Sign in Subscribe

InfoSec News 10MAR2026

General

  • New from Brian Krebs - "How AI Assistants are Moving the Security Goalposts". It's a little different to normal Krebs posts, looking more at the ecosystem.
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.
Microsoft 365 E7 includes Microsoft 365 Copilot, Agent 365, Microsoft Entra Suite, and Microsoft 365 E5 with advanced Defender, Entra, Intune, and Purview security capabilities to help secure users, delivering comprehensive protection across users and agents. It will be available for purchase on May 1, 2026, at a retail price of $99 per user per month.
...
With Agent 365, we are extending these enterprise-grade capabilities so organizations can observe, secure, and govern agents and delivering comprehensive protection across agents and users with Microsoft 365 E7.
...
With Agent 365, IT, security, and business teams gain visibility into all Agent 365 managed agents in their environment, understand how they are used, and can act quickly on performance, behavior, and risk signals relevant to their role—from within existing tools and workflows.
Agent Registry...
Agent behavior and performance observability...
Agent risk signals across Microsoft Defender, Entra, and Purview...
Security policy templates...
...
Agent ID gives each agent a unique identity in Microsoft Entra, designed specifically for the needs of agents.
Salesforce has shared guidance for its customers to defend against hackers actively targeting the /s/sfsites/aura API endpoint on misconfigured Experience Cloud instances that gives guest users access to more data than intended.
The company states that attackers are deploying a modified version of AuraInspector, an open-source auditing tool developed by Mandiant, which can help administrators identify access control misconfigurations within the Salesforce Aura framework.
...
The company explains that a publicly exposed Salesforce Experience site accepts a "guest user profile" to provide anonymous, unauthenticated visitors with access to data intended to be public. If the profile is misconfigured and has excessive permissions, visitors can "directly query Salesforce CRM objects without logging in."
The Politie's "Game Over?!" campaign will play out on the streets of the Netherlands and on Dutch TV, with the suspects' faces forming a collage of shame displayed to the public.
Starting today, the collage of 100 blurred faces will be shown across roadside advertising boards, TV, and online ads. If they don't hand themselves in to the authorities by March 19, their faces will be unblurred as of March 23.
The idea behind "Game Over?!" is two-pronged. The Politie is trying to identify the 100 individuals it suspects of wrongdoing, relying on public shaming to force their hand, while also preventing potential future offenders who are "often young people who are lured into this for a small sum of money."
The actions started after Swedish authorities seized two phones in a small town. After analysing the data they contained, an international criminal network suspected trafficking large amounts of drugs was discovered and authorities from four countries worked together to take serious action against the large network, which was active around the world.
...
The data analysed showed that it was not just one criminal group responsible for a drug trafficking and money laundering operation, but a network of several criminal groups connected through a web of companies. The members of the network in Thailand ran a large-scale online drug distribution business targeting customers in the Nordics. In Sweden, members were managing domestic drug distribution and laundering the criminal profits. In Spain, a high-value target was facilitating large scale drug trafficking

Getting Techy

  • Eaton Zveare's been poking at more web applications - this time the 'Sri Krishna College of Engineering and Technology (SKCET) '. The 'vulnerability' is laughable.
  • 'ShotBird' - a chrome-extension that was sold, and subsequently turned evil.
A formerly legitimate Featured Chrome extension (ShotBird) was turned into a remote-controlled malware channel after an apparent ownership transfer. The malicious version beaconed to attacker infrastructure, received callback-delivered JavaScript tasks, stripped browser security headers, injected fake Chrome update lures, and captured sensitive form data.
The Doppelgänger / RRN ecosystem (RRN = Reliable Recent News) constitutes a new iteration of the Social Design Agency (SDA), a structurally mature, infrastructure-centric disinformation architecture that has been operating continuously from 2022 through 2026. Rather than functioning as a loose collection of spoofed websites or transient propaganda outlets, the network exhibits the hallmarks of a coordinated, professionally managed influence apparatus. Its design prioritizes infrastructure resilience, scalability, and operational continuity over short-term visibility.
...
The Doppelgänger ecosystem exhibits characteristics consistent with industrialized influence infrastructure rather than episodic or improvised activity. Its provisioning discipline, redundancy planning, and lifecycle management imply sustained funding and coordinated oversight. The infrastructure is treated as a strategic asset, engineered for persistence under scrutiny and adaptable under enforcement pressure. This reflects a model in which infrastructure is not merely a vehicle for messaging but the foundation of the influence operation itself.
...
Psychological operations are embedded within this technical foundation. Messaging is geographically segmented, timed to political cycles, and distributed through impersonation layers engineered to exploit audience trust. The technical and narrative components are integrated rather than siloed. DevOps-style provisioning supports narrative agility, enabling rapid amplification, replacement, or recalibration in response to geopolitical developments.

Geo-Politics

  • [ID] It appears that Indonesia is the next country to follow Australia's under-16 social media ban.
Indonesia will ban social media for children under age 16 starting at the end of March, the country’s Communication and Digital Affairs Minister Meutya Hafid said Friday.
... Hafid said she had signed regulation that will mandate that kids can no longer hold accounts on a range of digital platforms, including TiKTok, Facebook, Instagram, YouTube and Threads.
While some with access to the domestic intranet have found brief circumventions around the blackout, Toker said it is slow and unreliable. Only pre-approved websites are accessible through the country’s National Information Network.
...
Censorship measures are tight, according to Toker, but there is a concerted effort by Iran’s government to let pro-regime voices through the blackout.
“Overall, this is still a tiny fragment of the population, but it's enough for a trickle of information to flow freely,” he added.
Those who had successfully connected using VPNs (virtual private networks) to circumvent the controls had received warnings over their phones.
"If you repeatedly connect to the international internet in the coming days, your line will be blocked and the necessary measures will be taken to refer your case to the judicial authorities," the messages said.
...
Some Iranians had resorted to using illegal Starlink terminals, the Elon Musk-owned satellite-based internet provider that proved crucial for communication in Ukraine after Russia's invasion in 2022.
...
But Iran found ways of disrupting Starlink during national protests in January when a similar internet blackout was imposed for several weeks.
Iran's Fars News Agency confirmed that the country's military intentionally targeted AWS data centers in the region to see if they played a role in supporting the US military's attacks.
Strikes hit AWS data centers in Bahrain and the UAE, and a Microsoft data center
Amazon’s data center in Bahrain was targeted by Iran’s Islamic Revolutionary Guard Corps for the company’s support of the U.S. military, Iranian state media said Wednesday.
The company’s cloud computing unit said Monday that one of its facilities in Bahrain was damaged due to a nearby drone strike on Sunday. Two data centers in the United Arab Emirates were also damaged after they were “directly struck” by drones.
All of the facilities remain offline, according to the Amazon Web Services health dashboard.
The Ministry of Defence (MoD) has issued a Request for Information (RFI) from industry, to gather details and refine requirements ahead of a potential tender under the codename of Project TALON, as spotted by defense site UK Defence Journal.
The program is moving fast as the MoD wants responses by March 17, and if it goes ahead with the procurement, expects to issue a contract and take delivery of the initial capability within one month.
...
The Royal Navy is already due to receive the DragonFire laser weapon, capable of defeating high-speed drones, but it will be fitted initially to one Type 45 destroyer in 2027, before being rolled out more widely if all goes well.
A little more than half of the five pages of strategy text of the long-anticipated document is preamble, and two of its seven pages are title and ending pages. Administration officials have said the strategy is deliberately high-level, and the White House promised more detailed guidance in the future.
...
Some positive reviews rolled in about the strategy despite the late-Friday afternoon release, traditionally the time of week when an administration looks to publish news it hopes will garner little attention.
...
Not all the reviews were flattering, however, including from the top Democrat on the House Homeland Security Committee, Bennie Thompson, who said the strategy’s “underachieving” was the only thing impressive about it.
The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.
The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.
...
Cairncross said the administration wants to share information with industry better, and will be looking as well at revising regulations in some instances.
...
Cairncross has spoken before about wanting to establish an academy to address education and training in a nation with persistent cybersecurity job openings, but there’s more attached to it, he said.
U.S. banking regulators clarified on Thursday ​that banks should not have to hold additional capital ‌against losses when dealing with blockchain-based securities, saying their rules are "technology neutral."
The Federal Reserve, Federal Deposit Insurance Corporation and Office of the ​Comptroller of the Currency issued new guidance clarifying that ​they will not distinguish between tokenized securities and ⁠traditional securities when it comes to bank capital.
...
Buoyed by President Donald ​Trump's pro-crypto stance and his administration's push for friendly regulations, the crypto ‌industry ⁠last year rushed to capitalize on a global surge in enthusiasm for the sector, with companies like Robinhood, Kraken and Gemini launching tokenized stocks in Europe.
The industry says tokenized shares - ​blockchain-based instruments that ​track traditional ⁠equities - could revolutionize stock markets by allowing shares to be traded 24/7 and settled instantly, boosting ​liquidity and reducing transaction costs.

Privacy

  • Microsoft is moving to explicitly label third-party bots in Teams, and allow them to be treated differently, when admitting guests. It's listed as Rollout Start: May 2026.
After the rollout, external third-party bots attempting to join a Teams meeting will be distinctly labeled in the lobby rather than blending in with human participants.
Organizers will then have to explicitly allow the bot to join the meeting, ensuring it cannot be accidentally accepted alongside a group of human attendees.

AI

  • 404 Media have a longer article on AI Psychosis, and one of the recommended methods for assisting someone suffering from it.
When Brisson sought answers for how to talk to his relative about delusional beliefs and “sentient AI,” he came across something called the LEAP method. Developed by Xavier Amador, it stands for Listen Empathize Agree Partner, and is meant to help better communicate with people who don’t realize they’re mentally ill or are refusing treatment. This goes beyond simple denial; anosognosia is a condition where a person might not be able to see that they need help at all. Not everyone who experiences psychosis or delusions has anosognosia, but it can be a factor in trying to get someone help.
The first count alleges that the Department of Defense violated the Administrative Procedures Act (APA) by designating Anthropic as a supply chain risk without following the procedure set by Congress. The second and third counts argue that the designation unconstitutionally retaliates against the firm’s protected viewpoints. Finally, the fourth and fifth counts are filed under the Due Process Clause and the APA for the purported lack of procedure in designating it as a risk and the unilateral contract cancellations by other executive branch departments and agencies.
For fun, I tested them with a binary listing from a 1986 COMPUTE! magazine article I wrote: "Better Branching in Applesoft." To my surprise, the AI didn't just disassemble the 6502 machine language; it reconstructed the logic with accurate labels and comments, effectively "reading" the intent behind code written four decades ago.
Even more impressive was the security audit. The AI identified logic errors like V-05, where a routine failed to check the carry flag after a line search, potentially causing silent incorrect behavior.
Elon Musk’s new AI data center has turned a formerly quiet Mississippi town into a noisy nightmare.
The $20 billion facility, run by Musk’s AI firm xAI, is powered by 27 methane gas turbines that run day and night, belching fumes and emitting a constant noise like jet engines, NBC News reports. The turbines were trucked in because Southaven, the unsuspecting rural community that Musk chose to build the data center in, can’t provide the electricity the facility needs.
...
Southaven isn’t alone. Outside Memphis, Tennessee, residents of the predominantly Black neighborhood Boxtown complain that the fumes released by xAI’s “Colossus” data canter are so overwhelming that it’s making it hard for them to breathe. There, xAI also deployed dozens of gas-powered turbines to get the facility up and running without permits, quickly turning the site into one of the largest emitters of smog-producing nitrogen oxides in the surrounding county, Politico reported last May.
First, there was Olive.
Not the Mediterranean kind, the chatbot kind.
When Woolworths Group quietly rolled out its AI-powered virtual assistant, shoppers expected help with deliveries and store hours. Instead, some found themselves in what can only be described as accidental group therapy.
Now, there’s Jim.
And if Olive was dabbling in trauma bonding, Jim’s gone full life coach.

Subscribe to Deuxieme RE Banque News

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe