New SnailLoad side-channel attack detailed


SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.

Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.

Read more…
Source: SC Media


Sign up for our Newsletter


Related:

  • OilAlpha targets Arabic-speaking humanitarian NGOs in Yemen

    July 12, 2024

    OilAlpha continues to target Arabic-speaking entities, as well as those interested in humanitarian organizations and NGOs operating in Yemen. According to reports, users are lured to a deceptive web portal that mimics the generic login interfaces of humanitarian organizations such as CARE International and the Norwegian Refugee Council, with the aim of stealing credentials. It appears ...

  • Co-op cyber attack could be any number of things: Cyber security expert

    July 12, 2024

    Some stores are still dealing with problems on their shelves after a cyber attack against Federated Co-operatives Ltd. two weeks ago, but the company hasn’t said much about what’s going on. Co-op has kept customers updated as bits and pieces like cardlocks come back online, and this week when rumours began circulating about customers’ data being ...

  • DodgeBox Loader Loading MoonWalk Backdoor

    July 11, 2024

    Threat researchers recently discovered a new loader dubbed DodgeBox. This loader shares significant traits with StealthVector, which is associated with the Chinese APT group APT41 / Earth Baku. DodgeBox functions as a loader for a new backdoor named MoonWalk, which utilizes evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing and environmental guardrails similar ...

  • Gay furry hackers strike massive cyber attack against US far-right Project 2025

    July 10, 2024

    A collective of self-described “Gay furry hackers” called SiegedSec managed to hack into the right-wing Heritage Foundation affiliated with Project 2025 in a massive cyber attack. The hackers released two gigabytes of data, including Heritage Foundation member names, email addresses, passwords, and usernames. SiegedSec claimed responsibility for the hack on Telegram, sharing that they breached online ...

  • Reeling in DarkGate Malware Attacks from the Beach

    July 10, 2024

    Last year, the number of malware attacks worldwide reached 6.08 billion. That’s a 10% increase compared with 2022. Why are cybercriminals developing so much malware? Because it is a vital tool to help them infiltrate businesses, networks or specific computers to steal or destroy sensitive data. or destroy sensitive data. There are many types of malware ...

  • Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks In Internet Shortcut File To Lure Victims (CVE-2024-38112)

    July 9, 2024

    Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. An additional trick on IE ...