SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- Spain’s Alcampo Acts Quickly To Mitigate Impact Of Cyber Attack
August 29, 2024
Spanish retailer Alcampo has reportedly suffered a cyber attack, however the group told local media that it acted quickly to mitigate its effects. The retailer experienced the cyber attack between Sunday 25 August and Monday 26 August, according to media reports, and upon discovery of the incident, engaged data protection experts to implement the necessary technical, ...
- Deep Analysis of Snake Keylogger’s New Variant
August 28, 2024
Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It ...
- Fortra Releases Security Advisories for FileCatalyst Workflow
August 28, 2024
Fortra has released security advisories addressing a critical vulnerability and a high severity vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. CVE-2024-6632 is an SQL injection vulnerability with a CVSSv3 score of 7.2 (high), which if exploited could allow an unauthenticated ...
- UK: Staff details stolen in poultry factory cyber attack
August 28, 2024
Staff at a poultry factory in Norfolk have had their personal details stolen in a cyber attack. Banham Poultry, based in Attleborough, said criminals had remotely accessed its system in the early hours of 18 August. In an email sent to staff, seen by the BBC, the company said information such as National Insurance numbers, copies ...
- Interpol busts Black Axe global crime network, arrest over 300
August 28, 2024
The International Criminal Police Organisation (INTERPOL) Police units had in a coordinated action in 21 countries between April and July 2024 arrested over 300 people with links to Nigerian criminal group Black Axe and other affiliated groups. In a statement, Interpol said operation “Operation Jackal III” led to hundreds of arrests, the seizure of assets worth ...
- Hunters International ransomware gang threatens to leak US Marshals data
August 27, 2024
The Hunters International ransomware group is threatening to leak what it claims to be 386 GB of data from the U.S. Marshals Service (USMS), more than a year after the federal law enforcement agency suffered a major ransomware attack. The gang claims the data, comprising more than 327,000 files, includes “Top Secret” documents, gang files, information ...