Trial Ends in Guilty Verdict for DDoS-for-Hire Boss – KK Hack Labs

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss – KK Hack Labs

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty…

Bitdefender releases REvil decryptor as ransomware gang shows signs of return

Bitdefender releases REvil decryptor as ransomware gang shows signs of return

Written by Tim Starks Sep 16, 2021 | CYBERSCOOP As law enforcement braces for the revival of the REvil ransomware gang, a cybersecurity firm on Thursday released a free decryption tool for early victims of the criminals. The decryptor, which Bitdefender developed in coordination with an unnamed law enforcement partner, will aid victims hit before…

Republican Governors Association Targeted in Exchange Attacks

Republican Governors Association Targeted in Exchange Attacks

Application Security , Breach Notification , Cyberwarfare / Nation-State Attacks Breach Notification Report Reveals Some PII Could Have Been Exposed Scott Ferguson (Ferguson_Writes) • September 16, 2021     The Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email servers,…

Telegram emerges as new dark web for cyber criminals

Telegram emerges as new dark web for cyber criminals

Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web. An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks…

Michael Sussmann, Lawyer Accused of Lying in F.B.I. Meeting, Pleads Not Guilty

Michael Sussmann, Lawyer Accused of Lying in F.B.I. Meeting, Pleads Not Guilty

A prominent cybersecurity lawyer pleaded not guilty on Friday to a charge of lying to the F.B.I. during a meeting five years ago about possible links between Donald J. Trump and Russia. The lawyer, Michael A. Sussmann, appeared before a magistrate judge in Washington, where he was indicted a day earlier. After a brief hearing,…

Microsoft rolls out passwordless login for all Microsoft accounts

Microsoft rolls out passwordless login for all Microsoft accounts

Microsoft is rolling out passwordless login support over the coming weeks, allowing customers to sign in to Microsoft accounts without using a password. The company first allowed commercial customers to rollout passwordless authentication in their environments in March after a breakthrough year in 2020 when Microsoft reported that over 150 million users were logging into…

FBI and CISA warn of state hackers exploiting critical Zoho bug

FBI and CISA warn of state hackers exploiting critical Zoho bug

Image: Samueljjohn (CC BY-SA 4.0) The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. Zoho’s customer list includes “three out of five Fortune 500 companies,” including Apple, Intel,…

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

Multiple cyber threat actors, including ransomware operators and nation state hackers, have been exploiting a recently patched Windows MSHTML vulnerability as part of initial access campaigns that deployed custom Cobalt Strike Beacon loaders, Microsoft Threat Intelligence Center (MSTIC) said in a new report detailing the attacks. The vulnerability in question is an improper input validation…

The FBI and CISA Warn Regarding a Critical Zoho Bug

The FBI and CISA Warn Regarding a Critical Zoho Bug

The vulnerability in question exists in the single sign-on and password management solution since early August 2021. Zoho Corporation is an Indian multinational technology company that creates web-based business tools, being known for its online office suite named Zoho. The vulnerability, tracked as CVE-2021-40539 was discovered in the Zoho ManageEngine ADSelfService Plus software. The vulnerability in question can allow attackers to take over vulnerable systems…

Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms | USAO-CDCA

Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms | USAO-CDCA

          LOS ANGELES – An Illinois man was found guilty today by a federal jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet.           Matthew Gatrel, 32, of St. Charles,…