Notices by BrianKrebs (briankrebs@infosec.exchange)

My tepid post doesn't delve into the other benefits of sortition: namely, the money part.

Seriously: How much is too much to spend on a presidential campaign? $2 billion? $5 billion? No limit? At some point, you almost guarantee that you're being bought by interests you can't control.

I've joked about this before, but maybe it's time to think about bringing back the (really) old Democratic idea of "sortition," or choosing elected officials by some kind of lottery. The idea being that maybe the best candidate is someone who doesn't actually want the job. Considering how many people now in Congress who don't seem to have two brain cells to rub together, maybe it's not such a bad idea? <ducks>

https://en.wikipedia.org/wiki/Sortition

Grammarly's latest jingle "You probably already have a Grammarly account..." I better fucking not!

New, from me:

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.

https://krebsonsecurity.com/2025/09/bulletproof-host-stark-industries-evades-eu-sanctions/

I'd pay for a high-quality handmade sketch (a good one, not some stick figures) that depicts what I desperately want to ask AI to devise just because I like the idea of asking it to imagine its own demise: I'm picturing a scene where the data centers have been overgrown with dangling vines and weeds creeping out of server cabinets, which have long ago been stripped for scarce parts in the battle against the machines. I'd settle for a more gently apocalyptic theme as well.

Democracy in the US is under serious threat by a deranged orange comestible, but you wouldn't see any signs of that from watching the absolutely delusional stock market, which seems to only care about AI stocks continuing to lift the entire market thanks to their outsized value in it and all the wealth tied up in some fairly shaky but critical assumptions.

In other news, Financial Times reports just now that Oracle's market value jumped $200B thanks to a surge in AI investment, taking Larry Ellison's worth to that of Elon Musk.

Jimmy Kimmel has been must-watch over the past few days. Total 🔥 monologues. Also, Spinal Tap!

https://www.youtube.com/watch?v=YTRXOW4Mm0w

https://www.youtube.com/watch?v=BuEwkh24tYI

Alternative headline: Biggest purveyor of bullshit machines complains there's too much bullshit on the interwebs.

https://techcrunch.com/2025/09/08/sam-altman-says-that-bots-are-making-social-media-feel-fake/

After slogging through too many vapid posts over the last few weeks, I find this very cathartic: The loose confederation of criminals from the Com who claim to be responsible for the recent Salesforce and Salesloft data theft incidents have been taunting authorities for weeks, "FBI can't arrest us," "Why aren't we arrested already" etc, the usual bravado. Now that more of them are arrested (details tbd), their response is "This channel is now closed and we're going away for a while. Thanks."

We'll see about the "a while" part, although really anyone can claim to be members of the Scattered Shiny Spiders, or whatever the hell "they" want to call themselves.

New, from me:

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/

The story includes perspectives from @GossiTheDog who has been following this saga all day today w/ updates here.

https://infosec.exchange/@GossiTheDog@cyberplace.social/115169882087261187

New, by me: GOP Cries Censorship Over Spam Filters That Work

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.

https://krebsonsecurity.com/2025/09/gop-cries-censorship-over-spam-filters-that-work/

#StreisandEffect

Copying an archive.is link of this OregonLive.com story because it probably deserves more attention and is behind a paywall:

"A former University of Oregon undergraduate who says he discovered a significant security flaw in the college’s computer network and twice reported it to university officials faced a disciplinary hearing as a result."

"Physics major Owen Mitchem said he was able to inadvertently access confidential information, including the Social Security numbers of more than 3,500 public university employees around the state, last fall, including of the university’s president and its football coach, the highest-paid public employee in the state. He says the breach should have been a wake-up call for the university to tighten its online security."

"But according to an email the university provided to The Oregonian/OregonLive in response to a public records request, the university’s associate dean of students, Dianne Tanjuaquio, concluded that Mitchem’s actions violated the school’s policies on “acceptable use of computing resources.” She required him to write a 750-word essay reflecting on the situation; if not completed, he could face a suspension of his student account, preventing him from registering for classes or changing his course schedule."

"Mitchem says he was just searching in Microsoft Teams for some budget figures for the physics club he ran when he stumbled across a spectrum of university financial documents, visible via files on SharePoint, a Microsoft tool that can be integrated with Teams. They seemed harmless at first glance, he told The Oregonian/OregonLive, but not something his student email permissions should have allowed him to view."

"Mitchem alerted a physics department grants technician and assumed the wide access would be quickly corrected. He later found out that the technician hadn’t alerted the university’s information department, meaning that unbeknownst to him, the IT department remained unaware of the security lapse, Mitchem said via email."

https://archive.is/rG2KG

Sen. Mark Warner is a Democrat from my home state (Va.), and one of the few members of Congress who actually gets tech issues and can see through the all the BS. It really steams me that some conspiratorial social media wingnut can have this kind of sway over a very real duty of Congress.

Some companies that have recently disclosed having data theft as a result of the Salesloft Drift fiasco:

Cloudflare: https://blog.cloudflare.com/response-to-salesloft-drift-incident/

Zscaler: https://www.zscaler.com/blogs/company-news/salesloft-drift-supply-chain-incident-key-details-and-zscaler-s-response

Proofpoint: https://www.proofpoint.com/us/blog/corporate-news/salesloft-drift-supply-chain-incident-response

Rubrik
https://www.rubrik.com/blog/company/25/salesforce-connected-third-party-drift-application-supply-chain-incident-response

BeyondTrust: https://www.beyondtrust.com/trust-center/security-advisories/salesforce-salesloft-drift-security-incident

Spycloud:
https://spycloud.com/newsroom/salesloft-drift-incident-spycloud-response/

Tenable: https://www.tenable.com/blog/tenable-response-to-salesforce-and-salesloft-drift-incident

I'm sure there are and will be a lot more.
The disclosures are mostly very similar, stating that no sensitive customer data was compromised. It may well be the case that the most valuable thing about the stolen tokens is that -- at least for a time -- some of them probably can be used to move laterally within the target organization.

just wow. read this, from Techdirt:

Wired, Business Insider Editors Duped By Completely Bogus ‘AI’ Using ‘Journalist’ Who Made Up Towns, People That Don’t Exist

https://www.techdirt.com/2025/09/02/wired-business-insider-editors-duped-by-completely-bogus-ai-using-journalist-who-made-up-towns-people-that-dont-exist/

Here's Wired's mea culpa:

https://www.wired.com/story/how-wired-got-rolled-by-an-ai-freelancer/

Techdirt's Karl Bode correctly concludes: "This country has taken an absolute hatchet to quality journalism, which in turn has done irreparable harm to any effort to reach reality-based consensus or have an informed electorate. The rushed integration of “AI,” usually by media owners who largely only see it as a way to cut corners and undermine labor, certainly isn’t helping. Add in the twisted financial incentives of an ad-based engagement infotainment economy, and you get exactly the sort of journalistic outcomes academics long predicted."

@dalias Okay. But it's not my "post" per se. That's a cut and paste from the first three paragraphs of the story.

#resist

US immigration agents will have access to one of the world’s most sophisticated hacking tools after a decision by the Trump administration to move ahead with a contract with Paragon Solutions, a company founded in Israel which makes spyware that can be used to hack into any mobile phone – including encrypted applications.

The Department of Homeland Security first entered into a contract with Paragon, now owned by a US firm, in late 2024, under the Biden administration. But the $2m contract was put on hold pending a compliance review to make sure it adhered to an executive order that restricts the US government’s use of spyware, Wired reported at the time.

That pause has now been lifted, according to public procurement documents, which list US Immigration and Customs Enforcement (Ice) as the contracting agency.

https://www.theguardian.com/us-news/2025/sep/02/trump-immigration-ice-israeli-spyware

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor's high-speed Internet connection in the United States.

I spent a few days working with another researcher to dig into the history and provenance of DSLRoot, one of the oldest "residential proxy" networks with origins in Russia and Eastern Europe. Its proprietor used to call himself the "USProxyKing" on the forums, and built his proxy business through pay-per-install affiliate programs and by uploading booby-trapped cracked software and movies to the file-sharing networks.

https://krebsonsecurity.com/2025/08/dslroot-proxies-and-the-threat-of-legal-botnets/

New, from me:

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/

Incidentally, there has been some truly awful reporting perpetrated around the periphery of this story that needs to be called out as irresponsible bullshit. Newsweek uncritically reported today the names of Google employees who were being threatened by the threat actors who claim (with little convincing evidence) to be responsible.

And Trend Micro's blog put out what I can only assume is AI-produced slop drivel because it basically claimed that a few hundred Google Workforce accounts that were exposed in this Salesloft breach suddenly meant billions of Gmail users were at risk. That Trend atrocity was then of course re-perpetrated to produce even more uncritical garbage "reporting" about this incident. I'm not linking to either, just needed to get that off my chest. It's truly remarkable when Google has to put out a statement talking everyone down off the ledge over this. Pro tip: if you don't track these groups for a living and you don't live and breathe this Com crap, you're probably not going to be able to just parachute in here and write a cool tech story that is also accurate.