The Science of Security (SoS) Virtual Institutes (VIs) held their Mid-Year meeting at the International Computer Science Institute (ICSI) on July 9-10, 2024.

According to the FBI and CISA, malicious actors are spreading false claims that US voter registration databases have been breached.  The agencies said that the claims are designed to manipulate public opinion and undermine confidence in US democratic institutions in the run up to the US Presidential Elections in November.  The malicious actors are using obtained voter registration information as evidence to support their claims that a cyber operation compromised election infrastructure.

Threat actors have been infecting Internet-exposed Selenium Grid servers to use victims' Internet bandwidth for cryptomining, proxyjacking, and more. Wiz reports that 30 percent of cloud environments use Selenium, an open source suite of tools for browser automation. Millions of developers and thousands of organizations use Selenium Grid, an open source tool for automatically testing web applications across multiple platforms and browsers in parallel. Some hackers have launched automated malware to hijack Selenium Grid servers for malicious purposes.

Digitally manipulated "deepfake" photos and videos are getting increasingly harder to spot as Artificial Intelligence (AI) networks improve and become more accessible. New research led by Binghamton University breaks down images using frequency domain analysis techniques and identifies anomalies indicating that AI generated them. The study compared real and fake images. The researchers created thousands of images with Adobe Firefly, PIXLR, DALL-E, and other generative AI tools, then analyzed them using signal processing to understand their frequency domain features.

European Union regulators are investigating one of Google's Artificial Intelligence (AI) models due to concerns about its compliance with data privacy rules. Ireland's Data Protection Commission is looking into Google's Pathways Language Model 2 (PaLM2). It is part of a larger effort, including other national watchdogs across the 27-nation bloc, to delve into how AI systems handle personal data. This article continues to discuss Ireland's Data Protection Commission opening an inquiry into Google's PaLM2.

A new malware named "Vo1d" has infected about 1.3 million Android-based TV boxes running outdated operating systems and owned by users in 197 countries. The antivirus vendor Doctor Web described it as a backdoor that hides its components in the system storage area and, when commanded by attackers, secretly downloads and installs third-party software. Most infections are in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria, and Indonesia.

According to ReversingLabs, "Lazarus Group" is continuing its "VMConnect" campaign by distributing new malicious software packages to developers via open source repositories. The North Korean group masqueraded as Capital One employees and used fake job interviews to trick developers into downloading the malware. The malware installs malicious downloaders on developer systems that can fetch second and third-stage malware, such as backdoors and infostealers. This article continues to discuss findings regarding the continued VMConnect campaign.  

According to researchers at Check Point, hackers suspected of operating on behalf of the Iranian government have been targeting Iraqi government networks. Iran has been discovered to be conducting cyber espionage operations against various Iraqi entities, including the government. The attacks use custom malware and infrastructure designed for specific targets, with links to known threat actors previously associated with Iran's Ministry of Intelligence and Security (MOIS).

According to Endor Labs, about 95 percent of version upgrades of open source software include at least one breaking change that causes other components to fail. Patches have a 75 percent chance of causing a break. The problem of breaking changes is exacerbated by the finding that a quarter of vulnerable components require a major version update. This article continues to discuss key findings from Endor Labs' "Dependency Management Report."

Cybersecurity giant Fortinet has recently confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.  Fortinet is one of the largest cybersecurity companies in the world.  Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance.  The threat actor then shared credentials to an alleged S3 bucket, where the stolen data is stored for other threat actors to download.