krebsonsecurity
Latest
Hackers breached some of the web's most popular domain registrars
Attackers have breached Web.com and two top domain name registrars that it owns, NetworkSolutions.com and Register.com, according to Krebs on Security. Web.com issued a security notice advising customers that they will be forced to reset their passwords the next time they log on. Such breaches are particularly worrying, because domain name registrar customers are website owners, and around 8.7 million of them are registered with those companies, according to Krebs.
Mirai botnet creators plead guilty to charges over 2016 attack
The individuals behind the Mirai botnet that caused nationwide internet outages in October of last year have pleaded guilty to federal charges, ZDNet reports. Paras Jha, Josiah White and Dalton Norman were indicted by a court in Alaska earlier this month and have pleaded guilty to charges that carry a sentence of up to five years in prison.
Krebs pinpoints the likely author of the Mirai botnet
The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions.
San Francisco MUNI hacker was hacked
Over the weekend, San Francisco's transit system was hacked by an individual (or group) going by the name Andy Saolis. The attack forced the city to offer Muni rides for free while its staff raced to rectify the breach on its servers. But while Saolis was threatening to expose gigabytes of data if his ransom wasn't paid, they were the subject of a hack themselves. An anonymous individual contacted Krebs on Security, claiming to have breached Saolis' email and found out a few clues as to their identity.
Report confirms IoT botnet took down Krebs' security site
Two weeks ago, security researcher Brian Krebs' site KrebsOnSecurity got knocked offline by one of the biggest DDOS attacks ever recorded, which peaked at 620 Gbps. What happened? Akamai, which had been protecting the site for free but ultimately had to unload it as the sustained traffic would have cost them millions of dollars, released a postmortem today. In it, they confirm that the attacker mainly used the Mirai malware to ovewhelm Krebs' site, though there may have been another botnet involved. But the most crucial distinction from a normal DDOS strike: These bots were mostly IoT devices.
Recommended Reading: The role of hip-hop in 'Luke Cage'
The Unexpected Hip-Hop Crossover in New Netflix Series 'Luke Cage' Adelle Platon, Billboard Based on the trailers Netflix released ahead of this week's Luke Cage debut, you might've guessed that hip-hop plays a big role in the new series. Thanks to Billboard, we have a full rundown of the score, cameos and background on the director for some added information ahead of the upcoming binge session.
Huge DDoS attack takes down popular security researcher's site
Just a few weeks after helping to bust some of the biggest cyberattack sellers on the web, security researcher Brian Krebs' popular site, KrebsOnSecurity, has been knocked offline by a distributed denial of service (DDoS) attack. Earlier this week, Krebs noted that the site was facing one of the biggest DDoS attacks ever recorded, reaching a peak of 620 Gbps at its peak. But while his site managed to withstand the initial assault thanks to Akamai's Prolexic service, it was eventually taken offline after Akamai removed KrebsOnSecurity from its network.
Homeland Security will hack you if asked nicely
With how many data breaches companies have suffered as of late it makes sense that the Department of Homeland Security is starting to do its own whitehat hacking work. It's done at the request of "critical infrastructure" outfits, and based on a report from KrebsOnSecurity it all sounds pretty thorough too: operating systems, databases and web apps are all apparently targeted by the DHS' Risk and Vulnerability Assessment service. But that's not all.
