Drop Everything, Update Your Firefox And Tor Browsers Now

Source: Bleeping Computer Drop Everything, Update Your Firefox And Tor Browsers Now

Worse Than A Cheesy Christmas RomCom

Check your Firefox and Tor browsers for outstanding updates, as Russian hackers are exploiting a zero day on machines across North America and other continents.  The first problem is with Firefox’s animation timeline feature which allowed code to execute within the web browser’s sandbox.  It was actually patched back in October, but you should definitely check for any updates to ensure you are protected against this known threat as well as yet to be announced but likely already being exploited right now.  The second issue is a privilege escalation flaw in the Windows Task Scheduler service which again allows code you do not want running outside of the sandbox, which wasn’t patched until last week.

The problem for users of the Tor browser is that one of the JavaScript exploits used in the attacks against Firefox is called main-tor.js, which implies RomCom is able to leverage these flaws in that browser as well.  The attacks come from browser redirection, to a fake website the hackers controlled which would use the exploits to install whatever they wanted on the computer visiting the site, without any interaction by the user. 

Stay safe out there!

RomCom (also tracked as Storm-0978, Tropical Scorpius, or UNC2596) has been linked to financially motivated campaigns and orchestrated ransomware and extortion attacks alongside credential theft (likely aimed at supporting intelligence operations).

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!