Threat Intelligence Reports

Detailed Analysis Report on “Baykar Bayraktar TB2 UAV Data Leak” Allegation

In this blog, as Cyberthint threat hunters, we have shared with you as our esteemed readers, the results of our analysis of the leaked source code of the “Bayraktar TB2” model, which was offered for sale on a popular darkweb forum and allegedly belonged to the “Bayraktar TB2” model, which is an unmanned aerial vehicle belonging to the “Baykar Technology” company, and the results we obtained as a result of a social engineering-based operation against the threat actor.

Vulnerabilities

Roundcube Markasjunk Plugin Command Injection Vulnerability Analysis

On June 6, 2023, security researchers discovered a vulnerability in Roundcube’s “markasjunk” plugin. This vulnerability allow attackers to execute command by sending a specifically crafted identity email address through plugin.

Although the CVSSv3 score of the vulnerability is defined as “6.5”, according to Cyberthint analysts, its impact is actually critical and CWE ID: CWE-77.

Affected Versions: Roundcube versions 1.6.1 and earlier versions, when the markasjunk plugin is enabled.