OODAcon 2024

"The annual OODAcon event brings together the hackers, thinkers, strategists, disruptors, leaders, technologists, and creators with one foot in the future to discuss the most pressing issues of the day and provide insight into the ways technology is evolving.

Our theme for OODAcon 2024 is: Convergence

"'CrossBarking' Attack Targets Secret APIs, Exposes Opera Browser Users"

"'CrossBarking' Attack Targets Secret APIs, Exposes Opera Browser Users"

Researchers have revealed a new browser attack called "CrossBarking" that exploits "private" Application Programming Interfaces (APIs) in Opera to gain control over victims' browsers. CrossBarking involves running malicious code in the context of websites that have access to private APIs. This can be done through a Cross-Site Scripting (XSS) vulnerability or malicious browser extension. This article continues to discuss the CrossBarking browser attack.

Submitted by Gregory Rigby on

"Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations"

"Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations"

Microsoft warns of a large-scale spear-phishing campaign attributed to the Russian state-sponsored threat actor "Midnight Blizzard." According to Microsoft, the campaign has targeted thousands of users in over 100 organizations across government, defense, academia, and other sectors, mainly in the US and Europe. This article continues to discuss the new spear-phishing campaign by Russia's Midnight Blizzard.

Submitted by Gregory Rigby on

"North Korean Government Hackers Linked to Play Ransomware Attack"

"North Korean Government Hackers Linked to Play Ransomware Attack"

The North Korean state-sponsored hacking group "Andariel" has been attributed to a "Play" ransomware operation. According to Palo Alto Networks' Unit 42, Andariel may be a Play affiliate or an Initial Access Broker (IAB) facilitating the malware launch on a network they breached months earlier. Andariel is a state-sponsored Advanced Persistent Threat (APT) group linked to North Korea's Reconnaissance General Bureau, a military intelligence agency. This article continues to discuss the connection between Andariel and Play ransomware.

Submitted by Gregory Rigby on

"Chenlun's Evolving Phishing Tactics Target Trusted Brands"

"Chenlun's Evolving Phishing Tactics Target Trusted Brands"

The threat actor "Chenlun" has been linked to a sophisticated phishing campaign impersonating trusted brands such as Amazon through text messages. Researchers at DomainTools attributed this activity to Chenlun, who exploited USPS delivery alerts last year to steal sensitive information. A new wave of phishing messages warns users about suspicious account activity and encourages them to verify accounts via malicious links. This article continues to discuss the evolution of Chenlun's tactics and the importance of collaborating to combat phishing attacks.

Submitted by Gregory Rigby on

"CISA Releases Its First Ever International Strategic Plan"

"CISA Releases Its First Ever International Strategic Plan"

The US Cybersecurity and Infrastructure Security Agency (CISA) released its first International Strategic Plan for 2025-2026. It supports the CISA's first comprehensive strategic plan and aligns with the National Security Memorandum on Critical Infrastructure Security and Resilience. The International Strategic Plan outlines how CISA will actively work with international partners to bolster critical infrastructure security and resiliency. This article continues to discuss CISA's 2025-2026 International Strategic Plan.

Submitted by Gregory Rigby on

"Android Malware "FakeCall" Now Reroutes Bank Calls to Attackers"

"Android Malware "FakeCall" Now Reroutes Bank Calls to Attackers"

Security researchers at CheckPoint have discovered that a new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone number instead.  The goal of the latest version remains to steal people's sensitive information and money from their bank accounts.  The researchers noted that FakeCall (or FakeCalls) is a banking trojan with a focus on voice phishing, in which victims are deceived through fraudulent calls impersonating banks, asking them to convey sensitive information.

Submitted by Adam Ekwall on

SenSys 2025 - Call for Papers

SenSys 2025 - Call for Papers

We invite submissions on a broad range of topics that have been covered by SenSys, IPSN, and IoTDI, as well as new emerging topics of interest.

Submitted by Regan Williams on
Subscribe to