WOKATTACK Databáze
HOME
| Název | Typ | Info |
| Polyfill.io Supply Chain Attack | ATTACK | Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds of thousands of sites to ensure that all website visitors can use the same codebase for unsupported functionality. |
| Brain Cipher Ransomware Attack | ATTACK | A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services |
| SnakeKeylogger Attack | ATTACK | Threat actors are continuously preying on end users to unknowingly install a trojan stealer known as SnakeKeylogger or KrakenKeylogger. This trojan was developed using .NET and targets Windows users. |
| PIXHELL | ATTACK | PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels?/P> |
| RAMBO | ATTACK | RAMBO: Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM |
| EUCLEAK | ATTACK | Side-Channel Attack on the YubiKey 5 Seri |
| Sitting Ducks | Domain | Researchers at Infoblox and Eclypsium have discovered that a powerful attack vector in the domain name system (DNS) is being widely exploited across many DNS providers. |
| Blast-RADIUS Attack | PROTOCOL | Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. |
| RADIUS | Protocol | RADIUS is almost thirty years old, and uses cryptography based on MD5. Given that MD5 has been broken for over a decade, what are the implications for RADIUS? Why is RADIUS still using MD5? |
| High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor | CPU | introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake). |
| ARM 'TIKTAG' attack | ARM CPU | TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Executi |
Exchange |
Positive Technologies detects a series of attacks via Microsoft Exchange Server |
|
| SSID Confusion Attack | WIFI | This vulnerability exploits a design flaw in the WiFi standard, allowing attackers to trick WiFi clients on any operating system into connecting to a untrusted network. |
| ServerIP Attack | VPN | Tricking the VPN client into using the wrong server IP |
| LocalNet Attack | VPN | On Windows, Linux, macOS and Android we are not vulnerable to the LocalNet attack. We never leak traffic to public IPs outside the VPN tunnel. However, on iOS we are affected by this attack vector. |
| LLMjacking | Cloud | LLMjacking: Stolen Cloud Credentials Used in New AI Attack |
| DHCP Starvation Attack | DHCP | In DHCP starvation attacks, an attacker floods the DHCP server with DHCP requests to consume all available IP addresses that the DHCP server can allocate. After these IP addresses are allocated, the server cannot allocate any more addresses and this situation leads to a Denial of Service (DoS) attack as new clients cannot gain network access. |
CPU |
Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor |
|
| Dependency Confusion | Attack | Dependency confusion (also known as dependency repository hijacking, substitution attack, or repo jacking for short) is a software supply chain attack that substitutes malicious third-party code for a legitimate internal software dependency. There are various approaches to creating this kind of attack vector, including: |
CPU |
We present InSpectre Gadget, an in-depth Spectre gadget inspector that uses symbolic execution to accurately reason about exploitability of usable gadgets. Our tool performs generic constraint analysis and models knowledge of advanced exploitation techniques to accurately reason over gadget exploitability in an automated way. |
|
| VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks | Alert | HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation |
| HTTP/2 ‘Rapid Reset’ DDoS attack | HTTP | A number of Google services and Cloud customers have been targeted with a novel HTTP/2-based DDoS attack which peaked in August. These attacks were significantly larger than any previously-reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second. |
| HTTP/2 CONTINUATION Flood | HTTP | tl;dr: Deep technical analysis of the CONTINUATION Flood: a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. |
| ZENHAMMER: Rowhammer Attacks | CPU | on AMD Zen-based Platforms |
| GoFetch Attack | side-channel attack | GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs). |
| Loop DoS | Application-Layer Protocols | Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols |
| CRLF Injection | OS | The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They’re used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line. |
| PASS-THE-HASH ATTACK | PtH | Pass the hash (PtH) is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network. Unlike other credential theft attacks, a pass the hash attack does not require the attacker to know or crack the password to gain access to the system. Rather, it uses a stored version of the password to initiate a new session. |
| ComPromptMized | AI | ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered Applications |
| GOLDEN TICKET | Attack | A Golden Ticket attack is a malicious cybersecurity attack in which a threat actor attempts to gain almost unlimited access to an organization’s domain (devices, files, domain controllers, etc.) by accessing user data stored in Microsoft Active Directory (AD). |
| Golden SAML | Attack | Golden SAML, an attack technique that exploits the SAML single sign-on protocol, was used as a post-breach exploit, compounding the devastating SolarWinds attack of 2020—one of the largest breaches of the 21st century. |
Attack |
NTLM relay attacks A dangerous game of hot potato |
|
Supply chain |
Android, Java apps susceptible to novel MavenGate software supply chain attack technique |
|
Brute Force |
Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials. |
|
Apache |
Apache Applications Targeted by Stealthy Attacker |
|
SSH |
Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation |
|
| NTLM Relay Attacks | Attack | NTLM relay attacks A dangerous game of hot potato |
| MavenGate | Supply chain | Android, Java apps susceptible to novel MavenGate software supply chain attack technique |
| Brute Force: Password Spraying | Brute Force | Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials. |
| Hadoop attack flow | Apache | Apache Applications Targeted by Stealthy Attacker |
| Terrapin Attack | SSH | Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation |
| In-Domain Transient Execution Attack | CPU | An in-domain transient execution attack allows a sandboxed adversary to access a secret within the same domain by circumventing software-based access controls. |
| Cross-Domain Transient Execution Attack | CPU | A cross-domain transient execution attack5 requires the adversary to find a disclosure gadget in the victim’s domain which, when executed transiently, can transiently access6 and transmit a secret over a covert channel. |
| Domain-Bypass Transient Execution Attack | CPU | In a domain-bypass transient execution attack, the adversary executes transient instructions that circumvent hardware-based access controls, allowing access to a secret outside of the adversary’s domain. |
| Transient Execution Attacks | CPU | A transient execution attack exploits the microarchitectural side effects of transient instructions, thus allowing a malicious adversary to access information that would ordinarily be prohibited by architectural access control mechanisms. |
| SLAM Attack | CPU | SLAM: SPECTRE BASED ON LINEAR ADDRESS MASKING |
| BLUFFS | Bluethoot | BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses |
| Attacking Intel® BIOS | BIOS | LogoFAIL: Security Implications of Image Parsing During System Boot |
| Prompt Injection Attack | AI | A prompt injection attack is a type of cyberattack where a hacker enters a text prompt into a large language model (LLM) or chatbot, which is designed to enable the user to perform unauthorized actions. |
| Marvin Attack | Crypto | The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key. |
| HrServ | WebShell | The web shell, a dynamic-link library (DLL) named "hrserv.dll," exhibits "sophisticated features such as custom encoding methods for client communication and in-memory execution |
| CACHEWARP | Attack | CacheWarp: Software-based Fault Injection using Selective State Res |
| Layer 3 DDoS attacks | Attack | Layer 3 DDoS attacks target layer 3 (L3) in the OSI model. Like all DDoS attacks, the goal of a layer 3 attack is to slow down or crash a program, service, computer, or network, or to fill up capacity so that no one else can receive service. |
| HTTP/2 Rapid Reset Attack | Attack | HTTP/2 Rapid Reset: deconstructing the record-breaking attack |
| DDoSia attack tool | Attack | DDoSia is a Distributed Denial of Service (DDoS) attack toolkit, developed and used by the pro Russia hacktivist nationalist group NoName057(16).. |
| The Little Seal Bug | Attack | "The Great Seal Bug", a.k.a., "the Thing," was the first covert listening device that utilized passive techniques to transmit an audio signal for the purpose of speech eavesdropping. |
| Repo Jacking | Attack | Repo Jacking: Exploiting the Dependency Supply Chain |
| nOAuth attack flow | Attack | nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover |
| RDP NetNTLMv2 | Attack | Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide |
| (AiTM) phishing attack | Attack | An AiTM attack typically involves a threat actor attempting to steal and intercept a target’s password and session cookies by deploying a proxy server between the user and the website. |
| Hertzbleed Attack | Attack | Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. |
| PACMAN: Attacking ARM Pointer Authentication | Attack | We demonstrate multiple proof-of-concept attacks of PACMAN on the Apple M1 SoC, the first desktop processor that supports ARM Pointer Authentication. |
| Microsoft Office RCE - “Follina” MSDT Attack | Attack | Microsoft has now revealed the CVE identifier for this vulnerability is CVE-2022-30190, including a Security Update and article with guidance... but no patch looks to be available as of yet. |
| BLE Proximity Authentication Vulnerable to Relay Attacks |
Bluetooth | An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack. This may enable unauthorized access to devices in BLE-based proximity authentication systems. |
| Moshen Dragon’s | Exploit | A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. |
| 15M rps HTTPS DDoS attack | HTTPS DDoS | Earlier this month, Cloudflare’s systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record. |
| UDP-Based Amplification Attacks | UDP | |
| TCP Middlebox Reflection | DDoS | |
| SSL Stripping Attacks | SSL | Stripping away the encryption offered by HTTPS, called SSL Strip, is a serious cyber threat to many corporations since their employees are constantly on the move and require access to Internet on-the-go even through open non-secure Wi-Fi hotspots. |
| Fragment Attack | Wifi | In the last few years, major improvements have been made to the security of Wi-Fi. Most notably this includes the discovery and prevention of key reinstallation in WPA2, and the standardization of WPA3 which, among other things, prevents offline dictionary attacks. |
| SIM swap scam | SIM SPAM | A SIM swap scam (also known as port-out scam, SIM splitting, Smishing and simjacking, SIM swapping) is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone. |
| TDoS | VoIP DoS | Telephony denial of service (TDoS) is a type of denial of service (DoS) attack in which the attackers launch high volume of calls and keeping those calls active for as long as possible against the target network, preventing legitimate calls to come in. |
| Malformed URL Prefix Phishing Attacks | Phishing | Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said. Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit |
| The EMV Standard: Break, Fix, Verify | Credit Card | EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. |
| Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards |
Credit Card | Most EMV transactions require online authorization by the card issuer. Namely, the merchant’s payment terminal sends an authorization request to the card issuer over a payment network, typically operated by the company that brands the card such as Visa or Mastercard. |
| Portable Data exFiltration: XSS for PD | XSS | PDF documents and PDF generators are ubiquitous on the web, and so are injection vulnerabilities. Did you know that controlling a measly HTTP hyperlink can provide a foothold into the inner workings of a PDF. |
| VoltPillager | Hardware | Hardware-based fault injection attacks such as voltage and clock glitching have been thoroughly studied on embedded devices. Typical targets for such attacks include smartcards and low-power microcontrollers used in IoT devices |
| SAD DNS attack | DNS | In this paper, we report a series of flaws in the software stack that leads to a strong revival of DNS cache poisoning — a classic attack which is mitigated in practice with simple and effective randomization-based defenses such as randomized source port. |
| NAT Slipstreaming | TCP/UDP | NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. |
| Bitcoin Inventory Out-of-Memory Denial-of-Service Attack |
CryptoCurrency | There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. |
| BLURtooth Attack | Bluetooth | Bluetooth 4.0 through 5.0 versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. |
| Raccoon Attack | SSL/TLS | A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. |
| CHARGEN Reflective Flood | DDoS | CHARGEN Reflection attacks take advantage of the Character Generation Protocol, originally designed for troubleshooting, which allows sending a random number of characters. |
| CLDAP Reflection Attack | DDoS | A CLDAP Reflection Attack exploits the Connectionless Lightweight Directory Access Protocol (CLDAP), which is an efficient alternative to LDAP queries over UDP. |
| Blocking BloodHound attacks | Active Directory | BloodHound is a popular open-source tool for enumerating and visualizing the domain Active Directory and is used by red teams and attackers as a post-exploitation tool. |
| 'PowerFall' Attacks | Vulnerebility | Windows and IE Zero-Day Vulnerabilities Chained in 'PowerFall' Attacks. |
| ReVoLTE attack | 4G (LTE) | Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard and deployed by most telecommunication providers in practice |
| Homoglyph Advanced Phishing Attacks | Phishing | In advanced phishing attacks today, phishing emails may contain homogyph characters. homoglyph is a text character with shapes that are near identical or similar to each other. |
| HTTP request smuggling | HTTP | HTTP request smuggling is an interesting vulnerability type that has gained popularity over the last year. This vulnerability could allow an attacker to leverage specific features of the HTTP/1.1 protocol in order to bypass security protections, conduct phishing attacks, as well as obtain sensitive information from requests other than their own. |
| HTTP Request Smuggling Attack | HTTP | Variant 1: "Header SP/CR junk: |
| HTTP Request Smuggling Attack | HTTP | Variant 2 – "Wait for It" |
| HTTP Request Smuggling Attack | HTTP | Variant 3 – HTTP/1.2 to bypass mod_security-like defense |
| HTTP Request Smuggling Attack | HTTP | Variant 4 – a plain solution |
| HTTP Request Smuggling Attack | HTTP | Variant 5 – "CR header" |
| Remote Timing Attacks | Crypto | Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. |
| Meow Attack | Database | A new attack that searches for unsecured databases and deletes the data without explanation has been found by researchers. This attack, dubbed “Meow,” due to the fact that the attacker renames databases, tables and indices by appending “-meow” to the end of the original names, was verified by BleepingComputer with the use of the Shodan search engine. |
| Lamphone Attack | Hacking | Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room.You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there—visible from a window—and measuring the amount of light it emits. |
| Dabangg Attack | CPU | Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. |
| 'SGAxe' and 'CrossTalk' Side-Channel Attacks | CPU | Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE). |
| NXNSAttack | DNS | The NXNSAttack is a new vulnerability that exploits the way DNS recursive resolvers operate when receiving NS referral response that contains nameservers but without their corresponding IP addresses (i.e., missing glue-records). |
| IDN homograph attack | Communication | The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack, although technically homoglyph is the more accurate term for different characters that look alike). |
| SurfingAttack | Interactive Hidden Attack on VoiceAssistants Using Ultrasonic Guided Waves | |
| IMP4GT | 4G | In mobile networks, mutual authentication ensures that the smartphone and the network can verify their identities. In LTE, mutual authentication is established on the control plane with a provably secure authentication and key agreement protocol. |
| New 'CacheOut' Attack | CPU | If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave. |
| Shambles Attack | Crypto | We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. |
| Útoky MITM | 2FA | Pokud vás dokáže útočník využívající útok MITM (Man-In-The-Middle, člověk uprostřed) podvést, abyste navštívili jeho podvrženou stránku, a vyzve vás k zadání vašich přihlašovacích údajů 2FA, je to v podstatě konec. |
| Útoky typu „člověk v koncovém bodě" | 2FA | Podobně jako u útoků MITM, pokud dokáže hacker dostat svůj škodlivý software do vašeho počítače, může upravit software, který se používá ve vašem procesu 2FA, a to buď k odcizení tajemství chráněných tokenem 2FA, nebo k použití již schválené autentizace pro přístup k něčemu v zákulisí. |
| Kompromitovaný software 2FA | 2FA | Specializovaný útok typu „člověk v koncovém bodu“ může mít podobu kompromitace softwaru souvisejícího se zařízením 2FA. Například k použití čipové karty v zařízení je potřebný software pro čipové karty, který čipovou kartu obsluhuje a rozumí jí. |
| Krádež a znovupoužití generátoru hesel | 2FA | Mnoho hardwarových a softwarových tokenů 2FA generuje jednorázový kód, který je pro daného uživatele a zařízení jedinečný. |
| 2FA se nepožaduje | 2FA | Mnoho služeb včetně populárních webových stránek, které umožňují používat 2FA, ji nevyžadují, což ale samotný účel zavedení 2FA sabotuje. |
| Napodobení subjektu | 2FA | Existuje malé špinavé tajemství, které před vámi chtějí dodavatelé čipových karet tajit – každé zařízení/software 2FA jsou svázané s identitou uživatele/zařízení. Tato identita musí být v rámci autentizačního systému jedinečná. |
| Ukradená biometrie | 2FA | Vaše atributy biometrické totožnosti (např. otisky prstů nebo sken sítnice) lze ukrást a opakovaně používat. Přitom je velmi těžké bránit útočníkovi, aby je používal. |
| Sdílená, integrovaná autentizace | 2FA | Dnes jsou populární sdílená integrovaná autentizační schémata, jako je například oAuth, která umožňují uživateli přihlásit se jednou a znovu použít toto pověření (často v pozadí) k přihlášení k dalším službám a webovým stránkám. |
| Sociální inženýrství | 2FA | Jak stále více webových stránek umožňuje nebo vyžaduje 2FA, hackeři se naučili, jak to vyřešit pomocí sociálního inženýrství. |
| Útoky hrubou silou na 2FA | 2FA | Ztráta 2FA tokenů a jejich získání hackery není nic nového. Pokud web nebo služba používající přihlášení 2FA nepoužívá kontrolu špatných pokusů o přihlášení, mohou se útočníci pokoušet uhádnout PIN kód pro 2FA opakovaným zkoušením, dokud se netrefí. |
| Implementace obsahující chyby | 2FA | Je realističtější předpokládat, že je více webů a softwaru s přihlašováním 2FA, které obsahují chyby umožňující obejít 2FA, než webů, jež jsou zcela bezpečné. |
| Plundervolt | CPU | Modern processors are being pushed to perform faster than ever before - and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. |
| iTLB multihit | CPU | iTLB multihit is an erratum where some processors may incur a machine check error, possibly resulting in an unrecoverable CPU lockup, when an instruction fetch hits multiple entries in the instruction TLB. This can occur when the page size is changed along with either the physical address or cache type |
| Jump Conditional Code Erratum | CPU | Starting with the second-generation Intel® Core™ Processors and Intel® Xeon® E3-1200 Series Processors (formerly codenamed Sandy Bridge) and later processor families, the Intel® microarchitecture introduces a microarchitectural structure called the Decoded ICache (also called the Decoded Streaming Buffer or DSB). |
| TPM—Fail | CPU | Trusted Platform Module (TPM) serves as a root of trust for the operating system. TPM is supposed to protect our security keys from malicious adversaries like malware and rootkits. |
| TSX Speculative Attack | CPU | A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. |
| MDS Attack | CPU | The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites. |
| CPDoS Atack | DDoS | Cache-Poisoned Denial-of-Service (CPDoS) is a new class of web cache poisoning attacks aimed at disabling web resources and websites. |
| Simjacker Attack | SIM Attack | Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users. |
| NETCAT Attack | CPU | NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). |
| KNOB Attack | Bluetooth | A vulnerability tracked as CVE-2019-9506 and referred as Key Negotiation of Bluetooth (KNOB) attack could allow attackers to spy on encrypted connections. |
| SWAPGS Attack | CPU | The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown |
| App in the Middle (AitM) Attack | App | Below, I will describe two ‘app-in-the-middle’ attacks, where a malicious app is installed in the personal profile and acts as an agent to steal information from (and even control) the Work profile and hand it off to an attacker’s Command & Control server. |
| RAMBleed attack | RAM | The Rowhammer bug is a reliability issue in DRAM cells that can enable an unprivileged adversary to flip the values of bits in neighboring rows on the memory module. |
| ZombieLoad Attack | CPU | After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. |
| RIDL and Fallout Attacks | CPU | New attacks extract data from CPU buffers. Two attacks dubbed RIDL and Falloutexploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say. |
| RIDL attack | CPU | Researchers from VUSec - the Systems and Network Security Group at Vrije University in Amsterdam, and from the Helmholtz Center for Information Security (CISPA) have developed the RIDL (short for Rogue In-Flight Data Load) attack. |
| PASSWORD PARTITIONING | WPA 3 | In this section we show how to perform password partition attacks, using the information obtained from our timing and cache attacks. |
| CACHE-BASED ATTACKS ON ECC GROUPS | WPA 3 | In this section we demonstrate that implementations of the hashto-curve algorithm of SAE may be vulnerable to cache-based sidechannel attacks. |
| TIMING ATTACKS ON MODP GROUPS | WPA 3 | In this section we empirically show that the hash-to-group method that converts a password into a MODP element is vulnerable to timing attacks. |
| Countermeasures | WPA 3 | To mitigate our downgrade to dictionary attack, a client should remember if a network supports WPA3-SAE. That is, after successfully connecting using SAE, the client should store that the network supports SAE. |
| Attacking SAE’s Group Negotiation | WPA 3 | The SAE handshake can be run using different elliptic curve or multiplicative groups mod p (i.e. ECP or MODP groups). The “Group Description” of gives an overview of supported groups. |
| Downgrade to Dictionary Attack | WPA 3 | Our first attack is against WPA3-SAE transition mode. Recall from Section 2.2 that in this mode the AP is configured to accept connections using both WPA3-SAE and WPA2. |
| Framing supply chain attacks | ICS | The increase in the demand for innovative software has effectively reshaped the software development industry itself. |
| BTS resource depletion attack | LTE | Every commercial eNB has a maximum capacity of active user connections based on their hardware and software specifications. |
| Blind DoS attack | LTE | Unlike the aforementioned attack that denies multiple users in an eNB, the Blind DoS attack denies a targeted UE by establishing RRC Connections spoofed as the victim UE. 1) |
| Remote de-registration attack | LTE | During our experiments, we discovered that operational MMEs have several implementation flaws that cause them to unnecessarily de-register the victim UE without notification. |
| SMS phishing attack | LTE | 1) Adversary model: In this scenario, the adversary sends an SMS message to victim UE1 by spoofing the message sender using the phone number of victim UE2. |
| ATTACKS EXPLOITING UE: AKA BYPASS ATTACK | LTE | 1) Adversary model: The adversary is located sufficiently close to the victim UE to trigger handover from an existing eNB to the adversary’s rogue LTE network. |
| Attacks exploiting eNB | LTE | In the case of a BTS resource depletion attack, it is impossible for an eNB to distinguish the adversary’s RRC Connection requests from benign RRC connection requests. |
| Attacks exploiting MME and UE | LTE | As discussed in Section V, both the Remote de-register attack and SMS phishing attack are rooted from incorrect implementation of the operational MMEs. |
| MitM attack | LTE | Many previous studies, employed a rogue BTS in a 2G/3G network. However, the Man in the Middle (MitM) attack in LTE networks received less attention . |
| DoS attack | LTE | Previous studies introduced DoS attacks that exploit vulnerabilities in LTE control plane procedures. Shaik et al. presented DoS attacks using plain reject messages (NAS TAU reject, Service reject and Attach reject). |
| Password Spray Attack | Password | Password Spray Attack is quite the opposite of Brute Force Attack. In Brute Force attacks, hackers choose a vulnerable ID and enter passwords one after another hoping some password might let them in. |
| Thunderclap | Hardware | Direct Memory Access (DMA) attacks have been known for many years: DMA-enabled I/O peripherals have complete access to the state of a computer and can fully compromise it including reading and writing all of system memory. |
| ToRPEDO Attack | Mobil/GSM | Short for "TRacking via Paging mEssage DistributiOn," TorPEDO is the most concerning attack that leverages paging protocol, allowing remote attackers to verify a victim device’s location, inject fabricated paging messages, and mount denial-of-service (DoS) attacks. |
| PIERCER attack | Mobil/GSM | The PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack, which enables an attacker with the knowledge of the victim’s phone number, a sniffer, and a fake base station in the victim’s geographical cell to associate the victim device’s IMSI with its phone number. |
| IMSI-Cracking Attacks | Mobil/GSM | In addition, the ToRPEDO attack also opens a door for two other new attacks—the PIERCER and IMSI-Cracking attacks, leading to the full recovery of the victim device's persistent identity (i.e., IMSI).Exist due to a design flaw, PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack enables an attacker to associate the victim device's unique IMSI with its phone number. |
| Server Spoofing | Protocol | Similar to ARP spoofing and all other spoofing attacks. In here attacker pretend to be a valid DHCP server. What attacker does is he reply for the hosts DHCP request before real DHCP server does. |
| MAC flooding/CAM table overflow | Protocol | MAC address tables or CAM(Content Access Memory) tables are used on switches to track where to send traffic it received. When switch receives a frame it look its cam table for destination mac address. |
| Cross-cloud attacks | Cloud | These types of threats occur when customers move one of their workloads into a public cloud environment, such as Amazon Web Services or Microsoft Azure, and use Direct Connect (or any other VPN tunnel) to move between ¨'the public cloud into the private cloud. |
| Cloud malware injection attacks | Cloud | Malware injection attacks are done to take control of a user’s information in the cloud. For this purpose, hackers add an infected service implementation module to a SaaS or PaaS solution or a virtual machine instance to an IaaS solution. |
| Cloud attack counter measures | Cloud | We’ve discussed some of the most common cloud computing attack vectors malicious actors use to achieve their goals. |
| Insider attacks | Cloud | Insider attacks remain one of the top threats for various organizations, even if you don’t use cloud infrastructure. While most employees are trustworthy, it’s always a good idea to have a clear understanding of who has access to certain files and documents. |
| Punycode Attack | Web | Unicode characters can look the same to the naked eye but actually, have a different web address. Some letters in the Roman alphabet, used by the majority of modern languages, are the same shape as letters in Greek, Cyrillic, and other alphabets, so it’s easy for an attacker to launch a domain name that replaces some ASCII characters with Unicode characters. |
| CORS Attacks | Web | CORS or Cross -Origin Resource Sharing use in modern browsers to check the permission of remote access to web resources and services. |
| Bypassing SAML 2.0 SSOwith XML Signature Attacks | Authentication | We’ve recently noticed a trend with a lot of New Zealand sites wanting to implement Single Sign-On (SSO) to combat the proliferation of passwords, including many government services. |
| Detecting and exploiting XXE in SAML Interfaces | Web | This post will describe some findings, problems and inisghts regarding XML External Entity Attacks (XXEA) that we gathered during a large-scale security analysis of several SAML interfaces. |
| Attacking SSO | Authentication | In this blog I’ll share some pointers that can be used when testing Single Sign-On (SSO) solutions that utilize SAML. The centralized nature of SSO provides a range of security benefits, but also makes SSO a high-profile target to attackers. |
| SS7 Attack | Mobil/GSM | An SS7 attack is an exploit that takes advantage of a weakness in the design of SS7 (Signalling System 7) to enable data theft, eavesdropping, text interception and location tracking. |
| Punycode Phishing | Phishing | There are only a handful of rules that you need to know to counter any phishing attack that you may be exposed to on the Internet, right? Check the web address and make sure it is the right one. |
| Cold boot attack | Hardware/ | In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine. |
| OpenSSH PlaintextRecovery Attack | Communication | o, somebody pointed this out to me the other day: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt which talks about the probability of recovering some plain text from an ssh session. |
| Formjacking | Web | When a customer of an e-commerce site clicks “submit” or its equivalent after entering their details into a website’s payment form, malicious JavaScript code that has been injected there by the cyber criminals collects all entered information, such as payment card details and the user’s name and address. |
| Man-in-the-Disk | Android | Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. |
| Faxploit | Exploit | Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver a physical message from a sender to a receiver. Technology wise, however, that was a long time ago. |
| TLBLEED | CPU | TLBleed is a new side channel attack that has been proven to work on Intel CPU’s with Hyperthreading |
| Foreshadow | CPU | Foreshadow is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 18, but was first disclosed to the public on 14 August 18. |
| Meltdown | CPU | Meltdown is a hardware vulnerability affecting Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so. |
| Spectre | CPU | Spectre is a vulnerability that affects modern microprocessors that perform branch prediction.On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. |
| TLBleed | Cryptographic | TLBleed is a cryptographic side-channel attack that uses machine learning to exploit a timing side-channel via the translation look-aside buffer (TLB) on modern microprocessors that use simultaneous multithreading. |
| BlackNurse attack | DoS | The BlackNurse attack is a form of denial of service attack based on ICMP flooding. The attack is special because a modest bandwidth of 20Mbit/s can be effective for disrupting a victim's network. |
| EFAIL Attacks | Researchers finally revealed the Historical Email encryption based EFAIL attacks that can be exploited this brand new serious vulnerability that affected PGP & S/MIME end-to-end encryption technologies. | |
| Nethammer | Hardware | A fundamental assumption in software security is that memory contents do not change unless there is a legitimate deliberate modification. Classical fault attacks show that this assumption does not hold if the attacker has physical access. |
| GLitch attack | Android | The researchers dubbed their attack “GLitch,” as it leverages WebGL, a JavaScript API for rendering interactive graphics in web browsers, to determine the physical memory layout of the DRAM memory before starting the targeted Rowhammer attack. |
| SIP Client Call Flood | VoIP | This is a flood technique focused on SIP application protocol which involves illegitimate call requests. The idea here is to flood the Session Boarder Control (SBC) and / or SIP / VOIP PBX with too many requests to handle and thus making the service unavailable. |
| HTTP Fragmentation | HTTP | In an HTTP Fragmentation Attack, an attacker establishes a valid connection with a server, and then proceeds to send all of his or her HTTP traffic to the server in small fragments as slowly as possible. |
| ICMP Flood Attack | LAN | Internet Control Message Protocol (ICMP) is a connectionless protocol used for IP operations, diagnostics, and errors. |
| HTTP Flood (HTTP DDoSAttack) | HTTP | An HTTP flood is a HTTP DDoS attack method used by hackers to attack web servers and applications. It consists of seemingly legitimate session-based sets of HTTP GET or POST requests sent to a target web server |
| PowerHammer | Hardware | PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines |
| iOS Trustjacking Attack | iOS | Symantec researchers have found a loophole in how iPhone users pair devices with Mac workstations and laptops. They say attackers can exploit this flaw —which they named Trustjacking— to take over devices without the phone owner's knowledge. |
| Border Gateway Protocol(BGP) Attack | TCP/IP | The BGP attack is a DDoS attack where attackers take control of a large amount of fast routers to overwhelm their victim. The idea behind it is to take advantage of the ability of routers to exchange router tables. |
| Cookie Poisoning | Cookies | Cookie poisoning is the act of manipulating or forging a cookie (a small piece of data created and stored in a user's browser that keeps track of important information regarding his or her session information for a particular site) |
| DrDoS attack | DoS | Distributed Reflection Denial of Service attack. An attack is reflective when the attacker makes use of a potentially legitimate third party to send his or her attack traffic, ultimately hiding his or her own identity. |
| Fragmented ACK Attack | TCP/IP | A Fragmented ACK attack is a variation of the ACK & PSH-ACK Flood that uses 1500-byte packets with the goal of hogging the target network’s bandwidth with only a moderate packet rate. |
| #RefRef | DDoS | #RefRef is a Perl-based DoS attack tool developed by the Hacktivist group ‘Anonymous’ that uses a vulnerability in MySQL to perform an SQL injection involving the MySQL BENCHMARK() function. |
| Application misuse attack | Vulnerebility | Application misuse is a category of cyber or security attacks which envelopes the concept of availability-based outages at Layers 5-7 on the OSI model of internetworking. |
| TCP Window Scaling | TCP/IP | The TCP Window is a buffer that contains a copy of all the packets sent out by a device in case any of the packets are lost in transit (in which case they can be replaced using this buffer and resent minimizing packet loss). |
| SYN Flood | TCP/IP | A SYN flood is a denial-of-service (DoS) attack that relies on abusing the standard way that a TCP connection is established. Typically, a client sends a SYN packet to an open port on a server asking for a TCP connection. |
| Fraggle Attack | DDoS | A Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router’s broadcast address within a network. |
| DNS Flood Attack (DNS Flooding) | DNS | DNS amplification attack is a sophisticated denial of service attack that takes advantage of DNS servers' behavior in order to amplify the attack. In order to launch a DNS amplification attack, the attacker performs two malicious tasks. |
| UDP Flood Attack | TCP/IP | A UDP flood attack is a network flood and still one of the most common floods today. The attacker sends UDP packets, typically large ones, to single destination or to random ports. |
| Boy-in-the-Browser Attack | Web | The Boy-in-the-Browser Attack is a variant of the MitB – Man-in-the-Browser attack involving malware that makes changes to a target machine's routing (often by changing an operating system's hosts file), and subsequently deleting itself. |
| Counter-attack | TCP/IP | A counter-attack is a term taken from the military jargon used to describe large scale, usually strategic offensive operations by forces that had successfully halted an enemy’s offensive, while occupying defensive positions. |
| Low rate attack | TCP/IP | Attack aimed at bringing a target down but doing so quietly. This is much different than high rate brute force attacks. |
| Slowloris | DoS | Slowloris is a denial-of-service (DoS) tool developed by the grey hat hacker “RSnake” that causes DoS by using a very slow HTTP request. |
| High-rate attack | TCP/IP | These attacks are essentially forceful and often involve flooding the target with an overwhelming flux of packets, whether over saturating its connection bandwidth or depleting the target's system resources. |
| Zero-Day - Zero-Minute | Zero-Day | A Zero-Day (or Zero-Minute) Attack is a type of attack that uses a previously unknown vulnerability. Because the attack is occurring before “Day 1” of the vulnerability being publicly known, it is said that the attack occurred on “Day 0” - hence the name. |
| Torshammer (Tor‘s Hammer) | Tor | Torshammer is a slow-rate HTTP POST (Layer 7) DoS tool created by phiral.net. The first public occurrence of this tool dates back to early 2011. |
| R.U.D.Y. Attack (R-U-Dead-Yet?) | Web | R.U.D.Y. attack (R-U-Dead-Yet?) is a slow-rate HTTP POST (Layer 7) denial-of-service tool created by Raviv Raz and named after the Children of Bodom album "Are You Dead Yet?" |
| Hacktivist | Hacktivist | "Hacktivist", a portmanteau of "hack" and "activism", was a term coined in 1996 by Omega, a member of the hacking coalition "Cult of the Dead Crow" (cDc). |
| SIP Malformed Attack | SIP | Application layer attack on the Session Initiation Protocol- SIP in use in VoIP services, targeted at causing denial of service to SIP servers. |
| Java Deserialization Attack | Apache | Recently we talked a lot about attacks exploiting Java deserialization vulnerabilties in systems like Apache SOLR and WebLogic. Most of these attacks targeted Linux/Unix systems. But recently, I am seeing more attacks that target windows. |
| Cold boot attack | Crypto | In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine. |
| Lucky Thirteen attack | Crypto | The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol that use the CBC mode of operation, |
| Electromagnetic attack | Crypto | In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it. |
| Pin Configuration Attack | Crypto | A PLC can receive and transmit various types of electrical and electronic signals. |
| Pin Multiplexing Attack | Crypto | Embedded SoCs usually employ hundreds of pins connected to the electrical circuit. Some of these pins have a single defined purpose. |
| Pin Control Attack | Crypto | Pin Control Attack is a class of attack against embedded SoC's where attacker targets I/O configuration of the embedded systems and physically terminate its connection with the software or Operating System (OS) without software/OS notices about it or receive any failure regarding I/O failures. |
| Timing attack | Crypto | In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. |
| DMA Attack | Hardware | This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (August 2012) (Learn how and when to remove this template message) |
| UEFI Attack | Firmware | Unlike macs many PCs are likely to be vulnerable to pre-boot Direct Memory Access (DMA) attacks against UEFI. If an attack is successful on a system configured with secure boot - then the chain of trust is broken and secure boot becomes insecure boot. |
| BranchScope Attack | CPU | We present BranchScope — a new side-channel attack where the attacker infers the direction of an arbitrary conditional branch instruction in a victim program by manipulating the shared directional branch predictor |
| Authentication | 4G LTE | |
| Synchronization | 4G LTE | |
| Failure Attack | 4G LTE | |
| Traceability Attack | 4G LTE | |
| Numb Attack | 4G LTE | |
| Authentication Relay Attack | 4G LTE | |
| Detach/Downgrade Attack | 4G LTE | |
| Paging Channel | 4G LTE | |
| Hijacking Attack | ||
| Stealthy Kicking-off Attack | 4G LTE | |
| Panic Attack | 4G LTE | |
| Energy Depletion Attack | 4G LTE | |
| Linkability Attack | 4G LTE | |
| MOSQUITO Attack | Bezdrátový | |
| aIR-Jumper | Bezdrátový | Attack steals sensitive data from air-gapped PCs with the help of infrared-equipped CCTV cameras that are used for night vision. |
| USBee | Bezdrátový | Can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors. |
| DiskFiltration | Bezdrátový | Can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers. |
| BitWhisper | Bezdrátový | Relies on heat exchange between two computers to stealthily siphon passwords and security keys. |
| AirHopper | Bezdrátový | Turns a computer's video card into an FM transmitter to capture keystrokes. |
| Fansmitter | Bezdrátový | Technique uses noise emitted by a computer fan to transmit data. |
| GSMEM Attack | Bezdrátový | Attack relies on cellular frequencies. |
| MEMCACHED UDP | TCP/IP | |
| REFLECTION ATTACKS | ||
| RDDoS Attack | RDDoS | |
| Eclipse Attack | ||
| SgxSpectre Attack | ||
| Memcached DDoS Attackers | ||
| SWIFT-based attack | ||
| The DUHK Attack | ||
| BOUNDHOOK Attack | ||
| DDE Attack | ||
| Key Reinstallation Attacks | ||
| ROCA Attack | ||
| BlackNurse Denial of Service Attack | ||
| Distributed Guessing Attack | ||
| DROWN attack | ||
| Quantum Insert attack | ||
| Cross-site scripting (XSS) | Databáze | |
| SQL injection | Databáze | |
| Cross-site Request Forgery (CSRF) | Databáze | |
| Cross-User Defacement | ||
| Escapování | ||
| Cache poisoning | ||
| HTTP response splitting | TCP/IP | |
| Triple Handshake útok | ||
| UDP-based Amplification Attacks | TCP/IP | |
| DNS Amplification Attacks | DNS | |
| NTP Amplification Attacks | TCP/IP | |
| Using CVE-2013-5211 | ||
| Pasivní identifikace | Skenovací | |
| operačního systému | ||
| Aktivní identifikace | Skenovací | |
| Skenování portů | Skenovací | |
| ICMP dotazy | Skenovací | |
| Hromadný ping | Skenovací | |
| Skenování FIN, X-mas a Null | Skenovací | |
| Nečinné skenování | Skenovací | |
| Podvržené návnady | Skenovací | |
| Tajné SYN skenování | Skenovací | |
| MITM útok | ||
| ARP Poisoning | TCP/IP | |
| ARP Spoofing | TCP/IP | |
| MAC Attack | TCP/IP | |
| DoS | DoS | |
| Adress Spoofing | TCP/IP | |
| Sniffing(odposlouchávání) | TCP/IP | |
| Session Hijacking | ||
| Replay Attack | ||
| Spoofing Attack | ||
| FTP Bounce Attack | TCP/IP | |
| Reflection_attack | ||
| Relay attack | ||
| Mixed_threat_attack | ||
| TCP_reset_attack | TCP/IP | |
| Twinge_attack | ||
| IP_fragmentation_attacks | TCP/IP | |
| Fragmented_distribution | ||
| _attack | ||
| Inference_attack | ||
| Attack_tree | ||
| Packet_drop_attack | TCP/IP | |
| LAND_attack | ||
| MAC_flooding | TCP/IP | |
| IP_address_spoofing | TCP/IP | |
| DNS_rebinding | DNS | |
| DNS_hijacking | DNS | |
| Squatting_attack | ||
| Sybil_attack |