briankrebs @briankrebs Twitter profile

Pinned Tweet

briankrebs

1 year

FYI, the only reason I'm still here is to to make fun of the new CEO and his $44B dumpster fire. Anything serious I have to say will be said over on that other site (rhymes with John Mastodon). But please, keep the replies coming!

106

99

807

Last Seen Profiles

@Alexintosh

@WallaceCR_

@ZachQbLawrence

@OldGloryDC

@_LowQuality_

@TLH_Football

@heatherbell

@OldGloryDC

@_markgallagher

@_WanderingMan

@_stedswrestling

@_BrendanStanton

@abo_Turki1010

@_Da_pistol

@Footish_ann

@buklodcssp

@yosoyhelena

@realpapahh

@CANMechanical

@FedKassad

@vxeds

@breakfast_dogs

@RU4REALim

@RosalesAntulio

@itspablolul

@8bitesquire

@ssi_nyu

@wonbin_seunghan

@BeyondBCN

@BigRedBronchos

@toyokawahiro

@vertex_protocol

@AR500ARMOR

@Bankwest

@VampireGhuleh

@M_Szulca

briankrebs

@briankrebs

3 years

Confirmed: The DNS records that tell systems how to find or got withdrawn this morning from the global routing tables. Can you imagine working at FB right now, when your email no longer works & all your internal FB-based tools fail?

1K

12K

34K

briankrebs

@briankrebs

1 year

Let this sink in: @elonmusk hath decreed that all links to Mastodon should be flagged as malware. This is, of course, a baldfaced lie, and he knows it. So the CEO of Twitter is lying to everyone on Twitter, and to all its advertisers, even to all of his defenders.

Graham Cluley

@gcluley

1 year

“Account update failed. Description is considered malware.” 🤣

66

192

1K

6K

22K

briankrebs

@briankrebs

2 years

Everything that @elonmusk has done publicly so far to Twitter seems like exactly what I'd do if I wanted to ensure the entire platform ran straight into the ground, and fast. His actions and words make it really hard to see how this isn't actually his plan.

2K

3K

19K

briankrebs

@briankrebs

7 years

Western Union to forfeit $586M to settle charges with US Govt over alleged money laundering for human trafficking

Western Union Admits Anti-Money Laundering Violations and Settles Consumer Fraud Charges, Forfeits...

The Western Union Company (Western Union), a global money services business headquartered in Englewood, Colorad

www.ftc.gov

58

26K

6K

briankrebs

@briankrebs

1 year

LOL. The CEO of Twitter has gone full despot/dictator mode. You can now get banned for mentioning your Insta, FB, Mastodon, Post, or other. You know a country is in full freedom mode when it starts shutting its borders for people trying to leave!

449

2K

7K

briankrebs

@briankrebs

3 years

We don't know why this change was made. It could well have been the result of an internal, system wide change or update that went awry. It's all speculation at this point why. FB alone is in control over its DNS records.

110

897

6K

briankrebs

@briankrebs

3 years

To be more precise (and Geek Factor 5) the BGP routes serving Facebook's authoritative DNS were withdrawn, rendering all Facebook domains inaccessible. That's per @DougMadory , who knows a few things about BGP/DNS.

99

1K

6K

briankrebs

@briankrebs

3 years

From trusted source: Person on FB recovery effort said the outage was from a routine BGP update gone wrong. But the update blocked remote users from reverting changes, and people with physical access didn't have network/logical access. So blocked at both ends from reversing it.

143

1K

4K

briankrebs

@briankrebs

6 years

Being in infosec for so long takes its toll. I've come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don't seem to be any exceptions, and it gets depressing.

144

1K

4K

briankrebs

@briankrebs

7 years

ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin"

Ayuda! (Help!) Equifax Has My Data!

Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed...

krebsonsecurity.com

162

3K

briankrebs

@briankrebs

4 years

8kun/8chan went down tonight. A phone call to their DDoS protection provider was all it took. That provider says they had no idea they were helping 8kun stay online. 8kun, some QAnon sites now getting DDoS protection from ddos-guard dot net in Russia

70

1K

3K

briankrebs

@briankrebs

7 years

Fun fact: CIA unit exposed by Wikileaks was tasked w/ crafting cyber response to Russia's alleged election meddling

WikiLeaks Dumps Docs on CIA’s Hacking Tools

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking...

krebsonsecurity.com

79

2K

3K

briankrebs

@briankrebs

3 years

Just published a short (hopefully broadly accessible) writeup on the ongoing outages at Facebook, Instagram & WhatsApp. Includes perspective, graphic from @dougmadory and Kentik. Will update to add more info soon.

What Happened to Facebook, Instagram, & WhatsApp?

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don't yet know why this happened, but the how is clear: Earlier this morning, something inside...

krebsonsecurity.com

106

2K

3K

briankrebs

@briankrebs

5 years

The CEO of twitter just got his account hijacked, apparently by a bunch of SIM swappers who've been targeting high profile people and celebrities of late. Maybe this will finally get some real attention to the epidemic of SIM swapping happening right now? Not holding my breath.

93

916

2K

briankrebs

@briankrebs

4 years

Predictably, the Zoom hearing for the 17-year-old alleged Twitter hacker in Fla. was bombed multiple times, with the final bombing of a pornhub clip ending the zoom portion of the proceedings.

43

722

2K

briankrebs

@briankrebs

2 years

1/ So you go shopping for a PIV card reader, because the US govt gave you one and you're curious to look at what's on it. You settle for this "DOD military USB common access smart card reader," because it's compatible with Mac OS. Cool! Only $15! What a bargain!

84

589

2K

briankrebs

@briankrebs

4 years

Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present...

krebsonsecurity.com

37

2K

briankrebs

@briankrebs

1 year

Hey @elonmusk , since you don't seem to have much a media/comms team anymore, can you address the apparently legitimate claim that someone scraped & is now selling data on hundreds of millions of Twitter accounts? Maybe it didn't happen on your watch, but you owe Twitter a reply.

71

432

2K

briankrebs

@briankrebs

2 years

The admin of the cybercrime forum Breached said they just received a cease and desist letter claiming the forum thread where a Mexican bank's data was being sold was fake news and harming the bank's reputation. The admin responded by purchasing the data and leaking it. Whoops.

52

553

2K

briankrebs

@briankrebs

6 years

Sometimes Linkedin can be creepily helpful. I was researching this money mule recruitment gang that's been hiring via Linkedin and a day later Linkedin sends me an email suggesting other companies similar to the one I looked up. Looks like I may have found more mule groups.

32

410

2K

briankrebs

@briankrebs

2 years

With Fedex and UPS and DHL stopping package delivery to RU, that's gonna kill several cybercriminal industries -- particularly the reshippers which use stolen card data/mules to buy electronics/household goods at discount & sell to people in RU. Retailers should see a reprieve.

16

399

2K

briankrebs

@briankrebs

6 years

Another awful thing about this death from swatting in Kansas is that there are now multiple reports that the man killed wasn't even part of the dispute that prompted the swatting.

64

974

2K

briankrebs

@briankrebs

7 years

Bring on the bots and sock puppet accounts. Amazing how a tweet about Putin always engenders defensive responses about Trump.

11

521

714

briankrebs

@briankrebs

6 years

Prediction: In a few months, the volume of spam, phishing and just about every form of cybercrime is going to increase noticeably. New privacy rules coming out of the EU are going to take away the single most useful tool available to security experts and researchers: WHOIS.

97

1K

2K

briankrebs

@briankrebs

6 years

Exclusive, breaking: The US Secret Service is quietly alerting banks and ATM operators that for the first time ever ATM "Jackpotting" attacks -- designed to empty ATMs of cash via malware and hardware -- have hit ATMs in the United States

47

2K

briankrebs

@briankrebs

4 years

Who's behind Wednesday's epic compromise of Twitter? This post holds some very convincing answers.

43

714

2K

briankrebs

@briankrebs

6 years

The security researcher who originally reported the @panerabread security vuln that exposed millions of customers' private info has just penned this response to the company's unbelievable response to my story. worth a read:

No, Panera Bread Doesn’t Take Security Seriously

tl;dr: In August 2017, I reported a vulnerability to Panera Bread that allowed the full name, home address, email address, food/dietary…

medium.com

35

1K

briankrebs

@briankrebs

6 years

Just discovered my mom-in-law has been going into her AOL spam folder and unsubscribing from emails there. Doing so involved clicking soooo many links in seriously dodgy emails. She was like, "why won't it let me unsubscribe?" Me screaming into my pillow.

77

230

1K

briankrebs

@briankrebs

5 years

Exclusive: Facebook stored hundreds of millions of user passwords in plain text for years

70

1K

briankrebs

@briankrebs

2 years

Spent past 2 days reading 14 months worth of leaked chats from the Conti ransomware group (so you don't have to). Today's Part I focuses on the group's internal efforts to evade actions by law enforcement & intel agencies. This is a bottomless gold mine.

Conti Ransomware Group Diaries, Part I: Evasion

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on...

krebsonsecurity.com

26

501

1K

briankrebs

@briankrebs

2 years

Experts say the LAPSUS$ data extortion group that hit Okta and Microsoft this week is run by a 17-year-old from the UK who recently bought the Doxbin doxing website, and then leaked its database. Naturally, Doxbin responded by doxing the LAPSUS$ leader.

A Closer Look at the LAPSUS$ Data Extortion Group

Microsoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and...

krebsonsecurity.com

20

466

1K

briankrebs

@briankrebs

7 years

New logo for all future Equifax stories.

48

416

1K

briankrebs

@briankrebs

2 years

Bought a product off Amazon, and it sucked so badly I had to write a negative but fair review. I then heard from the seller offering 2x what I paid for the item to remove or update my comment. I'm thinking of adding that as an update. But I wonder how many people take the money.

127

113

1K

briankrebs

@briankrebs

6 years

Google said it has not had any of its 85,000+ employees phished on their work accounts since early 2017, when the company began requiring logins via Security Keys

31

798

1K

briankrebs

@briankrebs

3 years

Looks like the domain used to control the malware infrastructure in the SolarWinds compromise is now controlled by Microsoft. They should soon have a good (if conservative) idea how many SW/Orion customers were hacked.

32

376

1K

briankrebs

@briankrebs

5 years

For real: Experian wants you to nominate it for cyber risk awards in 4 categories! What crazy fresh hell bs is this? Is there a way to vote *against* Experian winning anything ever in regards to "cyber"?

91

418

1K

briankrebs

@briankrebs

6 years

, the Web site for the bakery-cafe chain by the same name, leaked millions of customer records -- including names, DOBs, email/street addresses, last 4 of credit card -- until today: Worst part: They were first notified 8 months ago

56

1K

briankrebs

@briankrebs

6 years

Potentially huge scoop from Bloomberg alleging San Jose-based Super Micro, under direction or control of Chinese cyber spies, secretly embedded rice-sized computer chips on electronic components stitched into devices made by 30 companies #supplychain

China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies

The attack by Chinese spies reached almost 30 U.S. companies by compromising America's technology supply chain.

www.bloomberg.com

79

1K

briankrebs

@briankrebs

7 years

Not to fear! Equifax is offering free credit monitoring for all 143M Americans affected by its own breach! The madness has to stop.

89

682

1K

briankrebs

@briankrebs

6 years

I never do this, but this is important so please RT if you agree: It's not okay for my mobile provider to sell or give my mobile device location info to a 3rd party without at least a court order/subpoena. Background: and

30

2K

1K

briankrebs

@briankrebs

2 years

Antivirus giant Norton 360 has installed a cryptocurrency mining program on users PCs, but says the service that enables the miner is opt-in. Users report miner is hard to remove. Customer reactions range from unease/disbelief to "dude, where's my crypto?"

Norton 360 Now Comes With a Cryptominer

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers' computers. Norton's parent firm says the cloud-based...

krebsonsecurity.com

88

649

1K

briankrebs

@briankrebs

3 years

Okay infosec peeps: Name one area of your field you're ashamed you don't know more about. I'll go first: IPv6.

271

81

1K

briankrebs

@briankrebs

4 years

Automated Zoom conference meeting finder 'zWarDial' discovers ~100 meetings per hour that aren't protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning

30

778

1K

briankrebs

@briankrebs

2 years

Norton360 isn't the only antivirus product installing cryptominers. Avira, a "free" antivirus product w/ > 500M users, recently introduced users to Avira Crypto. Avira is now owned by NortonLifeLock, which also just bought Avast antivirus (500M users)

500M Avira Antivirus Users Introduced to Cryptomining

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone...

krebsonsecurity.com

39

971

1K

briankrebs

@briankrebs

5 years

New stats indicate half of all phishing sites now begin with https:// < The old "look for the padlock" security advice has never been more useless and dangerous

43

1K

briankrebs

@briankrebs

6 years

@Mantia There is no Cloud. It's just someone else's computer.

13

210

1K

briankrebs

@briankrebs

7 years

Equifax breach response turns into a giant dumpster fire < Analysis of arguably the worst breach response ever

Equifax Breach Response Turns Dumpster Fire

I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau...

krebsonsecurity.com

39

1K

briankrebs

@briankrebs

3 years

Missouri Gov. Mike Parson today vowed to prosecute the St. Louis Post-Dispatch for reporting a security flaw in an agency website that exposed 100k+ teacher SSNs. They held their story until it was fixed. Now Parson is shooting the messenger:

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security...

krebsonsecurity.com

101

499

1K

briankrebs

@briankrebs

2 years

From a security pro who fought LAPSUS$: It forces us to shift thinking about insider access. Nation states want longer, strategic access; ransomware groups want lateral movement. LAPSUS$ asks: What can this account get me in the next 6 hours? We haven’t optimized to defend that.

26

276

1K

briankrebs

@briankrebs

6 years

Worse: The squabble that led to the fatal swatting reportedly started over a $1.50 wagered match in the online game Call of Duty Source: …

34

710

1K

briankrebs

@briankrebs

3 years

Sources who've briefed U.S. national security advisors say >30K U.S. organizations hacked by newly-found holes in Microsoft's Exchange email products, and that 100s of thousands of victim organizations worldwide now have web-based backdoors installed.

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

At least 30,000 organizations across the United States -- including a significant number of small businesses, towns, cities and local governments -- have over the past few days been hacked by an...

krebsonsecurity.com

50

843

1K

briankrebs

@briankrebs

4 years

How the judge in charge of the proceeding didn't think to enable settings that would prevent people from taking over the screen is beyond me. My guess is he didn't know he could. This guy's reaction sums it up.

36

180

1K

briankrebs

@briankrebs

7 years

The hacker who installed ransomware on thousands of San Fran light rail systems on Friday has himself been hacked

San Francisco Rail System Hacker Hacked

The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You Hacked. ALL Data Encrypted." Turns out,...

krebsonsecurity.com

25

1K

briankrebs

@briankrebs

2 years

The IRS says by mid-2022, the only way to log in to will be through , an ID verification service where applicants have to submit copies of bills/ID documents, as well as live selfies via a webcam or mobile.

IRS Will Soon Require Selfies for Online Access

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the...

krebsonsecurity.com

239

590

1K

briankrebs

@briankrebs

5 years

The hospitality industry continues to fail very publicly on security. E.g., I've stayed in more than 20 hotels so far this year alone; ALL of the US-based hotels I stayed at swiped my chip-based card instead of using a chip reader. "We take your security and privacy. Seriously."

60

354

1K

briankrebs

@briankrebs

3 years

SMS was already the weakest link securing just about anything online. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept texts intended for other mobile users. Can we stop pretending SMS is okay now?

Can We Stop Pretending SMS Is Secure Now?

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of people (many of them low-paid mobile store employees) who can be...

krebsonsecurity.com

44

526

1K

briankrebs

@briankrebs

5 years

True story: I do most of my media and story reading from a virtual machine. Sorry, but while I trust most of the publications I frequent to do their best to get the story right, I don't trust the 97 other sites from which they pull scripts and other random stuff.

50

211

1K

briankrebs

@briankrebs

3 years

Exclusive: Fraudsters changed the email and DNS records for a number of cryptocurrency trading platforms this week, after successfully social engineering employees at GoDaddy, the world's largest domain name registrar.

46

498

1K

briankrebs

@briankrebs

5 years

NY cloud payroll provider MyPayrollHR abruptly closes up shop, diverts $35 million in payroll, tax payments to its own account. Employees at thousands of companies that used the service dinged for 1-2 payroll payments. Meanwhile, the CEO has vanished

50

935

991

briankrebs

@briankrebs

8 years

Holy moly. Prolexic reports my site was just hit with the largest DDOS the internet has ever seen. 665 Gbps. Site's still up. #FAIL

58

672

1K

briankrebs

@briankrebs

7 years

I have no special insight on who was responsible for the Equifax breach. But usually when Mandiant is involved, it's state-sponsored.

40

679

969

briankrebs

@briankrebs

5 years

FBI says a Seattle woman hacked into a cloud server and stole "likely tens of millions" of credit applications for Capital One

Capital One Says Breach Hit 100 Million Individuals in U.S.

Capital One Financial Corp. said data from about 100 million people in the U.S. was illegally accessed after prosecutors accused a Seattle woman identified by Amazon.com Inc. as one of its former...

www.bloomberg.com

73

824

933

briankrebs

@briankrebs

2 years

Exclusive: The U.S. Drug Enforcement Administration (DEA) says it is investigating a breach of an agency portal that taps into 16 different federal law enforcement databases. The intruder said they logged in to DEA w/ just a username and password, no 2FA.

DEA Investigating Breach of Law Enforcement Data Portal

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement...

krebsonsecurity.com

39

519

979

briankrebs

@briankrebs

4 years

Dangerous domain goes up for sale. It's dangerous because years of testing shows whoever wields it would have access to an unending stream of passwords, email/proprietary data from hundreds of 1,000s of systems at big companies

34

553

980

briankrebs

@briankrebs

3 years

Many people are asking whether last night's 60 Minutes interview with the Facebook whistleblower is at all related to this outage. That's a good question.

48

304

967

briankrebs

@briankrebs

2 years

Account inactivity fees by banks are complete BS, and should be illegal. Not only do they get to hold my money with virtually no interest, this bank I opened an account at a couple of years ago for a story has started charging $10/mo. Had $200 in it. Now almost in negative.

58

138

966

briankrebs

@briankrebs

7 years

Who Is Marcus Hutchins, the man credited with stopping WannaCry and charged w/ authoring Kronos banking trojan?

Who Is Marcus Hutchins?

In early August 2017, FBI agents in Las Vegas arrested 23-year-old U.K. resident Marcus Hutchins on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online...

krebsonsecurity.com

23

848

929

briankrebs

@briankrebs

6 years

In just a few days, consumer credit freezes will be free for all Americans and their dependents -- no more fees to place or lift a freeze. Here's a primer on the upcoming changes and why you should embrace the freeze if you haven't already

9

638

940

briankrebs

@briankrebs

6 years

Exclusive: Hackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss.

53

840

925

briankrebs

@briankrebs

2 years

I own some crypto (mostly HODL'd gifts) and yeah it's now worth a lot less than it was just a few days ago. But you know what's crazy? I keep secretly wishing the price will fall even further. Coin investors like to say "To the Moon!" I say, "To the ditch," where it all belongs.

49

78

951

briankrebs

@briankrebs

6 years

Facebook just deleted almost 120 cybercrime groups from its platform, totaling ~300k members who promoted everything from spam & credit card from to DDoS services, tax refund fraud, 419 scams & account takeovers. The avg age of these groups was 2 years.

38

678

909

briankrebs

@briankrebs

2 years

Crooks are now hacking police, govt email accounts/websites to send fake "emergency data requests" to wireless providers, ISPs, social media firms. The requests claim it's a matter of life & death, can't wait for subpoena. The compliance rate is high.

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It...

krebsonsecurity.com

24

550

924

briankrebs

@briankrebs

2 years

3/ And then you think, hrm....maybe I should scan this thing at Virustotal, just because who TF is this company anyway? Holy smokes! 39 different antivirus tools detect this driver as Ramnit.a, a type of malware able to exfiltrate sensitive data.

20

85

924

briankrebs

@briankrebs

5 years

Dear Twitter: If you care about your account, get a Google Voice # to replace your mobile # in Twitter settings. Uncheck SMS. Then use only either mobile app or even better a security key for 2-factor authentication. Do this for every other account you care about that you can.

51

394

881

briankrebs

@briankrebs

4 years

Finally got around to deleting my Facebook account. I don't trust FB, and I don't want to tacitly encourage other people to trust it. Anyone who wishes to reach out, please either or twitter (DMs open) or Wickr: krebswickr. Thanks.

briankrebs (@briankrebs) on X

Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwp

twitter.com

45

167

875

briankrebs

@briankrebs

4 years

Here's a question about the twitter compromise today that hasn't yet been answered: With the internal twitter tools access the attackers had, could they also have viewed the target account's direct messages?

77

209

881

briankrebs

@briankrebs

5 years

#1 of who knows how many in re: Why I don't go to RSAcon anymore. I always say the best way to experience RSA is not to go to any of the talks, but instead hang out at the bars near the con to let people get liquored up and tell you things they shouldn't.

35

101

883

briankrebs

@briankrebs

4 years

On Monday, KrebsOnSecurity began following up on info provided by @holdsecurity that a ransomware group (Ryuk) is preparing to encrypt systems at possibly hundreds of medical centers/hospitals. FBI/CISA/HHS just had a call warning of "imminent, credible threat to US hospitals."

41

544

862

briankrebs

@briankrebs

4 years

In 2018, I unmasked the creators of Coinhive as the admins of a German image forum, whose members protested by donating 100s of 1,000s to orgs that fight cancer (Krebs = "cancer" in German). In their 3rd annual 'Krebsaction" they've raised ~$160k so far

9

25

706

briankrebs

@briankrebs

6 years

It's a little weird when you confidently tell an established security firm that they will in all likelihood seriously regret publishing something they're really proud of. Stay tuned.

54

114

847

briankrebs

@briankrebs

3 years

Seeing that, too. WTH?

Anis Haboubi |₿|

@HaboubiAnis

3 years

@briankrebs @DougMadory For sale 🌻🤣

21

217

653

54

323

842

briankrebs

@briankrebs

6 years

Coinbase and Overstock just fixed a bug I helped to report that let anyone buy items at ~15% of listed price by paying in bitcoin cash (BCH) instead of bitcoin (BTC). Worse, refunds for items purchased w/ BCH were refunded in BTC! Crypto-alchemy!

Website Glitch Let Me Overstock My Coinbase

Overstock.com (NASDAQ:OSTK) just fixed a serious glitch in the Coinbase bitcoin payment section of its site that allowed customers to buy any item at a tiny fraction of the listed price. Potentially...

krebsonsecurity.com

43

303

809

briankrebs

@briankrebs

1 year

Also LOL: Twitter complained that I was trying to spread malware blah blah by changing my profile background like I just did. But it still let me. I can't decide which is funnier: Wrongfully accusing me of willfully spreading malware, or accusing me & letting me do it anyway.

27

114

836

briankrebs

@briankrebs

6 years

Don't give away historic details about yourself. Today's post looks at how countless social media users are doing just that, responding to quizzes that ask you to give away answers to commonly asked "secret questions."

47

715

818

briankrebs

@briankrebs

2 years

6/ According to Saicoo, this is all somehow my fault. "From the details you offered, issue may probably caused by your computer security defense system," "actually it's not carrying any virus you can trust us," "please just ignore it and continue installation." Cool cool.

30

43

817

briankrebs

@briankrebs

8 years

People don't really care about DDoS as long as it's just the gaming sites. but take away Twitter/Github/Reddit, it's OMG what's happening!?!

26

489

793

briankrebs

@briankrebs

6 years

The sheer volume of personal/sensitive data I've seen exposed on publicly accessible servers "in the cloud" over the past few weeks makes me wonder why cybercrooks bother "hacking" anything these days, other than perhaps because it's more challenging/fun to do so.

21

318

807

briankrebs

@briankrebs

8 years

both candidates are equally clueless when it comes to "cyber".

61

443

810

briankrebs

@briankrebs

1 year

Scoop: InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber/physical threat info sharing partnerships w/ the private sector, this week saw its database of contact information on more than 80,000 members go up for sale.

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of...

krebsonsecurity.com

44

471

815

briankrebs

@briankrebs

6 years

At the risk of making my job harder (or possibly, easier?) it's clear I'm going to have to write an entire series of blog posts about how not to handle a data breach from a PR perspective. I'm sputtering over here. Gave @panerabread every courtesy and they treat me like an idiot

45

200

811

briankrebs

@briankrebs

5 years

Microsoft has just released an emergency (unscheduled) patch to fix a zero-day security hole in Internet Explorer

34

763

798

briankrebs

@briankrebs

5 years

Exclusive: Multiple sources now say Indian IT outsourcing giant @Wipro is in the throes of dealing with a months-long breach in which intruders were seen using the company's networks to attack and probe customer systems

24

814

810

briankrebs

@briankrebs

2 years

Someone's been creating a ton of fake CISO profiles on LinkedIn for major corporations. What's more, a lot of this info is getting ingested by various sources that then make it even harder to tell the truth in search results. Victor Sites CISO of Chevron? No. Real CISO on left.

44

354

803

briankrebs

@briankrebs

3 years

Blown away that some of the largest media outlets including NYT and WaPo still have nothing about this mass Exchange server hack on hundreds of thousands of organizations. Esp. now that govies are saying it's a giant mess domestically and worldwide.

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

At least 30,000 organizations across the United States -- including a significant number of small businesses, towns, cities and local governments -- have over the past few days been hacked by an...

krebsonsecurity.com

38

373

787

briankrebs

@briankrebs

6 years

So... @ATT @TMobile @sprint @VZWNow When will each of you step forward & pledge not to share real-time customer location data w/ 3rd parties full stop -- without a court order? Who else has access to this data? How exactly did we "opt-in" to sharing it?

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers...

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component...

krebsonsecurity.com

20

477

789

briankrebs

@briankrebs

6 years

15-year-old security researcher finds dangerous flaw in cryptocurrency hardware wallets made by French tech firm Ledger. Company has released firmware update to address the weakness.

19

472

754

briankrebs

@briankrebs

6 years

Oh look,the guy my source initially notified at @panerabread EIGHT MONTHS AGO -- their dir. of info security - was senior dir. of security operations at Equifax until 2013. Shocker.

Mike Gustavison - Panera Bread | LinkedIn

Specialties: CISSP | Learn more about Mike Gustavison's work experience, education, connections & more by visiting their profile on LinkedIn

www.linkedin.com

38

371

756

briankrebs

@briankrebs

6 years

Unreal that BTC is soaring past $13,000. The spike is painting a huge target on anyone holding even meager BTC assets. Long past time to up your game, folks, At a minimum, make sure your security isn't reliant on the mobile carriers not getting social engineered

32

311

750

briankrebs

@briankrebs

2 years

1/ Exclusive: Leaked private chats from the LAPSUS$ group show they hacked T-Mobile multiple times last month, stealing large volumes of source code. T-Mobile says no customer or government data was taken.

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The...

krebsonsecurity.com

26

352

762