briankrebs
@briankrebs
Followers
332K
Following
9K
Media
840
Statuses
17K
Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwp
Joined March 2009
FYI, the only reason I'm still here is to to make fun of the new CEO and his $44B dumpster fire. Anything serious I have to say will be said over on that other site (rhymes with John Mastodon). But please, keep the replies coming!
232
153
752
Confirmed: The DNS records that tell systems how to find or got withdrawn this morning from the global routing tables. Can you imagine working at FB right now, when your email no longer works & all your internal FB-based tools fail?.
977
12K
32K
Let this sink in: @elonmusk hath decreed that all links to Mastodon should be flagged as malware. This is, of course, a baldfaced lie, and he knows it. So the CEO of Twitter is lying to everyone on Twitter, and to all its advertisers, even to all of his defenders.
1K
5K
18K
Everything that @elonmusk has done publicly so far to Twitter seems like exactly what I'd do if I wanted to ensure the entire platform ran straight into the ground, and fast. His actions and words make it really hard to see how this isn't actually his plan.
1K
2K
15K
Western Union to forfeit $586M to settle charges with US Govt over alleged money laundering for human trafficking
58
23K
5K
LOL. The CEO of Twitter has gone full despot/dictator mode. You can now get banned for mentioning your Insta, FB, Mastodon, Post, or other. You know a country is in full freedom mode when it starts shutting its borders for people trying to leave!
417
1K
6K
We don't know why this change was made. It could well have been the result of an internal, system wide change or update that went awry. It's all speculation at this point why. FB alone is in control over its DNS records.
105
832
6K
To be more precise (and Geek Factor 5) the BGP routes serving Facebook's authoritative DNS were withdrawn, rendering all Facebook domains inaccessible. That's per @DougMadory , who knows a few things about BGP/DNS.
97
1K
5K
From trusted source: Person on FB recovery effort said the outage was from a routine BGP update gone wrong. But the update blocked remote users from reverting changes, and people with physical access didn't have network/logical access. So blocked at both ends from reversing it.
138
1K
4K
Being in infosec for so long takes its toll. I've come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don't seem to be any exceptions, and it gets depressing.
133
1K
3K
ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin"
145
3K
3K
8kun/8chan went down tonight. A phone call to their DDoS protection provider was all it took. That provider says they had no idea they were helping 8kun stay online. 8kun, some QAnon sites now getting DDoS protection from ddos-guard dot net in Russia
63
846
2K
Fun fact: CIA unit exposed by Wikileaks was tasked w/ crafting cyber response to Russia's alleged election meddling
71
2K
2K
Just published a short (hopefully broadly accessible) writeup on the ongoing outages at Facebook, Instagram & WhatsApp. Includes perspective, graphic from @dougmadory and Kentik. Will update to add more info soon.
91
1K
3K
The CEO of twitter just got his account hijacked, apparently by a bunch of SIM swappers who've been targeting high profile people and celebrities of late. Maybe this will finally get some real attention to the epidemic of SIM swapping happening right now? Not holding my breath.
91
848
2K
Predictably, the Zoom hearing for the 17-year-old alleged Twitter hacker in Fla. was bombed multiple times, with the final bombing of a pornhub clip ending the zoom portion of the proceedings.
40
654
2K
1/ So you go shopping for a PIV card reader, because the US govt gave you one and you're curious to look at what's on it. You settle for this "DOD military USB common access smart card reader," because it's compatible with Mac OS. Cool! Only $15! What a bargain!
75
531
2K
Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch
36
1K
2K
Hey @elonmusk, since you don't seem to have much a media/comms team anymore, can you address the apparently legitimate claim that someone scraped & is now selling data on hundreds of millions of Twitter accounts? Maybe it didn't happen on your watch, but you owe Twitter a reply.
61
365
2K
The admin of the cybercrime forum Breached said they just received a cease and desist letter claiming the forum thread where a Mexican bank's data was being sold was fake news and harming the bank's reputation. The admin responded by purchasing the data and leaking it. Whoops.
49
515
2K
Sometimes Linkedin can be creepily helpful. I was researching this money mule recruitment gang that's been hiring via Linkedin and a day later Linkedin sends me an email suggesting other companies similar to the one I looked up. Looks like I may have found more mule groups.
30
385
2K
With Fedex and UPS and DHL stopping package delivery to RU, that's gonna kill several cybercriminal industries -- particularly the reshippers which use stolen card data/mules to buy electronics/household goods at discount & sell to people in RU. Retailers should see a reprieve.
14
334
2K
Another awful thing about this death from swatting in Kansas is that there are now multiple reports that the man killed wasn't even part of the dispute that prompted the swatting.
57
909
2K
Bring on the bots and sock puppet accounts. Amazing how a tweet about Putin always engenders defensive responses about Trump.
10
470
667
Prediction: In a few months, the volume of spam, phishing and just about every form of cybercrime is going to increase noticeably. New privacy rules coming out of the EU are going to take away the single most useful tool available to security experts and researchers: WHOIS.
88
918
2K
Exclusive, breaking: The US Secret Service is quietly alerting banks and ATM operators that for the first time ever ATM "Jackpotting" attacks -- designed to empty ATMs of cash via malware and hardware -- have hit ATMs in the United States
44
2K
1K
Who's behind Wednesday's epic compromise of Twitter? This post holds some very convincing answers.
40
662
1K
The security researcher who originally reported the @panerabread security vuln that exposed millions of customers' private info has just penned this response to the company's unbelievable response to my story. worth a read:
34
948
1K
Just discovered my mom-in-law has been going into her AOL spam folder and unsubscribing from emails there. Doing so involved clicking soooo many links in seriously dodgy emails. She was like, "why won't it let me unsubscribe?" Me screaming into my pillow.
72
206
1K
Exclusive: Facebook stored hundreds of millions of user passwords in plain text for years
64
1K
1K
Spent past 2 days reading 14 months worth of leaked chats from the Conti ransomware group (so you don't have to). Today's Part I focuses on the group's internal efforts to evade actions by law enforcement & intel agencies. This is a bottomless gold mine.
20
469
1K
Experts say the LAPSUS$ data extortion group that hit Okta and Microsoft this week is run by a 17-year-old from the UK who recently bought the Doxbin doxing website, and then leaked its database. Naturally, Doxbin responded by doxing the LAPSUS$ leader.
19
438
1K
Google said it has not had any of its 85,000+ employees phished on their work accounts since early 2017, when the company began requiring logins via Security Keys
31
742
1K
Bought a product off Amazon, and it sucked so badly I had to write a negative but fair review. I then heard from the seller offering 2x what I paid for the item to remove or update my comment. I'm thinking of adding that as an update. But I wonder how many people take the money.
110
98
1K
Looks like the domain used to control the malware infrastructure in the SolarWinds compromise is now controlled by Microsoft. They should soon have a good (if conservative) idea how many SW/Orion customers were hacked.
29
347
1K
For real: Experian wants you to nominate it for cyber risk awards in 4 categories! What crazy fresh hell bs is this? Is there a way to vote *against* Experian winning anything ever in regards to "cyber"?
82
375
1K
the Web site for the bakery-cafe chain by the same name, leaked millions of customer records -- including names, DOBs, email/street addresses, last 4 of credit card -- until today: Worst part: They were first notified 8 months ago
49
1K
1K
Potentially huge scoop from Bloomberg alleging San Jose-based Super Micro, under direction or control of Chinese cyber spies, secretly embedded rice-sized computer chips on electronic components stitched into devices made by 30 companies #supplychain.
73
1K
1K
Not to fear! Equifax is offering free credit monitoring for all 143M Americans affected by its own breach! The madness has to stop.
82
636
1K
I never do this, but this is important so please RT if you agree: It's not okay for my mobile provider to sell or give my mobile device location info to a 3rd party without at least a court order/subpoena. Background: and
27
2K
1K
Antivirus giant Norton 360 has installed a cryptocurrency mining program on users PCs, but says the service that enables the miner is opt-in. Users report miner is hard to remove. Customer reactions range from unease/disbelief to "dude, where's my crypto?"
81
594
1K
Okay infosec peeps: Name one area of your field you're ashamed you don't know more about. I'll go first: IPv6.
253
81
1K
Norton360 isn't the only antivirus product installing cryptominers. Avira, a "free" antivirus product w/ > 500M users, recently introduced users to Avira Crypto. Avira is now owned by NortonLifeLock, which also just bought Avast antivirus (500M users)
34
816
1K
Automated Zoom conference meeting finder 'zWarDial' discovers ~100 meetings per hour that aren't protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning
29
704
1K
New stats indicate half of all phishing sites now begin with https:// < The old "look for the padlock" security advice has never been more useless and dangerous
36
929
1K
Equifax breach response turns into a giant dumpster fire < Analysis of arguably the worst breach response ever.
38
947
1K
Worse: The squabble that led to the fatal swatting reportedly started over a $1.50 wagered match in the online game Call of Duty Source: .
31
675
977
From a security pro who fought LAPSUS$: It forces us to shift thinking about insider access. Nation states want longer, strategic access; ransomware groups want lateral movement. LAPSUS$ asks: What can this account get me in the next 6 hours? We haven’t optimized to defend that.
25
254
1K
Missouri Gov. Mike Parson today vowed to prosecute the St. Louis Post-Dispatch for reporting a security flaw in an agency website that exposed 100k+ teacher SSNs. They held their story until it was fixed. Now Parson is shooting the messenger:
81
423
891
Sources who've briefed U.S. national security advisors say >30K U.S. organizations hacked by newly-found holes in Microsoft's Exchange email products, and that 100s of thousands of victim organizations worldwide now have web-based backdoors installed.
46
763
988
How the judge in charge of the proceeding didn't think to enable settings that would prevent people from taking over the screen is beyond me. My guess is he didn't know he could. This guy's reaction sums it up.
32
164
963
The hacker who installed ransomware on thousands of San Fran light rail systems on Friday has himself been hacked
23
1K
1K
The IRS says by mid-2022, the only way to log in to will be through an ID verification service where applicants have to submit copies of bills/ID documents, as well as live selfies via a webcam or mobile.
209
524
980
The hospitality industry continues to fail very publicly on security. E.g., I've stayed in more than 20 hotels so far this year alone; ALL of the US-based hotels I stayed at swiped my chip-based card instead of using a chip reader. "We take your security and privacy. Seriously.".
55
325
986
SMS was already the weakest link securing just about anything online. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept texts intended for other mobile users. Can we stop pretending SMS is okay now?
36
482
984
True story: I do most of my media and story reading from a virtual machine. Sorry, but while I trust most of the publications I frequent to do their best to get the story right, I don't trust the 97 other sites from which they pull scripts and other random stuff.
45
190
951
Exclusive: Fraudsters changed the email and DNS records for a number of cryptocurrency trading platforms this week, after successfully social engineering employees at GoDaddy, the world's largest domain name registrar.
45
460
967
NY cloud payroll provider MyPayrollHR abruptly closes up shop, diverts $35 million in payroll, tax payments to its own account. Employees at thousands of companies that used the service dinged for 1-2 payroll payments. Meanwhile, the CEO has vanished
41
795
895
I have no special insight on who was responsible for the Equifax breach. But usually when Mandiant is involved, it's state-sponsored.
33
573
815
Holy moly. Prolexic reports my site was just hit with the largest DDOS the internet has ever seen. 665 Gbps. Site's still up. #FAIL.
55
612
931
FBI says a Seattle woman hacked into a cloud server and stole "likely tens of millions" of credit applications for Capital One
71
755
860
Exclusive: The U.S. Drug Enforcement Administration (DEA) says it is investigating a breach of an agency portal that taps into 16 different federal law enforcement databases. The intruder said they logged in to DEA w/ just a username and password, no 2FA.
30
457
877
Dangerous domain goes up for sale. It's dangerous because years of testing shows whoever wields it would have access to an unending stream of passwords,.email/proprietary data from hundreds of 1,000s of systems.at big companies
33
492
904
Many people are asking whether last night's 60 Minutes interview with the Facebook whistleblower is at all related to this outage. That's a good question.
40
272
838
Who Is Marcus Hutchins, the man credited with stopping WannaCry and charged w/ authoring Kronos banking trojan?
21
797
885
Exclusive: Hackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss.
50
778
856
Account inactivity fees by banks are complete BS, and should be illegal. Not only do they get to hold my money with virtually no interest, this bank I opened an account at a couple of years ago for a story has started charging $10/mo. Had $200 in it. Now almost in negative.
53
122
847
In just a few days, consumer credit freezes will be free for all Americans and their dependents -- no more fees to place or lift a freeze. Here's a primer on the upcoming changes and why you should embrace the freeze if you haven't already
9
571
836
Facebook just deleted almost 120 cybercrime groups from its platform, totaling ~300k members who promoted everything from spam & credit card from to DDoS services, tax refund fraud, 419 scams & account takeovers. The avg age of these groups was 2 years.
33
616
836
I own some crypto (mostly HODL'd gifts) and yeah it's now worth a lot less than it was just a few days ago. But you know what's crazy? I keep secretly wishing the price will fall even further. Coin investors like to say "To the Moon!" I say, "To the ditch," where it all belongs.
46
68
813
Crooks are now hacking police, govt email accounts/websites to send fake "emergency data requests" to wireless providers, ISPs, social media firms. The requests claim it's a matter of life & death, can't wait for subpoena. The compliance rate is high.
23
493
836
3/ And then you think, hrm. maybe I should scan this thing at Virustotal, just because who TF is this company anyway? Holy smokes! 39 different antivirus tools detect this driver as Ramnit.a, a type of malware able to exfiltrate sensitive data.
20
80
830
Dear Twitter: If you care about your account, get a Google Voice # to replace your mobile # in Twitter settings. Uncheck SMS. Then use only either mobile app or even better a security key for 2-factor authentication. Do this for every other account you care about that you can.
47
358
816
Here's a question about the twitter compromise today that hasn't yet been answered: With the internal twitter tools access the attackers had, could they also have viewed the target account's direct messages?.
70
188
806
#1 of who knows how many in re: Why I don't go to RSAcon anymore. I always say the best way to experience RSA is not to go to any of the talks, but instead hang out at the bars near the con to let people get liquored up and tell you things they shouldn't.
33
89
817
Finally got around to deleting my Facebook account. I don't trust FB, and I don't want to tacitly encourage other people to trust it. Anyone who wishes to reach out, please either or twitter (DMs open) or Wickr: krebswickr. Thanks.
43
153
772
On Monday, KrebsOnSecurity began following up on info provided by @holdsecurity that a ransomware group (Ryuk) is preparing to encrypt systems at possibly hundreds of medical centers/hospitals. FBI/CISA/HHS just had a call warning of "imminent, credible threat to US hospitals.".
36
466
761
It's a little weird when you confidently tell an established security firm that they will in all likelihood seriously regret publishing something they're really proud of. Stay tuned.
49
107
781
In 2018, I unmasked the creators of Coinhive as the admins of a German image forum, whose members protested by donating 100s of 1,000s to orgs that fight cancer (Krebs = "cancer" in German). In their 3rd annual 'Krebsaction" they've raised ~$160k so far
9
21
694
Seeing that, too. WTH?.
50
304
787
Coinbase and Overstock just fixed a bug I helped to report that let anyone buy items at ~15% of listed price by paying in bitcoin cash (BCH) instead of bitcoin (BTC). Worse, refunds for items purchased w/ BCH were refunded in BTC! Crypto-alchemy!
41
292
778
Also LOL: Twitter complained that I was trying to spread malware blah blah by changing my profile background like I just did. But it still let me. I can't decide which is funnier: Wrongfully accusing me of willfully spreading malware, or accusing me & letting me do it anyway.
25
91
689
Don't give away historic details about yourself. Today's post looks at how countless social media users are doing just that, responding to quizzes that ask you to give away answers to commonly asked "secret questions."
45
633
725
People don't really care about DDoS as long as it's just the gaming sites. but take away Twitter/Github/Reddit, it's OMG what's happening!?!.
24
446
738
The sheer volume of personal/sensitive data I've seen exposed on publicly accessible servers "in the cloud" over the past few weeks makes me wonder why cybercrooks bother "hacking" anything these days, other than perhaps because it's more challenging/fun to do so.
18
286
739
both candidates are equally clueless when it comes to "cyber".
59
405
749
Scoop: InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber/physical threat info sharing partnerships w/ the private sector, this week saw its database of contact information on more than 80,000 members go up for sale.
36
413
727
6/ According to Saicoo, this is all somehow my fault. "From the details you offered, issue may probably caused by your computer security defense system," "actually it's not carrying any virus you can trust us," "please just ignore it and continue installation." Cool cool.
28
41
745
At the risk of making my job harder (or possibly, easier?) it's clear I'm going to have to write an entire series of blog posts about how not to handle a data breach from a PR perspective. I'm sputtering over here. Gave @panerabread every courtesy and they treat me like an idiot.
36
172
743
Exclusive: Multiple sources now say Indian IT outsourcing giant @Wipro is in the throes of dealing with a months-long breach in which intruders were seen using the company's networks to attack and probe customer systems
23
748
744
Microsoft has just released an emergency (unscheduled) patch to fix a zero-day security hole in Internet Explorer
31
719
741
Someone's been creating a ton of fake CISO profiles on LinkedIn for major corporations. What's more, a lot of this info is getting ingested by various sources that then make it even harder to tell the truth in search results. Victor Sites CISO of Chevron? No. Real CISO on left.
40
325
732
Blown away that some of the largest media outlets including NYT and WaPo still have nothing about this mass Exchange server hack on hundreds of thousands of organizations. Esp. now that govies are saying it's a giant mess domestically and worldwide.
33
333
706
15-year-old security researcher finds dangerous flaw in cryptocurrency hardware wallets made by French tech firm Ledger. Company has released firmware update to address the weakness.
17
444
715
Oh look,the guy my source initially notified at @panerabread EIGHT MONTHS AGO -- their dir. of info security - was senior dir. of security operations at Equifax until 2013. Shocker.
33
324
668
Unreal that BTC is soaring past $13,000. The spike is painting a huge target on anyone holding even meager BTC assets. Long past time to up your game, folks, At a minimum, make sure your security isn't reliant on the mobile carriers not getting social engineered.
32
294
703
1/ Exclusive: Leaked private chats from the LAPSUS$ group show they hacked T-Mobile multiple times last month, stealing large volumes of source code. T-Mobile says no customer or government data was taken.
24
328
713