SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks
January 2, 2024
Hospitals and banks are more exposed to cyber attacks because “lazy” broadband engineers are failing to fill in crucial forms, it has been alleged. Industry sources warned of a “Wild West” among contractors who are not handing over information about when and where they are working on BT’s network. Read more… Source: MSN News
- Cyber-hackers target UK nuclear waste company RWM
December 31, 2023
Hackers have targeted the company behind a £50bn project to build a vast underground nuclear waste store in Britain, its developer has said. Radioactive Waste Management, the company behind the Geological Disposal Facility (GDF) project, has said that hackers unsuccessfully attempted to breach the business using LinkedIn. RWM is the government-owned entity behind a trio of ...
- Mint Mobile reveals another major data breach
December 29, 2023
American mobile virtual network operator (MVNO) Mint Mobile has confirmed suffering a data breach affecting an unknown number of its customers. The company revealed the news in an email sent to its customers, in which it explained “We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained ...
- 2023’s badly handled data breaches
December 29, 2023
Last year, researchers compiled a list of 2022’s most poorly handled data breaches, looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information to failing to answer basic questions. Turns out this year, many organizations continue to make ...
- EasyPark data breach may affect millions of customers
December 29, 2023
EasyPark has confirmed it was hit in a cyberattack that saw customer data breached and revealed online. The company, which runs apps to help people find parking spots, said in an alert to customers that it discovered the breach on December 10 2023. Read more… Source: Yahoo News
- India: Forensic investigation reveals repeated use of Pegasus spyware to target high-profile journalists
December 28, 2023
Amnesty International, in partnership with The Washington Post, has unearthed shocking new details about the continued use of NSO Group’s highly invasive spyware Pegasus to target prominent journalists in India, including one who had previously been a victim of an attack using the same spyware. The Security Lab recovered evidence of a zero-click exploit which was ...