The Coming Storm

IndependentKrebs

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

Credit to Author: BrianKrebs| Date: Tue, 20 May 2025 21:30:30 +0000

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

Read More
IndependentKrebs

Patch Tuesday, May 2025 Edition

Credit to Author: BrianKrebs| Date: Wed, 14 May 2025 11:57:48 +0000

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.

Read More
IndependentKrebs

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

Credit to Author: BrianKrebs| Date: Fri, 02 May 2025 00:52:00 +0000

A employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.

Read More
IndependentKrebs

DOGE Worker’s Code Supports NLRB Whistleblower

Credit to Author: BrianKrebs| Date: Wed, 23 Apr 2025 20:45:04 +0000

A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk’s companies.

Read More
IndependentKrebs

Whistleblower: DOGE Siphoned NLRB Case Data

Credit to Author: BrianKrebs| Date: Tue, 22 Apr 2025 01:48:27 +0000

A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk’s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.

Read More
IndependentKrebs

Funding Expires for Key Cyber Vulnerability Database

Credit to Author: BrianKrebs| Date: Wed, 16 Apr 2025 03:59:18 +0000

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each year by the Department of Homeland Security — expires on April 16.

Read More
IndependentKrebs

Trump Revenge Tour Targets Cyber Leaders, Elections

Credit to Author: BrianKrebs| Date: Tue, 15 Apr 2025 03:27:51 +0000

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.

Read More
IndependentKrebs

China-based SMS Phishing Triad Pivots to Banks

Credit to Author: BrianKrebs| Date: Thu, 10 Apr 2025 15:31:58 +0000

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.

Read More