SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- M&S cyber attack deepens as tech partner TCS denies blame
June 20, 2025
Tata Consultancy Services (TCS), the tech firm at the centre of speculation around the M&S cyber attack, has claimed that none of its systems or users were compromised in the incident. The statement, delivered at the company’s annual shareholder meeting, is the first public comment from the group since M&S was hit by a major cyber ...
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry
June 20, 2025
Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry. With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on ...
- Iranian missile strikes tech park housing Microsoft office in Israel’s Beer Sheva
June 20, 2025
First responders are searching buildings for people wounded after an Iranian missile struck close to a tech park in the Israeli city of Beer Sheva, according to Israel’s emergency services agency Magen David Adom (MDA). MDA said they found six people who were slightly injured as a result of the strike, as they continue to search ...
- BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access
June 19, 2025
BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a ...
- UBS bank reports data leak after attack on its external supplier
June 18, 2025
Zurich-based banking giant UBS Group has confirmed that company information was stolen during a cyberattack on one of its external suppliers, though it assured that no client data was compromised. The bank said the breach was part of a larger cyber incident affecting multiple companies, including former UBS affiliate Chain IQ and Swiss private bank Pictet. ...
- CVE-2025-4365/CVE Unassigned: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)
June 18, 2025
During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) was identified in NetScaler Console version 14.1.8.50 and found to affect versions of NetScaler Console and ...