Krebs on Security: KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security: KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”. “On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from ‘Meris,’ the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.”

BetaNews: DDoS attacks become smarter and easier to carry out

BetaNews: DDoS attacks become smarter and easier to carry out. “Although ransomware has dominated 2020’s cyber threat landscape, DDoS attacks haven’t gone away. In fact the year has seen the largest DDoS attack ever recorded, peaking at 2.3 Terabytes per second. The attack was carried out by deploying hijacked CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and caused three days of downtime for the unnamed targeted business. This is one of the things highlighted in new analysis from Digital Shadows.”

The Guardian: Vatican enlists bots to protect library from onslaught of hackers

The Guardian: Vatican enlists bots to protect library from onslaught of hackers. “The Vatican Apostolic Library, which holds 80,000 documents of immense importance and immeasurable value, including the oldest surviving copy of the Bible and drawings and writings from Michelangelo and Galileo, has partnered with a cyber-security firm to defend its ambitious digitisation project against criminals. The library has faced an average of 100 threats a month since it started digitising its collection of historical treasures in 2012, according to Manlio Miceli, its chief information officer.”

Krebs on Security: Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security: Pay Up, Or We’ll Make Google Ban Your Ads. “A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.”

General election 2019: ‘Cyber-attack’ on Labour Party digital platforms (BBC)

BBC: General election 2019: ‘Cyber-attack’ on Labour Party digital platforms. “The Labour Party says it has successfully defeated a cyber-attack targeted at its digital platforms. Labour said the attack ‘failed’ because of the party’s ‘robust’ security system and no data breach had occurred. The Distributed Denial of Service (DDoS) attack floods a computer server with traffic to try to take it offline.”

Ars Technica: 8chan gets back online—and is promptly forced off again

Ars Technica: 8chan gets back online—and is promptly forced off again. “8chan was back online this week—albeit with a new name—three months after the site was essentially kicked off the public Internet…. We were able to access the site this morning, but it’s offline again now around mid-day. 8chan administrator Ron Watkins previously warned that DDoS attacks and people protesting against 8chan’s re-emergence could cause problems.”

TechCrunch: The Wikimedia Foundation taps $2.5M from Craig Newmark to beef up its security

TechCrunch: The Wikimedia Foundation taps $2.5M from Craig Newmark to beef up its security. “Last week, users around the world found Wikipedia down after the online, crowdsourced encyclopedia became the target of a massive, sustained DDoS attack — one that it is still actively fighting several days later (even though the site is now back up). Now, in a coincidental twist of timing, Wikipedia’s parent, the Wikimedia Foundation, is announcing a donation aimed at helping the group better cope with situations just like this: Craig Newmark Philanthropies, a charity funded by the Craigslist founder, is giving $2.5 million to Wikimedia to help it improve its security.”

TechCrunch: FBI kicks some of the worst ‘DDoS for hire’ sites off the internet

TechCrunch: FBI kicks some of the worst ‘DDoS for hire’ sites off the internet . “The FBI has seized the domains of 15 high-profile distributed denial-of-service (DDoS) websites after a coordinated effort by law enforcement and several tech companies. Several seizure warrants granted by a California federal judge went into effect Thursday, removing several of these ‘booter’ or ‘stresser’ sites off the internet ‘as part of coordinated law enforcement action taken against illegal DDoS-for-hire services.’ The orders were granted under federal seizure laws, and the domains were replaced with a federal notice.”

Engadget: FCC admits its comment system never suffered DDoS attack

Engadget: FCC admits its comment system never suffered DDoS attack. “If you didn’t buy the FCC’s claims that its comment system fell prone to a DDoS attack when it was soliciting net neutrality comments, investigators have just validated your suspicions. An imminent report from the agency’s Inspector General has revealed that there’s no evidence of such an attack. To put it another way, the comment system’s problems were more likely due to large-scale opposition to the net neutrality repeal (helped by Last Week Tonight’s John Oliver), not an untimely hacking campaign.”

Gizmodo: FCC Emails Show Agency Spread Lies to Bolster Dubious DDoS Attack Claims

Gizmodo: FCC Emails Show Agency Spread Lies to Bolster Dubious DDoS Attack Claims. “As it wrestled with accusations about a fake cyberattack last spring, the Federal Communications Commission (FCC) purposely misled several news organizations, choosing to feed journalists false information, while at the same time discouraging them from challenging the agency’s official story.”