Trend Micro’s Post

Our recent research discusses Void Arachne, a new cyberthreat group targeting Chinese-speaking users. They bundle harmful software with popular software installers, including AI tools like nudifiers and VPN services like LetsVPN, tricking users into unknowingly installing malicious programs. These harmful programs can give the attackers full control over the victim's computer. They're also using SEO-poisoning tactics and social media platforms to distribute their malware, emphasizing the need for caution when downloading software and clicking on links. Learn more in our full research: https://bit.ly/3Y4JSCf

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities Researchers developed a new attack called SnailLoad that can spy on your web activity by analyzing the slowness of your internet connection. Unlike traditional methods, SnailLoad doesn't require hacking into your device or wifi network. Here's how it works: 1. The attacker tricks you into downloading a file from their server. 2. While the file downloads, the attacker monitors how long it takes for bits of data to travel back and forth (latency). Since slow internet creates a bottleneck, this can reveal information about the content you're viewing. 3. The attacker uses a special program to analyze this data and guess what website you're on or what video you're watching, with high accuracy for videos and decent accuracy for websites. This attack is worrying because it bypasses traditional security measures. However, it's not perfect - the researchers haven't said how widely usable it is yet. #CyberSecurity https://lnkd.in/gx5AQB3m

Interesting read about the imminent threats that AI poses. This one caught my attention > 'SEO and Mavertising' as it affects all marketers and digital campaigns. 'Malvertising' is a malicious attack that involves injecting harmful code into legitimate online advertising networks. These deceptive ads are then unknowingly displayed to users, leading them to unsafe destinations. To explain this simply, when hackers use tricks using AI to make their fake web pages show up higher in search results, they can easily trick people into clicking on their dangerous links. This lets them secretly install harmful software on people's computers and take control of them, all because the security systems of web browsers can't always catch these tricks. Explore the evolving methods and risks of AI-powered attacks in the cyber domain in this report by ManageEngine #goodread #Malvertising #SEO #DigitalDefense

This article brings up an interesting question - do you know what happens within HTTPS traffic? According to my experience, less than half of customers inspect this type of traffic, let alone QUIC (always using TLS 1.3, check your logs for H3). Check out this article on how WebTunnel is evading censorship by hiding in plain sight. It's a great tool for those who want to ensure their online privacy and security. Being on the preventative side of security issues and data extraction this did raise my eyebrows a little. #HTTPS #WebTunnel #OnlinePrivacy #Security

You are prohibited from accessing content on this platform. #BlockedApologies 🤝 Follow us on Discord 🔜: https://lnkd.in/gt823Zd3 _ ❇️ Summary: The website is using a security service to prevent online attacks. The user's recent action triggered this security measure, which can be caused by several things such as submitting certain words or phrases, a SQL command, or incorrect data. To resolve this issue, the user is advised to contact SDxCentral Support and provide their IP Address for faster assistance if they believe this block was made in error. Hashtags: #chatGPT #BlockedApologies #BlockedButSorry

This will be used for good, and for bad things... "Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship" You'll be able to access TOR network in more restricted environment, but at the same time, malware and transnational criminal hackers, so as state sponsored hackers (like cloud...sorry, I meant, criminals for hire), will be able to tunnel traffic into this. Tunneled traffic can be used for command and controls malwares, trojan etc. Obviously, proper EDR or XDR should be able to control what processes are allowed to run on client machines, hopefully. connected=hacked #cybersecurity

@securitymag The #ApplicationSupplyChain represents one of the latest and most serious vulnerabilities that #Hackers are targeting. Read more: https://lnkd.in/ejTfHMyk #SecurityLeaders #Cybersecurity

Cybersecurity isn’t just needed to protect your customers.