Notices by BrianKrebs (briankrebs@infosec.exchange), page 3

@GossiTheDog lol @ please provide a password protected attachment. OMG are they going to get attachments.

A local television station in Tennessee is warning nebulously about a "new type of card stealing scam," without actually explaining what the new scam is (spoiler: I'm going to tell you). According to the story, the scam involves a novel "tap to pay" type of fraud.

“From what I understand, this may be one of the first or earliest arrests of this type of situation in the country,” Binkley said.

The story also noted that 11 people had been arrested as allegedly involved in the scam.

https://www.wvlt.tv/2025/03/13/one-first-or-earliest-arrests-this-type-new-type-card-stealing-scam-found-knox-county/

These facts lead me to believe that what we're seeing here is the materialization in the United States of a software-as-a-service offering that allows thieves to relay a valid NFC (tap-to-pay) transaction from mobile devices halfway around the world.

As I explained at length last month, this innovation is being driven by Chinese phishing groups that have largely been responsible for all the toll phishing and USPS phishing scams that arrive by instant message on your mobile device.

These are not SMS messages. They are being sent through Google and Apple phones and bypass the mobile provider networks entirely. When fraudsters successfully phish card data from victims, they then tell the victim their bank needs to verify the transaction and will send a one-time code. If the victim then provides that one-time code, the phishers will use to enroll the victim's card into a mobile wallet tied to a Google or Apple phone.

The fraudsters who are selling these phishing kits also sell the software for relaying NFC transactions from these compromised cards/devices.

A number of people in Singapore have been arrested for trying to use this "ghost tap" software at electronics retailers. AFAIK, This is the first case I'm aware of in the United States that's been documented in the media.

https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/

@scott nice! thanks for that.

Called it. Wrote this back in Sept. 2024, about a clever Windows Powershell phishing scam that was targeting developers at the time. It uses a fake CAPTCHA that asks visitors to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Everyone said, bah, devs will never fall for this. Maybe, I said, but your average user would for sure.

Judging from the number of recent media reports, it appears this one is pretty widespread at the moment.

https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/

I'm really getting sick of having to keep turning off Apple Intelligence every time one of my devices updates, which they do fairly frequently. Apple needs to respect their customers' choices and stop this crap now.

Welcome to reboot Wednesday! ICYMI, yesterday was Patch Tuesday for Windows (ab)users. Microsoft issued more than 50 security updates, including fixes for a whopping six zero-day flaws that are already seeing exploitation.

https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/

Also, Apple has released an update to address a zero-day in virtually all iPhones and iPads that is showing up in targeted attacks.

https://arstechnica.com/security/2025/03/apple-patches-0-day-exploited-in-extremely-sophisticated-attack/

Occasionally I will get a spammy message from someone on here, and I always report the account and block them immediately. What's amazing is how quickly these accounts are reported already by others and taken out to the woodshed. Thanks to everyone involved in stopping abuse. It's fairly remarkable how ferocious this community is in showing spammers the door.

Canada is placing a 25 percent surcharge on energy exported to Michigan, Minnesota and New York thanks to Trump's obsession with tariffs.

What's the most common feedback/comment I've received over the past month? "I used to like reading your stuff when you didn't write about politics all the time."

My response: Me too. But they've left me no choice at this point. If you think tech isn't politics and vice versa, you probably don't believe national security and cybersecurity are two sides of the same coin, either.

Investigative journalist Jacqueline Sweet just published a helluva scoop over at Rolling Stone that looks into the background of a guy I mentioned the other day: Sam Corcos, one of several people named in an executive order as allowed to access Treasury/IRS data. WaPo reported the other day, without providing much background into Corcos, that he had shown up at Treasury demanding access to all taxpayer records.

https://www.rollingstone.com/politics/politics-features/doge-staffer-corcos-wife-ties-russian-oligarch-1235291673/

tl;dr: Corcos's wife is a Russian woman who spent years at the venture capital firm GVA Capital, which has been exposed as a money laundering vehicle for Suleyman Kerimov, a sanctioned Russian oligarch.

I published a story yesterday based on research into a DOGE guy who is now director of IT at X. The story looked his and his wife's past connections to a series of Russian foundations in California. As that story noted, Jacqueline was super helpful in that reporting, and she credits me for helping with her research.

https://krebsonsecurity.com/2025/03/who-is-the-doge-and-x-technician-branden-spikes/

Someone has been snail mailing letters to various businesses pretending to be the BianLian ransomware group. The letters say that the recipient's network has been taken over by the ransomware group, and include a QR code where recipients can scan to make a cryptocurrency payment.

The FBI just released an alert about this, saying nobody should be paying these, and that the whole thing is a scam. But these guy just pissed off the U.S. Postal Service, which also has its own considerable law enforcement investigative power.

https://www.ic3.gov/PSA/2025/PSA250306-2

A reader whose employer got one of these this week shared a copy of their extortion demand. I know it's not the clearest picture, but you get the idea.

What's the best thing you've seen all day?

The unusual circumstances surrounding two of the largest Lottery jackpots in Texas history have touched off a furious debate about the unorthodox methods used to snag the prizes and have led the governor and attorney general to announce investigations.

On April 22, 2023, someone won a $95 million Lotto Texas jackpot by spending $25 million to buy nearly every possible number combination in the draw. The winner, identified only as a business entity called Rook TX, of Scotch Plains, N.J., ended up claiming the lump-sum payment of $57,804,000 before taxes.

https://www.nytimes.com/2025/03/06/us/texas-lottery-system-investigation.html

I reminded of this guy:

https://www.youtube.com/watch?v=I6kBfBXZBdc

From the Financial Times:

"Europe’s biggest powers are swinging behind efforts to seize more than €200bn of frozen Russian assets, as they draw up plans for a ceasefire deal in Ukraine.

France and Germany, long opposed to a full-blown seizure of the assets held in the EU, are discussing with the UK and other countries ways in which they could be used.

French officials have discussed a proposal for European capitals to seize the assets if Moscow were to violate a future ceasefire deal in Ukraine, said three people briefed on the talks, as part of efforts to provide post-conflict security guarantees for Kyiv.

Proponents of the ceasefire link see it as a way to hold Russia to any agreement and provide Kyiv with a guarantee."

https://www.ft.com/content/6536f4c4-42ce-4d8e-a063-5b7f708e7303

@pthenq1 @jerry This explains why the U.S. Commerce Secretary just said he wants to remove government spending from the gross domestic product (GDP) report. Trump doesn't like these GDP numbers one bit, I'm sure.

https://www.reuters.com/world/us/us-commerce-secretary-wants-remove-government-spending-gdp-2025-03-03/

Reuters ran a story on Friday, Feb. 28 that might have been lost in all the attention paid to the Oval Office ambush: Reuters cited 4 sources speaking on condition of anonymity who said Israel has been lobbying the U.S. to keep Syria weak and decentralized, including by letting Russia keep its military bases there to counter Turkey's growing influence in the country.

Not sure if this is indicative of some kind of geopolitical realignment or something else, but it's worth keeping in mind as we all try to read between the lines of what may be going on behind the scenes.

https://www.reuters.com/world/israel-lobbies-us-keep-russian-bases-weak-syria-sources-say-2025-02-28/

In other news, the fact that we buy so much lumber from countries like Canada has become a national security threat, says the White House. Translation: We're going to start cutting down a lot more trees here in the US of A!

Says the guy with the USG by the nuts. What about invading the USG, does that count? Or Ukraine?

Sure, because promoting a taxpayer-backed cryptocurrency reserve is a great idea. The Grifter in Chief is at it again, tackling our most pressing societal issues.

And then you have Musk calling the Social Security Administration a giant Ponzi scheme. THIS is the definition of a Ponzi scheme.

The POTUS is systematically disabling any checks and balances on executive power, and that especially includes agencies that publish raw data. Like the National Weather Service, which this administration wants to privatize (probably using Musk satellites)