Notices by Kim Zetter (kimzetter@infosec.exchange)

Chris Krebs has quit his job at SentinalOne to launch a legal and public relations fight against Trump and the presidential memo Trump he signed against Krebs last week. "Krebs said he understood why some have kept a low profile and tried not to further anger the president. But he said he disagreed with that approach. "I don’t think this lay-low-and-hope-this-blows-over approach is the right one for the moment we’re in."

Miles Taylor who was also targeted by Trump said "the memos targeting him and Krebs were 'punishment for dissent' and that he too planned to fight back.... 'How we respond will set the tone inevitably for how others targeted by these EOs decide to respond.”

https://www.wsj.com/politics/policy/chris-krebs-trump-cybersecurity-executive-action-31cb99cb

Two seemingly blockbuster stories published on Friday that reported that the Trump admin had ordered US Cyber Command and CISA to "stand down" on their work to detect and counter Russian cyber threats. But new info has come out to contradict the stories or qualify them. I dug into what we know and don't know. As always, if anyone has any additional information related to these stories, please contact me on Signal at KimZ.42.

https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/

The National Science Foundation fired nearly 170 workers this morning in Zoom call. This included workers who had already cleared their one-year probationary period only to have it changed to two years earlier this month, putting them in line for termination. It also included at-will permanent workers -- the latter were not among those designated for firing by the Trump administration; instead NSF decided on its own to eliminate them. Here's my story:
https://www.wired.com/story/national-science-foundation-february-2025-firings/

DHS fired more than 400 employees today, including 130 people from CISA. If you work or worked for CISA or have information about what's going on there, you can reach me on Signal at KimZ.42

https://abcnews.go.com/Politics/dhs-cuts-405-employees-workforce/story?id=118847047

Have tips? Story ideas? Something you think I should know about?

Reach me on Signal at KimZ.42

I cover cybersecurity and national security, writing about: nation-state hacking, espionage, cyber warfare, cybercrime, and policy. I don't write about companies - unless they've done something wrong.

In a first-ever report from the intelligence community, the US government has revealed that it disclosed 39 zero day vulnerabilities to vendors/public to be patched rather than keep them for NSA/CIA/FBI to exploit in hacking operations. The report, however, doesn't say how many zero days the gov discovered in 2023 that it kept to exploit. And ten of the 39 it did disclose that year, it had already kept secret for an unknown number of years to exploit before deciding to disclose them in 2023. Here's my story: https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/

Last month as drones over NY/NJ made headlines, a radiation-monitoring site reported spikes in radiation in NY, seemingly supporting a theory that the drones were tracking a dirty bomb on the loose there. Only the spikes were fake. I wrote about how the fake info got reported and how it spread on social media

https://www.zetter-zeroday.com/anatomy-of-a-nuclear-scare/

New law in Belgium allows "ethical" hackers to hack Belgian companies without their permission. The law requires hackers to report any vulnerabilities they find within 72 hours of discovering them. "You can't just test the security of a system and then say nothing about it afterwards."

Hackers also are prohibited from asking for a bounty "otherwise it is the same principle as asking for a ransom."

"There are more than 3,000 ethical hackers in Belgium. They will be able to see whether the data of an average citizen is properly secured. If the government comes up with a corona app, ethical hackers can now legally test it."

https://www-vrt-be.translate.goog/vrtnws/nl/2023/02/14/ethische-hackers-mogen-meer-door-nieuwe-wet/?_x_tr_sl=fr&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp