The Hacker News
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics
Malicious packages lurking in open-source repositories. Discover how DLL side-loading is the latest technique used to evade security software.
The Hacker News
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar
DLL side-loading, a tactic used by malicious actors, helps Quasar RAT and other malware evade detection, steal data.
Infosecurity News
QuasarRAT Deploys Advanced DLL Side-Loading Technique
Uptycs researchers said the technique exploits Microsoft files to execute malicious commands
The Cyber Express
FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques
Researchers have discovered a sophisticated phishing campaign meticulously crafted to target cryptocurrency users. This elaborate scheme, equipped with the notorious
Security Affairs
Google Gmail client-side encryption is available globally
Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. In December, Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta users can […]
SecurityWeek
Google Workspace Gets Client-Side Encryption in Gmail
Google has announced the beta availability of client-side encryption in Gmail for Google Workspace customers.
Bleeping Computer
Google: Gmail client-side encryption now publicly available
Gmail client-side encryption (CSE) is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.
ZDNet
Google brings client-side encryption to Gmail for Workspace
Some Workspace customers can apply for the client-side encryption for Gmail beta until January 20.
SecurityWeek
New 'Inception' Side-Channel Attack Targets AMD Processors
Researchers have disclosed the details of a new locally exploitable side-channel attack targeting AMD CPUs named Inception
Latest Hacking News
Google Meet Now Offers Client-Side Encryption For All Calls
With the recent Google Meet update, Google has strengthened call security for its users. Google Meet users can now use the client-side encryption to secure their calls even with non-Google users. Google Meet Launches Client-Side Encryption According
Latest Hacking News
Collide+Power Attack: New Side-Channel Attack Risks All CPUs
Researchers have identified a new side-channel attack impacting all existing processors. Named “Collide+Power”, this side-channel attack exploits target CPU’s measured power consumption following a collision between the attackers’ and the other apps’ datasets in cache
Bleeping Computer
Google Workspace adds new phishing protection, client-side encryption
Google Workspace (formerly G Suite) has been updated with client-side encryption and new Google Drive phishing and malware content protection.
SecurityWeek
AWS Enables Default Server-Side Encryption for S3 Objects
AWS has announced that server-side encryption is now automatically enabled for all Amazon S3 buckets.
CSO
Researchers find new way to neutralize side-channel memory attacks
The method, developed by MIT, improves on performance of alternative schemes to mitigate side-channel memory attack risks.
Ars Technica
Google adds client-side encryption to Gmail and Calendar. Should you care?
New service occupies a middle ground between E2EE and mere server-side encryption
SecurityWeek
C/side Emerges From Stealth Mode With $1.7 Million Investment
C/side has emerged from stealth mode with $1.7 million in pre-seed funding from Scribble Ventures and angel investors
Infosecurity News
Lazarus Group Targeting Microsoft Web Servers to Launch Espionage Malware
Researchers detail the DLL side-loading technique used to deploy malware that facilitates credential theft and lateral movement
The Hacker News
Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption
Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.
Bleeping Computer
Intel CPUs vulnerable to new transient execution side-channel attack
A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register.
Security Affairs
Downfall Intel CPU side-channel attack exposes sensitive data
Google researcher Daniel Moghimi devised a new side-channel attack technique, named Downfall, against Intel CPU. Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982. An attacker can exploit this vulnerability to access and steal data from other users who share the same […]
SecurityWeek
LockBit Ransomware Abuses Windows Defender for Payload Loading
LockBit ransomware operators or affiliates are leveraging Windows Defender to decrypt and load Cobalt Strike payloads.
SecurityWeek
Academics Devise Side-Channel Attack Targeting Multi-GPU Systems
A group of academic researchers has devised a side-channel attack targeting architectures that rely on multiple graphics processing units (GPUs) for resource-intensive computational operations.
Bleeping Computer
New Hertzbleed side-channel attack affects Intel, AMD CPUs
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS).
SecurityWeek
New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip.
Cyber Security News
Gmail Client-Side Encryption Is Now Publically Available For Everyone
Google announced that CSE (client-side encryption) is now generally available for Gmail and Calendar users. This will let more companies become the sole arbiters.
The Hacker News
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
Your GPU might be leaking data. GPU Side-Channel Vulnerability Exposes Modern GPUs to Data Leakage. Learn how this could impact your online privacy.
Bleeping Computer
Google Meet opens client-side encrypted calls to non Google users
Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.
The Hacker News
New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs
Researchers unveil a new class of side-channel attacks dubbed 'Hertzbleed" that affect all modern AMD and Intel processors.
The Hacker News
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
Collide+Power, Downfall, and Inception! New side-channel attacks exploit vulnerabilities in modern CPUs.
The Hacker News
N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
North Korean Lazarus Group remains relentless in targeting vulnerable Microsoft IIS servers, utilizing DLL side-loading techniques to deploy malware.
SecurityWeek
New 'Hertzbleed' Remote Side-Channel Attack Affects Intel, AMD Processors
Academic researchers describe Hertzbleed, a new Intel and AMD CPU side-channel attack that leverages remote timing to extract secrets from the targeted system.
Security Affairs
GoFetch side-channel attack against Apple systems allows secret keys extraction
Researchers demonstrated a new side-channel attack, named GoFetch, against Apple CPUs that could allow an attacker to obtain secret keys.
The Hacker News
Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy
Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar.
Bleeping Computer
Modern GPUs vulnerable to new GPU.zip side-channel attack
Researchers from four American universities have developed a new GPU side-channel attack that leverages data compression to leak sensitive visual data from modern graphics cards when visiting web pages.
Security Affairs
Threat actors leverages DLL-SideLoading to spread Qakbot malware
Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […]
The Hacker News
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Gmail just got a whole lot more secure with Google's new client-side encryption! With the new feature, emails are encrypted on your end.
Security Affairs
LuoYu APT delivers WinDealer malware via man-on-the-side attacks
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer. LuoYu has been active since at […]
Cyber Security News
New GPU Side Channel Vulnerability Impacts GPUs from Intel, AMD, Apple & Nvidia
A new research paper has been published that mentions a side-channel attack to leak sensitive visual data from modern GPU cards when visiting a malicious website.
The Hacker News
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
LuoYu, an "extremely sophisticated" Chinese-speaking APT hacker group, has been observed using man-on-the-side attacks to deploy a Windows backdoor.
SecurityWeek
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack
A new power side-channel attack named Collide+Power can allow an attacker to obtain sensitive information and it works against any modern CPU.
Krebs on Security
New Leak Shows Business Side of China’s APT Menace
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies…
The Record
Researchers call for UK, EU to heed scientific evaluation of client-side scanning proposals
Client-side scanning technology, which involves checking the content of a message before it's encrypted, can't guarantee a user's confidentiality, experts say.
Bleeping Computer
Reddit is down, not loading content for mobile app users
Reddit is investigating a major outage that prevents users worldwide from accessing the social network's website on native mobile apps.
Bleeping Computer
New Collide+Power side-channel attack impacts almost all CPUs
A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak. However, the researchers warn that the flaw is low-risk and will likely not be used in attacks on end users.
DarkReading
Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE
Although the unauthenticated Java deserialization flaw has been known since 2015, GWT apps remain vulnerable to malicious server-side code execution, new research says.
Security Affairs
Attackers use dynamic code loading to bypass Google Play store’s malware detections
Threat actors rely on the ‘versioning’ technique to evade malware detections of malicious code uploaded to the Google Play Store. Google Cybersecurity Action Team (GCAT) revealed that threat actors are using a technique called versioning to evade malware detection implemented to detect malicious code uploaded to the Google Play Store. The technique is not new […]
Security Affairs
Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips
Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, devised a new side-channel attack technique dubbed Hertzbleed that could allow remote attackers to steal encryption keys from modern Intel […]
Infosecurity News
EU's Client-Side Scanning Plans Could be Unlawful
Lawyers for the bloc issue warning
The Hacker News
Report: The Dark Side of Phishing Protection
Deep session inspection offers unparalleled protection against phishing attacks. Learn how it works.
DarkReading
Broke Cyber Pros Flock to Cybercrime Side Hustles
Burned-out cybersecurity professionals dealing with layoffs and stressful working conditions are increasingly finding a better way to earn a buck: cybercrime.
DarkReading
'Hertzbleed' Side-Channel Attack Threatens Cryptographic Keys for Servers
A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU.
Infosecurity News
Google Workspace Adds Client-Side Encryption to Gmail and Calendar
The move will facilitate compliance procedures for private and public sector organizations
CSO
iLeakage updates Spectre for novel info-stealing side-channel attack
The iLeakage proof of concept targets Apple silicon devices running Safari, demonstrating techniques that improve on Sceptre and MeltDown exploits and demonstrate continuing vulnerabilities in modern CPUs.
CyberSecurity Dive
New exploit for Microsoft’s ProxyNotShell mitigation side steps fix
CrowdStrike researchers discovered a new attack method by the Play ransomware actors that uses Outlook Web Access and leverages additional tools to maintain access.
Latest Hacking News
This Acoustic Side-Channel Attack Steals Keystrokes Via Typing Patterns
A team of researchers has developed a new attack strategy that analyzes users’ typing patterns to determine keystrokes. This acoustic attack can deduce keystrokes with better accuracy by specifically deciphering the typing patterns while ignoring
Latest Hacking News
This Side-Channel Attack Exploits SMS Delivery Reports To Retrieve Location
SMS delivery reports not only let the sender know about the message receipt, but can also leak the recipient’s location. This is what researchers have demonstrated in their recent study, showing how receiving a silent
Security Affairs
North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware
North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading […]
Cyber Security News
New BBTok Banking Malware Server-Side Software Generates Victim-Specific Payload
Banking malware is a malicious program that is mainly designed and used by threat actors to steal the following sensitive financial information from victims' computers or mobile devices.
The Record
A key post-quantum algorithm may be vulnerable to side-channel attacks
Researchers in Sweden say they found a vulnerability in a “quantum safe” algorithm deemed the gold standard for future cryptographic systems.
CyberSecurity Dive
Four Microsoft Azure services found vulnerable to server-side request forgery
Researchers from Orca Security said no authentication was required in two of the four instances.
The Hacker News
Unmasking the Dark Side of Low-Code/No-Code Applications
LCNC apps and RPA can leave your business exposed to security risks similar to traditional development.
Bleeping Computer
Tor and I2P networks hit by wave of ongoing DDoS attacks
If you've been experiencing Tor network connectivity and performance issues lately, you're not the only one since many others have had issues with onion sites loading slower or not loading at all.
ThreatPost
‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps
Scammers are bypassing Apple's App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.
Bleeping Computer
Take a walk on the server side with this $24 backend course bundle
The Complete 2021 Superstar Backend Developer helps you master this field, with 13 courses covering key languages and frameworks. For a limited time, you can pick up the training for just $23.99 with code VIP40.
Naked Security
Popular server-side JavaScript security sandbox “vm2” patches remote execution hole
The security error was in the error handling system that was supposed to catch potential security errors…
SecurityWeek
Japan's Nagoya Port Suspends Cargo Operations Following Ransomware Attack
Japan’s Port of Nagoya this week suspended cargo loading and unloading operations following a ransomware attack.
Cyber Security News
Unleashing the Dark Side: Unveiling Threats & Vulnerabilities in AI Models
The rapid surge in LLMs across several industries and sectors has raised critical concerns about their safety, security, and potential for misuse.
ThreatPost
2021 Wants Another Chance (A Lighter-Side Year in Review)
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.
Bleeping Computer
Google tests blocking side-loaded Android apps with risky permissions
Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
Infosecurity News
US Researchers Spot New Hertzbleed Flaw Affecting AMD and Intel CPUs
New side-channel attacks reportedly use frequency side channels to extract cryptographic keys
Bleeping Computer
StackOverflow, Twitch, Reddit, others down in Fastly CDN outage
Major websites around the world are either completely down or not loading properly in a global outage.
The Hacker News
The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
Browser security has evolved! Say goodbye to Browser Isolation's limitations and hello to the future of web security.
CyberScoop
Prolific cyber extortion group Karakurt might be a Conti side hustle
Links in tooling, crypto wallets and even attacking victims simultaneously strongly suggest a link, researchers say.
Cyber Security News
Russian Hacker Group Attacked Largest Japanese Port
Japan’s largest port NAGOYA was attacked by pro-Russian hackers, disrupting the loading of Toyota parts by ransomware attack.
SC Magazine
‘TheMoon’ malware shows its dark side, grows to 40,000 bots from 88 countries
Malware first identified in 2014 re-emerges and gets delivered by the criminal proxy service Faceless, now growing at 7,000 users per week.
DataBreaches
Where are the women in cyber security? On the dark side, study suggests
Brandon Vigliarolo reports: If you can’t join them, then you may as well try to beat them – at least if you’re a talented security engineer...
The Hacker News
Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations
The Dark Web's anonymity attracts a variety of users. Explore the various techniques used to identify the individuals behind these sites and personas.
Cyber Security News
Finland Warns Of New Android Malware Stealing Banking Logins
Watch out for harmful Finnish SMS which tricks Android device users into loading banking malware by dialing a spoofed service number.
Bleeping Computer
QBot phishing uses Windows Calculator sideloading to infect devices
The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers.
ThreatPost
Medusa Malware Joins Flubot’s Android Distribution Network
Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure.
Ars Technica
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
Bleeping Computer
Microsoft: Recent Windows Server updates cause DNS issues
Microsoft has addressed a new known issue causing DNS stub zones loading failures that could lead to DNS resolution issues on Windows Server 2019 systems.
Bleeping Computer
Google rolls out Chrome fix for empty pages when switching tabs
Google is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs.
SC Magazine
GoFetch: Apple chips vulnerable to encryption key stealing attack
Data memory-dependent prefetching can enable side-channel extraction of cryptographic secrets.
Cyber Security News
QBot Malware Using Windows Calculator to Deploy Payload
By using Windows Calculator, the QBot malware operators are able to side-load their malicious payload onto the computers that are compromised. In short, Windows Calculator is being used to distribute dangerous code.
Bleeping Computer
Decentralized Matrix messaging network says it now has 115M users
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more.
Bleeping Computer
BlackGuard stealer now targets 57 crypto wallets, extensions
A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting additional crypto wallets.
Ars Technica
Hackers can read private AI assistant chats even though they’re encrypted
All non-Google chat GPTs affected by side channel that leaks responses sent to users.
SecurityWeek
iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones
New iLeakage side-channel speculative execution attack exploits Safari to steal sensitive information from Macs and iPhones.
Cyber Security News
Pathfinder - New Attack Steals Sensitive Data From Modern Processors
Microarchitectural side-channel attacks misuse shared processor state to transmit information between security domains.
ZDNet
The dark side of Optimize Mac Storage: What you need to know if you rely on it
Optimize Mac Storage is dangerous. Turns out that in concert with iCloud and Time Machine, it can make your files go poof. Ask me how I know.
ZDNet
Google is expanding this 'next level' encryption to more Gmail users
Google's client-side encryption for Gmail and Calendar reaches general availability, but not for all Gmail users.
Bleeping Computer
It's not just you: ChatGPT is down for many worldwide
OpenAI's ChatGPT is down for many people worldwide, with users facing multiple problems, including being unable to access their accounts, having their chat history come up empty, and the chat screens not loading properly.
The Hacker News
New 'Deep Learning Attack' Deciphers Laptop Keystrokes with 95% Accuracy
Academics have developed a powerful "deep learning-based acoustic side-channel attack" that can classify laptop keystrokes.
Ars Technica
GPUs from all major suppliers are vulnerable to new pixel-stealing attack
A previously unknown compression side channel in GPUs can expose images thought to be private.
.webp)
Cyber Security News
Google Meet Now Allows Non-Google Account Users to Join Encrypted Calls
Google has announced that external participants without Google accounts can now join client-side encrypted Google Meet calls.
Ars Technica
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
DarkReading
NIST's Quantum-Proof Algorithm Has a Bug, Analysts Say
A team has found that the Crystals-Kyber encryption algorithm is open to side-channel attacks, under certain implementations.
The Hacker News
Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm
Researchers have discovered new side-channel attacks on the CRYSTALS-Kyber encryption algorithm, which the U.S. government selected last year.
CyberNews
M-series Macs can leak secrets due to inherent vulnerability
A feature that makes Apple M-series processors faster also leaves them vulnerable to a new side-channel attack that cannot be patched, according to research.
Loading more articles....