Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load … [Read more...] about New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks
attack
Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack
Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The Hacker News on condition of anonymity.The company's website and the Twitter account say, "We are currently experiencing an outage that affects … [Read more...] about Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack
First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild
Cybersecurity researchers have spotted a new cyberattack, which is believed to be the very first but amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.In May this year, Microsoft released a patch for a highly-critical remote code execution flaw in the Windows Remote Desktop Services, … [Read more...] about First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.The issue affects reverse proxy cache systems like Varnish and some widely-used Content Distribution … [Read more...] about New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed
Remember the Simjacker vulnerability?Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.If you can recall, the Simjacker vulnerability resides in … [Read more...] about More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed
Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
Remember the Reverse RDP Attack?Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely.(You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other … [Read more...] about Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned.Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored … [Read more...] about SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
DNS under attack – Cisco Blog
You’ve probably heard the stories by now: one of the fundamental technologies that keeps the internet working has recently become a regular target for attackers. Earlier this month, the UK’s National Cyber Security Centre released an advisory warning of DNS hijacking attacks across multiple regions and sectors. (This was their second such advisory in six months.) Last month, in … [Read more...] about DNS under attack – Cisco Blog
New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions.The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both … [Read more...] about New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
Telegram Suffers ‘Powerful DDoS Attack’ From China During Hong Kong Protests
Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers.Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind … [Read more...] about Telegram Suffers ‘Powerful DDoS Attack’ From China During Hong Kong Protests