The North Korean state-sponsored hacking group "Andariel" has been attributed to a "Play" ransomware operation. According to Palo Alto Networks' Unit 42, Andariel may be a Play affiliate or an Initial Access Broker (IAB) facilitating the malware launch on a network they breached months earlier. Andariel is a state-sponsored Advanced Persistent Threat (APT) group linked to North Korea's Reconnaissance General Bureau, a military intelligence agency. This article continues to discuss the connection between Andariel and Play ransomware.

The threat actor "Chenlun" has been linked to a sophisticated phishing campaign impersonating trusted brands such as Amazon through text messages. Researchers at DomainTools attributed this activity to Chenlun, who exploited USPS delivery alerts last year to steal sensitive information. A new wave of phishing messages warns users about suspicious account activity and encourages them to verify accounts via malicious links. This article continues to discuss the evolution of Chenlun's tactics and the importance of collaborating to combat phishing attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) released its first International Strategic Plan for 2025-2026. It supports the CISA's first comprehensive strategic plan and aligns with the National Security Memorandum on Critical Infrastructure Security and Resilience. The International Strategic Plan outlines how CISA will actively work with international partners to bolster critical infrastructure security and resiliency. This article continues to discuss CISA's 2025-2026 International Strategic Plan.

Security researchers at CheckPoint have discovered that a new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone number instead.  The goal of the latest version remains to steal people's sensitive information and money from their bank accounts.  The researchers noted that FakeCall (or FakeCalls) is a banking trojan with a focus on voice phishing, in which victims are deceived through fraudulent calls impersonating banks, asking them to convey sensitive information.

We invite submissions on a broad range of topics that have been covered by SenSys, IPSN, and IoTDI, as well as new emerging topics of interest.

Google and Mozilla recently announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe.  Google announced the release of Chrome 130, which patches two vulnerabilities.   The first vulnerability, tracked as CVE-2024-10487, has been described as a critical out-of-bounds write issue in Dawn, the cross-platform implementation of the WebGPU standard. The second vulnerability patched with the release of Chrome 130 is CVE-2024-10488, a high-severity use-after-free in WebRTC.

Security researchers at Comparitech have sounded another US election warning after claiming that the majority of US county websites could be copied to spread disinformation and steal info.  The researchers analyzed the websites and official contact email addresses for 3144 US counties to compile its report. The researchers found that 57% of county websites are registered with non-.gov domains, meaning they could easily be spoofed with malign intent. Additionally, over half (55%) of counties in the seven swing states have non-.gov registered domains.

Free, a French telecommunications company and the country's second-largest Internet service provider (ISP), has recently disclosed that it fell victim to a cyberattack over the weekend. It was noted that a threat actor stole information from the company's internal management tool, gathered data on its subscribers, and attempted to sell the data on the Dark Web in a cybercrime forum. The hacker behind the breach, known as "drussellx," posted a message on the forum, putting two databases stolen from the ISP company up for auction.

The NSA has issued updated guidance on Russian SVR cyber operations, highlighting new tactics used to target U.S. networks and providing recommendations for mitigating these threats.

Security researchers at ThreatFabric have discovered a newer version of the LightSpy spyware, known for targeting iOS devices.  The researchers noted that it has been expanded to include capabilities for compromising device security and stability.  This latest version, identified as 7.9.0, is more sophisticated and adaptable than the original version, featuring 28 plugins compared to the 12 observed in the earlier version.