Security News

Covert Wi-Fi signals generated by DDR SDRAM hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims. In a newly published paper, Mordechai Guri from the Ben-Gurion University of the Negev in Israel details AIR-FI, a new data exfiltration technique in which malware installed on a compromised air-gapped system can generate Wi-Fi signals that a nearby device intercepts and sends to the attacker, over the Internet.

The SaaS solution is built to mitigate exposure from data exfiltration and directly addresses the gaps in security solutions for insider threats, the cause of 66% of breaches. "The pandemic and its impact on workforce collaboration is a catalyst for security teams to rethink how they address data protection without compromising collaboration. Incydr prioritizes risks to data and provides fast and easy event investigation and response capabilities, while paving a new path for companies to protect their trade secrets."

According to Coveware for example, "Nearly 9% of all cases it worked on involved ransomware attackers stealing and threatening to leak data." The very concept of a ransomware attack, or even any other type of cyber incident, needs to be considered not in isolation but potentially as part of a wider campaign.

A newly disclosed UPnP vulnerability that affects billions of devices can be exploited for various types of malicious activities, including distributed denial-of-service attacks and data exfiltration. Designed to facilitate the automatic discovery and interaction with devices on a network, the UPnP protocol is meant for use within trusted local area networks, as it lacks any form of authentication or verification.

A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. Researcher Mordechai Guri from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel has shown that a piece of malware can cause a device's power supply unit to generate sounds that can be picked up by a nearby receiver.

Cloud-based collaboration technologies and workforce turnover have become major drivers of data exfiltration as insider threat programs fail to keep pace with today's digital workplace, a Code42 survey reveals. Collaboration tools rated among top vectors for data exfiltration.

The Wacom digital drawing tablet appears to be silently exfiltrating user data, according to an investigation by software engineer Robert Heaton - and the company responded on Friday, downplaying the report. Though the data seen by Wacom is supposedly aggregated, Heaton said that it could use the "User Explorer" tool in Google Analytics to drill deeper, possibly to build a fairly rich profile that could be used for phishing or scam attacks.

Baffle, an advanced data protection company, released Baffle Data Masking and Exfiltration Control, the only masking and exfiltration solution that ties access control and usage to data-centric...

A slew of vulnerabilities affecting the baseboard management controllers (BMCs) of Supermicro servers could be exploited by remote attackers to gain access to corporate networks, Eclypsium...

ObserveIT, the leading insider threat management platform with more than 1,900 customers around the world, announced the launch of its newest solution, ObserveIT 7.7. The latest release enhances...