SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- Glupteba malware is back in action after Google disruption
December 17, 2022
The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. In December 2021, Google managed to cause a massive disruption to the blockchain-enabled botnet, securing the court orders to take control of the botnet’s infrastructure and filing complaints against two Russian operators. Nozomi now ...
- Australia: Fire Rescue Victoria confirms cyber attack from ‘external third party’ as outage continues
December 16, 2022
Fire Rescue Victoria has confirmed it has been the victim of a cyber attack as it continues to deal with a widespread IT outage. FRV revealed on Thursday it was having to alert firefighters to emergencies by mobile phone and radio because of an outage affecting its computer dispatch system. The service said preliminary investigations had ...
- Agenda Ransomware Uses Rust to Target More Vital Industries
December 16, 2022
This year, ransomware-as-a-service (RaaS) groups like BlackCat, Hive, and RansomExx have developed versions of their ransomware in Rust, a cross-platform language that makes it easier to tailor malware to different operating systems like Windows and Linux. In this blog entry, Trend Micro shed light on Agenda (also known as Qilin), another ransomware group that has ...
- FBI: Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients
December 15, 2022
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are releasing this joint Cybersecurity Advisory (CSA) to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food ...
- Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs
December 15, 2022
An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint. Over the past two years, the threat actor group that ...
- Ransomware Business Models: Future Pivots and Trends
December 15, 2022
As modern ransomware attacks became one of the most dangerous cybersecurity incidents that can happen to organizations in recent years, we explored its current state and the possible directions that ransomware groups can take it. Noting that there are other cybercriminal business models where more illicit money can be made, and the changing geopolitical and ...