SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- Oil & Gas Cybersecurity: Halt Critical Operation Attacks
March 15, 2022
The oil and gas utilities industry face threats from cyber incidents. The ransomware attack on the Colonial Pipeline in May 2021 had a huge impact on the industry. In February 2022, it was also reported that European oil facilities hit by cyber-attack and forced to operate at limited capacity. These latest incidents suggest that oil and ...
- China captures powerful US NSA cyberspy tool
March 14, 2022
China captured a spy tool deployed by the US National Security Agency, which is capable of lurking in a victim’s computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of users’ information, according to a report the Global Times obtained from the National Computer Virus Emergency ...
- Israeli government websites down due to suspected cyberattack
March 14, 2022
This is the largest-ever cyberattack carried out against Israel, a defense establishment source says Several Israeli government websites went down on Monday, prompting suspicions of a cyberattack. The websites of the Prime Minister’s Office, as well as several ministries, were inaccessible. Access to some of the websites has been restored. A senior defense official reportedly told Haaretz that ...
- CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel
March 14, 2022
Last week, security researcher Max Kellermann discovered a high severity vulnerability in the Linux kernel, which was assigned the designation CVE-2022-0847. It affects the Linux kernels from 5.8 through any version before 5.16.11, 5.15.25 and 5.10.102, and can be used for local privilege escalation. The vulnerability resides in the pipe tool, which is used for ...
- QNAP warns severe Linux bug affects most of its NAS devices
March 14, 2022
Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed ‘Dirty Pipe’ that allows attackers with local access to gain root privileges. The ‘Dirty Pipe’ security bug affects Linux Kernel 5.8 and later versions, even on Android devices. If successfully exploited, it allows non-privileged ...
- Automotive giant Denso confirms hack, Pandora ransomware group takes credit
March 14, 2022
Denso has confirmed a cyberattack impacting the firm’s German operations. The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.” Clients include Toyota, Honda, General Motors, and Ford. Consolidated revenue in the 2020-2021 ...