File: /home/hnhtennm/mail/new/1698801766.M393371P19018.server1.quantilytics.org,S=5833,W=5940
Return-Path: <mastermagic55@gmail.com>
Delivered-To: hnhtennm@server1.quantilytics.org
Received: from server1.quantilytics.org
by server1.quantilytics.org with LMTP
id WF4pFmaoQWVKSgAA0BcwpA
(envelope-from <mastermagic55@gmail.com>)
for <hnhtennm@server1.quantilytics.org>; Wed, 01 Nov 2023 01:22:46 +0000
Return-path: <mastermagic55@gmail.com>
Envelope-to: talha.siddiqui@hnhtechsolutions.com
Delivery-date: Wed, 01 Nov 2023 01:22:46 +0000
Received: from mail-lf1-f52.google.com ([209.85.167.52]:48437)
by server1.quantilytics.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.96.2)
(envelope-from <mastermagic55@gmail.com>)
id 1qxzwR-0004hk-0z
for talha.siddiqui@hnhtechsolutions.com;
Wed, 01 Nov 2023 01:22:46 +0000
Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-5079f3f3d7aso9599943e87.1
for <talha.siddiqui@hnhtechsolutions.com>; Tue, 31 Oct 2023 18:22:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1698801720; x=1699406520; darn=hnhtechsolutions.com;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=KY+K17eAtWOAmdo9lyHVHX3Y33zAwRk+1Jzfyn8mbJc=;
b=VV2X10inkMAUYGxqjQEMpBC2RnArPHC2cIGL8VygdvvQrYsFze+aZ2ESr3xwdWfkp/
SbO4l3qBW7n56g3E8OHiZzfnN0PixkoFlNasXQg+H0ytJJdSGFHYk3jpUiwWWpNWH5Xg
FGOBSIvCPSV5Jns5La60UaZdLQ2Rmn/AzgGaPMc56RnKgTsD26E3BWO/2otfXk7tKLBA
ztoFWPW4e6WB9kTSidM4LA9+ye49RZL7FsdAoyQGSevwxWp6ZNcOueOwg2jaAMgELl3P
bms0+I44wH0rXa9t+mmrzXXGG4pTbKgps6l8jWHyli/mROGHUXtTedAHfz94svd6wnWU
45mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1698801720; x=1699406520;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=KY+K17eAtWOAmdo9lyHVHX3Y33zAwRk+1Jzfyn8mbJc=;
b=Ev7mZGqWCHSisD8po+M4FthyHiekv/FXM/aOAj+3wHQxdS9u7WvAli8eHmdLx7WY1T
zanRwgOceBl6+MoKnO4r9gosGZ2bx+GEI0wYcP7RWRvZQgNLnjhAE3PtJEe2Jx0YCi2T
8uTgLo/5uzmgzJx18Qss/mOZlSjLNbaYbwDbmr3ZxM1QbesNG2qwVATrNhs0EfeVsnhV
itrGA7DXXU8lbpRCO8vxtL6XA69XC0QWCS9zykD8vpHcEZdZII/xHlrsZg35nGQWHjtf
UXI2Kq0Vzlir1Orac6SZbEcCbYM0zl94I+NbgrukomHw7ThSNW/Vp8kmtzhw1egV8M2Y
aBaw==
X-Gm-Message-State: AOJu0YxVz0a5esbij1vXd1toPpEEi1+YMirhOUiLUYGSxoJ0uEKW97Zt
lXBxYT0B4k8pMsSUs50hJYmu0BuIYLAmUkAQlVGe+o4C
X-Google-Smtp-Source: AGHT+IGa/6NzxrwvGxnGb8iebSCC3PjsVOPep5gwUwLsZyiUmytUJ7e5ZJ9/yS1iFAZU9r8+jZdduDoJZBkiYZv9bP4=
X-Received: by 2002:a05:6512:3f0f:b0:509:2b81:fc40 with SMTP id
y15-20020a0565123f0f00b005092b81fc40mr4836258lfa.9.1698801719637; Tue, 31 Oct
2023 18:21:59 -0700 (PDT)
MIME-Version: 1.0
From: M Magic <mastermagic55@gmail.com>
Date: Tue, 31 Oct 2023 18:21:47 -0700
Message-ID: <CABS075322TdaPDD+SgGNrHBnN+O2eNs465XMP9owKZ3GVoE_7A@mail.gmail.com>
Subject: New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability
in Roundcube Webmail
To: talha.siddiqui@hnhtechsolutions.com
Content-Type: multipart/alternative; boundary="0000000000000afa7106090d1973"
X-Spam-Status: No, score=0.0
X-Spam-Score: 0
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server1.quantilytics.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: After reading the technical details about this zero-day that
targeted governmental entities and a think tank in Europe and learning about
the Winter Vivern threat actor, get t... After reading the technical details
about this zero-day that targeted governmental entities and a think tank
in Europe and learning about the Winter Vivern threat actor, get t...
Content analysis details: (0.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[mastermagic55[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[mastermagic55[at]gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Spam-Flag: NO
--0000000000000afa7106090d1973
Content-Type: text/plain; charset="UTF-8"
After reading the technical details about this zero-day that targeted
governmental entities and a think tank in Europe and learning about the
Winter Vivern threat actor, get t...
--0000000000000afa7106090d1973
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><p style=3D"font-family:MS Sans Serif,Geneva,sans-serif;co=
lor:#8a2be2">After reading the technical details about this zero-day that t=
argeted governmental entities and a think tank in Europe and learning about=
the Winter Vivern threat actor, get t...</p><div class=3D"transactionid" i=
d=3D"61d573fb-090c-4741-bd7e-b2048428e401"></div></div>
--0000000000000afa7106090d1973--