{"id":131879,"date":"2024-11-30T20:13:46","date_gmt":"2024-11-30T13:13:46","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=131879"},"modified":"2024-11-30T20:13:46","modified_gmt":"2024-11-30T13:13:46","slug":"new-windows-cyber-attack-warning-as-0-click-russian-backdoor-confirmed","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=131879","title":{"rendered":"New Windows Cyber Attack Warning As 0-Click Russian Backdoor Confirmed"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<figure class=\"embed-base image-embed embed-0\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\">Zero click Windows and Firefox attack chain confirmed<\/p>\n<p><\/fbs-accordion><small>Getty<\/small><\/figcaption><\/figure>\n<p><em>Update, Nov. 30, 2024: This story, originally published Nov. 29 now includes more detail about Storm-0978, the distributors of RomCom and the threat actors behind the multiple vulnerability zero-click Firefox and Windows cyber attack.<\/em><\/p>\n<p>A cyber attack chaining two zero-day security vulnerabilities together, one with a severity rating of 9.8 and the other 8.8, has been confirmed by security researchers as being by a known Russian state-sponsored threat group called RomCom after the malware family it exploits. The cyber attack, using these previously unknown security vulnerabilities, exploited both the Mozilla Firefox web browser and Windows itself in order to install a backdoor capable of executing commands and downloading further malware onto the target computer. Here\u2019s what we know about the RomCom hack-attack against Windows users.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-2\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/27\/wake-up-and-smell-the-ransomware-starbucks-impacted-by-ai-cyber-attack\/\" target=\"_blank\" aria-label=\"Wake Up And Smell The Ransomware\u2014Starbucks Impacted By Cyber Attack\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/27\/wake-up-and-smell-the-ransomware-starbucks-impacted-by-ai-cyber-attack\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Wake Up And Smell The Ransomware\u2014Starbucks Impacted By Cyber Attack<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/674556523e41167fbc1d5d7c\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">The RomCom Zero-Click Cyber Attack Explained<\/h2>\n<p>With potential victims primarily located in Europe and North America, <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/romcom-exploits-firefox-and-windows-zero-days-in-the-wild\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/romcom-exploits-firefox-and-windows-zero-days-in-the-wild\/\" data-ga-track=\"ExternalLink:https:\/\/www.welivesecurity.com\/en\/eset-research\/romcom-exploits-firefox-and-windows-zero-days-in-the-wild\/\" aria-label=\"security researchers from ESET have published a detailed analysis\">security researchers from ESET have published a detailed analysis<\/a> of what they referred to as being a widespread campaign. To get an idea of how big a deal this cyber attack was, it involved the use of not one but two zero-day vulnerabilities chained together in a powerful exploit that could end up installing a Russian hacker-controlled backdoor on Windows computers.<\/p>\n<p><fbs-ad position=\"inread\" progressive=\"\" ad-id=\"article-0-inread\" aria-hidden=\"true\" role=\"presentation\"\/><\/p>\n<p>The Mozilla vulnerability, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-9680\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-9680\" data-ga-track=\"ExternalLink:https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-9680\" aria-label=\"CVE-2024-9680\">CVE-2024-9680<\/a>, with an extremely high common vulnerabilities and exposures risk severity berating of 9.8 out of 10, was a use-after-free memory flaw in the Firefox animation timeline feature. Meanwhile, the Windows zero-day, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-49039\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-49039\" data-ga-track=\"ExternalLink:https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-49039\" aria-label=\"CVE\u20112024\u201149039\">CVE\u20112024\u201149039<\/a>, rated at 8.8 out of 10, was a privilege of escalation flaw that could enable malicious code to operate outside of the Mozilla Firefox browser security sandbox. Chaining these two together, in what was a zero-click exploit, is about as close to a 10 out of 10 danger rating as I can think of.<\/p>\n<p>\u201cThe compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit, and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor,\u201d Damien Schaeffer, the ESET researcher who discovered both vulnerabilities, said.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-4\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/27\/is-your-router-in-the-matrix-35-million-devices-under-blue-pill-attack\/\" target=\"_blank\" aria-label=\"Are You Already In The Matrix\u201435 Million Devices Under Blue Pill Attack\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/27\/is-your-router-in-the-matrix-35-million-devices-under-blue-pill-attack\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Are You Already In The Matrix\u201435 Million Devices Under Blue Pill Attack<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/674586c21cde36a70cefd62b\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">What Is Known About Storm-0978, Also Known As RomCom, The Threat Actor Behind The Zero-Click Cyber Attack<\/h2>\n<p>The threat actor behind the Firefox and Windows zero-click exploit chain that installs a backdoor onto Windows systems is known as RomCom but it also has many other names. Also known as Storm-0978, Tropical Scorpius, and UNC2596, RomCom is a \u201cRussia-aligned group that conducts both opportunistic campaigns against selected business verticals and targeted espionage operations,\u201d according to the ESET report.<\/p>\n<figure class=\"embed-base image-embed embed-7\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\">RomCom victims during 2024<\/p>\n<p><\/fbs-accordion><small>ESET<\/small><\/figcaption><\/figure>\n<p>As well as the now-to-be-expected targeting of government, defense and energy sectors in Ukraine by such a Russian-affiliated threat group, RomCom has also targeted the pharmaceutical and insurance sectors in the US; the legal sector in Germany; and governmental entities in Europe.<\/p>\n<p>\u201cThe group\u2019s focus has shifted to include espionage operations collecting intelligence,\u201d ESET said, \u201cin parallel with its more conventional cybercrime operations.\u201d<\/p>\n<p>Threat intelligence from <a href=\"https:\/\/unit42.paloaltonetworks.com\/snipbot-romcom-malware-variant\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/unit42.paloaltonetworks.com\/snipbot-romcom-malware-variant\/\" data-ga-track=\"ExternalLink:https:\/\/unit42.paloaltonetworks.com\/snipbot-romcom-malware-variant\/\" aria-label=\"the Palo Alto Unit 42 group\">the Palo Alto Unit 42 group<\/a> published in Sept. 2024, discovered RomCom malware strains dating back to Dec. 2023 but noted the threat actor had been actively using the malware since at least 2022. \u201cRomCom RAT is a malware family that has evolved over the years to include different features and attack methods,\u201d Unit 42 researchers Yaron Samuel and Dominik Reichel, said, \u201cthey engage in ransomware, extortion and targeted credential gathering, likely to support intelligence-gathering operations.\u201d<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-9\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/29\/google-and-microsoft-users-warned-rockstar-2fa-bypass-attacks-incoming\/\" target=\"_blank\" aria-label=\"Google And Microsoft Users Warned\u2014Rockstar 2FA Bypass Attacks Incoming\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/29\/google-and-microsoft-users-warned-rockstar-2fa-bypass-attacks-incoming\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Google And Microsoft Users Warned\u2014Rockstar 2FA Bypass Attacks Incoming<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/660d1b09f7df78879da1abfd\/960x0.jpg);\"\/><\/span><\/a> <\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Putting A Stop To The RomCom Cyber Attack Demanded Quick Action<\/h2>\n<p>Both the vulnerabilities have now been patched by the respective vendors, and Schaeffer thanked the Mozilla team in particular \u201cfor being very responsive and to highlight their impressive work ethic to release a patch within a day.\u201d The <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2024-51\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2024-51\/\" data-ga-track=\"ExternalLink:https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2024-51\/\" aria-label=\"vulnerability in Firefox was patched on Oct. 09\">vulnerability in Firefox was patched on Oct. 09<\/a> after being reported on Oct. 08.<\/p>\n<p>The Windows vulnerability, meanwhile, was <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/13\/windows-users-must-update-now-as-microsoft-confirms-4-new-zero-days\/\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/13\/windows-users-must-update-now-as-microsoft-confirms-4-new-zero-days\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/13\/windows-users-must-update-now-as-microsoft-confirms-4-new-zero-days\/\" aria-label=\"fixed as part of the latest Patch Tuesday security roundup\" rel=\"noopener\">fixed as part of the latest Patch Tuesday security roundup<\/a> on Nov. 12. Although this appears, on first glance, to be a concerning delay, remember that this was a chained cyber attack exploit requiring both unpatched vulnerabilities to exist in order to be successfully exploited.<\/p>\n<p>However, this is no time to sit on your laurels and think the cyber attack danger is over, especially if you are not on top of your software and operating system update game as Mike Walters, president and co-founder of Action1, said. \u201cThe exploitation techniques used by the RomCom attackers pose notable risks to other organizations, highlighting several vulnerabilities and potential attack vectors Walters went on to state that organizations running outdated versions of software, such as Firefox or Windows, that haven&#8217;t been patched for known vulnerabilities are \u201cat significant risk.\u201d<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-6\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/26\/microsofts-new-windows-11-decision-millions-of-passwords-to-be-replaced\/\" target=\"_blank\" aria-label=\"Microsoft\u2019s New Windows 11 Decision\u2014Millions Of Passwords To Be Replaced\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/26\/microsofts-new-windows-11-decision-millions-of-passwords-to-be-replaced\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Microsoft\u2019s New Windows 11 Decision\u2014Millions Of Passwords To Be Replaced<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/6742f9c95254c66f21bef41e\/960x0.jpg);\"\/><\/span><\/a>\n<\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/11\/30\/windows-warning-as-new-0-click-backdoor-russian-cyber-attack-confirmed\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zero click Windows and Firefox attack chain confirmed Getty Update, Nov. 30, 2024: This story, originally published Nov. 29 now includes more detail about Storm-0978, the distributors of RomCom and &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=131879\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-131879","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/131879","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=131879"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/131879\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=131879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=131879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=131879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}