briankrebsVerified account

@briankrebs

Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09

krebsonsecurity @ gmail.com
krebsonsecurity.com
Joined March 2009
637 Photos and videos Photos and videos

Tweets

You blocked @briankrebs

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @briankrebs

  1. Pinned Tweet
    Apr 16

    Did someone at the U.S. Commerce Dept's NTIA division find a SolarWinds backdoor in Aug. 2020, months before the breach became public? Sure looks that way. WSJ reported in Dec. that NTIA was 1 of many federal agencies hit by 2nd, 3rd or 4th-stage malware

    5 replies 56 retweets 90 likes
    Undo
  2. Retweeted
    Apr 21

    Very curious where this will go. The US government's current response to ransomware is largely the FBI and USSS investigating Russian criminals they can't touch. Just keep building and building cases, hoping the bad guys will forget and vacation in Spain.

    13 replies 54 retweets 154 likes
    Show this thread
    Show this thread
    Undo
  3. Apr 22

    Dug up a small oak tree this morning, before remembering today is Earth Day. However, we did give it away to be planted elsewhere. So I think our carbon karma/offsets or whatever are still okay...

    14 replies 4 retweets 89 likes
    Undo
  4. Retweeted
    Apr 22

    Holy name change, Batman: "SolarWinds MSP is becoming N‑able." I guess having a parent company suffer one of the world's worst supply-chain attacks in history is bad for business (MSP says it was not affected) Who's n-amored by the move?

    20 replies 30 retweets 65 likes
    Undo
  5. Apr 16

    One of the 6 Russian tech firms sanctioned yesterday by White House for allegedly aiding Russian cyberspies -- Positive Technologies -- had advance access to information about vulnerabilities in Microsoft products. MS says it's removed that access for PT

    12 replies 124 retweets 234 likes
    Undo
  6. Apr 15

    A joint advisory from the FBI, CISA and NSA seems to confirm my reporting from December that a VMWare flaw (CVE-2020-4006) was used as an attack vector by the Russian SVU attackers involved in SolarWinds

    7 replies 104 retweets 220 likes
    Undo
  7. Retweeted
    Apr 13

    This is interesting: FBI sought and obtained a warrant to access compromised Exchange servers in the US for the narrow purpose of causing the malware to uninstall

    18 replies 160 retweets 422 likes
    Show this thread
    Show this thread
    Undo
  8. Retweeted
    Apr 13

    Recommended for from 2007 to 2013, a period when we started to learn about the Russian Business Network, bulletproof-hosting providers, and fast-flux obfuscation. Amazing work by . Read the full review at:

    24 retweets 42 likes
    Undo
  9. Apr 12

    Someone is selling license plate data, email addresses, DoBs, phone numbers, bcrypt hashed passwords and other info on 21M+ users of parking app. ParkMobile says it disclosed an incident Mar. 26, but that disclosure didn't say what was taken

    26 replies 256 retweets 355 likes
    Undo
  10. Retweeted
    Apr 7

    Most Americans "are never going to run into the Russian SVR. They're going to run into ransomware, business email compromise," says at event, making a point about cybercriminals' broad impact on American lives.

    3 replies 39 retweets 173 likes
    Undo
  11. Apr 6

    Ne'er-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected prior to 2020, before FB blocked such info from being scraped from profiles. Here's what FB users can do.

    15 replies 97 retweets 132 likes
    Undo
  12. Apr 6

    This was a great read, and solid research: Breaking GitHub private pages for $35,000.

    3 replies 40 retweets 120 likes
    Undo
  13. Apr 6

    Get ready for a flood of breach notices. Ransomware thugs now emailing customers of breach victims directly is likely to speed up pace of these disclosures. Here's one Apr. 5 from , almost simultaneous to emails from Clop ransom gang

    9 replies 135 retweets 196 likes
    Undo
  14. Apr 5

    Clop gang and possibly others are now emailing victim customers telling them their personal, financial data, etc is going to posted on the darknet unless a ransom is paid. Basically lobbying them to pressure ransomware victims.

    7 replies 63 retweets 96 likes
    Undo
  15. Apr 3

    Good read, via Man who thought opening a TXT file is fine thought wrong. On embedding malicious HTML in .txt files on a Mac via a 2019 CVE

    4 replies 57 retweets 159 likes
    Undo
  16. Apr 3

    ICYMI, , a site I've recommended in countless stories, no longer points to the project, which is now at . Apparently there was some drama/dispute, and the domain got sold off. I have a few stories to update...

    3 replies 62 retweets 154 likes
    Undo
  17. Retweeted
    Apr 1

    It's not DNS There's no way it's DNS It was DNS

    We're investigating a potential DNS issue and are evaluating our mitigation options.
    Show this thread
    17 replies 162 retweets 713 likes
    Undo
  18. Apr 1

    At long last, KrebsOnSecurity is truly mobile-friendly. I'm sorry it's taken so long. I could list the various delays but eh. It's still a work in progress. We wanted something similar, fast, responsive and easy to read. I hope this ticks all those boxes:

    19 replies 29 retweets 259 likes
    Undo
  19. Apr 1

    Apparently has me on their short "non-exhaustive list of competitors." I am not sure how I feel about that, but at least my brand isn't the example used in the "not acceptable" graphic. H/T

    27 replies 22 retweets 215 likes
    Undo
  20. Retweeted
    Mar 31

    Per , WeLeakInfo's payment data was hacked. *141* security companies bought data from WLI, which was shut down by LE in Jan. 2020. What are the legal/ethical considerations around buying ? W/

    3 replies 38 retweets 53 likes
    Show this thread
    Show this thread
    Undo

@briankrebs hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·