News Heading - 1

November 2023 Data Breach Leaves 1.3 Million FNF Customers Vulnerable

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Fidelity National Financial (FNF) confirmed around 1.3 million customers’ information may have been potentially exposed during the November 2023 cyberattack (claimed by AlphV/ Black Cat gang ).

The American Fortune 500 company provides title insurance and settlement service to the real estate and mortgage industries.

In a recent amended Securities and Exchange Commission (SEC) filing, it revealed that the attack, first identified on November 19, 2023, was successfully contained in seven days. Nevertheless, the containment efforts forced the firm to temporarily block certain IT systems, resulting in disruption of few business operations.

According to the filing, the company concluded a forensic investigation into the incident around mid-December. The investigation revealed that the ransomware attack involved the use of a non-propagating malware that exfiltrated certain data from its systems. This stolen data is believed to be the sensitive information of nearly 1.3 million customers.

“We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that is not self-propagating, and exfiltrated certain data,” the filing revealed.

Although FNF did not reveal any details of the compromised information, it is known to collect customer names, addresses, credit information, driver’s licenses, and financial account details.

It further went on to clarify that none of the connected customer-owned systems were impacted, nor had it received any customer reports regarding the incident. In addition to securing its network, FNF had also notified the concerned regulatory authorities and customers.

“The Company has notified its affected customers and applicable state attorneys general and regulators, [..]; is providing credit monitoring, web monitoring, and identity theft restoration services; and is fielding questions from consumers.”

It also stated that it does not believe that the incident will have any material impact on any of its businesses, and that it’s a defendant in several lawsuits related to the attack.

News Heading - 2

Malicious Chrome VPN Extensions Force-Installed 1.5 Million Times

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a recently discovered malware campaign, 3 Chrome or Edge extensions disguised as VPNs were installed 1.5 million times.

Discovered by researchers at ReasonLabs , the fake extensions were spread through an installer hidden in torrents posing as popular video games like Grand Theft Auto, Assassins Creed, and The Sims 4.

Upon discovery, the extensions were reported to Google, which immediately removed them from the Chrome Web store. Despite this, the extensions netSave and netWin together accounted for around 500,000 installs, while netPlus had been installed a million times.

The campaign appears to be targeting the Russian-speaking community as the extensions were found to be in Russian. ‘’Using data derived from ReasonLabs users, we were able to identify tens of thousands of users infected with the Trojan across Russia, Ukraine, Kazakhstan, Moldova, and more – countries with many Russian speakers,’’ the report revealed.

The ReasonLab team discovered over a thousand different torrent files delivering the malicious installers, measuring between 60MB and 100MB in size. The malicious VPN installers unpack automatically and forcefully install one of the three to the users’ browser, without requiring any user permission. It also checks the machine for the presence of any antivirus product.

The dubious extensions had a realistic VPN user interface with limited functionalities and a paid subscription to appear legitimate. Furthermore, its code analysis revealed that it not only disabled other cashback and coupon extensions on the browser, but it also deployed a cashback activity hack.

The code also revealed that the extension has access to “tabs,” “storage,” “proxy,” “webRequest,” “webRequestBlocking,” “declarativeNetRequest,” “scripting,” “alarms,” “cookies,” “activeTab,” “management,” and “offscreen.”

By granting itself the needed authorisation, the extensions can exploit the offscreen permission, which allows the malware to run scripts using the Offscreen API. It then stealthily interacts with the webpage DOM to steal user data and disable existing browser extensions.

The report reveals the growing threat caused by pirated and fake extensions. Thus, making it necessary for users to check reviews and download applications from official, verified sources.