SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- Cloudflare blames previous Okta breach for November 2023 cyberattack
February 2, 2024
Cloudflare is laying the blame for the cyberattack it suffered late last year the after-effects of the critical Okta breach. The content delivery service provider has published a blog post detailing the cybersecurity incident it suffered on Thanksgiving Day 2023, noting that on November 23, 2023, a threat actor accessed the company’s self-hosted Atlassian server. Read more… Source: ...
- There Are Too Many Damn Honeypots
February 2, 2024
Determining the number of internet-facing hosts affected by a new vulnerability is a key factor in determining if it will become a widespread or emergent threat. Are there a lot of hosts affected? Pretty good possibility things are about to pop off. Only a few hosts? Probably less likely. But actually, counting those hosts has become ...
- Former CIA employee sentenced to 40 years in prison after carrying out largest data leak in agency’s history
February 1, 2024
A former CIA employee was sentenced to 40 years in prison after carrying out the largest data leak in the agency’s history, the US Attorney’s Office of the Southern District of New York announced Thursday. Joshua Schulte – who was accused of handing over reams of classified data to WikiLeaks in 2016 – was convicted in ...
- Ukraine says 2,000 computers of state firm were impacted in cyber attack
February 1, 2024
Ukraine’s state computer emergency response team CERT-UA said on Thursday around 2,000 computers had been affected in the recent cyber attack on an unnamed state-run company. “As part of the detailed study of the cyber threat, the obtained malware samples were examined, the peculiarities of the functioning of the infrastructure of control servers were established, and ...
- Volt Typhoon Actors Exploiting Insecure SOHO Routers
January 31, 2024
Threat actors—particularly the People’s Republic of China (PRC)—sponsored Volt Typhoon group—are compromising small office/home office (SOHO) routers by exploiting software defects that manufacturers must eliminate through secure software design and development. Specifically, Volt Typhoon actors are exploiting security defects in SOHO routers to use them as launching pads to further compromise U.S. critical infrastructure entities. CISA ...
- Czech cyber security agency reports record number of attacks in 2023
January 31, 2024
Czechia’s National Cyber and Security Information Agency says it registered a record number of cyber-attacks last year. The state organisation said on its website on Wednesday that it had recorded 262 such attacks in 2023, compared to 146 the previous year. The agency said the increase was mainly due to repeated waves of DDoS attacks led ...