FREE Webinar
API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar
While immediate action wasn’t deemed necessary, the Commission urged those who had interacted with them or registered to vote between 2014 and 2022 to remain vigilant.
If concerned about personal data sent to the Commission, individuals were encouraged to contact their Data Protection Officer.
This incident underscores the ongoing battle against cyber threats and reinforces the significance of robust cybersecurity measures.
By promptly notifying the public and taking proactive steps to fortify its systems, the UK Electoral Commission sets an example of transparent response and commitment to data protection.
In a world increasingly reliant on digital infrastructure, organizations must recognize their responsibility to safeguard sensitive data and maintain transparency in the face of cyber-attacks.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The post UK Electoral Commission Hacked – 40 Million Britons Data Exposed appeared first on Cyber Security News.
Cyber Security News