“In the last two years, webmail servers such as Roundcube and Zimbra have been a major goal for several detective groups such as Sedit, Greenkube and Winter Vyapurns,” said FAOU of Esset. “Because many organizations do not keep their webmail server up -to -date, and because the weaknesses can be triggered from a distance by sending an email message, it is very convenient to target such servers for email theft for the attackers.”
The most important thing for CISOS is to keep the webmail app up to date, he said. “When we refer to the use of zero-day weaknesses in our research, in most of the events we analyzed, only known weaknesses, which were used for months, were used. Another strict avenue, but perhaps to stop HTML materials in email, and perhaps to stop HTML materials, and simply use this, using this kind of, using this type.
He said that webmels can be described as a website that displays incredible HTML content in a browser. While most webmail systems clean the materials to remove harmful HTML elements, which can execute the JavaScript code, ESET research shows that the sanitizers are not without faults and the attackers are able to bypass them. As a result, he said, by sending a specially designed email, the attackers are capable of arbitrarily executing the JavaScript code in terms of their target browser. Although it does not compromise the computer, he said, executing the JavaScript code in terms of the browser, for example, enables stealing information from Melbox, a list of emails or contacts.
