Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Credit to Author: BrianKrebs| Date: Fri, 17 Sep 2021 01:22:31 +0000

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

Read more

Microsoft Patch Tuesday, September 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 14 Sep 2021 21:00:42 +0000

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.

Read more

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Credit to Author: BrianKrebs| Date: Fri, 10 Sep 2021 18:12:44 +0000

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.

Read more

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Credit to Author: BrianKrebs| Date: Wed, 08 Sep 2021 15:03:45 +0000

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

Read more

“FudCo” Spam Empire Tied to Pakistani Software Firm

Credit to Author: BrianKrebs| Date: Mon, 06 Sep 2021 19:04:41 +0000

In May 2015, KrebsOnSecurity briefly profiled “The Manipulaters,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.

Read more

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Credit to Author: BrianKrebs| Date: Thu, 02 Sep 2021 16:40:30 +0000

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.

Read more

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Credit to Author: BrianKrebs| Date: Wed, 01 Sep 2021 20:09:24 +0000

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two week ago, VIP72’s online storefront — which sold access to more than 30,000 compromised PCs — simply vanished.

Read more