BrianKrebs

I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

Medien: 1

Must-read report from NPR, showing once again that DOGE is a massive threat to the cyber/national security of the United States:

"In the first days of March, a team of advisers from President Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board.

The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.

The DOGE employees, who are effectively led by White House adviser and billionaire tech CEO Elon Musk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new administration's policies and to cut costs and maximize efficiency."

"But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending."

"Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do."

"The employees grew concerned that the NLRB's confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing security breach or potentially illegal removal of personally identifiable information. The whistleblower believes that the suspicious activity warrants further investigation by agencies with more resources, like the Cybersecurity and Infrastructure Security Agency or the FBI."

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security

The POTUS has issued a memo ordering a federal investigation into Chris Krebs, former head of DHS's Cybersecurity and Infrastructure Security Agency (CISA). The president fired Krebs after the CISA director declared the 2020 election that Trump lost was the most secure in U.S. history.

"Trump's orders revoked the security clearances for Christopher Krebs, the former head of DHS's Cybersecurity and Infrastructure Security Agency, and Miles Taylor, a former senior DHS official who wrote a highly critical tell-all book about his time in Trump's first administration."

https://www.usatoday.com/story/news/politics/2025/04/09/trump-orders-probe-krebs-2020-election/83016002007/

https://www.whitehouse.gov/fact-sheets/2025/04/fact-sheet-president-donald-j-trump-addresses-risks-from-chris-krebs-and-government-censorship/

When Trump first took aim at Chris Krebs back in 2020, I started getting tons of hate mail that was directed at him. People full of ignorant rage figuring we're the same person because we share a last name. We're not even related.

Now it's happening again. Here's one I just got less than an hour ago:

From: Eric <eticket@countermail.com>
Subject: Accountability

Message Body:
Krebs:

I used to be an admirer of yours but, ever since the 2020 election, I lost all respect for you.

You either lied or were complicit in the 2020 election theft and DJT is coming after you.

Krooks like Krebs need to be held accountable and I can't wait.

This is from my home state senator Mark Warner (D-Va), one of the few lawmakers in Congress who's demonstrated a keen understanding of cybersecurity issues. Warner was responding to POTUS' firing of Gen. Timothy Haugh, the commander of the US Cyber Command/NSA director at the behest of a far-right conspiracy theorist.

"“General Haugh has served our country in uniform, with honor and distinction, for more than 30 years. At a time when the United States is facing unprecedented cyber threats, as the Salt Typhoon cyberattack from China has so clearly underscored, how does firing him make Americans any safer?"

“It is astonishing, too, that President Trump would fire the nonpartisan, experienced leader of the National Security Agency while still failing to hold any member of his team accountable for leaking classified information on a commercial messaging app – even as he apparently takes staffing direction on national security from a discredited conspiracy theorist in the Oval Office.”

https://www.nytimes.com/2025/04/03/us/politics/trump-meeting-laura-loomer.html

Imagine being so drunk on the Kool-Aide that you can't listen to someone trying to help your company. Reached out to an executive at a manufacturing company about a security issue, and their reply was: "I'd like to help you. However, in checking out your website it is clear you suffer from Trump Derangement Syndrome. I don't like the guy but he is our President and a refreshing change from a mentally incapacitated do nothing President." Oh well, I tried.

When you see the POTUS or people who support him saying things like, "man who could have asked for a better start to this presidency," you might go "whuh?"

But if you take a look at the useful Project 2025 Tracker, they've made incredible progress on their policy goals in a remarkably short time. I encourage everyone to explore this site, because it kind of puts all the awful in one place.

https://www.project2025.observer/

Medien: 2

Dear Tesla (ab)users:

There's now an easier way to offload your Swasticars. I give you stealmytesla.com.

Discreet Tesla Acquisition

Having difficulty selling your Tesla without all the hassle and negativity? Maybe its time to consider other options.

Expert Acquisition Team

Our team of experienced Tesla acquisition specialists will ensure a smooth and successful transaction for you.

Anonymous Registration

With Steal My Tesla, you can anonymously register your car to be acquired, transported, and sold within 5-7 business days.

Medien: 1

The Electronic Frontier Foundation has released an open source project called Rayhunter. It is designed to run on an inexpensive (~$20) mobile hotspot and look for signs of mobile spying devices called cell-site simulators. Also known as Stingrays or IMSI catchers, they masquerade as legitimate cellphone towers, tricking phones w/in a certain radius into connecting to the device rather than a tower.

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

Medien: 1

Hey everyone. If you're looking for a reliably good, local cause to support with your time or donations consider your local food bank. Reuters reports that many food banks across the country are already strained by rising demand and will have less food to distribute because of least $1 billion in federal funding cuts and pauses by the POTUS.

"Hunger in the U.S. has ticked up in recent years with rising inflation and the end of pandemic-era programs that expanded food aid. President Donald Trump's administration has vowed to lower inflation by cutting back on government spending, including two U.S. Department of Agriculture programs that helped schools and food banks buy food from local farms."

"Reuters spoke with food banks in seven states who said cancellation and pauses of the programs meant they expected to offer less produce, meat and other staples in the coming weeks and months, leaving scarcer food for those reliant on free supplies that helped stave off hunger."

"One reason is fewer expected shipments from USDA's The Emergency Food Assistance Program (TEFAP), one of the agency's core nutrition programs that buys food from farmers and sends it to food pantries, some of the organizations said."

https://www.yahoo.com/news/trump-cuts-hit-struggling-food-101121569.html

https://www.cleveland.com/news/2025/03/too-stupid-for-words-trump-pulls-back-20-semi-trucks-of-food-from-clevelands-food-bank.html

I've noticed something that I think is worth pointing out: pretty much ALL of the pushback I have gotten on LinkedIn over the past few months over stories critical of this administration has come from men in IT. Many of whom no doubt idolize Musk, who in their minds can walk on water.

Conversely, the response almost universally I've seen from female non/male people in IT and security professionals on LinkedIn has been a great deal more appropriate, i.e. horror, disgust and revulsion for the way this administration is treating federal employees, veterans, the courts, judges, lawyers, journalists, and important, long-standing U.S. policy interests.

I guess what I'm saying is nobody should expect the men in IT to lead the resistance. So many of them are like this guy: angry, aggressive, and really excited about the good old US of A going back to the 80s. Like the 1880s.

Medien: 1