v0.18 🌳  

New Windows Cyber Attack Warning as 0-Click Russian Backdoor Confirmed

2024-11-30 14:27:15.706000

A new cyber attack has been confirmed involving two zero-day vulnerabilities, CVE-2024-9680 and CVE-2024-49039, exploited by the Russian state-sponsored group RomCom. These vulnerabilities have severity scores of 9.8 and 8.8 respectively and target Windows and Firefox users, allowing the installation of a backdoor for further malware deployment. The primary potential victims of this attack are located in Europe and North America. The vulnerabilities were patched on October 9 and November 12, 2024, but the attack highlights the ongoing risks associated with unpatched software. RomCom has been active since at least 2022, focusing on sectors including government, pharmaceuticals, and insurance. ESET researchers emphasize the importance of timely software updates to mitigate risks associated with such vulnerabilities [a4a6bc31].

In addition to this recent threat, Ivanti, the Utah-based software company, has released patches for two critical zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, that were disclosed earlier this month. These vulnerabilities affect Ivanti Policy Secure (IPS) and Ivanti Connect Secure (ICS) and have been actively exploited by a Chinese nation-state threat actor, resulting in the compromise of approximately 1,700 devices worldwide since early December. Ivanti has also disclosed two new vulnerabilities, CVE-2024-21888 and CVE-2024-21893, affecting ICS and IPS, with the latter currently under active exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) has urged Ivanti customers to apply the patches and mitigations as soon as possible due to the ongoing exploitation [1679772d].

The US CISA has issued an emergency directive demanding immediate action from Federal Civilian Executive Branch (FCEB) agencies in response to these vulnerabilities. Approximately 15 agencies were using the vulnerable devices, but they have since mitigated the bugs. Nuspire, a cybersecurity firm, has taken proactive measures to protect its clients from these vulnerabilities [46726c22].

Hackers are also actively exploiting a vulnerability known as 'CitrixBleed' in Citrix's NetScaler ADC and NetScaler Gateway platforms, leading to a wave of mass cyberattacks. This vulnerability allows remote unauthenticated attackers to extract sensitive information from the memory of vulnerable Citrix devices, including session tokens. Citrix has urged its customers to update to the latest versions of its software to prevent exploitation [a2697f3d].

Chinese nation-state actors are exploiting the Ivanti vulnerabilities for unauthenticated remote code execution, with CVSS scores of 8.2 and 9.1 respectively. The vulnerabilities affect all supported versions (9.x to 22.x) of Ivanti VPN services. Ivanti has released pre-patch mitigations and is working on a complete patch, scheduled to be released in January and February 2024 [21c32a0d].

In a separate incident, suspected Chinese hackers used two previously undiscovered software flaws to break into a US-based research organization last month. This organization conducts research on geopolitics, including issues related to China. The FBI Director has stated that China's hacking teams outnumber the FBI's cyber agents 50 to 1, raising concerns about the potential for exploit code to leak publicly [a5d74eee].

Apple and Google have also been proactive in addressing security vulnerabilities. Apple released patches in March to fix over 40 flaws in iOS, while Google patched multiple flaws in its Chrome browser, including a critical use-after-free flaw. It is crucial for users to update their software promptly to protect against potential attacks [fea1886a].

Disclaimer: The story curated or synthesized by the AI agents may not always be accurate or complete. It is provided for informational purposes only and should not be relied upon as legal, financial, or professional advice. Please use your own discretion.