Cybercrime , Cybercrime as-a-service , DDoS Protection Matthew Gatrel Offered Subscription-Based Computer Attack Platforms Prajeet Nair (@prajeetspeaks) • September 19, 2021 An Illinois man has been found guilty of running subscription-based distributed denial of service attacks that flood targeted computers with information and prevent them from being able to access the internet, reports…
A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty…
Written by Tim Starks Sep 16, 2021 | CYBERSCOOP As law enforcement braces for the revival of the REvil ransomware gang, a cybersecurity firm on Thursday released a free decryption tool for early victims of the criminals. The decryptor, which Bitdefender developed in coordination with an unnamed law enforcement partner, will aid victims hit before…
Application Security , Breach Notification , Cyberwarfare / Nation-State Attacks Breach Notification Report Reveals Some PII Could Have Been Exposed Scott Ferguson (Ferguson_Writes) • September 16, 2021 The Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email servers,…
Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web. An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks…
A prominent cybersecurity lawyer pleaded not guilty on Friday to a charge of lying to the F.B.I. during a meeting five years ago about possible links between Donald J. Trump and Russia. The lawyer, Michael A. Sussmann, appeared before a magistrate judge in Washington, where he was indicted a day earlier. After a brief hearing,…
Microsoft is rolling out passwordless login support over the coming weeks, allowing customers to sign in to Microsoft accounts without using a password. The company first allowed commercial customers to rollout passwordless authentication in their environments in March after a breakthrough year in 2020 when Microsoft reported that over 150 million users were logging into…
Image: Samueljjohn (CC BY-SA 4.0) The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. Zoho’s customer list includes “three out of five Fortune 500 companies,” including Apple, Intel,…
Multiple cyber threat actors, including ransomware operators and nation state hackers, have been exploiting a recently patched Windows MSHTML vulnerability as part of initial access campaigns that deployed custom Cobalt Strike Beacon loaders, Microsoft Threat Intelligence Center (MSTIC) said in a new report detailing the attacks. The vulnerability in question is an improper input validation…
The vulnerability in question exists in the single sign-on and password management solution since early August 2021. Zoho Corporation is an Indian multinational technology company that creates web-based business tools, being known for its online office suite named Zoho. The vulnerability, tracked as CVE-2021-40539 was discovered in the Zoho ManageEngine ADSelfService Plus software. The vulnerability in question can allow attackers to take over vulnerable systems…
