Notices by BrianKrebs (briankrebs@infosec.exchange), page 2

RE: https://infosec.exchange/@briankrebs/115962508398912420

Last day to submit public comments, officially:

The Extorter in Chief is at it again. Per the NYT:

"The Trump administration has sought to pressure Senator Chuck Schumer, Democrat of New York and the minority leader, to help name New York’s Penn Station and Washington Dulles International Airport after President Trump in exchange for releasing billions of dollars he has frozen for a rail tunnel under the Hudson River."

Top administration officials have told Mr. Schumer in recent weeks that the money would be released if he agreed to name the facilities in Mr. Trump’s honor, according to four people familiar with the private conversations. The people spoke on the condition of anonymity because they were not authorized to reveal the private discussions."

https://www.nytimes.com/live/2026/02/06/us/trump-news#section-918963069

This makes me sad (been there). From Joe Menn at WaPo: "Most of the Washington Post’s tech reporters were laid off today, including me. I have loved my time at the paper, which is where I wanted to work from age 15. I take some consolation in not being among the survivors who will have to work harder with less for fewer readers. On to better things."

Oof. Like an ad for an airline right next to a story about a plane crash. From The New Yorker article:

"It did not help the staff’s morale that Lewis and his team were hobnobbing in Davos, or that Bezos and his wife, Lauren Sánchez, were in Paris for Haute Couture Week. More troubling were reminders that Bezos, who once emblazoned “Democracy Dies in Darkness” on the paper’s masthead, appears to be pursuing a policy of appeasement toward the Trump Administration."

"As the staff awaited the axe, the President and the First Lady celebrated the première of “Melania,” a documentary that Amazon had licensed for forty million dollars and was reported to be spending another thirty-five million to promote. The deal was inked after Bezos had dinner with the Trumps shortly before the Inauguration."

Good coverage from The New Yorker

"The announcement was left to the executive editor, Matt Murray, and human-relations chief Wayne Connell; the newspaper’s publisher, Will Lewis, was nowhere to be seen as the grim news was unveiled. In what Murray termed a “broad strategic reset,” the Post’s storied sports department was shuttered “in its current form”; several reporters will now cover sports as a “cultural and societal phenomenon.” The metro staff, already cut to about forty staffers during the past five years, has been shrunk to about twelve; the foreign desks will be reduced to approximately twelve locations from more than twenty; Peter Finn, the international editor, told me that he asked to be laid off. The books section and the flagship podcast, “Post Reports,” will end. Shortly after the meeting, staffers received individualized e-mails letting them know whether they would stay or go. Murray said the retrenched Post would “concentrate on areas that demonstrate authority, distinctiveness, and impact,” focusing on areas such as politics and national security. This strategy, a kind of Politico-lite, would be more convincing if so many of the most talented players were not already gone."

https://archive.is/YRuaF

Virginia Sens. Mark Warner and Tim Kaine sent a letter to the DHS inspector general, regarding what they called "a muddled patchwork of technology procurements that have significantly expanded DHS’ ability to collect, retain, and analyze information about Americans."

"We are deeply concerned that ICE’s surge in brutality against American communities is being facilitated by the inappropriate and unsupervised use of surveillance technology."

"DHS law enforcement agencies have moved to amass potentially sensitive personal data with the unprecedented $165 billion DHS was allocated during last year’s partisan reconciliation process. Immigration and Customs Enforcement (ICE) alone received $75 billion, more funding than that
allocated to the Federal Bureau of Investigation (FBI), an agency responsible for investigating violations of a significantly greater number of laws."

"To date, DHS has:

1. Issued a Request for Information (RFI) to Big Data and Ad Tech providers to support ICE’s investigation activities;

2. Published a Notice of Proposed Rulemaking (NPRM), Collection and Use of Biometrics by U.S. Citizenship and Immigration Services, that would expand the types and amount of biometric data the agency can – including allowing collection of biometric data from children under 14;

3. Issued a RFI to hire 30 social media surveillance contractors to collect information from social media and commercial databases and build profiles on individuals for the Enforcement and Removal Operations (ERO) division;

4. Issued a Notice of Intent for licenses from Bi2 Technologies - used for scanning individuals’ irises;

5. Entered a contract with Palantir to upgrade the Investigative Case Management (ICM) system – which has access to information from across the federal government – to include the Immigration Lifecycle Operating System (ImmigrationOS);

6. Reactivated a contract with Paragon Solutions under the FAR 6.302-1 rule, which is reserved for the most unique services."

https://www.warner.senate.gov/public/_cache/files/8/a/8a89f505-7fa5-43cc-846a-2210f13996c1/EF33E15E3EADE3BEEA2CCCFAAFB6168F2F8AD47FDAB4FBED3DA68EF10886002A.2026.01.29-letter-to-dhs-oig-re-data-final.sign.pdf

ICYMI, the Small Business Administration (SBA) has suspended more than 1,000 small business contractors in the 8(a) Business Development Program, designed to provide contracting opportunities and training to small business owners that are socially and economically disadvantaged.

https://www.forbes.com/sites/nataliemadeiracofield/2026/01/27/1000-firms-out-65-in-whats-happening-to-the-8a-program/

On December 5th, SBA announced that every 8(a) firm would be required to provide detailed financial information to the agency with limited guidance. The SBA initially provided just 31 days to comply with their request, over the holidays, before extending the deadline to January 19th.

On Monday, Defense News said Defense Secretary Pete Hegseth on Jan. 16 "lambasted a decades-old contracting program that provides business opportunities for small and disadvantaged businesses, calling it a breeding ground for fraud and disparaging it as a “DEI” effort."

"In a video posted on social media, Hegseth described the Small Business Administration’s 8(a) Business Development Program in harsh terms, connecting it with diversity programs he has strongly criticized and ordering a strict review."

“We’re actually taking a sledgehammer to the oldest DEI [diversity, equity and inclusion] program in the federal government,” Hegseth said. “A program few people outside of Washington have ever heard of, that I hadn’t heard of. It’s called the 8(a) program.”

https://www.defensenews.com/air/2026/01/26/critics-see-chilling-effect-of-dod-crackdown-on-8a-small-biz-deals/

The WSJ reports that Google has moved to seize dozens of domains belonging to IPIDEA, a Chinese residential proxy service and the largest by far with ~10M proxies for rent. Google has also taken steps to remove hundreds of apps affiliated with the company from Android devices

https://www.wsj.com/tech/google-aims-knockout-blow-at-chinese-company-linked-to-massive-cyber-weapon-3c3fdc40?st=tzboX3

Earlier this month, we broke the news about how the world's biggest botnet -- Kimwolf -- grew very quickly to well more than 2 million devices by exploiting a weakness in IPIDEA that allowed them to probe the local networks of proxy endpoints, and infect unofficial Android devices like TV boxes.

https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/

IPIDEA's proxy service has become synonymous with these Android TV boxes, which generally come backdoored at purchase. According to Synthient, the proxy tracking startup that figured out how Kimwolf was spreading, the majority of traffic being funneled through IPIDEA proxies is for account takeover activity and ad fraud.

Here's the announcement from Google: https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network

PSA: If you're planning to do your taxes w/ TurboTax 2025 desktop software this year on a Windows 10 computer, you should know the software won't install, regardless of whether you took advantage of Microsoft's offer for an extra year of security updates for Windows 10. Yes, those customers can still use TurboTax Online at no extra cost, but that pushes users to a cloud product that probably a lot of people avoid for all kinds of reasons.

https://ttlc.intuit.com/turbotax-support/en-us/help-article/download-products/end-support-windows-8-affect-turbotax-experience/L4v9atO3O_US_en_US

Ten feet of sledding in our plastic sled told me that to continue down meant almost certain manglement or death. The entire hill is a thick, glistening layer of frozen rain and sleet on top of snow, where breaking through requires some serious force. So I ditched the sled and slid down the hill in my snowpants. As I feared, stopping was terrifying, difficult and somewhat painful. Worse, took about 10 seconds to go down, and about 10 minutes to go back up. 2/10 for the smooth ride till the violent end.

Letting AI agents run your life is like handing the car keys to your 5-year-old. What could go wrong?

I was marveling while reading this PCMag piece, which describes how to secure an agentic AI setup that essentially mimics malware: To do it's job properly, the AI agent has to be able to read private messages, store credentials, execute commands, and maintain a persistent state. How do you do that? You chase after it like you would your child.

"The important thing is to make sure you limit "who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch" on your device, the bot's support documentation says."

https://www.pcmag.com/news/clawdbot-moltbot-hot-new-ai-agent-creator-warns-of-spicy-security-risks?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=A

Interesting developing story. Can't wait for more details. From Risky Biz:

"A cyberattack has wreaked havoc across Russia on Monday after the servers of the Delta smart alarm system went down.

Per reports in local media, car owners using Delta's alarm system couldn't unlock cars or stop active alarms. In some cases, owners couldn't start engines or their engines jammed while driving.

The company confirmed the incident but did not provide other details besides calling it a "large-scale external attack."

Delta's phone lines and website were down all day on Monday and the disruption continued the next day."

https://risky.biz/RBNEWS518/

We knew this was coming, but now the clock is running. From Privacy International:

"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."

"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."

PI linked to and summarized a Federal Register entry describing the proposed requirements:

-All visitors must submit ‘their social media from the last 5 years’

-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.

https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media

The Federal Register entry says comments are encouraged and
must be submitted (no later than
February 9, 2026) to be assured of
consideration

Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf

Had way more fun than I should have watching doggo try to do her business this morning. Blew off the driveway yesterday, only to have about 2.5 inches of sleet freeze on top of a light layer of snow. Hard enough to for a 170 lb person walk on without leaving a footprint. She got to the side yard and started sliding backwards all the way down the hill, all while frantically trying to gain her footing. She's fine, but poor thing was really scared while I was on the ground laughing my ass off.

Politico writes: "Two members of Elon Musk’s DOGE team working at the Social Security Administration were secretly in touch with an advocacy group seeking to “overturn election results in certain states,” and one signed an agreement that may have involved using Social Security data to match state voter rolls, the Justice Department revealed in newly disclosed court papers."

"Elizabeth Shapiro, a top Justice Department official, said SSA referred both DOGE employees for potential violations of the Hatch Act, which bars government employees from using their official positions for political purposes.

"Shapiro’s previously unreported disclosure, dated Friday, came as part of a list of “corrections” to testimony by top SSA officials during last year’s legal battles over DOGE’s access to Social Security data. They revealed that DOGE team members shared data on unapproved “third-party” servers and may have accessed private information that had been ruled off-limits by a court at the time."

Kind of makes you wonder about the rest of the departments where DOGE had access.

https://www.politico.com/news/2026/01/20/trump-musk-doge-social-security-00737245?cid=apn

Called it: Via CNN...Inside plans to rebuild the ‘top-secret’ bunker beneath the White House East Wing

https://archive.is/e4wzc#selection-2133.7-2133.93

What if Trump's new ballroom is just an excuse to build a bigger, deeper, stronger bunker underneath so he can hide from the angry mobs?

https://apnews.com/article/donald-trump-ap-top-news-george-floyd-politics-a2326518da6b25b4509bef1ec85f5d7f

Continue, or "try it now" a popup from Gmail now asks, offering to compose your next message with Gemini. I guess the tiny "x" is the "fuck no" button?

#darkpatterns

WaPo reports:

"The FBI executed a search warrant Wednesday morning at a Washington Post reporter’s home as part of an investigation into a government contractor accused of illegally retaining classified government materials."

"The reporter, Hannah Natanson, was at her home in Virginia at the time of the search. Federal agents searched her home and her devices, seizing her phone, two laptops and a Garmin watch. One of the laptops was her personal computer, the other a Washington Post-issued laptop."

"It is exceptionally rare for law enforcement officials to conduct searches at reporters’ homes. Federal regulations intended to protect a free press are designed to make it difficult to use aggressive law enforcement tactics against reporters to obtain the identities of their sources or information."

https://www.washingtonpost.com/national-security/2026/01/14/washington-post-reporter-search/

https://archive.ph/kYFYo

Guardian piece: https://www.theguardian.com/us-news/2026/jan/14/fbi-raid-washington-post-hannah-natanson

Can you believe it's been a month already, Windows (ab)users? Yes, that's right, it's Patch Tuesday, or depending on when you're reading this Reboot Wednesday!

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/

#patchtuesday