GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by BrianKrebs (briankrebs@infosec.exchange)

  1. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Thursday, 02-Jul-2026 11:29:13 JST BrianKrebs BrianKrebs
    • Jerry 🦙💝🦙

    Sorry for all the spam everyone. Not sure who's doing this exactly, but I have ideas. They have been flooding Mastodon with daily bursts of messages from throwaway accounts mentioning my handle and trying to associate me with stupid and bad stuff. Thanks, @jerry

    In conversation about 13 hours ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/847/361/938/570/155/original/14b9f189d9bb97aa.png
  2. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 01-Jul-2026 08:13:34 JST BrianKrebs BrianKrebs

    Looks like Boeing may be dealing with a rapid disassembly of their company-wide IT network. The company has published a notice on its employee emergency page that says they're canceling shifts at various plants and sending home people whose job depends on IT stuff to work.

    I sincerely hope this isn't the beginning of another Jaguar Land Rover type incident where production is halted for extended periods.

    https://www.boeing.com/emergency

    #boeing

    In conversation about 2 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/841/584/534/318/704/original/3bdc4d54e32ec999.png
    2. Domain not in remote thumbnail source whitelist: www.boeing.com
      Emergency
  3. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 01-Jul-2026 01:40:38 JST BrianKrebs BrianKrebs

    Say what you will about LinkedIn and all its phony baloney, but it is occasionally useful for discovering friends of known threat actors. Plenty of cybercriminals have IRL LinkedIn profiles, and when you find them LI helpfully suggests a number of other accounts you might be interested in following that it thinks are somehow related to the profile you're looking at. And that's twice now this month that LI has revealed connections between threat actors that I didn't find on my own.

    In conversation about 2 days ago from infosec.exchange permalink
  4. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Tuesday, 30-Jun-2026 11:31:23 JST BrianKrebs BrianKrebs

    This presidency invokes so many literary allusions of late. Last week, it was Narcissus at the green slime Reflecting Pool. This week, we're tilting at windmills again. Mind you, this has nothing to do with ugliness or national security concerns. It's just another payoff for the oil companies at the taxpayer's expense.

    "The Trump administration on Monday said it would pay Duke Energy $129 million to abandon its plans to build an offshore wind farm off North Carolina."

    "Mr. Burgum also repeated his earlier claims that offshore wind farms threaten national security. Last year, the Interior Department cited those concerns when ordering a halt to the construction of five other wind farms off the East Coast, saying their spinning turbines could interfere with military radar. But several federal judges struck down the stop-work orders, saying they were unpersuaded by the administration’s arguments."

    "After its losses in court, the administration pivoted to a new strategy: paying developers to walk away from offshore wind projects. It struck the first such deal in March with the French energy company TotalEnergies."

    "That deal saw the government pay TotalEnergies nearly $1 billion to abandon plans to build two wind farms, one off New York and the other in the same area off North Carolina. Seven Democratic-controlled states have sued the administration over that agreement, calling it an illegal use of taxpayer dollars."

    https://www.nytimes.com/2026/06/29/climate/trump-offshore-wind-duke-energy.html

    In conversation about 3 days ago from infosec.exchange permalink

    Attachments


  5. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Monday, 29-Jun-2026 08:48:35 JST BrianKrebs BrianKrebs
    in reply to
    • Dr G

    @EthicalProfessor we looked at that first (we support them). They recommend mostly Samsung, LG and Shark products. But the Shark one we have is already too aggressive on the carpets, and they're all apparently that way. I won't buy Samsung or LG anything anymore.

    In conversation about 4 days ago from infosec.exchange permalink
  6. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Monday, 29-Jun-2026 08:43:33 JST BrianKrebs BrianKrebs

    Was looking at buying a new cordless vacuum, but they all suck.

    Seriously though, they're all either too weak (short battery or low suction) or they try to eat the carpet and are completely at war with you on thicker pile stuff. I happen to think canister vacuums work great on everything, but I'm not the one one usually doing the vacuuming.

    In conversation about 4 days ago from infosec.exchange permalink
  7. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Tuesday, 23-Jun-2026 23:38:24 JST BrianKrebs BrianKrebs

    Wait, the music hasn't stopped yet! Or has it?

    https://www.cnbc.com/2026/06/23/spacex-stock-tech-sell-off.html

    In conversation about 9 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/799/889/292/803/264/original/1cb3b5e7e7300ada.png
    2. Domain not in remote thumbnail source whitelist: image.cnbcfm.com
      SpaceX stock climbs 2% after falling below $150 debut price
      from https://www.facebook.com/CNBC
      Gains have been pared back at the space and AI company following an initial surge after its record-breaking IPO.
  8. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Saturday, 20-Jun-2026 11:17:46 JST BrianKrebs BrianKrebs

    Don't look now, but it seems Gizmodo's homepage is now serving up a Clickfix attack.

    Basics of the Click-Fix exploit, which causes a pasted URL to fetch malware via Windows Powershell.

    https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/

    #clickfix #gizmodo

    In conversation about 13 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/780/021/213/611/495/original/e045bc03124cb654.png
    2. Domain not in remote thumbnail source whitelist: krebsonsecurity.com
      ClickFix: How to Infect Your PC in Three Easy Steps
      A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination…
  9. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Saturday, 20-Jun-2026 00:04:18 JST BrianKrebs BrianKrebs

    One thing I've noticed after tracking down so many cybercriminals is that it's super common for the person's first sales thread on a forum to include data stolen from an organization in the country where they live. This is more remarkable when the threat actor is outside the United States, because it very often tells you exactly which country they are from.

    You might think that this would be a very dumb thing to do from a self-preservation perspective, but a lot of times they are eager to make a splash on the forums and the best data or access they have is their government's data or some company working with their country's govt. And if you consider that many young people get started in hacking by sticking it to the local authorities and trying to make them look like clowns, it makes a lot more sense.

    In conversation about 13 days ago from infosec.exchange permalink
  10. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 19-Jun-2026 02:55:33 JST BrianKrebs BrianKrebs

    New, from me: 'Popa' Botnet Linked to Publicly Traded Israeli Firm

    "For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]."

    https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/

    There is an incredible amount of interesting data and findings in the reports on Popa released this week. For example, the proxy detection service Spur told me they recently scraped the LG and Samsung app stores and found that each had approximately 3,000 apps available for download. Spur said it found that more than 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.

    #proxy #popa #botnet #lg #samsung

    In conversation about 14 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/772/364/623/425/789/original/b0b80f07d81b795f.png
    2. Domain not in remote thumbnail source whitelist: krebsonsecurity.com
      There’s the Beef: Wendy’s Breach Numbers About to Get Much Meatier
      When news broke last month that the credit card breach at fast food chain Wendy's impacted fewer than 300 out of the company's 5,800 locations, the response from many readers was, "Where's the Breach?" Today, Wendy's said the number of…
  11. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Sunday, 14-Jun-2026 12:29:51 JST BrianKrebs BrianKrebs

    RE: https://mastodon.social/@randahl/116741284261224277

    ICYMI, the United States plans to significantly reduce the aircraft and warships that it makes available for NATO operations in Europe, according to two senior European officials, accelerating America’s effort to scale down the protection it has offered to European allies for eight decades. The NYT reports the decision would limit NATO’s ability to launch long-range strikes and conduct surveillance.

    https://www.nytimes.com/2026/06/12/world/europe/us-nato-cuts-drawdown-jets.html

    Meanwhile, Happy Russia Day!

    In conversation about 18 days ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: files.mastodon.social
      Randahl Fink (@randahl@mastodon.social)
      from Randahl Fink
      Attached: 2 images Show me your friends and I will tell you who you are.
  12. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Sunday, 14-Jun-2026 09:58:11 JST BrianKrebs BrianKrebs

    How long until we start to see AI agents weaponized to impoverish gullible humans with crippling AWS bandwidth bills? Oh wait...

    https://lantian.pub/en/article/fun/ai-agent-bankrupted-their-operator-scan-dn42lantian.lantian/

    The threat I'm thinking of is like black faxing in the old days, except against your wallet instead of your toner cartridge.
    https://en.wikipedia.org/wiki/Black_fax

    In conversation about 19 days ago from infosec.exchange permalink

    Attachments


    1. Domain not in remote thumbnail source whitelist: auth.wikimedia.org
      Black fax
      A black fax is a prank fax transmission consisting of one or more pages entirely filled with a uniform black tone. The sender's intention is generally to use up as much of the recipient's fax ink, toner, or thermal paper as possible, thus costing the recipient money, as well as denying the recipient use of their own machine (similar to computer-based denial of service attacks). This is made easier because fax transmission protocols compress the solid black image very well, so a very short fax call can produce many pages. Use Black faxes have been used to harass large institutions or government departments, to retaliate against the senders of junk faxes, or merely as simple pranks. The basic principle of a black fax can be extended to form a black fax attack. In this case, one or more sheets are fed halfway through the sender's fax machine and taped end to end, forming an endless loop that cycles through the machine. Not only can solid black be used, but also images that will repeat endlessly on the receiver's machine until its toner runs out. History The introduction of computer...
  13. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Sunday, 14-Jun-2026 04:10:24 JST BrianKrebs BrianKrebs

    There was an important court decision last week in a lawsuit filed by 20 states to halt the Trump administration's arbitrary new requirements for distributing food assistance funds to 39 million families that depend on these benefits. On June 5, a federal judge blocked the administration from enforcing new conditions on billions of dollars in federal nutrition funding, siding with a coalition of Democratic-led states that argued the requirements threatened programs serving low-income families.

    "According to court filings, the disputed conditions included provisions related to immigration, "gender ideology" and "fair athletic opportunities" for women and girls. The states argued the requirements were vague, unrelated to nutrition and agriculture programs, and imposed without proper legal procedures."

    https://www.usatoday.com/story/news/politics/2026/06/06/judge-halts-trump-snap-restrictions-in-states-lawsuit-over-funding-rules/90438543007/

    I've written multiple stories about these Supplemental Nutrition Assistance Program (SNAP) benefits, from the perspective of them being stolen by card skimming devices secretly installed at checkout counters and random places. In the past, the states have struggled to get the federal government to reimburse them for these fraud costs, which are disproportionately caused by organized crime groups, particularly Armenian and Romanian gangs that have a significant presence in the US. Now the states are struggling to get these benefits funded at all. But the skimming threat hasn't gone away, because while some state benefits cards do now have chips on them, many still allow the cards to be swiped.

    Previous reporting on this:

    https://krebsonsecurity.com/2022/10/how-card-skimming-disproportionally-affects-those-most-in-need/

    https://krebsonsecurity.com/2023/02/new-protections-for-food-benefits-stolen-by-skimmers/

    https://krebsonsecurity.com/2022/11/lawsuit-seeks-food-benefits-stolen-by-skimmers/

    In conversation about 19 days ago from infosec.exchange permalink

    Attachments


  14. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Thursday, 11-Jun-2026 22:50:19 JST BrianKrebs BrianKrebs

    From the WTAF dept:

    Malware developers are now adding text about nuclear and biological weapons to their spyware to evade AI-based security scanners.

    tl;dr: The inclusion of content that LLMs are trained to refuse -- such as information about nukes and bioweapons -- can effectively prevent the LLM from continuing to analyze the threat.

    "This header appears designed for AI-mediated analysis, not for Node, Bun, or Python. It attempts to derail scanners or analyst copilots that feed the beginning of a file to a language model without clearly isolating the content as untrusted data. In weak pipelines, this can cause refusal behavior, prompt confusion, context pollution, or premature classification before the scanner reaches the actual malware."

    https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious

    IDK why, but this reminds me of the Calvin & Hobbes cartoon where Calvin asks his mom for stuff she will never give him in a million years, and then he just asks for a cookie.

    In conversation about 21 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/731/379/369/217/605/original/b235f4fa31246583.png

    2. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/731/389/516/756/073/original/a828246a64259aa0.png

  15. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 10-Jun-2026 12:24:17 JST BrianKrebs BrianKrebs

    Hey Windows (ab)users! Microsoft patched around 200 vulnerabilities in Windows etc today, a record Patch Tuesday batch. All indications are they fixed two of the zero-days dropped last month by the researcher Nightmare Eclipse, including "Green Plasma" and the "YellowKey" exploit that allowed local access to data encrypted by BitLocker. In response to today's Patch Tuesday, Nightmare Eclipse dropped an exploit for what they claimed was a zero-day bug in Windows Defender.

    Nearly three dozen of the bugs patched this month earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available.

    https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/

    #patchtuesday #windows #nightmareeclipse #greenplasma #yellowkey

    In conversation about 22 days ago from infosec.exchange permalink
  16. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Tuesday, 09-Jun-2026 05:46:35 JST BrianKrebs BrianKrebs

    Everyone's heard of link shorteners, but did you know about link extenders? Someone forwarded me a curious long ass link that turned out to be malicious (after several redirects) that was created with this service. I could see this being useful for shady marketing companies as well as malware purveyors.

    In conversation about 24 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/716/421/560/428/511/original/3450c3dd3f9fc735.png
  17. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 05-Jun-2026 22:33:40 JST BrianKrebs BrianKrebs

    Sit with this for a second: If the White House had its way, all the immigrants in this country would be dead -- at least on paper. WaPo reports that the Trump administration had plans to classify 2.7 million living people — including some U.S. citizens and lawful permanent residents — as dead as part of its immigration enforcement efforts. The plan reportedly fell apart after pushback from Social Security Administration employees who were tasked with implementing it.

    https://www.washingtonpost.com/politics/2026/06/05/doge-planned-falsely-mark-27-million-people-dead-whistleblower-says/

    In conversation about a month ago from infosec.exchange permalink

    Attachments


  18. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 03-Jun-2026 22:05:21 JST BrianKrebs BrianKrebs

    My follower count here seems to have dropped by ~750-1,000 overnight. I'm guessing there was some kind of cleanup done on botted accounts or something? Or maybe I just pissed a lot of people off at once (totally possible).

    In conversation about a month ago from infosec.exchange permalink
  19. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 03-Jun-2026 20:54:09 JST BrianKrebs BrianKrebs
    in reply to
    • Rich Felker

    @dalias They got access to 20 encrypted vaults. They'd still have to work out the master password for those targeted accounts. Theoretically, that could be done offline, as happened w/ the breach at LastPass, but it took many months for a lot of those stolen vaults to be cracked.

    In conversation about a month ago from infosec.exchange permalink
  20. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 03-Jun-2026 20:49:56 JST BrianKrebs BrianKrebs

    RE: https://infosec.exchange/@briankrebs/116670688015956223

    Dashlane posted an update saying hackers brute-forced its two-factor authentication system, and gained access to the encrypted password vaults for "fewer than 20 personal plan users." Dashlane said there was no evidence of a hack of its own systems, but it hasn't shared yet why or how that 2FA was compromised. The company said “the goal of the attack was to brute-force two-factor authentication (2FA) protections to allow the attacker to register new devices on existing user accounts,” and that it has already notified affected users.

    https://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts?7194ef805fa2d04b0f7e8c9521f97343

    In conversation about a month ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: media.infosec.exchange
      BrianKrebs (@briankrebs@infosec.exchange)
      from BrianKrebs
      Attached: 1 image This looks ominous. The password manager service Dashlane apparently is investigating some strange "Account suspended -- please contact us" emails going out, as well as related login difficulties. I noticed this after a reader and Dashlane user wrote in to say he's on a family plan and he received a notification that they'd locked his account because there was an attempt to add a device and too many MFA failures. Here's what their techs are telling customers: "Thank you for reaching out to us! It's Gustavo from Dashlane Customer Support. I am very sorry for any inconvenience this issue has caused. We are currently investigating an issue regarding unexpected emails with the subject "Account suspended - please contact us", as well as some related login difficulties. Our engineering team is actively working on a resolution. While we investigate, please follow these important recommendations to ensure you retain access to your data: - Do not attempt to change or reset your Master Password at this time. - Do not log out of Dashlane on any device where you are currently logged in. We are treating this with the highest priority and will update you as soon as we have more information or a definitive fix. Thank you for your patience and understanding while we sort this out." Their account status page now says: May 31, 2026 17:50 UTC INVESTIGATING We are continuing to investigate the "Account suspended" notifications. Our engineering teams are actively working on a resolution and investigating the root cause of these messages. We are treating this with the highest priority and will provide further updates here as soon as more information becomes available. Thank you for your continued patience and understanding. May 31, 2026 15:19 UTC INVESTIGATING We have received reports from several users having received an email that their account has been suspended. We have also received reports that some users are experiencing difficulties in logging in to Dashlane after resetting their master password. We are investigating this situation, and we will provide further updates as soon as we have more information. Thank you for your understanding. #dashlane
  • Before

User actions

    BrianKrebs

    BrianKrebs

    Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 krebsonsecurity @ gmail .comLinkedin: https://www.linkedin.com/in/bkrebs

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          21764
          Member since
          9 Nov 2022
          Notices
          647
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.