The Download
Russian-linked RomCom hackers are exploiting two zero-day vulnerabilities chained together in Firefox and Windows to break out of the browser sandbox and launch sophisticated attacks. These flaws allow attackers to execute malicious code, compromising systems and accessing sensitive data. Once exploited, attackers can install backdoors, spread malware, or escalate privileges, making the vulnerabilities highly critical for organizations using these platforms. The first exploit takes advantage of a vulnerability in Firefox (CVE-2024-9680) to execute code in Firefox, albeit within the sandbox. The second vulnerability is in Windows Task Scheduler (CVE-2024-49039) allows the code to escape the sandbox and execute natively on Windows machines.
What You Can Do
IT administrators should prioritize patching by applying the latest updates from Firefox and Microsoft immediately. They should also monitor for unusual system behavior, implement endpoint protection, and regularly review system logs for indicators of compromise. Scan your devices with ThreatMate to identify risky vulnerabilities.
To Learn More: