SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- Ransom Cartel Ransomware: A Possible Connection With REvil
October 14, 2022
Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware. REvil ransomware disappeared just a couple of months before Ransom Cartel surfaced and just one month after 14 of its alleged members were arrested in Russia. ...
- Oil and Gas Cybersecurity: Trends & Response to Survey
October 13, 2022
Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, they discuss the characteristics of each industry, the motivations and environmental ...
- Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
October 13, 2022
Cisco Talos has discovered a new single-file command and control (C2) framework the authors call “Alchimist .” Talos researchers found this C2 on a server that had a file listing active on the root directory along with a set of post-exploitation tools. Cisco Talos assesses with moderate-high confidence that this framework is being used in the ...
- Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
October 13, 2022
On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch ...
- Budworm: Espionage Group Returns to Targeting U.S. Organizations
October 13, 2022
The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based ...
- Private health insurance company Medibank affected by cyber attack less than a month after telco Optus was targeted
October 13, 2022
Health insurance giant Medibank Group is the latest Australian company to become the target of a cyber attack. Last month telecommuncations company Optus was hit by a wide-scale breach which saw more than two million customers affected. Telstra was also rocked by a data breach which saw the personal details of 30,000 current and former staff leaked. Read ...