Subject: DHS watchdog investigating TSA’s use of facial recognition
Source: Nextgov/FCW
https://www.nextgov.com/modernization/2025/01/dhs-watchdog-investigating-tsas-use-facial-recognition/402666/
Some lawmakers and privacy rights advocates have pushed back on TSA’s use of facial recognition, warning about the agency’s collection of Americans’ biometric data and expressing concerns that the adoption and normalization of the technology could set the stage for the deployment of further surveillance tools across the U.S.
TSA has responded to criticism by noting that its screeners do not automatically store data and that traveler’s photos are immediately deleted after a match has been made. The agency has also noted that the facial recognition screenings are voluntary and that there are signs in airports with the new technology alerting travelers of their right to opt-out of the process.
While the use of the technology is currently optional, former TSA Administrator David Pekoske said at an event in March 2023 that the agency will likely get to a point where it will require facial recognition “across the board” because of its effectiveness and efficiency. …
Topics:
Filed: https://www.nextgov.com/modernization/
Source: EFF
https://ssd.eff.org/module-categories/basics
If you’ve ever worried about protecting the privacy of your digital data or your conversations with others, we’re here to help.Surveillance Self-Defense is a digital security guide that teaches you how to assess your personal risk from online spying. It can help protect you from surveillance by those who might want to find out your secrets, from petty criminals to nation states. We offer guides to the best privacy-enhancing tools and explain how to incorporate protecting yourself against surveillance into your daily routine.
If you’re ready to take the first steps, our series of basic guides (below) will help you to understand what digital surveillance is and how you can fight it. We suggest starting with the Your Security Plan guide.
…
NB see all guides: https://ssd.eff.org/#index
Source: Slate
https://slate.com/technology/2025/02/ed-zitron-interview-big-tech-ai-criticism.html
How should media organizations cover artificial intelligence and the giant technology companies that have hitched their wagons to it? More interrogatively, according to Ed Zitron.
As an Englishman who lives in Las Vegas and runs his own public relations firm, he is an unusual candidate for becoming one of the internet’s most popular A.I. skeptics. But Zitron established himself as one of the most pugnacious critics of Big Tech after he penned a 2023 newsletter about tech products’ drift from quality toward mindless growth. Headlined “The Rot Economy,” the piece quickly went viral. Zitron’s newsletter now has more than 50,000 subscribers. More than 125,000 accounts follow his posts on Bluesky, plus 90,000 on X. He hosts Better Offline, an iHeart podcast that questions “the growth-at-all-costs future that tech’s elite wants to build.”
Oftentimes Zitron takes aim not just at the tech companies trafficking in an A.I.-focused vision for the future but the media organizations and star technology reporters that cover them. Some journalists believe in covering A.I. as an ongoing and potentially larger breakthrough with profound, dangerous ramifications for society and enormous profit potential for tech companies. Then there is a sizable camp, of which Zitron is one of the most prominent members, that reacts with deep skepticism and hostility to the tech industry’s embrace of A.I and messaging around it.
…
Tagged:
Filed: https://slate.com/technology
Source: Pennsylvania Capital-Star
https://penncapital-star.com/government-politics/federal-immigration-officials-have-extensive-technology-at-their-disposal/
AI and surveillance technology could assist in Trump administration crackdownAs President Donald Trump deploys federal agents to carry out plans of mass deportations at the start of his term, he has a massive amount of technology at his disposal to track, categorize and surveil immigrants.
Immigration and Customs Enforcement (ICE), and Citizen and Immigration Services have spent $7.8 billion on immigration technologies from 263 different companies since 2020, the New York Times reported this week. The technologies include biometric tracking, such as facial recognition, voice analyzing, and fingerprint scanning, location tracking via software and ankle monitoring and rapid DNA testing tools.
The agencies also have access to investigative tools that can search through emails, text messages and other files on locked phones, and they contract with data analytics firms to store and sort through massive amounts of data compiled on immigrants currently in the U.S.
The access to these technologies is not new to the Trump administration. Much of the spending on these tech contracts began during President Joe Biden’s term, and many tools were designed for investigations of drug traffickers and other criminals, beginning after the 9/11 attacks.
The Department of Homeland Security outlines the various uses of the AI technology that it has at its disposal, but Shepelsky said she sees it likely being focused on combing through immigration records, and cross-referencing data from visa applications, criminal records and social media platforms.
Shepelsky warns of the systematic biases AI algorithms can produce; “[they] may unfairly target certain demographics, increasing risks of racial profiling,” she said.
…
Filed: Technology & Information
Source: FedScoop
https://fedscoop.com/cryptojacking-federal-government-agencies-usaid/
Documents reveal that USAID was victimized by a password spray attack that resulted in roughly $500,000 in Microsoft service charges.
Cryptojacking, the tactic of breaking into a device to steal computing resources and mine crypto, is a pervasive, frustrating and expensive problem. But attacks like these can also raise cybersecurity concerns, especially when they happen to the federal government.
Last fall, the U.S. Agency for International Development learned it was hit by a cryptojacking incident, according to documents viewed by Scoop News Group. The agency was notified by Microsoft that a global administrator account located in a test environment had been breached through a password spray attack — a brute force attempt to enter a system by guessing a series of passwords.
Scoop News Group interviewed experts at several cybersecurity-oriented firms — all of whom spoke generally on the topics of cryptojacking and how test accounts could be used in cyberattacks, rather than the specifics of the USAID incident.
None of those cyber firms were familiar with a similar attempt on a government website, though cryptojacking is common in the private sector and some experts said they’re likely to impact the government, too. The Cybersecurity and Infrastructure Security Agency referred Scoop to USAID, which did not respond to requests for comment. Microsoft declined to comment.
Several sources said multifactor authentication helps reduce the chances of this kind of attack. Microsoft introduced mandatory MFA authentication for Azure sign-in last August, which was supposed to be rolled out in phases, starting in 2024.
The USAID incident comes amid ongoing concerns about the deployment of MFA at government agencies, as well as criticisms of Microsoft’s approach to cybersecurity and the federal cloud.
Tagged:
Source: Boston 25 News
https://www.boston25news.com/news/local/25-investigates-sutton-man-turned-credit-bureau-credit-protection-it-led-identity-theft/4LQOGEXFTBE5DJUIROK23E32IU/
SUTTON, Mass. — An identity theft story with a frustrating twist. A Sutton man called 25 Investigates saying he took the right steps after learning he was a victim of identity fraud. But he says doing the right thing made led to an even bigger headache. For Anthony Deyoe, it started with a routine letter in the mail from a credit card company. It said they were working on a new credit card application that he had submitted, only he did submit it. Deyoe knew immediately he was a victim of identity theft.
H says he called the credit card company to dispute the application and then contacted the three major credit reporting bureaus, including Experian.
…
“So, the people that got into my account use the information in my credit report and then opened up a digital checking account under my name,” Deyoe said.
For months, he couldn’t access his account until he called 25 Investigates.
…
“We call this an account takeover like this,” said Lisa Plaggemier, the executive director National Cybersecurity Alliance. The NCA educates people on best ways to keep their data secure as identity fraud is affecting millions of people and costs Americans about $43 billion dollars a year, according to a recent report.
Source: UPI.com
https://www.upi.com/Top_News/World-News/2025/02/05/Chainanalysis-ransomware-payment-LockBit/7361738767823/
‘Sustained collaboration’ and ‘innovative defenses’ will be ‘critical’ to building on progress, tech experts say.Feb. 5 (UPI) — Payments for ransomware declined year-over-year through 2024 for the first time since 2022, according to data shared by blockchain analysis firm Chainanalysis on Wednesday.
The total volume of ransom payments decreased year-over-year by approximately 35%, according to the Chainanalysis 2025 Crypto Crime Report, which highlighted Russian ransomware group LockBit and Iran-based ransomware strains, Akira/Fog, and INC/Lynx, as bellwethers of the year’s trends.
Ransomware attackers, however, have gotten faster with negotiations often starting within hours of data exfiltration. Attackers have ranged from “nation-state actors” to ransomware-as-a-service operations, lone characters and data theft extortion groups.
A decline in ransomware payments was driven by “increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay,” which expanded a gap between payments versus demands, tech experts wrote.
“The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands,” Cookson said.
…
Source: Washington Post
https://www.bespacific.com/federal-workers-heres-how-to-lock-down-your-communications/Washington Post unlocked:
“Tips and apps that can help everyone talk about sensitive topics safely. Chances are, until now, most people haven’t worried much about their private group chats or jokey social media posts being used against them. But under the Trump administration, privacy experts say there’s a new urgency to making sure people understand the risks of their digital communication and take the proper precautions. This is especially true for anyone who works with the government, whether at federal agencies or in public schools and libraries. “It’s safe to say everyone’s threat model has shifted, in part because of the new administration and the way tech companies are bending over backwards to serve their agenda,” said Daly Barnett, senior staff technologist at the Electronic Frontier Foundation. “The lens of criminality and risk is expanding to include more people.” Elon Musk said on X that publicly naming employees of his “Department of Government Efficiency” known as DOGE was a crime, though no charges have been filed….
Source: Android Headlines
https://www.androidheadlines.com/2025/02/google-photos-now-adds-an-ai-watermark-to-reimagined-pictures.html
Generative AI mass adoption brought many possibilities and facilities for content creation. However, it also entailed additional efforts on the part of AI companies. They must ensure that their technologies are being used responsibly. Google’s SynthID “AI watermark” was born as a response to this, and now the firm is bringing it to its Photos app.SynthID is a system that integrates specific metadata into fully AI-generated images. This allows such images to be identified as “AI-generated” by compatible services to prevent misuse. For example, Google Search’s results tell you if an image is AI-generated in the “About this image” tab.
Google Photos’ Reimagine feature gets support by SynthID AI watermark.
Google Photos has received a plethora of AI-powered features for some time now. “Reimagine,” available as part of the “Magic Editor” suite, is one of the most powerful Gen AI features in Photos, as it allows you to completely transform existing images. Well, now Google is integrating SynthID with Reimagine in Magic Editor. This means that images deeply edited by Reimagine will have metadata that identifies them as such.
…
Source: Gizmodo
https://gizmodo.com/scammers-posing-as-fcc-fraud-team-call-the-fcc-get-fined-2000560353
If for whatever reason you decide that you want to start up a scam call operation, one thing you should try to avoid, if possible, is calling the very people you are posing as. Unfortunately, no one warned the two imposters of this when they decided to pose as members of the FCC “Fraud Prevention Team” and they ended up calling FCC staff members. Now the company that enabled the whole fraudulent operation is staring down a $4.5 million fine.Here’s how this whole thing went down, according to the FCC: Two people who identified themselves by the names “Christian Mitchell” and “Henry Walker” registered accounts with Telnyx, a VOIP service provider based in Texas. The two claimed to be living at the same address in Toronto, Canada, despite the fact that their IP addresses pinned them in Scotland and England, and they both had email addresses registered to the domain mariocop123.com.
Despite the indicators that something fishy was afoot, Telnyx allowed the two to register accounts anyway, which they used to launch a very short-lived spam call campaign. Over the course of two days in February 2024, the two scammers placed 1,797 imposter calls claiming to be coming from the Federal Communications Commission’s Fraud Prevention Team—a thing that does not exist.
…
However that happened, it seems to have put the whole operation on the FCC’s radar, and now it’s coming down on Telnyx for failing to comply with Know Your Customer rules designed to prevent malicious actors from making use of these networks in the first place. Per the FCC’s investigation, the VOIP firm only collected a name, email address, physical address, and IP address from the applicants, with no verification process in place to confirm that information. That, as it turns out, is how you end up facilitating a spam call operation.
Source: Help Net Security
https://www.helpnetsecurity.com/2025/02/06/oliver-friedrichs-pangea-data-hygiene/
In this Help Net Security interview, Oliver Friedrichs, CEO at Pangea, discusses why strong data hygiene is more important than ever as companies integrate AI into their operations. With AI-driven applications handling sensitive enterprise data, poor access controls and outdated security practices can lead to serious risks. Friedrichs shares key best practices to mitigate risks, ensure data reliability, and adapt security strategies for the AI landscape.
How do data hygiene practices align with broader cybersecurity strategies?
Enterprises adopting AI face an entirely new set of data and privacy challenges as they combine internal enterprise data with large language models (LLMs). This challenge is critical, as estimates show that we’ll see over one million software companies by 2027, many of them leveraging AI, and creating an expansive attack surface that traditional security tools aren’t equipped to protect.
The focus has shifted from securing static data to protecting information as it enters the AI pipeline. Organizations must consider how sensitive data flows between traditional data sources, such as document stores and databases, and AI applications.
…
Tagged:
Source: ZDNET
https://www.zdnet.com/article/why-rebooting-your-phone-daily-is-your-best-defense-against-zero-click-hackers/
Mobile spyware attacks are on the rise globally. That’s why you should treat your phone like a computer, according to this cybersecurity expert.
Table of Contents
In the last decade, spyware tools have been repeatedly found on the phones of journalists, activists, and politicians, including US officials, raising concerns over the unprecedented proliferation of spyware technologies and, subsequently, the lack of protections within the tech space amid growing threats.
Last Friday, Meta’s WhatsApp revealed that it had discovered a hacking campaign targeting about 90 users, mostly journalists and civil society members across two dozen countries. According to a WhatsApp spokesperson, the Israeli spyware company Paragon Solutions — now acquired by Florida-based private equity firm AE Industrial Partners — was behind the attack.
What is a zero-click capability?
Graphite, Paragon’s spyware, was found to have infiltrated WhatsApp groups by simply sending users a malicious PDF attachment. Without users’ knowledge, it can access and read messages on encrypted applications like WhatsApp and Signal.
In an interview with ZDNET, Rocky Cole, co-founder of mobile threat protection company iVerify, said that “in the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims’ devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone.”
Best practices for protecting your device
Cole advises people to treat their phone like a computer. This means that, just as one would apply “a body of best practices that exist to protect traditional endpoints like laptops, from exploitation and compromise — those same standards and practices should just be applied to phones.” This includes rebooting your phone daily because “a lot of these exploits exist in memory only. They’re not files, and if you reboot your phone, in theory, you should be able to wipe the malware as well,” he said.
Also: Why you should power off your phone once a week – according to the NSA
Subject: UK Demands Unfettered Access to Apple iCloud Data for Everyone, Everywhere
Source: Phone Scoop
https://www.phonescoop.com/articles/article.php?a=23445
The United Kingdom has secretly ordered Apple to lets its security officials access user data stored in the cloud, even for users located in the US and other countries outside of the UK. Apple will be hard-pressed to comply, as its Advanced Data Protection option offers end-to-end encryption (E2EE) for iCloud data, meaning even Apple does not have access to the data, by design. The order requires blanket access, not just for specific users under investigation. Apple may stop offering Advanced Data Protection in the UK, but this would not bring Apple into compliance with the order for overseas users. The only path to full compliance would be to stop offering E2EE and create a “back door” for the government. But the existence of any back door also opens the door for foreign spies and criminals to access user data via the same method. The order was issued under the U.K. Investigatory Powers Act of 2016, also known as the “Snoopers’ Charter”. The law makes it makes it a criminal offense for Apple to reveal that the government has even made such a demand. Therefore Google may have already received a similar demand, which would be difficult to confirm. Both companies have been rolling out E2EE for messaging and other services in recent.