GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by BrianKrebs (briankrebs@infosec.exchange)

  1. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Thursday, 09-Jul-2026 23:30:38 JST BrianKrebs BrianKrebs

    Important story from Wired: A government report claims DOGE didn’t access sensitive systems. It also says the agency deleted records that would show if they had.

    From the story:

    "In April 2026, though, the Government Accountability Office (GAO)—a federal agency within the legislative branch that performs audits and investigations for Congress— published its own report about DOGE’s access to the NLRB’s systems, titled “National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025.” The report conspicuously only covers the time period immediately following Berulis’ complaint, and does not address any DOGE activity before that point."

    "But nested in the footnotes of the report is another revelation: In August 2025, shortly after DOGE members left the NLRB but before the GAO’s investigators “requested to observe the systems,” the agency “deleted the team member accounts for system access after the agreement to detail DOGE team staff had expired.” Basically, this means that the digital records of what data and systems DOGE members accessed and when had been eliminated, leaving the GAO no way to confirm what NLRB staff told their investigators."

    https://www.wired.com/story/federal-investigators-say-certain-doge-records-were-deleted/ (paywall)

    In conversation about an hour ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: media.wired.com
      Federal Investigators Say Certain DOGE Records Were Deleted
      from Vittoria Elliott
      A government report claims DOGE didn’t access sensitive systems. It also says the agency deleted records that would show if they had.
  2. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 08-Jul-2026 21:38:56 JST BrianKrebs BrianKrebs

    New, by me: Felons, Fraudsters Flog Offensive Cybersecurity Startup

    A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.

    https://krebsonsecurity.com/2026/07/felons-fraudsters-flog-offensive-cybersecurity-startup/

    #c2iris #irisc2 #cybersecurity #maga

    In conversation about a day ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/884/373/970/896/838/original/0e1f84d5004c2cde.png

    2. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/884/374/731/237/154/original/0b0561f07f46f58e.png
  3. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Tuesday, 07-Jul-2026 01:26:20 JST BrianKrebs BrianKrebs
    • Jcrabapple :virginia_badge:

    @jcrabapple Meh. Microsoft, like all other big companies, will respond to legal process. Given that Microsoft's recent operating systems basically require you to log in to their cloud at startup, this is not particularly surprising to me.

    And if motivated to pursue a threat actor who is actively harming their customers, Microsoft can tell a great deal about users. As can Google, or FB/Meta. I always said that if just two of those companies decided to find someone responsible for something, they probably could if they shared information.

    In conversation about 3 days ago from infosec.exchange permalink
  4. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 03-Jul-2026 01:34:27 JST BrianKrebs BrianKrebs

    The email provider Securence (US Internet, now owned by a joint venture between T-Mobile and KKR) has disabled its administrative portal for a week now, although email is still flowing. The company won't say the cause or share much about what's happening. Believe me, I've tried.

    This is the same company that published more than a decade's worth of customer (and internal company) emails in plain text on the web a couple years back.

    https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/

    In conversation about 7 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/851/147/194/605/619/original/d969c87f7db48f49.png
  5. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 03-Jul-2026 00:47:11 JST BrianKrebs BrianKrebs

    If you're a Chrome (ab)user and you see that little "relaunch to update" tab appear in the upper right corner of the browser, just know that there's at least 382 security fixes waiting for you.

    https://www.heise.de/en/news/Google-Chrome-Large-update-closes-hundreds-of-security-vulnerabilities-again-11350087.html

    https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html

    In conversation about 7 days ago from infosec.exchange permalink
  6. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Thursday, 02-Jul-2026 11:29:13 JST BrianKrebs BrianKrebs
    • Scary Jerry 👻

    Sorry for all the spam everyone. Not sure who's doing this exactly, but I have ideas. They have been flooding Mastodon with daily bursts of messages from throwaway accounts mentioning my handle and trying to associate me with stupid and bad stuff. Thanks, @jerry

    In conversation about 8 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/847/361/938/570/155/original/14b9f189d9bb97aa.png
  7. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 01-Jul-2026 08:13:34 JST BrianKrebs BrianKrebs

    Looks like Boeing may be dealing with a rapid disassembly of their company-wide IT network. The company has published a notice on its employee emergency page that says they're canceling shifts at various plants and sending home people whose job depends on IT stuff to work.

    I sincerely hope this isn't the beginning of another Jaguar Land Rover type incident where production is halted for extended periods.

    https://www.boeing.com/emergency

    #boeing

    In conversation about 9 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/841/584/534/318/704/original/3bdc4d54e32ec999.png
    2. Domain not in remote thumbnail source whitelist: www.boeing.com
      Emergency
  8. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 01-Jul-2026 01:40:38 JST BrianKrebs BrianKrebs

    Say what you will about LinkedIn and all its phony baloney, but it is occasionally useful for discovering friends of known threat actors. Plenty of cybercriminals have IRL LinkedIn profiles, and when you find them LI helpfully suggests a number of other accounts you might be interested in following that it thinks are somehow related to the profile you're looking at. And that's twice now this month that LI has revealed connections between threat actors that I didn't find on my own.

    In conversation about 9 days ago from infosec.exchange permalink
  9. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Tuesday, 30-Jun-2026 11:31:23 JST BrianKrebs BrianKrebs

    This presidency invokes so many literary allusions of late. Last week, it was Narcissus at the green slime Reflecting Pool. This week, we're tilting at windmills again. Mind you, this has nothing to do with ugliness or national security concerns. It's just another payoff for the oil companies at the taxpayer's expense.

    "The Trump administration on Monday said it would pay Duke Energy $129 million to abandon its plans to build an offshore wind farm off North Carolina."

    "Mr. Burgum also repeated his earlier claims that offshore wind farms threaten national security. Last year, the Interior Department cited those concerns when ordering a halt to the construction of five other wind farms off the East Coast, saying their spinning turbines could interfere with military radar. But several federal judges struck down the stop-work orders, saying they were unpersuaded by the administration’s arguments."

    "After its losses in court, the administration pivoted to a new strategy: paying developers to walk away from offshore wind projects. It struck the first such deal in March with the French energy company TotalEnergies."

    "That deal saw the government pay TotalEnergies nearly $1 billion to abandon plans to build two wind farms, one off New York and the other in the same area off North Carolina. Seven Democratic-controlled states have sued the administration over that agreement, calling it an illegal use of taxpayer dollars."

    https://www.nytimes.com/2026/06/29/climate/trump-offshore-wind-duke-energy.html

    In conversation about 10 days ago from infosec.exchange permalink

    Attachments


  10. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Monday, 29-Jun-2026 08:48:35 JST BrianKrebs BrianKrebs
    in reply to
    • Dr G

    @EthicalProfessor we looked at that first (we support them). They recommend mostly Samsung, LG and Shark products. But the Shark one we have is already too aggressive on the carpets, and they're all apparently that way. I won't buy Samsung or LG anything anymore.

    In conversation about 11 days ago from infosec.exchange permalink
  11. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Monday, 29-Jun-2026 08:43:33 JST BrianKrebs BrianKrebs

    Was looking at buying a new cordless vacuum, but they all suck.

    Seriously though, they're all either too weak (short battery or low suction) or they try to eat the carpet and are completely at war with you on thicker pile stuff. I happen to think canister vacuums work great on everything, but I'm not the one one usually doing the vacuuming.

    In conversation about 11 days ago from infosec.exchange permalink
  12. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Tuesday, 23-Jun-2026 23:38:24 JST BrianKrebs BrianKrebs

    Wait, the music hasn't stopped yet! Or has it?

    https://www.cnbc.com/2026/06/23/spacex-stock-tech-sell-off.html

    In conversation about 16 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/799/889/292/803/264/original/1cb3b5e7e7300ada.png
    2. Domain not in remote thumbnail source whitelist: image.cnbcfm.com
      SpaceX stock climbs 2% after falling below $150 debut price
      from https://www.facebook.com/CNBC
      Gains have been pared back at the space and AI company following an initial surge after its record-breaking IPO.
  13. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Saturday, 20-Jun-2026 11:17:46 JST BrianKrebs BrianKrebs

    Don't look now, but it seems Gizmodo's homepage is now serving up a Clickfix attack.

    Basics of the Click-Fix exploit, which causes a pasted URL to fetch malware via Windows Powershell.

    https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/

    #clickfix #gizmodo

    In conversation about 20 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/780/021/213/611/495/original/e045bc03124cb654.png
    2. Domain not in remote thumbnail source whitelist: krebsonsecurity.com
      ClickFix: How to Infect Your PC in Three Easy Steps
      A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination…
  14. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Saturday, 20-Jun-2026 00:04:18 JST BrianKrebs BrianKrebs

    One thing I've noticed after tracking down so many cybercriminals is that it's super common for the person's first sales thread on a forum to include data stolen from an organization in the country where they live. This is more remarkable when the threat actor is outside the United States, because it very often tells you exactly which country they are from.

    You might think that this would be a very dumb thing to do from a self-preservation perspective, but a lot of times they are eager to make a splash on the forums and the best data or access they have is their government's data or some company working with their country's govt. And if you consider that many young people get started in hacking by sticking it to the local authorities and trying to make them look like clowns, it makes a lot more sense.

    In conversation about 20 days ago from infosec.exchange permalink
  15. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 19-Jun-2026 02:55:33 JST BrianKrebs BrianKrebs

    New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm

    "For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."

    https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/

    There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.

    #proxy #popa #botnet #lg #samsung

    In conversation about 21 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/772/364/623/425/789/original/b0b80f07d81b795f.png
    2. Domain not in remote thumbnail source whitelist: krebsonsecurity.com
      There’s the Beef: Wendy’s Breach Numbers About to Get Much Meatier
      When news broke last month that the credit card breach at fast food chain Wendy's impacted fewer than 300 out of the company's 5,800 locations, the response from many readers was, "Where's the Breach?" Today, Wendy's said the number of…
  16. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Sunday, 14-Jun-2026 12:29:51 JST BrianKrebs BrianKrebs

    RE: https://mastodon.social/@randahl/116741284261224277

    ICYMI, the United States plans to significantly reduce the aircraft and warships that it makes available for NATO operations in Europe, according to two senior European officials, accelerating America’s effort to scale down the protection it has offered to European allies for eight decades. The NYT reports the decision would limit NATO’s ability to launch long-range strikes and conduct surveillance.

    https://www.nytimes.com/2026/06/12/world/europe/us-nato-cuts-drawdown-jets.html

    Meanwhile, Happy Russia Day!

    In conversation about a month ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: files.mastodon.social
      Randahl Fink (@randahl@mastodon.social)
      from Randahl Fink
      Attached: 2 images Show me your friends and I will tell you who you are.
  17. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Sunday, 14-Jun-2026 09:58:11 JST BrianKrebs BrianKrebs

    How long until we start to see AI agents weaponized to impoverish gullible humans with crippling AWS bandwidth bills? Oh wait...

    https://lantian.pub/en/article/fun/ai-agent-bankrupted-their-operator-scan-dn42lantian.lantian/

    The threat I'm thinking of is like black faxing in the old days, except against your wallet instead of your toner cartridge.
    https://en.wikipedia.org/wiki/Black_fax

    In conversation about a month ago from infosec.exchange permalink

    Attachments


    1. Domain not in remote thumbnail source whitelist: auth.wikimedia.org
      Black fax
      A black fax is a prank fax transmission consisting of one or more pages entirely filled with a uniform black tone. The sender's intention is generally to use up as much of the recipient's fax ink, toner, or thermal paper as possible, thus costing the recipient money, as well as denying the recipient use of their own machine (similar to computer-based denial of service attacks). This is made easier because fax transmission protocols compress the solid black image very well, so a very short fax call can produce many pages. Use Black faxes have been used to harass large institutions or government departments, to retaliate against the senders of junk faxes, or merely as simple pranks. The basic principle of a black fax can be extended to form a black fax attack. In this case, one or more sheets are fed halfway through the sender's fax machine and taped end to end, forming an endless loop that cycles through the machine. Not only can solid black be used, but also images that will repeat endlessly on the receiver's machine until its toner runs out. History The introduction of computer...
  18. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Sunday, 14-Jun-2026 04:10:24 JST BrianKrebs BrianKrebs

    There was an important court decision last week in a lawsuit filed by 20 states to halt the Trump administration's arbitrary new requirements for distributing food assistance funds to 39 million families that depend on these benefits. On June 5, a federal judge blocked the administration from enforcing new conditions on billions of dollars in federal nutrition funding, siding with a coalition of Democratic-led states that argued the requirements threatened programs serving low-income families.

    "According to court filings, the disputed conditions included provisions related to immigration, "gender ideology" and "fair athletic opportunities" for women and girls. The states argued the requirements were vague, unrelated to nutrition and agriculture programs, and imposed without proper legal procedures."

    https://www.usatoday.com/story/news/politics/2026/06/06/judge-halts-trump-snap-restrictions-in-states-lawsuit-over-funding-rules/90438543007/

    I've written multiple stories about these Supplemental Nutrition Assistance Program (SNAP) benefits, from the perspective of them being stolen by card skimming devices secretly installed at checkout counters and random places. In the past, the states have struggled to get the federal government to reimburse them for these fraud costs, which are disproportionately caused by organized crime groups, particularly Armenian and Romanian gangs that have a significant presence in the US. Now the states are struggling to get these benefits funded at all. But the skimming threat hasn't gone away, because while some state benefits cards do now have chips on them, many still allow the cards to be swiped.

    Previous reporting on this:

    https://krebsonsecurity.com/2022/10/how-card-skimming-disproportionally-affects-those-most-in-need/

    https://krebsonsecurity.com/2023/02/new-protections-for-food-benefits-stolen-by-skimmers/

    https://krebsonsecurity.com/2022/11/lawsuit-seeks-food-benefits-stolen-by-skimmers/

    In conversation about a month ago from infosec.exchange permalink

    Attachments


  19. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Thursday, 11-Jun-2026 22:50:19 JST BrianKrebs BrianKrebs

    From the WTAF dept:

    Malware developers are now adding text about nuclear and biological weapons to their spyware to evade AI-based security scanners.

    tl;dr: The inclusion of content that LLMs are trained to refuse -- such as information about nukes and bioweapons -- can effectively prevent the LLM from continuing to analyze the threat.

    "This header appears designed for AI-mediated analysis, not for Node, Bun, or Python. It attempts to derail scanners or analyst copilots that feed the beginning of a file to a language model without clearly isolating the content as untrusted data. In weak pipelines, this can cause refusal behavior, prompt confusion, context pollution, or premature classification before the scanner reaches the actual malware."

    https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious

    IDK why, but this reminds me of the Calvin & Hobbes cartoon where Calvin asks his mom for stuff she will never give him in a million years, and then he just asks for a cookie.

    In conversation about a month ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/731/379/369/217/605/original/b235f4fa31246583.png

    2. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/731/389/516/756/073/original/a828246a64259aa0.png

  20. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 10-Jun-2026 12:24:17 JST BrianKrebs BrianKrebs

    Hey Windows (ab)users! Microsoft patched around 200 vulnerabilities in Windows etc today, a record Patch Tuesday batch. All indications are they fixed two of the zero-days dropped last month by the researcher Nightmare Eclipse, including "Green Plasma" and the "YellowKey" exploit that allowed local access to data encrypted by BitLocker. In response to today's Patch Tuesday, Nightmare Eclipse dropped an exploit for what they claimed was a zero-day bug in Windows Defender.

    Nearly three dozen of the bugs patched this month earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available.

    https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/

    #patchtuesday #windows #nightmareeclipse #greenplasma #yellowkey

    In conversation about a month ago from infosec.exchange permalink
  • Before

User actions

    BrianKrebs

    BrianKrebs

    Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .comLinkedin: https://www.linkedin.com/in/bkrebs

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          21764
          Member since
          9 Nov 2022
          Notices
          652
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.