Home > News > Daily Threat Intel: Cybersecurity Edge! 🚨🔍

Daily Threat Intel: Cybersecurity Edge! 🚨🔍

dall·e 2024 02 15 16.36.04 create a feature image for the article titled daily threat intelligence staying ahead of cybersecurity threats. this image should encapsulate the c

Daily Threat Intelligence: Staying Ahead of Cybersecurity Threats

Banks in Brazil are being targeted by a malicious Chrome extension called ParaSiteSnatcher. This extension is exploiting a Chrome browser API to intercept and exfiltrate sensitive data, including banking details, from Latin American users, particularly those in Brazil. Akamai has also revealed the details of a Mirai-based DDoS botnet that leverages a pair of undisclosed zero-day flaws in routers and Network Video Recorder (NVR) devices with default admin credentials, along with a malware sample based on the hailBot Mirai variant and a web shell.

On the other hand, security researchers have shared details of an exploit against the top fingerprint sensors used for Windows Hello authentication in laptops. The research involved extensive reverse engineering of both software and hardware, uncovering cryptographic implementation flaws, and understanding proprietary communication protocols.

Key Takeaways

  • Banks in Brazil are being targeted by ParaSiteSnatcher, a malicious Chrome extension that exploits a Chrome browser API to intercept sensitive data.
  • Akamai has revealed the details of a Mirai-based DDoS botnet that exploits zero-day flaws in routers and Network Video Recorder (NVR) devices.
  • Security researchers have uncovered flaws in the top fingerprint sensors used for Windows Hello authentication in laptops.

Top Breaches Reported in the Last 24 Hours

Several significant data breaches have been reported in the past 24 hours, affecting various organizations across different industries. The breaches have led to the exposure of sensitive information, causing significant disruptions and financial losses. Here are some of the top breaches reported:

  • London & Zurich, a direct debit collection firm, suffered a ransomware attack, causing severe disruptions that led to significant backlogs and affecting cash flow for businesses relying on it. The outage left customers unable to process direct debit payments, and customers could not even reach any support services via the company's phone lines. One managed service provider reported a backlog of over $124,000.
  • The Idaho National Laboratory (INL) suffered a data breach, exposing employee information, including addresses, SSNs, bank account details, names, and dates of birth. The breach impacted the Oracle HCM system servers supporting INL's Human Resources applications. The hacker group SiegedSec claimed responsibility, leaked the stolen data, and posted screenshots of internal INL tools.
  • The New York City Bar Association disclosed a cyberattack that occurred nearly a year ago, with data of over 27,000 members and employees compromised. The Cl0p ransomware gang claimed responsibility for the attack in January. Financial account details and payment card information, including security codes or PINs, were reportedly leaked.

These breaches highlight the ongoing threat of cyberattacks, which can cause significant damage to organizations of all sizes and industries. Companies must take proactive measures to secure their systems and data, including regular backups, employee training, and the use of security tools. The dark web is a significant source of cyber threats, and companies must be vigilant in monitoring for potential attacks.

Top Malware Reported in the Last 24 Hours

Gamaredon, a Russian-state hacking group, has expanded its victim reach with the LitterDrifter worm, which is a USB-based espionage malware for broad-scale data collection. LitterDrifter has two primary components – a spreading module and a C2 module, supporting a large-scale operation. It has already infected organizations in Ukraine, the U.S., Vietnam, Chile, Poland, and Germany. This malware is considered a significant threat to the organizations it targets.

Security researchers have discovered a sophisticated malicious Google Chrome extension named ParaSiteSnatcher. This extension is designed to target users in Latin America, particularly Brazil. ParaSiteSnatcher is used to monitor, manipulate, and exfiltrate sensitive information, including data from Banco do Brasil and Caixa Econômica Federal. The extension exploits the Chrome Browser API to intercept and exfiltrate sensitive information, especially from POST requests containing account and financial details.

malicious chrome extensions pose privacy threat for brazilian users
image © 2024. all rights reserved.

A new Mirai-based DDoS botnet campaign has been discovered exploiting two zero-day vulnerabilities, enabling remote code execution by targeting vulnerable routers and video recorders. The botnet, InfectedSlurs, employs racial language in command-and-control servers. Security experts also revealed a web shell, wso-ng, concealing its login interface behind a 404 error page. Another malware variant in relation to the hailBot Mirai variant was also spotted in the wild.

These attacks serve as a reminder that organizations should remain vigilant and take necessary steps to protect themselves from such threats. This includes keeping software up-to-date, restricting access to sensitive data, and implementing multi-layered security measures.

Top Vulnerabilities Reported in the Last 24 Hours

Security researchers at Blackwing Intelligence have discovered critical vulnerabilities affecting the Windows Hello authentication system on several laptop models. The flaws found in fingerprint sensors from Goodix, Synaptics, and ELAN, enabled attackers to bypass fingerprint authentication. Exploiting weaknesses in the “Match on Chip” (MoC) fingerprint sensors, researchers discovered methods for Adversary-in-the-Middle (AitM) attacks, particularly on the ELAN sensor. These vulnerabilities pose a significant threat to device security, and users are advised to update their systems as soon as possible.

Frequently Asked Questions

What are the top sources for up-to-date threat intelligence feeds?

There are several top sources for up-to-date threat intelligence feeds, including commercial threat intelligence providers, open-source intelligence feeds, and government agencies. Some popular commercial providers include FireEye, Recorded Future, and CrowdStrike. Open-source intelligence feeds such as the Malware Information Sharing Platform (MISP) and the Open Threat Exchange (OTX) can also provide valuable threat intelligence. Additionally, government agencies such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) can provide valuable threat intelligence feeds.

How can open-source threat intelligence tools be utilized effectively?

Open-source threat intelligence tools can be utilized effectively by integrating them into an organization's existing security infrastructure. These tools can be used to monitor network traffic, analyze suspicious activity, and detect potential threats. Additionally, open-source intelligence feeds can be used to supplement commercial threat intelligence feeds and provide additional context and insights into potential threats.

What are the different categories of cyber threats?

There are several different categories of cyber threats, including malware, ransomware, phishing attacks, distributed denial of service (DDoS) attacks, and advanced persistent threats (APTs). Malware is malicious software that is designed to harm a computer or network. Ransomware is a type of malware that encrypts a victim's files and demands payment in exchange for the decryption key. Phishing attacks are social engineering attacks that trick victims into revealing sensitive information. DDoS attacks are designed to overwhelm a target's network with traffic, rendering it inaccessible. APTs are sophisticated attacks that are designed to infiltrate a target's network and remain undetected for an extended period.

Where can one find the latest news on cyber threat intelligence?

One can find the latest news on cyber threat intelligence by following industry blogs and news websites such as Dark Reading, Threatpost, and KrebsOnSecurity. Additionally, commercial threat intelligence providers often publish reports and updates on the latest threats and trends in the industry.

How can a daily threat intelligence report benefit an organization?

A daily threat intelligence report can benefit an organization by providing valuable insights into potential threats and vulnerabilities. These reports can help security teams prioritize their efforts and focus on the most critical threats. Additionally, daily threat intelligence reports can help organizations stay up-to-date on the latest threats and trends in the industry.

What essential information is included in a typical threat intelligence report?

A typical threat intelligence report includes information on the type of threat, the attacker's tactics and techniques, the target's vulnerabilities, and recommended mitigation strategies. Additionally, threat intelligence reports often include indicators of compromise (IOCs) such as IP addresses, domain names, and file hashes that can be used to detect and block potential threats.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.