Jason LefkowitzImagine how much happier you’d be today if you’d never turned it back on
krebsonsecurity @ gmail .com
Linkedin: https://www.linkedin.com/in/bkrebs
| website | https://krebsonsecurity.com |
BrianKrebs
- 113.1K Followers
- 1.2K Following
- 14.8K Posts
Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07
krebsonsecurity @ gmail .com
Linkedin: https://www.linkedin.com/in/bkrebs
krebsonsecurity @ gmail .com
Linkedin: https://www.linkedin.com/in/bkrebs
@hardindr Nah, there will eternally be routers for sale on Ebay etc. I don't believe this order will stand the test of time, but I could be wrong
evacideIf you have an iPhone, today is a good day to make sure you are running the latest software. https://techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/
Whoa, that escalated quickly. This just got sent out by the press folks at the Federal Communications Commission (FCC). The FCC says it has decided that all foreign-made consumer-grade Internet routers are henceforth prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the United States.
"Update Follows Determination by Executive Branch Agencies that Consumer-Grade Routers Produced in Foreign Countries Threaten National Security
WASHINGTON, March 23, 2026—Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet. This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.”
"The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”
"This action does not affect any previously-purchased consumer-grade routers. Consumers can continue to use any router they have already lawfully purchased or acquired."
"Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations. Interested applicants are encouraged to submit applications to [email protected]."
Not sure how many consumer-grade routers will be left for sale if it really is a ban on approvals for any foreign-made consumer routers like they said, and not just a bunch of already restricted Chinese makers like Huawei and ZTE.
https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routers
FCC's "covered list" of "thou shalt not entities": https://www.fcc.gov/supplychain/coveredlist
The Kimwolf botmaster Dort is currently spamming the living crap out of this Mastodon instance with messages claiming i'm a monster. Sorry @jerry. That's a lot of junk accounts and messages. I guess the visit he got from law enforcement didn't deter him much.
@a2_4am It's consistent with my belief that we routinely let drunk drivers back on the road via a variety of too lenient enforcement schemes. DUI should IMO lead to automatic license suspension for a meaningful amount of time, several years.
This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:
"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."
"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."
https://www.heise.de/news/WTF-Polizei-rueckte-Samstagnacht-wegen-Zero-Day-aus-11221345.html
@jik That is undoubtedly true. At least they will save on gas right now.
@markstos Booze Cruisers Blue After Intoxalox Locked
ICYMI (from the not-all-cyber-news-is-horrible dept), a cyberattack on a U.S. vehicle breathalyzer company has left drivers across the United States stranded and unable to start their vehicles. This story positively cries out for a headline-writing contest. TechCrunch reports:
"The company, Intoxalock, says on its website that it is “currently experiencing downtime” after a cyberattack on March 14. Intoxalock sells breathalyzer devices that fit into vehicle ignition switches, and is used by people who are required to provide a negative alcohol breath sample to start their car."
