Posts by briankrebs@infosec.exchange
(DIR) Post #B33CB7ZMhOKv3GI6u8 by briankrebs@infosec.exchange
2026-02-06T16:32:57Z
0 likes, 1 repeats
When I saw the other journalists that were nominated, I didn't think there was a chance (e.g. ProPublica was nominated for their excellent investigative reporting uncovering the Pentagon's reliance on Chinese contractors for cloud work). I'm very flattered to be in such great company. Thank you to the Institute for Security and Technology (IST) for this award.Last night's IST gala at the National Press Club was a stroll down memory lane in many ways. Ran into people I haven't seen in person for ages, and most of them have been involved in shaping cybersecurity policy for 25+ years. It was also bittersweet because I spent a lot of time at the Press Club as a reporter at The Washington Post, and I'm still livid about the insanity of the 300 or so WaPo journalists who lost their jobs this week. I'm particularly mystified by the decimation of the Post's Metro staff; despite its stature as a top source of national and international news, The Washington Post has always maintained a strong focus on what's going on in the DC area. When they merged washingtonpost.com with the dead tree edition in 2009 and eliminated my job, the mantra of the company was they wanted to be THE source of news about what's happening in the Nation's Capital, and how policy being made in DC affects the rest of the world. Here's part of what I told the audience last night:"I was horrified this week to see The Washington Post lay off 300 of its 800 remaining journalists -- the third major staff reduction in as many years. A lot of the cuts are deeply affecting the foreign and local metro staff; it's easy to forget the Watergate scandal started as a metro story. Probably we need several hundred more reporters digging into what this administration is doing, because Watergate frankly can't hold a candle to it all." "I'm hoping all of the post-Posties will land in a better place soon, but I also hope they can keep doing their important work regardless of where it comes from. And I will continue to advocate for, support and encourage anyone who wants to go the independent route. I think journalism is going to be just fine for now, but I'm not sure I share the same view about many traditional news organizations. I hear from a lot of reporters considering the going out on their own worry about not having a big publication name to automatically open doors for them, or watch their backs legally, and those are certainly big adjustments of going solo. But you know what makes all that worth it? When you're breaking news that forces important people to answer hard questions, and the gatekeepers go, wait, who are you with again?" https://www.linkedin.com/feed/update/urn:li:activity:7425373027145752577/?commentUrn=urn%3Ali%3Acomment%3A(activity%3A7425373027145752577%2C7425575747831947264)&dashCommentUrn=urn%3Ali%3Afsd_comment%3A(7425575747831947264%2Curn%3Ali%3Aactivity%3A7425373027145752577)
(DIR) Post #B33krlLEc9KP0TBc6y by briankrebs@infosec.exchange
2026-02-06T20:53:57Z
0 likes, 0 repeats
As much as I bash on the stupid ways that companies are trying to shove AI down everyone's throats, it does seem to be remarkably good at finding vulnerabilities. I'm a little concerned that our over-reliance on racing to patch everything 24/7 isn't going to scale well for much longer (if indeed it ever has). As this blog post from Anthropic points out, this is becoming a frequent refrain from people advocating that companies invest more in AI. I'm not necessarily saying they're wrong in this respect. But I am generally wary of any industry that claims you need more of what it is selling just so you can offset the negative externalities caused by the unbridled use of its technology."Claude Opus 4.6, released today, continues a trajectory of meaningful improvements in AI models’ cybersecurity capabilities. Last fall, we wrote that we believed we were at an inflection point for AI's impact on cybersecurity—that progress could become quite fast, and now was the moment to accelerate defensive use of AI. The evidence since then has only reinforced that view. AI models can now find high-severity vulnerabilities at scale. Our view is this is a moment to move quickly—to empower defenders and secure as much code as possible while the window exists."https://red.anthropic.com/2026/zero-days/
(DIR) Post #B33krpsLkyC54Ki7Hc by briankrebs@infosec.exchange
2026-02-06T21:17:28Z
0 likes, 0 repeats
If you look at the Hacker One leaderboard rankings for collectives, you can see Xbow ruled in the last half of 2025. Xbow is billed as a fully autonomous AI-driven penetration testing platform.
(DIR) Post #B3A37r5byWSlafSftQ by briankrebs@infosec.exchange
2026-02-09T19:49:18Z
0 likes, 1 repeats
ICYMI, from Reuters: "Democratic Senator Maria Cantwell on Tuesday said Verizon and AT&T are blocking release of key documents about an alleged massive Chinese spying operation that infiltrated U.S. telecommunications networks known as Salt Typhoon and wants their CEOs to appear before Congress to answer questions.""Cantwell asked both companies to turn over security assessments conducted by Alphabet cybersecurity unit Mandiant. She said Mandiant refused to provide the requested network security assessments, apparently at the direction of AT&T and Verizon.""In some cases, hackers are alleged to have intercepted conversations, including between prominent U.S. politicians and government officials. Several lawmakers have described them as the worst telecom hacks in U.S. history.""Cantwell said Salt Typhoon allowed the Chinese government to "geolocate millions of individuals" and "record phone calls at will," and that the incident targeted almost every American."https://www.reuters.com/business/media-telecom/senator-says-att-verizon-blocking-release-salt-typhoon-security-assessment-2026-02-03/
(DIR) Post #B3WBWlDU1Pflj4eGo4 by briankrebs@infosec.exchange
2026-02-20T13:28:48Z
2 likes, 2 repeats
If you're on LinkedIn and are thinking about verifying your account with them, maybe read this first. It walks through LinkedIn's privacy disclosure to identify 17 companies that may receive and process the data you submit, including name, passport photo, selfie, facial geometry, NFC data chip, national ID #, DoB, email, phone number, address, IP address, device type, MAC address, language, geolocation etc. Unsurprisingly, it seems the biggest recipients are US-based AI companies.https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
(DIR) Post #B3WIqUsbAeVcWrEoxE by briankrebs@infosec.exchange
2026-02-20T17:25:07Z
0 likes, 0 repeats
Was just browsing the Internet in a VM with script-blockers turned off for a bit, and half the sites were like "IT PUTS THE DATA IN THE BASKET OR IT GETS THE HOSE AGAIN!" with multiple videos, dozens of ads and and 99 pieces of third-party Javascript loading in the background. The amount of advertiser profiling and data sharing that goes on when you visit these noisy sites with a mobile device is even higher and more invasive, which might explain why I do most of my web browsing inside a VM (but with script blockers turned on).
(DIR) Post #B3cIQXOENh8ljXPn3Q by briankrebs@infosec.exchange
2026-02-23T13:10:26Z
1 likes, 0 repeats
A slick new phishing-as-a-service offering demonstrates just how easily a username+password and a one-time token can be phished. Dubbed "Starkiller," the service uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the victim and the legitimate site -- forwarding the victim's username, password and multi-factor authentication code to the legitimate site and returning its responses.https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/#phishing #MFA #starkiller
(DIR) Post #B3cc9ghoURdOmoojc8 by briankrebs@infosec.exchange
2026-02-23T13:38:15Z
1 likes, 0 repeats
Really enjoyed this scoop from the Financial Times, where a team of reporters identified 48 seemingly independent companies working from different physical addresses that appear to be operating together to disguise the origin of Russian oil, particularly from Kremlin-controlled Rosneft. The kicker: The network was discovered because they all share a single private email server.From the (paywalled) story: "The FT was able to identify 442 web domains whose public registrations show they all use a single private server for their email, “mx.phoenixtrading.ltd”, showing that they share back-office functions.""The FT was then able to identify companies by comparing the names in the domain to those of entities that appear in Russian and Indian customs records as involved in carrying Russian oil.""For example, Foxton FZCO, a Dubai-based entity listed as the buyer of $5.6bn of oil in Russian export filings, matches “foxton-fzco.com”. Similarly, Advan Alliance, an entity listed in Indian filings as having sold $1.5bn of Russian oil into the country, can be linked to “advanalliance.ltd”. ""Filings linked by the FT to the domain list show oil exports from Russia amounting to more than $90bn."https://www.ft.com/content/4310f010-2b3c-493e-ba0a-26dc6d156b2e
(DIR) Post #B3hauVGLcl8Wmyxw4u by briankrebs@infosec.exchange
2026-02-25T20:04:25Z
0 likes, 0 repeats
Agentic AI-based services are the new Shadow IT. Change my mind.
(DIR) Post #B3haubf1puRadGYjNg by briankrebs@infosec.exchange
2026-02-25T20:19:36Z
0 likes, 0 repeats
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
(DIR) Post #B3r3RllRq3DEfBnpsO by briankrebs@infosec.exchange
2026-03-02T16:05:44Z
0 likes, 0 repeats
Someone has registered a ton of new accounts and is spamming with messages saying I'm a pedophile. Sorry @jerry
(DIR) Post #B3tIBdO36ZWvg0XgDw by briankrebs@infosec.exchange
2026-03-03T16:21:43Z
0 likes, 0 repeats
Saw a few videos this morning of Iranian drones targeting US military bases and blowing shit up. I was struck by how loud and slow these things are. It's as if the loudest leafblower on the planet had wings and a propeller.This AP News story has some good detail on Iran's response to its neighbors, which indicates the majority of the many, many missiles and drones Iran sent at or near the UAE were intercepted, but that some less defended places were still hit due to the volume of the missile/drone volley."Officials in Dubai in the United Arab Emirates said Sunday that air defenses had dealt with 165 ballistic missiles, two cruise missiles and more than 540 Iranian drones over two days. While officials said they intercepted all air attacks Saturday, debris from the knocked-down weapons sparked blazes at some of Dubai’s most iconic locations.""Some Iranian drones flew as far as a U.K. military base in Cyprus. The runway at the Royal Air Force base in Akrotiri was struck by an Iranian drone Sunday, according to U.K. officials, and sirens blared there again Monday when two more drones heading toward the base were intercepted.""State-of-the-art U.S. and Israeli air defense assets have proven efficient in intercepting most of Iran’s ballistic missiles launched at Israel. But the attacks using large numbers of cheap drones hit some softer targets lacking the same level of protection."https://apnews.com/article/iran-us-israel-gulf-war-drone-49c8ea76358e579447ff839485f394ac
(DIR) Post #B45DyvdvqjnGc3B0Ua by briankrebs@infosec.exchange
2026-03-08T22:20:12Z
0 likes, 0 repeats
With the recent heavy rains around here, the spring peepers are going nuts today with the warm weather we're enjoying. I don't know why -- maybe it's because their little froggy peeps are some of the first hopeful signs of Spring -- but hearing them sing in unison this early makes me unreasonably happy.
(DIR) Post #B48EnpIplV8dBwSRQe by briankrebs@infosec.exchange
2026-03-09T16:43:48Z
0 likes, 0 repeats
New, by me: How AI Assistants are Moving the Security GoalpostsAI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.Read more (and boost please!):https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/#openclaw #AI #agentic #aiagents #lethaltrifecta
(DIR) Post #B48EnqOXhlIaZw8Vxw by briankrebs@infosec.exchange
2026-03-11T00:12:37Z
0 likes, 2 repeats
So one of the guys I wrote about in this story -- Matt Schlicht, the creator of Moltbook, a bizarre Reddit-like platform for AI agents that Schlicht said he vibe coded with OpenClaw -- has just had his bot social network acquired by Meta (for undisclosed terms).Interestingly, Schlicht said he didn't write a single line of code for the project. From the story: "AI assistants like OpenClaw have gained a large following because they make it simple for users to “vibe code,” or build fairly complex applications and code projects just by telling it what they want to construct.""Less than a week after its creation, Moltbook had more than 1.5 million registered agents that posted more than 100,000 messages to each other. AI agents on the platform soon built their own porn site for robots, and launched a new religion called Crustafarian with a figurehead modeled after a giant lobster. One bot on the forum reportedly found a bug in Moltbook's code and posted it to an AI agent discussion forum, while other agents came up with and implemented a patch to fix the flaw.""“I just had a vision for the technical architecture and AI made it a reality,” Schlicht said. “We’re in the golden ages. How can we not give AI a place to hang out.”Axios story on acquisition: https://www.axios.com/2026/03/10/meta-facebook-moltbook-agent-social-networkGood YouTube vid on Moltbook: https://www.youtube.com/watch?v=1Y_u0fY-AbA
(DIR) Post #B49ZVp8tulCTg51pWi by briankrebs@infosec.exchange
2026-03-11T16:24:45Z
0 likes, 0 repeats
Breaking, new, by me: Iran-backed Hackers Claim Wiper Attack on Medtech Firm StrykerA hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.From the story: "Wiper attacks usually involve malicious software designed to overwrite any existing data on infected devices. But a trusted source with knowledge of the attack who spoke on condition of anonymity told KrebsOnSecurity the perpetrators in this case appear to have used a Microsoft service called Microsoft Intune to issue a ‘remote wipe’ command against all connected devices.""Intune is a cloud-based solution built for IT teams to enforce security and data compliance policies, and it provides a single, web-based administrative console to monitor and control devices regardless of location. The Intune connection is supported by this Reddit discussion on the Stryker outage, where several users who claimed to be Stryker employees said they were told to uninstall Intune urgently."https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/#stryker #handala #intune #wiper #cybersecurity
(DIR) Post #B4YQUlvBRuuSU1B3Ka by briankrebs@infosec.exchange
2026-03-23T16:10:20Z
0 likes, 1 repeats
ICYMI (from the not-all-cyber-news-is-horrible dept), a cyberattack on a U.S. vehicle breathalyzer company has left drivers across the United States stranded and unable to start their vehicles. This story positively cries out for a headline-writing contest. TechCrunch reports:"The company, Intoxalock, says on its website that it is “currently experiencing downtime” after a cyberattack on March 14. Intoxalock sells breathalyzer devices that fit into vehicle ignition switches, and is used by people who are required to provide a negative alcohol breath sample to start their car."https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/
(DIR) Post #B4YruXoHEdtz0cSboG by briankrebs@infosec.exchange
2026-03-23T21:19:40Z
1 likes, 2 repeats
Whoa, that escalated quickly. This just got sent out by the press folks at the Federal Communications Commission (FCC). The FCC says it has decided that all foreign-made consumer-grade Internet routers are henceforth prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the United States. "Update Follows Determination by Executive Branch Agencies that Consumer-Grade Routers Produced in Foreign Countries Threaten National Security WASHINGTON, March 23, 2026—Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet. This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.” "The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”"This action does not affect any previously-purchased consumer-grade routers. Consumers can continue to use any router they have already lawfully purchased or acquired.""Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations. Interested applicants are encouraged to submit applications to conditional-approvals@fcc.gov."Not sure how many consumer-grade routers will be left for sale if it really is a ban on approvals for any foreign-made consumer routers like they said, and not just a bunch of already restricted Chinese makers like Huawei and ZTE.https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routersFCC's "covered list" of "thou shalt not entities": https://www.fcc.gov/supplychain/coveredlist
(DIR) Post #B53iM7TvjxRRowDAVU by briankrebs@infosec.exchange
2026-04-07T18:10:02Z
1 likes, 3 repeats
New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
(DIR) Post #B5QECPpc8JU7qWtALw by briankrebs@infosec.exchange
2026-04-18T14:53:17Z
1 likes, 0 repeats
Pretty wild mural painted over the men's room urinals at a restaurant we went to last night (if they don't call it a "murinal" they should). I thought it was hilarious but I wonder how many others would have a very different reaction.