BrianKrebs
LightNews LightNews
banner
briankrebs.infosec.exchange.ap.brid.gy
BrianKrebs
@briankrebs.infosec.exchange.ap.brid.gy
3.1K followers 0 following 830 posts
Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09 […]

🌉 bridged from ⁂ https://infosec.exchange/@briankrebs, follow @ap.brid.gy to interact
Posts Replies Media Videos
briankrebs.infosec.exchange.ap.brid.gy
Wrote up some thoughts about the proposed ban on the sale of TP-Link devices in the US.

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an […]

[Original post on infosec.exchange]
A TP-Link WiFi 6 AX1800 Smart WiFi Router (Archer AX20). The router is black, completely flat, with a very low profile, and six green lit lights in the front. There are four black antennas sticking straight up out of the back.
November 9, 2025 at 8:17 PM
briankrebs.infosec.exchange.ap.brid.gy
@hacks4pancakes I feel your pain
A screenshot of my linkedin account says I have 2,036 invitations to review.
November 6, 2025 at 2:30 PM
briankrebs.infosec.exchange.ap.brid.gy
New, from me: Cloudflare Scrubs Aisuru Botnet from Top Domains List

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently […]

[Original post on infosec.exchange]
A screenshot of radar.cloudflare.com/domains, showing The #1 and #3 positions in this chart are Aisuru botnet controllers with their full domain names redacted. the rest of the top domains are what you would expect: microsoft.com, google.com, amazon.com, etc..
November 6, 2025 at 2:10 AM
briankrebs.infosec.exchange.ap.brid.gy
So I guess Cloudflare is now at least filtering out the names of the domains used as control servers for the Aisuru botnet. The botnet has been using Cloudflare's 1.1.1.1 DNS and has radically affected these top domain results. When I looked yesterday I […]

[Original post on infosec.exchange]
a screenshot of the domain domains requested globally from radar.cloudflare.com shows a redacted Aisuru botnet C2 domain ending in .st is #1, ahead of google.com. Another C2 is redacted dot su, at #3. The rest are what you'd expect (Google, Amazon, Apple, Microsoft, etc).
November 3, 2025 at 7:40 PM
briankrebs.infosec.exchange.ap.brid.gy
New, by me: Alleged Jabber Zeus Coder "MrICQ" in U.S. Custody

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United […]

[Original post on infosec.exchange]
A mugshot of a 41 y/o Ukrainian man being held in Nebraska, Yuriy Igorevich Rybtsov. He has brown hair that recedes slightly on both sides, and is wearing a prison outfit of a white shirt and bright orange jumpsuit. This photo from lockedup[.]wtf, says he is being held for the FBI.
November 3, 2025 at 1:42 PM
briankrebs.infosec.exchange.ap.brid.gy
I guess I can write about these guys till I'm blue in the face. These proxy/botnet stories have a lot of moving parts, so I get it when another big development makes everyone yawn. But don't take my word for it: If you look at Cloudflare Radar right now, you […]

[Original post on infosec.exchange]
A Cloudflare Radar chart for today shows a C2 server for the Aisuru botnet is currently the most sought-after domain on the internet.
October 29, 2025 at 7:00 PM
briankrebs.infosec.exchange.ap.brid.gy
New, by me: Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and […]

[Original post on infosec.exchange]
An ASCII art picture of a man in a suit flipping the middle finger while smiling.
October 29, 2025 at 2:57 AM
briankrebs.infosec.exchange.ap.brid.gy
Look who just got thrown back into a Russian penal colony for 10 years: Pavel Vrublevsky, one of the main cybercrime figures in my 2014 book, Spam Nation.

"The Khamovnichesky Court of Moscow found Pavel Vrublevsky, the founder of ChronoPay, guilty and […]

[Original post on infosec.exchange]
Pavel Vrubelvsky, wearing a brown-green baseball cap with "LA" on the front and a grey zip-up sweatshirt, stares out from behind bars in a Moscow court while his 10 year sentence was read in court today.
October 27, 2025 at 2:05 PM
briankrebs.infosec.exchange.ap.brid.gy
Top story on WaPo: How Trump’s ballroom will dwarf the White House
Trump’s new 90,000-square-foot White House ballroom would be almost as large as the rest of the complex.

"There has been little public information released about the layout or design of the […]

[Original post on infosec.exchange]
A wapo graphic shows how the planned ballroom (shown in red) for where the East Wing previously stood would roughly equal the size of the entire rest of the White House complex. The Washington Jost Democracy Dies in Darkness | l = ——— rr A " ) . How Trump's ballroom will . dwarf the White House Trump's new 90,000-square-foot White House ballroom would be almost as large as the rest of the complex. Updated today at 9:30 a.m. EDT %: Summary A» KH 0213 By Aaron Steckelberg, Manuel Canales, Maureen Linke and Javier Zarracina President Donald Trump's project to build an expansive new White House ballroom officially broke ground Monday. Crews tore down the East Wing in only four days, despite Trump's claim that the ballroom wouldn't interfere with the existing building. There has been little public information released about the layout or design of the addition, which
October 25, 2025 at 4:07 PM
briankrebs.infosec.exchange.ap.brid.gy
Was searching my Signal contacts for something something "N" and found a contact I'd not noticed before: Note to Self. One of these days I will just RTFM.

"Who is Note to Self?

This contact entry is a chat to send messages to yourself.
Use this feature to […]

[Original post on infosec.exchange]
Articles in this section Note to Self Signal Secure Backup Filtered by unread Chat Folders on Signal Android | wo STH How to create and share call links « @ Notetoserr 8 Phone Number Privacy and Usernames oN » Phone Number Privacy and 4 3 Usernames: Deeper Dive 7] | Stories 8. | an @ Text Formatting Change the Signal app icon on your Who is Note to Self? phone « This contact entry is a chat to send messages to yourself. Edit Message « Use this feature to jot down a note for yourself to review later or to share messages and files with your linked devices. See more « All messages in Note to Self are end-to-end encrypted Signal messages. + Yes, you can send disappearing messages to yourself. The timer starts immediately. Here's how to start a Note to Self on: « Android . 0s « Desktop
October 24, 2025 at 9:00 PM
briankrebs.infosec.exchange.ap.brid.gy
womp womp
A Bloomberg article today with the headline "Tesla recalls almost 13,000 EVs over risk of battery power loss", and includes a picture of a Tesla car lot with a large car conveyor truck loaded with Teslas.
October 22, 2025 at 5:46 PM
briankrebs.infosec.exchange.ap.brid.gy
Scoopy, new, by me: Canada Fines Cybercrime Friendly Cryptomus $176 Million

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and […]

[Original post on infosec.exchange]
The Cryptomus logo, which features a black background with white writing. a small cube is next to the name, with one side shaded in white. A tweet on July 1, 2024 from Cryptomus's account says "Happy Canada Day" and includes two overlaid canadian flags and the Cryptomus white logo on a black background.
October 22, 2025 at 5:26 PM
briankrebs.infosec.exchange.ap.brid.gy
Sucks that my first thought upon reading this headline was, "Oh lord, who's going to get canceled because of this merger?"

https://www.washingtonpost.com/business/2025/10/21/warner-bros-discovery-sale-cnn/
The Washington Post Media B) CNN's future at stake as owner Warner Bros. Discovery seeks sale Paramount Skydance CEO David Ellison has reportedly expressed interest in buying the company, in a sale that could place CNN and CBS under one parent company. Updated today at 12:33 p.m. EDT € 4min %: Summary » RH 0 626 WA Minne h—
October 22, 2025 at 12:25 AM
briankrebs.infosec.exchange.ap.brid.gy
This might be my fav, though
A picture taken with an iphone 15 pro of the night sky in southern Australia, facing south. There are hundreds of stars visible, and the Milky Way can be seen prominently through the bottom third of the picture, a dusty cloud of grey and white and brown, the latter color prominent in the center.
October 20, 2025 at 11:51 PM
briankrebs.infosec.exchange.ap.brid.gy
I like this one, too.
A picture taken with an iphone 15 pro of the night sky in southern Australia, facing south. There are hundreds of stars visible, and the Milky Way can be seen prominently through the bottom third of the picture, a dusty cloud of grey and white and brown, the latter color prominent in the center.
October 20, 2025 at 11:48 PM
briankrebs.infosec.exchange.ap.brid.gy
Took this photo last week w/ my iPhone 15 Pro while reclining just after sundown on St. Andrews Beach, a lovely (and almost deserted this time of year) stretch of coastline at the tail end of the Mornington Peninsula in Australia. Did not adjust any settings […]

[Original post on infosec.exchange]
This is photo of the night sky, facing almost due south on the beach in Australia. There are many blue, white and orange stars visible, and a large cloud that is part of the Milky Way.
October 20, 2025 at 11:40 PM
briankrebs.infosec.exchange.ap.brid.gy
New, from me:

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

Zendesk is […]

[Original post on infosec.exchange]
An abusive email from The Washington Post's Zendesk ticketing system, sent by help@washpost.com. Ticket ID # 4638201: Law Enforcement Emergency Data Request From Your 4head For Your Krebs on Security Account Washington Post Customer Care <help@washpost.com> Tue, Oct 14, 3:54 PM (3 days ago) tome ~ Thank you for contacting The Washington Post. Your inquiry with ticket #(4638201) has been received and will be reviewed by our staff. In the meantime, you may find the following information helpful. Forgot your password? Reset it through this link: https://www.washingtonpost.com/subscribe/signin/forgot To view your subscription details or manage your subscription, log in to My Post https://www.washingtonpost.com/my-post. To add additional comments regarding this issue, please reply to this email.
October 17, 2025 at 11:36 AM
briankrebs.infosec.exchange.ap.brid.gy
Everyone knows the weekends are the best time to push important updates, right?

From Jeep Wrangler forum: Did anyone else have a loss of drive power after today's OTA Uconnect update?

On my drive home I abruptly had absolutely no acceleration, the gear […]

[Original post on infosec.exchange]
a post on Friday, Oct 11 on jlwranglerforums.com B JeepCares i Jeon H 812 posts - Joined 2021 #49 + 27m ago Hi everyone, We are awaiting further information from our software engineering teams that are currently investigating this issue. | will post here when | have further information. Earlier today we had success with customers not using hybrid or electric mode. Please exercise extreme caution this evening if you have completed the update. If you have NOT completed the update and see the pop-up, please continue deferring so that the update does not go through. For a telematics box module update, you can defer infinitely, and it will expire within 30 days. Our expectation is that the dealer network will have documentation available Monday morning for any vehicles that have been towed over the weekend alerting them to next steps (which are still in process of being developed) to ensure that no one is charged for a diagnostic fee. Thank you to everyone who has provided VINs so far. Kori Jeep Cares — 03 Qs ih 8.4 < Post [ac] [8 Stephen Gutowski @ of “W° @stephenGutowski Jeep just pushed a software update that bricked all the 2024 Wrangler 4xe models, including my Willys. The future is going great. 12:56 PM - Oct 1, 2025 - 154.4K Views 15 Was Q 14k Res 2 ® Who can reply? Accounts @StephenGutowski follows or mentioned can reply [8 Stephen Gutowski & ©StephenGutowski - 21h [oJ “MW Here's what the issue looks like for those wondering =, . 3 DON'T UPDATE Your U-Connect | Jeep Wrangler 4x... ~ As of October 10th 2025 the uconnect update is | causing major issues for many 4xe owners. We lose. X 5 Qn Qs 1h 22k na [18 Stephen Gutowski & @StephenGutowski - 20h [oJ “M" When mine bricked, | did the infotainment reset. You put the car in acc mode then press the radio power and tune buttons for ten seconds until the screen restarts. Then turn it on. | had to do that several times before the Jeep would drive again. 4 j= Q 1o thi 11K na [8 Stephen Gutowski & @StephenGutowski - 15h [oJ “MW so, here's what Jeep says. It's the telematics box, which as far as | understand it does diagnostics and ota communications, that's causing the problem. This is the sort of thing | worried about buying a new car, ‘especially a Jeep 4xe. Oh well. dxeforums.com/threads/wrangl...
October 12, 2025 at 3:31 PM
briankrebs.infosec.exchange.ap.brid.gy
New, by me: DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast […]

[Original post on infosec.exchange]
A graphic generated by https://grafana.blockgametracker.gg, which is a website that tracks the uptime and approximate server count for the top Minecraft server hosts. This graphic shows several steep drops in uptime on Sept. 28 (represented by a staggering blue line) from a series of crippling ddos attacks from the Aisuru botnet.
October 10, 2025 at 4:43 PM
briankrebs.infosec.exchange.ap.brid.gy
Paging the Shiny kids, lol.
The seals of the Justice Department and French law enforcement authorities on a seizure notice that now blankets the Shiny Lapsus$ Hunters' extortion website. Behind the seals are what appear to be digital renditions of circuitboards lit up in blue behind it.
October 9, 2025 at 11:36 PM
briankrebs.infosec.exchange.ap.brid.gy
Oh, good. So I guess I can disregard all the weird account emails and +1 bot calls I got yesterday? Coolcoolcool.
A message from the ShinyHunters telegram ’ SLSH 6.0 part 3 - lapsus$hiny$scatteredwizard - Hi Krebs, | hope all is well. Please disregard the messages by all these retards in the channel. They are simply asking to get arrested. | spoke with Shiny and others involved in this channel. None of us sent you the malware email you are accusing us of sending you. 1. We are not that fucking stupid (if we wanted to hack you we would've) 2. We have no reason to RAT you. We don't care about you. Like the person above stated you are completely irrelevant to us. To whomever is sending RATS to security researchers using our name: Please stop. lol. You're making us look bad with your skid fucking malware. Thank you, SLH/SLSH Operations Centre v4
October 8, 2025 at 1:58 PM
briankrebs.infosec.exchange.ap.brid.gy
New, by me: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse […]

[Original post on infosec.exchange]
A screenshot of a scan of the trojan at virustotal.com shows 11 of the 72 security tools detected it as malicious. The malicious indicators are marked in red.
October 8, 2025 at 12:26 PM
briankrebs.infosec.exchange.ap.brid.gy
Been thinking a lot lately about how many fresh college grads are probably going to wind up joining the cybercrime community thanks to AI's impact to entry-level jobs, particularly in IT. We've spent years telling everyone we had this huge shortage of […]

[Original post on infosec.exchange]
A linkedin post by (D2) Paul Eckloff [id - 1st or Experienced Leader in Security, Threat Assessment & Communication | ... h-® THE FRAUD ECONOMY IS HIRING. The IT & Security Economy Is Firing. © GK8 by Galaxy (Nasdaq: GLXY) just found underground job postings where cybercriminals are recruiting professional voice impersonators to scam U.S. crypto executives. Salary: up to $20K a month. Benefits: anonymity, flexible hours, and all the deepfake tech you can plug in. & Meanwhile, in the "above ground” economy? Tech CEOs are announcing record profits... and mass layoffs of highly skilled defenders who might've stopped exactly this kind of attack. We've created a bizarre paradox: & Criminals are hiring voice talent with curated data sets and Al-driven tools. ® Companies are firing IT and security talent, leaving execs more exposed than ever. The result? The underground looks like LinkedIn with fewer buzzwords, and the surface looks like a Fortune 500 boardroom congratulating itself while its phone lines are wide open. J» This isn't phishing emails anymore. These are personalized deepfake calls targeting the people who hold crypto custody keys, legal authority, and access to the financial core. If you think your MFA and spam filters cover it, you're already on mute. We've commoditized the defenders while adversaries are professionalizing the attackers. And when the “shadow HR department” offers $20K/month to pretend to be a CFO, guess who wins that recruiting race?
September 30, 2025 at 7:46 PM
briankrebs.infosec.exchange.ap.brid.gy
seems like they're going backwards on mitigating whatever the trouble is. this is the same ticket from Sept. 17.
An Adobe Analytics status page says Analytics is having a major issue in data collection, data processing, media (video) and reporting applications. The only component listed as available is Data Workbench. These are all related to a "major issue" that first surfaced on Sept. 17, when some Adobe Analytics users reported seeing data from other companies in their dashboards.
September 24, 2025 at 3:47 PM
briankrebs.infosec.exchange.ap.brid.gy
New, by me: Feds Tie 'Scattered Spider' Duo to $115 million in Ransoms

'U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime […]

[Original post on infosec.exchange]
A court artist sketch of Owen Flowers (left) and Thalha Jubair appearing at Westminster Magistrates’ Court last week. Flowers is pictured in a white t-shirt, with his arms crossed; he has longish brown hair that hangs down below his forehead and wears glasses. Jubair is wearing a black coat and black glasses. Credit: Elizabeth Cook, PA Wire.
September 24, 2025 at 1:23 PM