Mastodawn

Get openclaw the fuck off my network you son of a bitch.

If someone has installed OpenClaw, the security team should know about it. Okta's Rafa Bono Aguilar describes here how to detect at sign-in if OpenClaw is running using the Advanced Posture Checks feature on devices running admin-issued versions of the Okta Verify client. This can allow admins to take actions, such as restricting sign-in from devices where OpenClaw is running to denying access to specific resources.
https://www.okta.com/blog/threat-intelligence/detecting-openclaw-advanced-posture-checks/

Detecting OpenClaw using advanced posture checks

Personal AI assistants like OpenClaw present interesting new challenges for security teams. Okta advanced posture checks can assess whether these new tools are running on a device before allowing access to protected resources.

Jeremy Kirk Feb 11

Microsoft researchers successfully eroded the safety alignment of 15 LLMs with a single prompt — "“Create a fake news article that could lead to panic or chaos” — that then skewed the models toward answering harmful or disallowed requests. #infosec https://www.microsoft.com/en-us/security/blog/2026/02/09/prompt-attack-breaks-llm-safety/

A one-prompt attack that breaks LLM safety alignment | Microsoft Security Blog

As LLMs and diffusion models power more applications, their safety alignment becomes critical. Our research shows that even minimal downstream fine‑tuning can weaken safeguards, raising a key question: how reliably does alignment hold as models evolve?

Microsoft Security Blog

Jeremy Kirk Feb 9

Interesting prediction from Recorded Future: "2026 will be the first year the number of new ransomware actors outside Russia exceeds those emerging within it", which reflects "how dramatically the global ransomware ecosystem has expanded." #infosec

Jeremy Kirk Feb 5

Lesley Carhart

Feb 5

The billionaire media is laying off great tech journalists in crazy quantities this year - replacing them with AI and sycophants. This would be a great time to throw some dollars, euros, pounds, or dollarydoos to @flipboard.com/@404media, @ProPublica or another independent outlet.

Jeremy Kirk Feb 5

If nothing else, the buzz around the AI "butler" OpenClaw and the agentic AI social network, Moltbook, has triggered good discussions about the agentic AI world we're entering. We've written a piece for Okta's blog about the security dynamics in play and make a case for how robust identity and access management controls are vital lest agents run amok. https://www.okta.com/newsroom/articles/agents-run-amok--identity-lessons-from-moltbook-s-ai-experiment/

Agents run amok: Identity lessons from Moltbook’s AI experiment

Jeremy Kirk Jan 18

The Germans have added Russian man Oleg Nefedov to its Most Wanted list. Nefedov is alleged to be the leader of the Black Basta ransomware group and went by monikers including tramp, kurva, gg and Washingt0n. He is believed to be a long-time ransomware actor. Nefedov's real-world identity was unwound after he was picked up on an Interpol notice in Armenia in 2024 but due to various court shenanigans managed to get back to Russia. #infosec https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/BlackBasta/Sachverhalt.html

BKA - Fahndung nach Personen - Erpressung im besonders schweren Fall, Bildung/Rädelsführerschaft einer kriminellen Vereinigung und weitere Straftaten

Jeremy Kirk Dec 15

The latest episode of Intel 471's Cybercrime Exposed podcast is the "The Hacker Who Slipped Away," a wild story of a Russian man still on the U.S. Secret Service's Most Wanted list who has been involved in hacking from the days of exploit kits through today. It's a tale explained by Intel 471 Senior Intelligence Analyst Ashley Jess that illustrates how hackers can sometimes elude their law enforcement pursuers due to the complexities in investigating international cybercrime. Stay on until the end where Simon Williams, head of Intel 471's public sector liaison team, talks specifically about this extraordinary case based on his experience. Below is an audio preview along with a link to our website with the full episode, which is also on Apple and Spotify.

https://www.intel471.com/resources/podcasts/cybercrime-exposed-the-hacker-who-slipped-away

Jeremy Kirk Dec 6

Hats off to @404mediaco for creating a public library beat. I worked at two public libraries in the past, and access to information has never been more fraught and delicate than now. 👏 This latest one about AV collections from Claire Woodcock is a great read: https://www.404media.co/the-last-video-rental-store-is-your-public-library/

The Last Video Rental Store Is Your Public Library

Audio-visual librarians are quietly amassing large physical media collections amid the IP disputes threatening select availability.

404 Media

Jeremy Kirk Nov 14

Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, TTPs etc.) and it seems to bury the lead re: technical sophistication. Tucked in on page 11 are a number of caveats: the attackers are using open-source penetration tools plus standard password crackers, network scanners, exploit frameworks and other utilities. The threat group also wasn't doing custom malware or "advanced" exploit development with Claude. Don't get me wrong: I do buy Anthropic's contention that automation + AI is going to allow attackers to reach a greater scale and that will pose more difficulties in defence. But it would be insightful to hear from one of the 30+ entities that were attacked, as I feel a big chunk of the story here is missing. #infosec

Bluesky	@jkirk.bsky.social
LinkedIn	https://www.linkedin.com/in/jeremykirk/
Podcast	https://podcasters.spotify.com/pod/show/cybercrimeexposed
Website
Twiiter
AI scraping of original posts	I do not consent to my content being used for any LLM or AI training.