ATTACK
DATE | NAME | CATEGORY | SUBCATE | INFO |
24.9.24 | Polyfill.io Supply Chain Attack | ATTACK | ATTACK | Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds of thousands of sites to ensure that all website visitors can use the same codebase for unsupported functionality. |
24.9.24 | Brain Cipher Ransomware Attack | ATTACK | ATTACK | A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services |
24.9.24 | SnakeKeylogger Attack | ATTACK | ATTACK | Threat actors are continuously preying on end users to unknowingly install a trojan stealer known as SnakeKeylogger or KrakenKeylogger. This trojan was developed using .NET and targets Windows users. |
11.9.24 | PIXHELL | ATTACK | ATTACK | PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels?/P> |
11.9.24 | RAMBO | ATTACK | ATTACK | RAMBO: Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM |
9.9.24 | EUCLEAK | ATTACK | ATTACK | Side-Channel Attack on the YubiKey 5 Seri |
2.8.24 | Sitting Ducks | ATTACK | Domain | Researchers at Infoblox and Eclypsium have discovered that a powerful attack vector in the domain name system (DNS) is being widely exploited across many DNS providers. |
| 13.7.24 | Blast-RADIUS Attack | ATTACK | PROTOCOL | Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. |
9.7.24 | RADIUS | ATTACK | Protocol | RADIUS is almost thirty years old, and uses cryptography based on MD5. Given that MD5 has been broken for over a decade, what are the implications for RADIUS? Why is RADIUS still using MD5? |
| 2.7.24 | High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor | ATTACK | CPU | introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake). |
| 17.6.24 | ARM 'TIKTAG' attack | ATTACK | ARM CPU | TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Executi |
23.5.24 | Exchange | Positive Technologies detects a series of attacks via Microsoft Exchange Server | ||
17.5.24 | SSID Confusion Attack | Attack | WIFI | This vulnerability exploits a design flaw in the WiFi standard, allowing attackers to trick WiFi clients on any operating system into connecting to a untrusted network. |
10.5.24 | ServerIP Attack | Attack | VPN | Tricking the VPN client into using the wrong server IP |
10.5.24 | LocalNet Attack | Attack | VPN | On Windows, Linux, macOS and Android we are not vulnerable to the LocalNet attack. We never leak traffic to public IPs outside the VPN tunnel. However, on iOS we are affected by this attack vector. |
10.5.24 | LLMjacking | Attack | Cloud | LLMjacking: Stolen Cloud Credentials Used in New AI Attack |
9.5.24 | DHCP Starvation Attack | Attack | DHCP | In DHCP starvation attacks, an attacker floods the DHCP server with DHCP requests to consume all available IP addresses that the DHCP server can allocate. After these IP addresses are allocated, the server cannot allocate any more addresses and this situation leads to a Denial of Service (DoS) attack as new clients cannot gain network access. |
8.5.24 | CPU | Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor | ||
| 24.4.24 | Dependency Confusion | Attack | Attack | Dependency confusion (also known as dependency repository hijacking, substitution attack, or repo jacking for short) is a software supply chain attack that substitutes malicious third-party code for a legitimate internal software dependency. There are various approaches to creating this kind of attack vector, including: |
10.4.24 | CPU | We present InSpectre Gadget, an in-depth Spectre gadget inspector that uses symbolic execution to accurately reason about exploitability of usable gadgets. Our tool performs generic constraint analysis and models knowledge of advanced exploitation techniques to accurately reason over gadget exploitability in an automated way. | ||
| 4.4.24 | VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks | Alert | Alert | HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation |
| 4.4.24 | HTTP/2 ‘Rapid Reset’ DDoS attack | Attack | HTTP | A number of Google services and Cloud customers have been targeted with a novel HTTP/2-based DDoS attack which peaked in August. These attacks were significantly larger than any previously-reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second. |
| 4.4.24 | HTTP/2 CONTINUATION Flood | Attack | HTTP | tl;dr: Deep technical analysis of the CONTINUATION Flood: a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. |
| 27.3.24 | ZENHAMMER: Rowhammer Attacks | Attack | CPU | on AMD Zen-based Platforms |
| 23.3.24 | GoFetch Attack | Attack | side-channel attack | GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs). |
| 22.3.24 | Loop DoS | Attack | Application-Layer Protocols | Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols |
| 8.3.24 | CRLF Injection | Attack | OS | The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They’re used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line. |
| 5.3.24 | PASS-THE-HASH ATTACK | Attack | PtH | Pass the hash (PtH) is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network. Unlike other credential theft attacks, a pass the hash attack does not require the attacker to know or crack the password to gain access to the system. Rather, it uses a stored version of the password to initiate a new session. |
| 4.3.24 | ComPromptMized | Attack | AI | ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered Applications |
| 2.3.24 | GOLDEN TICKET | Attack | Attack | A Golden Ticket attack is a malicious cybersecurity attack in which a threat actor attempts to gain almost unlimited access to an organization’s domain (devices, files, domain controllers, etc.) by accessing user data stored in Microsoft Active Directory (AD). |
| 2.3.24 | Golden SAML | Attack | Attack | Golden SAML, an attack technique that exploits the SAML single sign-on protocol, was used as a post-breach exploit, compounding the devastating SolarWinds attack of 2020—one of the largest breaches of the 21st century. |
3.2.24 | Attack | NTLM relay attacks A dangerous game of hot potato | ||
29.1.24 | Supply chain | Android, Java apps susceptible to novel MavenGate software supply chain attack technique | ||
20.1.24 | Brute Force | Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials. | ||
12.1.24 | Apache | Apache Applications Targeted by Stealthy Attacker | ||
1.1.24 | SSH | Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation |