New security vulnerability ‘SnailLoad’ allows hackers to spy on people
A newly discovered security flaw, called ‘SnailLoad,’ potentially enables hackers to spy on individuals through any internet-connected device, bypassing typical security measures like firewalls and VPNs. Instead of relying on traditional malicious code, ‘SnailLoad’ operates by monitoring fluctuations in a user’s internet speed. To initiate the attack, users unknowingly download a seemingly safe small file from the attacker’s server, often embedded within a malicious website. This file does not have immediate malicious content detectable by security software, but is transferred very slowly, allowing hackers to gain specific characteristics of the user’s internet connection. This approach allows attackers to pinpoint a distinctive ‘signature’ linked to the connection, enabling full unauthorized access. According to the researchers, they successfully monitored test users watching videos with a 98% success rate. They noted higher success rates when users had slower internet connections and were streaming large videos.
Read More: Independent
Cybersecurity not ready for generative AI
Artificial intelligence (AI) in cybersecurity isn’t a novelty, many automated security tools incorporate AI and machine learning to some extent. However, the rise of generative AI has sparked widespread concern and discussion. According to a Darktrace study, AI-generated threats have already affected 75% of organizations, yet 60% acknowledge being unprepared to defend against such attacks. For the first time, AI considerations extend beyond the corporate network and threat actors to include customer interactions. As organizations increasingly deploy AI in consumer-facing tools like chatbots, security teams must reconsider their strategies for detecting threats and responding to incidents that involve interactions between AI systems and third-party users. A significant challenge lies in managing generative AI. Cybersecurity teams, as well as organizations at large, lack clear insights into the data used to train AI, who accesses these training datasets, and how AI aligns with compliance requirements.
Read More: Cybersecurity Dive
Meta is the most impersonated by phishing scammers
Meta is the most frequently impersonated brand by phishing scammers, with over ten thousand verified phishing scams reported in the past four years. These scams typically involve fraudulent messages appearing to come from a trusted source, urging users to click on links or provide personal information urgently. Such actions can lead to unintended installation of ransomware or unauthorized access to accounts by the scammers. Phishing messages targeting Meta can vary widely, from believable notifications about friend requests to extravagant claims such as winning a Facebook lottery. IT and technology brands, including Meta, account for more than a quarter of brand impersonation phishing scams, followed closely by banking and financial services. This trend may stem from the high levels of customer engagement and trust these industries enjoy, along with the value of the credentials they possess.
Read More: Forbes
