Notices by Kim Zetter (kimzetter@infosec.exchange)

The National Science Foundation fired nearly 170 workers this morning in Zoom call. This included workers who had already cleared their one-year probationary period only to have it changed to two years earlier this month, putting them in line for termination. It also included at-will permanent workers -- the latter were not among those designated for firing by the Trump administration; instead NSF decided on its own to eliminate them. Here's my story:
https://www.wired.com/story/national-science-foundation-february-2025-firings/

DHS fired more than 400 employees today, including 130 people from CISA. If you work or worked for CISA or have information about what's going on there, you can reach me on Signal at KimZ.42

https://abcnews.go.com/Politics/dhs-cuts-405-employees-workforce/story?id=118847047

Have tips? Story ideas? Something you think I should know about?

Reach me on Signal at KimZ.42

I cover cybersecurity and national security, writing about: nation-state hacking, espionage, cyber warfare, cybercrime, and policy. I don't write about companies - unless they've done something wrong.

In a first-ever report from the intelligence community, the US government has revealed that it disclosed 39 zero day vulnerabilities to vendors/public to be patched rather than keep them for NSA/CIA/FBI to exploit in hacking operations. The report, however, doesn't say how many zero days the gov discovered in 2023 that it kept to exploit. And ten of the 39 it did disclose that year, it had already kept secret for an unknown number of years to exploit before deciding to disclose them in 2023. Here's my story: https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/

Last month as drones over NY/NJ made headlines, a radiation-monitoring site reported spikes in radiation in NY, seemingly supporting a theory that the drones were tracking a dirty bomb on the loose there. Only the spikes were fake. I wrote about how the fake info got reported and how it spread on social media

https://www.zetter-zeroday.com/anatomy-of-a-nuclear-scare/

New law in Belgium allows "ethical" hackers to hack Belgian companies without their permission. The law requires hackers to report any vulnerabilities they find within 72 hours of discovering them. "You can't just test the security of a system and then say nothing about it afterwards."

Hackers also are prohibited from asking for a bounty "otherwise it is the same principle as asking for a ransom."

"There are more than 3,000 ethical hackers in Belgium. They will be able to see whether the data of an average citizen is properly secured. If the government comes up with a corona app, ethical hackers can now legally test it."

https://www-vrt-be.translate.goog/vrtnws/nl/2023/02/14/ethische-hackers-mogen-meer-door-nieuwe-wet/?_x_tr_sl=fr&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp