Security News

Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration
2021-04-09 08:46

Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco's Talos division report. Attackers leveraged these platforms to deliver lures and infect victims with ransomware and other malware.

Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration
2021-02-08 09:42

A recently investigated malicious attack was abusing a locally loaded Chrome extension to exfiltrate data and establish communication with the command and control server. While the use of malicious Chrome extensions in attacks is not something new, this attack stands out from the crowd due to the use of 'Developer mode' in the browser to enable loading of a malicious extension locally.

RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems
2020-12-16 11:34

Covert Wi-Fi signals generated by DDR SDRAM hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims. In a newly published paper, Mordechai Guri from the Ben-Gurion University of the Negev in Israel details AIR-FI, a new data exfiltration technique in which malware installed on a compromised air-gapped system can generate Wi-Fi signals that a nearby device intercepts and sends to the attacker, over the Internet.

Code42 Incydr: A cloud-native product that mitigates insider data exposure and exfiltration
2020-09-17 02:30

The SaaS solution is built to mitigate exposure from data exfiltration and directly addresses the gaps in security solutions for insider threats, the cause of 66% of breaches. "The pandemic and its impact on workforce collaboration is a catalyst for security teams to rethink how they address data protection without compromising collaboration. Incydr prioritizes risks to data and provides fast and easy event investigation and response capabilities, while paving a new path for companies to protect their trade secrets."

Data exfiltration: The art of distancing
2020-07-06 04:30

According to Coveware for example, "Nearly 9% of all cases it worked on involved ransomware attackers stealing and threatening to leak data." The very concept of a ransomware attack, or even any other type of cyber incident, needs to be considered not in isolation but potentially as part of a wider campaign.

CallStranger: UPnP Flaw Affecting Billions of Devices Allows Data Exfiltration, DDoS Attacks
2020-06-08 20:33

A newly disclosed UPnP vulnerability that affects billions of devices can be exploited for various types of malicious activities, including distributed denial-of-service attacks and data exfiltration. Designed to facilitate the automatic discovery and interaction with devices on a network, the UPnP protocol is meant for use within trusted local area networks, as it lacks any form of authentication or verification.

Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap
2020-05-04 15:02

A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. Researcher Mordechai Guri from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel has shown that a piece of malware can cause a device's power supply unit to generate sounds that can be picked up by a nearby receiver.

Cloud-based collaboration tools are a major driver of data exfiltration
2020-02-25 05:30

Cloud-based collaboration technologies and workforce turnover have become major drivers of data exfiltration as insider threat programs fail to keep pace with today's digital workplace, a Code42 survey reveals. Collaboration tools rated among top vectors for data exfiltration.

Wacom Tablet Data Exfiltration Raises Security Concerns
2020-02-07 22:25

The Wacom digital drawing tablet appears to be silently exfiltrating user data, according to an investigation by software engineer Robert Heaton - and the company responded on Friday, downplaying the report. Though the data seen by Wacom is supposedly aggregated, Heaton said that it could use the "User Explorer" tool in Google Analytics to drill deeper, possibly to build a fairly rich profile that could be used for phishing or scam attacks.

Baffle’s masking and exfiltration solution provides end-to-end data protection
2019-10-30 04:00

Baffle, an advanced data protection company, released Baffle Data Masking and Exfiltration Control, the only masking and exfiltration solution that ties access control and usage to data-centric...