@davidfetter I'd say the same about your tone. Lighten up, Francis.

@briankrebs Because I sent a snarky replied to someone who replied to me they deleted it. So to make it evergreen my reply to David was, "Wait until I get RF blocking phone pouches to solve this issue."

Spur has published a list of some 2,400+ IP addresses it sees being used (currently) by North Korean hackers posing as people applying for IT jobs in American and European companies. https://spur.us/astrill-vpn-and-remote-worker-fraud/"Recently, various intelligence and threat analysis teams have identified a concerning trend: North Korean state actors are infiltrating companies and organizations around the world in an attempt to facilitate the clandestine transfer of funds to support North Korea’s state apparatus. Specifically, these actors have favored the use of Astrill VPN to obscure their digital footprints while applying for remote positions.""While it’s been several months since these articles were published, we continue to see reports from our customers of fraudulent remote worker campaigns originating from Astrill VPN IP addresses."https://storage.googleapis.com/spur-astrill-vpn/astrill_vpn_ips_december_2024.txtIf your new IT employee suddenly is unreachable, you might have a problem.

@troed the victims i interviewed for that story all had used LP to store their crypto seed phrase, all had low number of iterations for their pwd hash, and had relatively low-entropy passwords.

@briankrebs @campuscodi That ASPI link was hard to search. But this is pertinent: https://www.recordedfuture.com/research/breaking-the-circle-chinese-communist-party-propaganda

@briankrebs It's been there for a bit, but looking at your other posts with some showing concerns of this being a phishing url is incorrect. You're using the correct link which comes from: http://ngemgrlhmdqi3zsgscjgjrbwpietxf3kbwjfzrarb4h6f3nimjsiu7yd.onion/

Published another "breadcrumbs" piece today, this one tracing the source of a cloud service that resells a cracked version of the Acunetix web app vulnerability scanner that is being used to compromise tens of thousands of websites and steal gobs of data."Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey."https://krebsonsecurity.com/2024/12/web-hacking-service-araneida-tied-to-turkish-it-firm/

@briankrebs didnt CISA come out and counteract Trump’s false voter fraud claims? Seems like getting shunted is inevitable. That dude’s motto seems to be “revenge is a dish best served with no regard to the consequences to myself or anyone else.”

@briankrebs thanks for clarification! I tried to replicate this beforehand, but in my case it asks for password, phone number, auth or recovery code. If it works without any of these then it's highly disturbing.

@briankrebs

@briankrebs He's worth almost two Bezos. Crazy.

@briankrebs That's ridiculous. From what I've seen, AI built into a regular search engine is sometimes good, sometimes crap; that's assuming the AI doesn't literally, completely replace whatever was there to begin with, though. I feel like if they're gonna do anything in that regard, they should just leave the search feature exactly how it was, except also start adding one AI result at the top of the page with the option to turn it off. That way, they could start training their AI on data that comes from people actually using their site, for one thing.

@briankrebs a crypto scam?who'd have possibly predicted that

@briankrebs Grumbot, named after the 'robot' made by MumboJumbo and Grian in HermitCraft.

@TheGibson I had a Jeep for 14 years and really enjoyed it. Also got many skin cancers on upper body as a result

@TheGibson No argument there. I take exception to any argument that says forcing these exchanges into the arms of Russia's answer to Cloudflare (DDoS-Guard) is somehow a bad idea. Sure, we may lose some visibility, but I guarantee you a lot fewer networks are allowing anything and everything from DDoS-Guard.

@briankrebs I mean... what else would they use? Also at the price point of free/$20/$200 per month nobody else comes even close for what you get.

@mitch No joke. That's a very legit startup idea.

@briankrebs there's probably something stateside, but this is a fun channel to see conversions on classicselectric classic carshttps://youtube.com/@electricclassiccars

@mastodonmigration @briankrebs @rpmik Much appreciated explainer!