An Apple macOS version of a backdoor named "HZ RAT" targets users of Chinese instant messaging apps such as DingTalk and WeChat. The artifacts almost replicate the functionality of the Windows version of the backdoor, with the only difference being the payload, which is received from the attackers' server in the form of shell scripts.

Park'N Fly recently announced that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network.  The threat actors breached the Park'N Fly networks through stolen VPN credentials in mid-July and stole data from the company.  On August 1, the company determined that customer information was also accessed during the attack.

Cybersecurity researcher Johann Rehberger has disclosed a vulnerability he found in Microsoft 365 Copilot that allows attackers to steal users' sensitive information. According to Rehberger, the exploitation of this flaw involves several advanced techniques, including prompt injection, automatic tool invocation, and ASCII smuggling. The attack starts with a prompt injection through a malicious email or shared document. This injection prompts Microsoft 365 Copilot to search for additional emails and documents without consent from the user.

A massive QR code phishing campaign has exploited Microsoft Sway, a cloud-based tool used for creating online presentations, to host landing pages aimed at tricking Microsoft 365 users into providing their credentials. Netskope Threat Labs discovered the attacks in July 2024, after detecting a significant increase in attacks involving Microsoft Sway to host phishing pages that steal Microsoft 365 credentials. This wave of attacks strongly differs from the minimal activity reported in the first half of the year, suggesting the campaign's large scale.

According to a new Charles Darwin University (CDU) study, smartwatches can provide hackers with a wealth of personal information to exploit. The researchers hacked various smart wearable devices priced between $25 and $150 to learn about the technology's vulnerabilities and what information can be accessed and exploited. These devices enable people to track their health, monitor their fitness, perform medical tests, and more, but they frequently use Bluetooth Low Energy (BLE) technology, thus sacrificing security for low energy consumption.

According to AppOmni, about 31 percent of global organizations experienced a data breach in their Software-as-a-Service (SaaS) applications last year while attempting to gain visibility and control over their cloud environment. To compile its "State of SaaS Security 2024 Report", the security vendor surveyed 644 enterprises with 2,500 or more employees in the US, UK, France, Germany, Japan, and Australia. The five-point increase in the share of breached respondents this year can be attributed to a number of factors identified in the study.

A recent audit conducted by the Department of Justice's (DoJ) Office of the Inspector General (OIG) discovered that the FBI is exposing sensitive and classified data because of "significant weaknesses" in its inventory management and disposal of electronic storage media.

The Science of Security team is pleased to announce the opening of... 

NSA’s Summer 2025 internship opportunities   

Ads open: September 1- October 1 

Who may Apply: College students (starting in freshman year) 

A study led by the University of Michigan found that emerging self-driving vehicle networks that collaborate and communicate with one another or with infrastructure to make decisions are vulnerable to data fabrication attacks. The Vehicle-to-Everything (V2X) network of collaboration and communication is still in development as many countries are still testing it on a small scale. Information sharing among vehicles allows hackers to introduce fake objects or remove real objects from perception data, potentially causing vehicles to brake hard or crash.

An ongoing campaign infects high-level organizations in Southeat Asia using two stealth techniques. The first method called "GrimResource," lets attackers run arbitrary code in the Microsoft Management Console (MMC). The second method, "AppDomainManager Injection," uses malicious Dynamic Link Libraries (DLLs). According to NTT researchers, an attacker similar to China's "APT41" has been using these methods to drop Cobalt Strike onto the Information Technology (IT) systems of Taiwanese government agencies, the Philippine military, and energy organizations in Vietnam.