SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- CISA Releases Six Industrial Control Systems Advisories
September 26, 2023
CISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03 Mitsubishi Electric FA Engineering Software Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds Three Known Exploited Vulnerabilities to Catalog
- Dusting for fingerprints: ShadowSyndicate, a new RaaS player?
September 26, 2023
The Ransomware-as-a-Service (RaaS) market is a fast-moving one. Prominent RaaS or affiliate groups can form, wreak havoc, and disband all within a short period of time. In this blog, Group-IB researchers will detail what they believe to be a new RaaS group that appears to operate differently from the rest: Enter ShadowSyndicate. What is unusual about ...
- APT and financial attacks on industrial organizations in H1 2023
September 25, 2023
This summary provides an overview of reports of APT and financial attacks on industrial enterprises that were disclosed in H1 2023, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities. For each topic, Kaspersky researchers have sought to summarize the key facts, findings, and conclusions of the ...
- UK: Reported cyber security breaches increase threefold for financial services firms
September 25, 2023
Cyber security breaches for UK financial services firms have increased threefold from the years of 2021-2022 and 2022-2023, with the highest – reportedly – being in the pensions sector. New research by the international law firm RPC shows that the amount of reports of cyber security breaches to the Information Commissioners Office (ICO) has increased from ...
- Hackers break into Russian database with data on hundreds of millions of flights
September 23, 2023
Ukrainian hackers have hacked into the Russian database of the Sirena-Travel booking system, obtaining information on 664 million flights over the last 16 years. They also obtained the names, phone numbers and document numbers of the passengers. News of this was posted on the Telegram channel of the hacker community KibOrg. An unknown group called Muppets, ...
- Lingerie group Wacoal hit by cyber attack
September 22, 2023
The websites for Wacoal, Fantasie, Freya and Elomi are all down and displaying an error message stating that the sites are “under maintenance”. One independent Wacoal stockist told Drapers the European arm of the Japanese business had been hit by a cyber attack on Tuesday (19 September) which has affected ordering systems, websites and phone systems. Read ...