A recent audit conducted by the Department of Justice's (DoJ) Office of the Inspector General (OIG) discovered that the FBI is exposing sensitive and classified data because of "significant weaknesses" in its inventory management and disposal of electronic storage media.

The Science of Security team is pleased to announce the opening of... 

NSA’s Summer 2025 internship opportunities   

Ads open: September 1- October 1 

Who may Apply: College students (starting in freshman year) 

A study led by the University of Michigan found that emerging self-driving vehicle networks that collaborate and communicate with one another or with infrastructure to make decisions are vulnerable to data fabrication attacks. The Vehicle-to-Everything (V2X) network of collaboration and communication is still in development as many countries are still testing it on a small scale. Information sharing among vehicles allows hackers to introduce fake objects or remove real objects from perception data, potentially causing vehicles to brake hard or crash.

An ongoing campaign infects high-level organizations in Southeat Asia using two stealth techniques. The first method called "GrimResource," lets attackers run arbitrary code in the Microsoft Management Console (MMC). The second method, "AppDomainManager Injection," uses malicious Dynamic Link Libraries (DLLs). According to NTT researchers, an attacker similar to China's "APT41" has been using these methods to drop Cobalt Strike onto the Information Technology (IT) systems of Taiwanese government agencies, the Philippine military, and energy organizations in Vietnam.

Less than a week after releasing Chrome 128 to the stable channel, Google warns that another bug resolved with the update is being exploited in the wild.  The issue tracked as CVE-2024-7965 (CVSS score of 8.8) is described by Google as an inappropriate implementation in the V8 JavaScript engine that allows a remote attacker to exploit heap corruption via crafted HTML pages.  Google noted that if the victim visits a compromised or malicious web page, the vulnerability could allow the attacker to execute code or access sensitive information.

California-based Patelco Credit Union has recently started informing customers and employees about a data breach after a ransomware group managed to steal information from databases containing personal information from its systems. Patelco is a member-owned, non-profit credit union serving Northern California, particularly the San Francisco Bay Area. The organization detected a ransomware attack involving unauthorized access to its databases on June 29. An investigation revealed that the hackers accessed its systems between May 23 and June 29.

The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend.  In 2023, the airport served almost 51 million passengers. The airport is a major hub for Alaska Airlines and Delta Air Line, serving 91 domestic and 28 international destinations.

A long-running group has allegedly been helping cybercriminals penetrate Information Technology (IT) systems with CAPTCHA-solving services. Arkose Cyber Threat Intelligence Research (ACTIR) identified "Greasy Opal," a cyberattack-enabling business. Greasy Opal, based in the Czech Republic, has stealthily been in operation since 2009. The group sells different products and solutions ranging from legitimate productivity solutions to more controversial tools, such as Search Engine Optimization (SEO)-boosting software, CAPTCHA-solving services, browser automation services, and more.

To combat Living Off the Land (LOTL) techniques used by Advanced Persistent Threat (APT) actors, the National Security Agency (NSA), along with international partners, has released a best practice guide for event logging. The publication outlines best practices for event logging and threat detection in cloud services, enterprise networks, mobile devices, and Operational Technology (OT) networks to ensure critical system availability. The guide is for senior Information Technology (IT) and OT decision-makers, as well as network administrators and critical infrastructure providers.

Since 2022, a stealthy Linux malware called "sedexp" has evaded detection using a persistence technique not yet included in the MITRE ATT&CK framework. The malware, which was discovered by researchers at the risk management company Stroz Friedberg, allows its operators to create reverse shells for remote access and further the attack. At this time, the researchers point out MITRE ATT&CK has not documented the persistence technique used, emphasizing that sedexp is an advanced threat hiding in plain sight.