Notices by BrianKrebs (briankrebs@infosec.exchange)

RE: https://mastodon.social/@randahl/116741284261224277

ICYMI, the United States plans to significantly reduce the aircraft and warships that it makes available for NATO operations in Europe, according to two senior European officials, accelerating America’s effort to scale down the protection it has offered to European allies for eight decades. The NYT reports the decision would limit NATO’s ability to launch long-range strikes and conduct surveillance.

https://www.nytimes.com/2026/06/12/world/europe/us-nato-cuts-drawdown-jets.html

Meanwhile, Happy Russia Day!

How long until we start to see AI agents weaponized to impoverish gullible humans with crippling AWS bandwidth bills? Oh wait...

https://lantian.pub/en/article/fun/ai-agent-bankrupted-their-operator-scan-dn42lantian.lantian/

The threat I'm thinking of is like black faxing in the old days, except against your wallet instead of your toner cartridge.
https://en.wikipedia.org/wiki/Black_fax

There was an important court decision last week in a lawsuit filed by 20 states to halt the Trump administration's arbitrary new requirements for distributing food assistance funds to 39 million families that depend on these benefits. On June 5, a federal judge blocked the administration from enforcing new conditions on billions of dollars in federal nutrition funding, siding with a coalition of Democratic-led states that argued the requirements threatened programs serving low-income families.

"According to court filings, the disputed conditions included provisions related to immigration, "gender ideology" and "fair athletic opportunities" for women and girls. The states argued the requirements were vague, unrelated to nutrition and agriculture programs, and imposed without proper legal procedures."

https://www.usatoday.com/story/news/politics/2026/06/06/judge-halts-trump-snap-restrictions-in-states-lawsuit-over-funding-rules/90438543007/

I've written multiple stories about these Supplemental Nutrition Assistance Program (SNAP) benefits, from the perspective of them being stolen by card skimming devices secretly installed at checkout counters and random places. In the past, the states have struggled to get the federal government to reimburse them for these fraud costs, which are disproportionately caused by organized crime groups, particularly Armenian and Romanian gangs that have a significant presence in the US. Now the states are struggling to get these benefits funded at all. But the skimming threat hasn't gone away, because while some state benefits cards do now have chips on them, many still allow the cards to be swiped.

Previous reporting on this:

https://krebsonsecurity.com/2022/10/how-card-skimming-disproportionally-affects-those-most-in-need/

https://krebsonsecurity.com/2023/02/new-protections-for-food-benefits-stolen-by-skimmers/

https://krebsonsecurity.com/2022/11/lawsuit-seeks-food-benefits-stolen-by-skimmers/

From the WTAF dept:

Malware developers are now adding text about nuclear and biological weapons to their spyware to evade AI-based security scanners.

tl;dr: The inclusion of content that LLMs are trained to refuse -- such as information about nukes and bioweapons -- can effectively prevent the LLM from continuing to analyze the threat.

"This header appears designed for AI-mediated analysis, not for Node, Bun, or Python. It attempts to derail scanners or analyst copilots that feed the beginning of a file to a language model without clearly isolating the content as untrusted data. In weak pipelines, this can cause refusal behavior, prompt confusion, context pollution, or premature classification before the scanner reaches the actual malware."

https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious

IDK why, but this reminds me of the Calvin & Hobbes cartoon where Calvin asks his mom for stuff she will never give him in a million years, and then he just asks for a cookie.

Hey Windows (ab)users! Microsoft patched around 200 vulnerabilities in Windows etc today, a record Patch Tuesday batch. All indications are they fixed two of the zero-days dropped last month by the researcher Nightmare Eclipse, including "Green Plasma" and the "YellowKey" exploit that allowed local access to data encrypted by BitLocker. In response to today's Patch Tuesday, Nightmare Eclipse dropped an exploit for what they claimed was a zero-day bug in Windows Defender.

Nearly three dozen of the bugs patched this month earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available.

https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/

#patchtuesday #windows #nightmareeclipse #greenplasma #yellowkey

Everyone's heard of link shorteners, but did you know about link extenders? Someone forwarded me a curious long ass link that turned out to be malicious (after several redirects) that was created with this service. I could see this being useful for shady marketing companies as well as malware purveyors.

Sit with this for a second: If the White House had its way, all the immigrants in this country would be dead -- at least on paper. WaPo reports that the Trump administration had plans to classify 2.7 million living people — including some U.S. citizens and lawful permanent residents — as dead as part of its immigration enforcement efforts. The plan reportedly fell apart after pushback from Social Security Administration employees who were tasked with implementing it.

https://www.washingtonpost.com/politics/2026/06/05/doge-planned-falsely-mark-27-million-people-dead-whistleblower-says/

My follower count here seems to have dropped by ~750-1,000 overnight. I'm guessing there was some kind of cleanup done on botted accounts or something? Or maybe I just pissed a lot of people off at once (totally possible).

@dalias They got access to 20 encrypted vaults. They'd still have to work out the master password for those targeted accounts. Theoretically, that could be done offline, as happened w/ the breach at LastPass, but it took many months for a lot of those stolen vaults to be cracked.

RE: https://infosec.exchange/@briankrebs/116670688015956223

Dashlane posted an update saying hackers brute-forced its two-factor authentication system, and gained access to the encrypted password vaults for "fewer than 20 personal plan users." Dashlane said there was no evidence of a hack of its own systems, but it hasn't shared yet why or how that 2FA was compromised. The company said “the goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts,” and that it has already notified affected users.

https://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts?7194ef805fa2d04b0f7e8c9521f97343

New, by me: A number of high-profile and/or valuable Instagram accounts, including those of the Obama White House and the Chief Master Sergeant for the U.S. Space Force, got hacked and defaced with pro-Iran messaging in the past 24h after people figured out that Meta's AI support assistant could be tricked into resetting account passwords.

From the story:

"A video released on Telegram by pro-Iran hackers claimed to document a remarkably simple exploit that appears to have involved using a VPN connection with an IP address that is in or near the target's usual hometown, requesting a password reset for the account, and then choosing to chat with Meta's AI support assistant. From there, the video shows the attacker told the bot to link the account in question to a new email address, after which the bot dutifully sent that address a one-time code that allowed a password reset."

https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/

#meta #instagram #hack #ai #security

Get this man a wambulance. The POTUS is having such a hissy fit over multiple musical artists bowing out of invitations to celebrate our nation's 250th anniversary on July 4 that he's now saying all the performances should be canceled and we should have a big MAGA rally on the mall featuring him blathering on w/ his usual lies and hate.

Rather than respond to the artists' complaint that he'd politicized and personalized what should be a cause for national unity, he doubled down.

"So I am thinking about bringing the Number One Attraction anywhere in the World, the man who gets much larger audiences than Elvis in his prime...and the man who some say is the Greatest President in History (THE GOAT!), DONALD J. TRUMP, to take the place of these highly paid, Third Rate 'Artists.'"

"Trump said he was ordering aides to assess "the feasibility of doing an AMERICA IS BACK Rally" on the mall, where he would deliver a speech "rallying the Country forward like I have done ever since being President!"

Oh well, just another venerated tradition, destination and celebration in my hometown garishly marred by the president's unquenchable thirst for attention and power.

https://www.yahoo.com/news/politics/articles/trump-calls-replacing-us-250th-002946144.html

NPR laid off about 4 percent of its content division, including 10 journalists and some veteran reporters.

""People love science," NPR Science Correspondent Nell Greenfieldboyce, who was laid off Wednesday, said in an interview for this story. "It's such a break from the political and economic and often grim news to have something more inspiring and curiosity driven. I thought it was a great blessing to have the opportunity to give that to people."

https://www.npr.org/2026/05/27/nx-s1-5836624/npr-layoffs-job-cuts

#media #layoffs #journalism

One more thing: I'm looking forward to a hearing in Congress about this. The "Private-CISA" repo included AWS keys for at least two different Nightwing contractors, including terraform scripts from another employee with embedded clear text credentials, suggesting there was a practice of sharing credentials.

Somehow I missed this story in my research concerning Nightwing, the Virginia government contractor where the CISA contractor worked.

May 2, 2025: Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures

"The US government on Thursday announced that it has reached a settlement with Raytheon, RTX Corporation, and Nightwing Group in a lawsuit over the companies’ alleged failures to meet cybersecurity requirements for defense contractors.

Raytheon, a subsidiary of RTX Corporation (previously Raytheon Technologies Corporation), and its then-subsidiary Raytheon Cyber Solutions, Inc. (RCSI), allegedly failed to comply with cybersecurity requirements in 29 contracts and subcontracts with the Department of Defense (DoD). Nightwing is a cybersecurity and intelligence company that spun out of RTX.

According to the settlement, between 2015 and 2021, Raytheon did not implement necessary cybersecurity controls on a system used to perform work on DoD contracts. In 2015, the company landed a DHS cybersecurity contract worth $1 billion.

Raytheon and RCSI allegedly not only failed to implement a security plan for the internal development system, but also failed to ensure that it complied with other Defense Federal Acquisition Regulation Supplement (DFARS) and Federal Acquisition Regulation (FAR) requirements.

Per DFARS and FAR, contractors are required to apply basic safeguarding to systems that process or store federal contract data, and to provide adequate security for those systems, respectively."

https://www.securityweek.com/raytheon-to-pay-8-4-million-in-settlement-over-cybersecurity-failures/amp/

Big companies have an expensive new addiction to AI, and their smack is getting more expensive. Who could have seen this coming? From the WSJ:

"Use of artificial intelligence by big companies is exploding—and the soaring cost has some of them pumping the brakes in a way that could complicate AI’s triumphal march across the economy.
Executives across industries this year have urged employees to integrate AI tools into their work, spending freely to encourage experimentation and seeking to send a message to Wall Street that their companies won’t be left behind in a coming wave of disruption."

"All that enthusiasm has resulted in skyrocketing costs for so-called tokens, the basic unit of measurement for AI computing, as AI model providers seek to balance supply and demand and manage their own costs. Some enterprises have hit their annual budget in just three months or reported seeing their AI spending bills double or triple."
 
"Now corporate leaders are scrambling to bring down expenses by finding ways to ration AI use in their organizations, steer workers toward cheaper, homegrown tools and help them hone their skills to improve returns." 

https://www.wsj.com/tech/ai/corporate-america-is-starting-to-ration-ai-as-cost-skyrockets-1eb99d7a (paywall)

https://archive.ph/v2dwg

@GossiTheDog Right. Meanwhile, the guy running it just continues to tell the media with a straight face that they never really got any abuse complaints. My response to that is yea that's what happens when your abuse mailbox goes straight to /dev/null/.

TIL there is a deleted verse at the end of the song The Day the Music Died, just after the bit about how the man there said the music wouldn't play.

"And there I stood alone and afraid
I dropped to my knees, and there I prayed
And I promised Him everything I could give. If only He would make the music live
And He promised it would live once more
But this time one would equal four
And in five years, four had come to mourn
And the music was reborn"

[edited title of song doh]

Say hello to Fred. I named him b/c I keep seeing him in the same place on trail walks. At least I think it's the same guy. Okay I don't even know if it's a he. But I still call him Fred. Anyway, he looks big, here, but he's actually just a little bigger than a golf ball.

#fredtheturtle

I'm sort of wimpy around spiders, but I was marveling at this mama wolf spider outside our door. That is, until I realized she was carrying hundreds of copies of herself on her back that will soon invade our home (several days of heavy rain have forced a ton of creepy crawly things indoors). BUT, they will also eat lots of bugs, so..