RomCom exploits Firefox and Windows zero days in the wild

SUMMARY :

ESET researchers discovered a critical zero-day vulnerability in Mozilla products, exploited by the Russia-aligned group RomCom. The vulnerability, CVE-2024-9680, allows code execution in Firefox, Thunderbird, and Tor Browser. When chained with another Windows vulnerability, CVE-2024-49039, it enables arbitrary code execution without user interaction. The exploit chain delivered RomCom's backdoor in a widespread campaign targeting Europe and North America. Mozilla quickly patched the vulnerability within a day of notification. The Windows vulnerability, a privilege escalation bug in the Task Scheduler, was later patched by Microsoft. This sophisticated attack demonstrates RomCom's capabilities in developing or obtaining stealthy exploitation techniques.

OPENCTI LABELS :

backdoor,windows,privilege-escalation,firefox,romcom backdoor,sandbox-escape


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


RomCom exploits Firefox and Windows zero days in the wild