eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices

Suspected Chinese hackers are targeting online gambling companies in China with a new remote access trojan (RAT) that abuses Open Broadcaster Software (OBS) Studio live streaming software to record victims’ screens. Dubbed ‘BIOPASS RAT’ by researchers at Trend Micro who discovered this new threat, the malware spreads via a watering hole attack, in which unsuspecting…

A group of Iranian hackers targeting U.S. military personnel on Facebook, deployed a “well-resourced and persistent operation” to connect with victims on the social media site, and trick them into providing sensitive information as part of a larger online espionage campaign, Facebook said Thursday.  The group, known as “Tortoiseshell” in the security industry, targeted nearly…

Application Security , Endpoint Security , Incident & Breach Response Pen Test Partners: Millions Could Have Had Data Exposed Marianne Kolbasuk McGee (HealthInfoSec) • May 6, 2021     Photo: Peloton Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they…

3rd Party Risk Management , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Commission Cites National Security Concerns Akshaya Asokan (asokan_akshaya) , Tony Morbin (@tonymorbin) • March 18, 2021     Citing national security concerns, the Federal Communications Commission is moving forward with legal proceedings to ban three Chinese-owned companies from providing telecommunications services…

Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management Sizing Up the Impact of the Ransomware Attack and How to Mitigate Risks Anna Delaney (annamadeline) • July 9, 2021     Clockwise, from top left: Suparna Goswami, Anna Delaney, Mathew Schwartz and Tom Field …

Report: Builder Allows Cybercriminals to Create Specialized Office Documents Doug Olenick (DougOlenick) • April 8, 2021     An EtterSilent DocuSign template from a campaign in March 2021. (Source: Intel 471) Researchers at Intel 471 report cybercriminal gangs are using a newly discovered malicious document builder called “EtterSilent” to create differentiated, hard-to-discover, malicious documents that…