Posts by briankrebs@infosec.exchange
(DIR) Post #B1snqLkGIIySY3QKEi by briankrebs@infosec.exchange
2026-01-02T14:39:33Z
0 likes, 0 repeats
Some implications from the research in today's story: "Consider the following scenario, in which the mere act of allowing someone to use your Wi-Fi network could lead to a Kimwolf botnet infection. In this example, a friend or family member comes to stay with you for a few days, and you grant them access to your Wi-Fi without knowing that their mobile phone is infected with an app that turns the device into a residential proxy node. At that point, your home’s public IP address will show up for rent at the website of some residential proxy provider.""Miscreants like those behind Kimwolf then use residential proxy services online to access that proxy node on your IP, tunnel back through it and into your local area network (LAN), and automatically scan the internal network for devices with Android Debug Bridge mode turned on.""By the time your guest has packed up their things, said their goodbyes and disconnected from your Wi-Fi, you now have two devices on your local network — a digital photo frame and an unsanctioned Android TV box — that are infected with Kimwolf. You may have never intended for these devices to be exposed to the larger Internet, and yet there you are.""Here’s another possible nightmare scenario: Attackers use their access to proxy networks to modify your Internet router’s settings so that it relies on malicious DNS servers controlled by the attackers — allowing them to control where your Web browser goes when it requests a website. Think that’s far-fetched? Recall the DNSChanger malware from 2012 that infected more than a half-million routers with search-hijacking malware, and ultimately spawned an entire security industry working group focused on containing and eradicating it."
(DIR) Post #B1uwfkubfirZJuCnDM by briankrebs@infosec.exchange
2026-01-03T16:08:47Z
0 likes, 0 repeats
This is disheartening. WaPo editorial board goes full cheerleader for Trump's invasion of Venezuela. https://archive.ph/5iVFN
(DIR) Post #B1uwfqN9N1fMFsb9to by briankrebs@infosec.exchange
2026-01-03T17:28:00Z
0 likes, 0 repeats
NYT: "President Trump said the United States would “run” Venezuela “until such time that we can do a safe, proper and judicious transition,” following the U.S. military operation that captured the country’s president, Nicolás Maduro, and his wife.""Mr. Trump offered few details about how the United States would oversee Venezuela, saying only that “a group” would do so. It was not clear whether that would involve an occupying military force, but Mr. Trump said he was not afraid of “boots on the ground.”https://www.nytimes.com/live/2026/01/03/world/trump-united-states-strikes-venezuela
(DIR) Post #B1uwfqODJ4W6JB60Ya by briankrebs@infosec.exchange
2026-01-03T16:12:12Z
0 likes, 0 repeats
Statements that upon reading in a newspaper story I would assume were written by the White House or the military itself: "Details are still emerging, but what happened in Caracas was a clear reminder that America’s military and intelligence capabilities are second to none.""What are Iranian leaders thinking now as they consider how to respond to widespread anti-government protests? Are the communists in Cuba sleeping well?"
(DIR) Post #B1uwfvJR0GfHZntlIm by briankrebs@infosec.exchange
2026-01-03T17:29:06Z
0 likes, 0 repeats
the NYT, cont'd: Pressed by reporters on who would be running Venezuela, Trump points to his advisers standing behind him and says that for a “period of time” the “people that are standing right behind me, we’re going to be running it.”Some of the advisers standing behind him include Defense Secretary Pete Hegseth, Secretary of State Marco Rubio and General Dan Caine, the chairman of the Joint Chiefs. Trump said the United States would be a part of an unspecified “group” running Venezuela without providing details.
(DIR) Post #B1uwfvZO2xQQNHMVAO by briankrebs@infosec.exchange
2026-01-03T16:21:00Z
0 likes, 0 repeats
Also, in what universe is the US invading Venezuela a test of our military and intelligence prowess?
(DIR) Post #B1uwg0lGkCtuTZxYsi by briankrebs@infosec.exchange
2026-01-03T16:32:51Z
0 likes, 0 repeats
My favorite line: "Now he should spend the rest of his life in a humane American prison."Hahahahahahahh. Yeah, nobody does prisons like the US. More humans than humanes is our motto.
(DIR) Post #B2Hgav0eFcw5bw65Fw by briankrebs@infosec.exchange
2026-01-14T17:43:00Z
0 likes, 0 repeats
WaPo reports: "The FBI executed a search warrant Wednesday morning at a Washington Post reporter’s home as part of an investigation into a government contractor accused of illegally retaining classified government materials.""The reporter, Hannah Natanson, was at her home in Virginia at the time of the search. Federal agents searched her home and her devices, seizing her phone, two laptops and a Garmin watch. One of the laptops was her personal computer, the other a Washington Post-issued laptop.""It is exceptionally rare for law enforcement officials to conduct searches at reporters’ homes. Federal regulations intended to protect a free press are designed to make it difficult to use aggressive law enforcement tactics against reporters to obtain the identities of their sources or information."https://www.washingtonpost.com/national-security/2026/01/14/washington-post-reporter-search/https://archive.ph/kYFYoGuardian piece: https://www.theguardian.com/us-news/2026/jan/14/fbi-raid-washington-post-hannah-natanson
(DIR) Post #B2HgazUvYzX7X0IK0W by briankrebs@infosec.exchange
2026-01-14T17:45:45Z
0 likes, 0 repeats
From the Guardian story:“Physical searches of reporters’ devices, homes and belongings are some of the most invasive investigative steps law enforcement can take,” Bruce D Brown, president of the Reporters’ Committee for Freedom of the Press, said in a statement.“There are specific federal laws and policies at the Department of Justice that are meant to limit searches to the most extreme cases because they endanger confidential sources far beyond just one investigation and impair public interest reporting in general.“While we won’t know the government’s arguments about overcoming these very steep hurdles until the affidavit is made public, this is a tremendous escalation in the administration’s intrusions into the independence of the press.”Jameel Jaffer, executive director of the Knight First Amendment Institute, demanded a public explanation from the justice department “why it believes this search was necessary and legally permissible”.In a statement, Jaffer said: “Any search targeting a journalist warrants intense scrutiny because these kinds of searches can deter and impede reporting that is vital to our democracy.“Attorney General Bondi has weakened guidelines that were intended to protect the freedom of the press, but there are still important legal limits, including constitutional ones, on the government’s authority to use subpoenas, court orders, and search warrants to obtain information from journalists.“Searches of newsrooms and journalists are hallmarks of illiberal regimes, and we must ensure that these practices are not normalized here.”
(DIR) Post #B2HgazryBJxsgT4ivI by briankrebs@infosec.exchange
2026-01-14T18:02:06Z
0 likes, 0 repeats
This would appear to be related to the probe into the alleged leaker ( h/t @ncweaver ) https://storage.courtlistener.com/recap/gov.uscourts.mdd.597299/gov.uscourts.mdd.597299.1.1.pdf
(DIR) Post #B2RQXJVLItg6TNrYzA by briankrebs@infosec.exchange
2026-01-18T17:04:10Z
0 likes, 1 repeats
Continue, or "try it now" a popup from Gmail now asks, offering to compose your next message with Gemini. I guess the tiny "x" is the "fuck no" button?#darkpatterns
(DIR) Post #B2UAQVhcXP8QU8DgIa by briankrebs@infosec.exchange
2026-01-20T18:37:49Z
0 likes, 1 repeats
New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. NetworksA new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/#botnet #infosec #IoT #DDoS #threatresearch #malware
(DIR) Post #B2UVclEGja1V9VAoMa by briankrebs@infosec.exchange
2025-10-25T02:31:38Z
0 likes, 0 repeats
What if Trump's new ballroom is just an excuse to build a bigger, deeper, stronger bunker underneath so he can hide from the angry mobs? https://apnews.com/article/donald-trump-ap-top-news-george-floyd-politics-a2326518da6b25b4509bef1ec85f5d7f
(DIR) Post #B2UVcmadftVlNAeBs0 by briankrebs@infosec.exchange
2026-01-20T20:30:33Z
1 likes, 1 repeats
Called it: Via CNN...Inside plans to rebuild the ‘top-secret’ bunker beneath the White House East Wing https://archive.is/e4wzc#selection-2133.7-2133.93
(DIR) Post #B2Uh3CG3xkji0QowhU by briankrebs@infosec.exchange
2026-01-20T23:34:53Z
0 likes, 2 repeats
Politico writes: "Two members of Elon Musk’s DOGE team working at the Social Security Administration were secretly in touch with an advocacy group seeking to “overturn election results in certain states,” and one signed an agreement that may have involved using Social Security data to match state voter rolls, the Justice Department revealed in newly disclosed court papers.""Elizabeth Shapiro, a top Justice Department official, said SSA referred both DOGE employees for potential violations of the Hatch Act, which bars government employees from using their official positions for political purposes."Shapiro’s previously unreported disclosure, dated Friday, came as part of a list of “corrections” to testimony by top SSA officials during last year’s legal battles over DOGE’s access to Social Security data. They revealed that DOGE team members shared data on unapproved “third-party” servers and may have accessed private information that had been ruled off-limits by a court at the time."Kind of makes you wonder about the rest of the departments where DOGE had access. https://www.politico.com/news/2026/01/20/trump-musk-doge-social-security-00737245?cid=apn
(DIR) Post #B2WNEmQCErMuaDj600 by briankrebs@infosec.exchange
2026-01-21T20:48:18Z
0 likes, 0 repeats
@thomas_klopf you need something connected to your main router or switch that can sniff all the traffic going in and out. I'm experimenting with an installation of Security Onion on an ancient Windows laptop w/ two ethernet connectors. The software on the switch lets you mirror the port from the router on a different port, which connects to the laptop running Security Onion. You can then log in to the web interface from any system on the local network and see your traffic.
(DIR) Post #B2a9qyqNsa7hOA8VvM by briankrebs@infosec.exchange
2026-01-23T16:28:04Z
0 likes, 0 repeats
I'd heard that Comcast was getting ready to issue a report on how it's been dealing with the massive number of Aisuru/Kimwolf botnet infections on their network. Also, Kimwolf piggybacked on IPIDEA's proxy network, and data from Synthient shows Comcast's email service (imap.comcast.net) was the most-requested domain of IPIDEA users (these are credential-stuffing attacks). Glad I didn't wait for their report. It's basically a recap of everything we know so far, but narry a word about how it's affecting their customers. Instead, the blog post uses the old "we ran the malware in a lab and here's what we saw" approach to admiring the problem.https://corporate.comcast.com/press/releases/localhost-as-an-attack-multiplier-resproxy-co-infection-and-lateral-expansion
(DIR) Post #B2a9qzoIHq2sNyAMIy by briankrebs@infosec.exchange
2026-01-23T16:34:24Z
0 likes, 0 repeats
The world would be a better and safer place if legacy ISPs stopped giving away email accounts. None of them want to be in the email business, and probably 95 percent of these accounts have horrible passwords, no MFA, and they get taken over constantly by cybercriminals and used for bad stuff.
(DIR) Post #B2gQsGaTyYfiCACe0W by briankrebs@infosec.exchange
2026-01-26T17:10:54Z
2 likes, 3 repeats
We knew this was coming, but now the clock is running. From Privacy International: "Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP).""If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."PI linked to and summarized a Federal Register entry describing the proposed requirements:-All visitors must submit ‘their social media from the last 5 years’-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’‘telephone numbers used in the last five years’-‘email addresses used in the last ten years’-‘family number telephone numbers (sic) used in the last five years’-biometrics – face, fingerprint, DNA, and iris-business telephone numbers used in the last five years-business email addresses used in the last ten years.https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-mediaThe Federal Register entry says comments are encouraged andmust be submitted (no later than February 9, 2026) to be assured of consideration.Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf
(DIR) Post #B2gSNR9GrMUtsgtz8q by briankrebs@infosec.exchange
2026-01-26T17:28:04Z
0 likes, 0 repeats
I feel for anyone in the travel, tourism and hospitality industries, which make up ~ 10M jobs and ~ 3 percent of the nation's GDP. From the U.S. International Trade Administration (trade.gov)"Inbound international travel to the United States plays a vital role in the Nation’s economy and promotes cultural exchange and understanding. Travel and tourism is the largest single services export for the United States, accounting for 22 percent of the country’s services exports and 7 percent of all exports in 2023. The travel and tourism industry contributed $2.3 trillion to the U.S. economy in 2022 (2.97 percent of the country’s GDP), supporting 9.5 million jobs."