A threat actor known for providing ransomware groups with initial access to enterprise systems has used Microsoft Teams to phish employees. According to Microsoft threat researchers, Storm-0324 likely relies on the publicly available TeamsPhisher tool for this activity. Storm-0324 is a temporary name designated by Microsoft to this threat actor, suggesting that the company is still not highly confident about the origin or identity of the actor behind the operation.

Online ads are often leveraged in personal cyberattacks, which can lead to the download of unwanted software and other malicious files. Researchers at the Georgia Institute of Technology are fighting deceptive online ads with an innovative solution designed to combat the growing threat of online social engineering attacks by eliminating them at their source. Trident, developed by Ph.D. student Zheng Yang and his team of researchers, is an add-on compatible with Google Chrome and has been shown to block these ads by nearly 100 percent.

Using Wi-Fi signals, scientists have developed a technology that enables people to see objects and read letters through walls. The system, developed by UC Santa Barbara researchers, traces the edges of objects on the opposite side of solid barriers. In one experiment, the team used the technology to decipher the word "BELIEVE" from the other side of a wall by imaging each letter individually. Three off-the-shelf Wi-Fi transmitters were used to send wireless waves in an area. The receivers were on an unmanned vehicle emulating a Wi-Fi receiver grid as it moved.

The National Security Agency (NSA) and US federal agency partners have issued new guidance regarding deepfakes. This emerging threat may pose a cybersecurity challenge for National Security Systems (NSS), the Department of Defense (DoD), and Defense Industrial Base (DIB) organizations. They issued the Cybersecurity Information Sheet (CSI) "Contextualizing Deepfake Threats to Organizations" to help organizations identify, defend against, and respond to deepfake threats.

Georgia Tech's Cyber Forensics Innovation (CyFI) Lab discovered that Web App Engaged (WAE) malware has increased by 226 percent since 2020. Therefore, the team created a tool that enables cybersecurity incident responders to purge almost 80 percent of discovered WAE malware by teaming up with service providers. Ph.D. student at Georgia Tech Mingxuan Yao noted that web applications have become integral to our online lives, providing services such as content delivery, data storage, and social networking, but these utilities have made web applications attractive for malware creators.

Brief articles on areas of concern or interest in areas of Science of Security. They are indexed below.

Cyber Scene articles are intended to provide an informative, timely backdrop of events, thinking, and developments that feed into technological advancement of Science of Security (SoS) collaboration and extend its outreach. They are indexed below.

Brief articles on current cybercriminal activities. They are indexed below.

Air Canada recently announced that the personal information of some employees was accessed in a recent cyberattack.  Canada’s national airline announced that a threat actor obtained limited access to one of its internal systems that contained “limited personal information of some employees and certain records  .”Air Canada noted that the incident did not impact its flight operations systems.  Furthermore, the company says, customer facing systems were not accessed, and no customer information was compromised in the attack.

Atlassian and the Internet Systems Consortium (ISC) have disclosed multiple security vulnerabilities in their products that could be exploited for Denial-of-Service (DoS) and Remote Code Execution (RCE). The four high-severity flaws were addressed in new versions shipped last month. The vulnerabilities include a deserialization flaw in the Google Gson package that affects Patch Management in Jira Service Management Data Center and Server, a DoS flaw in Confluence Data Center, and more.