Source: Krebs on Security
https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/
Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Postal Service to supposedly collect some outstanding delivery fee, or an SMS that pretends to be a local toll road operator warning of a delinquent toll fee.
Source: 404media.co
https://www.404media.co/musk-ally-demands-admin-access-to-system-that-lets-government-text-the-public/
A worker at the General Services Administration told colleagues in a Slack message Tuesday that they have resigned in protest after Elon Musk ally Thomas Shedd requested “admin/root access to all components of the Notify.gov system,” which is a government system used to send mass text messages to the public that contains information the worker said is highly sensitive and would give Shedd unilateral, private access to the personal data of members of the public.Shedd is a former Tesla engineer who now runs Technology Transformation Services (TTS), a group of coders and software engineers within the GSA, who is closely allied with Elon Musk and DOGE. Notify.gov contains not just the phone numbers of everyday people but also information about whether they participate in government programs such as Medicaid, which is based on a person’s financial situation. In recent days, Musk has become obsessed with the idea of “fraud” in Medicaid, Medicare, and Social Security, and in identifying those he suspects are committing fraud.
The employee told 404 Media that “Notify contains PII, including at least: names, phone numbers, and the status of participating in public benefit programs which are based on financial status.”
Another employee also told 404 Media that the development was concerning, and that granting Shedd admin access to the system outside of established protocols would be dangerous for the resigning worker to do.
“The Federal Information Security Management Act of 2002 (FISMA) requires creating these policies for every information system,” the second employee told 404 Media. “They are a legal requirement. The policies spell out who can have access and under what circumstances. An authorizing official must accept the policy by formally signing it and personally accepting the risk.”
FISMA says that to provide someone access to a system they must go through an Authorization to Operate (ATO) process that determines who should have access to what systems, and for what reasons. The resigning worker said in their Slack message that they had been “instructed to skip that process and place the system in non-compliance.”
Source: Gizmodo
https://gizmodo.com/chase-says-making-payments-over-social-media-is-too-messy-will-block-zelle-transactions-2000565016
The next time you go to pay someone for that sweet vintage record player stand that you found on Facebook Marketplace, you might run into some unexpected friction from Zelle—especially if you’re a Chase customer. As spotted by Bleeping Computer, Chase is updating its user policy to reflect that it will start blocking payments made through Zelle to social media contacts in an effort to cut down on fraudulent transactions.
[strangely, one of my financial institutions is just switching to enable Zelle ).
The policy, which will go into effect on March 23rd, 2025, will mark a level of increased scrutiny from Chase on any transaction that appears to be for an online purchase made through social media—whether that is buying something from an online marketplace or making a trade with a connection from a Reddit community. According to Chase, if the receiving party of a Zelle transfer is “identified as originating from contact through social media,” the bank may choose to decline or block that payment from going through.
Per Chase, this new level of scrutiny stems from a flood of fraud related to social media transactions. The banking giant claims that 50% of all fraud claims filed by its Zelle customers originated on social media. It’s not the only place noticing the uptick. NatWest Bank published its own findings regarding fraud and found that social media marketplace scams are the second-fastest-growing scam affecting consumers. It also found that 60% of users between the ages of 18-24 reported either personally experiencing financial loss from an online scam or knowing someone who has fallen victim.
Last year, the Consumer Financial Protection Bureau (CFPB) accused Zelle of failing to protect its users, who lost a collective $870 million to scams since Zelle’s launch in 2017. The CFPB claims Zelle doesn’t sufficiently verify users and doesn’t track down known fraudsters even when it receives reports from users about the scammy activity. So Chase’s policy change could certainly be viewed as a response to those charges. But the CFPB might not be around long if Elon Musk has his way, so we’ll see how long this policy sticks.
Tagged:
Filed: https://gizmodo.com/tech/commerce
Source: UPI.com
https://www.upi.com/Top_News/World-News/2025/02/19/Goolge-warns-Russian-hack-Signal-Ukraine/8911739983277/
Feb. 19 (UPI) — Google‘s Threat Intelligence Group warned Wednesday that Russia’s GRU military intelligence is hacking Signal accounts used by Ukraine‘s military.GTIG said it has observed “increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services.”
Devices captured by Russia in Ukraine are being used by the GRU to link the Signal accounts on the devices to hacker-controlled infrastructure, it said.
GTIG added while Ukraine’s military is the current Russian Signal hacking target, it anticipates “the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.”
Google said the Russian hacking efforts exploit a legitimate Signal feature that links devices allowing Signal to be used simultaneously on multiple devices.
Google’s statement said that when that hack works, it lets the malicious actor “eavesdrop on the victim’s secure conversations without the need for full-device compromise.”
Source: VentureBeat
https://venturebeat.com/security/identity-is-the-breaking-point-get-it-right-or-zero-trust-fails/
Deepfakes, or AI-driven deception and weaponized large language models (LLMs) aren’t just cyber threats; they’re the new weapons of mass exploitation. Adversaries aren’t just hacking systems anymore; they’re hacking people and their identities.Impersonating executives, bypassing security with stolen credentials and manipulating trust at scale are all redefining the new threatscape. It’s an all-out cyberwar with identities hanging in the balance. AI and generative AI are giving adversaries an edge in how quickly they can fine-tune and improve their tradecraft.
Source: Android Headlines
https://www.androidheadlines.com/2025/02/honors-detect-deepfakes.html
HONOR deepfake detection
If you’re hearing about this for the first time, HONOR debuted its AI Deepfake Detection technology back in IFA 2024. According to HONOR, its proprietary technology will be able to detect pixel-level synthetic imperfections, border compositing artifacts, inter-frame continuity issues, and facial anomalies such as face-to-ear ratio, hairstyle, and facial features.
When HONOR’s system detects that there is deepfaked material, users will receive an immediate warning. This will allow them to make more informed decisions and avoid getting scammed. For instance, if you’re watching a video you know is a deepfake but done for comedic reasons, you can choose to ignore this warning. However, if there is a video circulating claiming to be a politician or celebrity making some announcement, then paying attention to HONOR’s warning system could come in handy.
Why this matters
…
Filed: Artificial Intelligence News
Source: Cord Cutters News
https://cordcuttersnews.com/ftc-launches-inquiry-into-big-tech-censorship-practices/
On Thursday, February 20, 2025, the Federal Trade Commission (FTC) initiated a public inquiry aimed at uncovering how technology platforms may be censoring users based on their speech or affiliations, potentially in violation of U.S. law. The move signals a heightened federal focus on the practices of tech giants amid growing concerns over their influence on free expression and market competition.The FTC’s investigation, announced via a Request for Information (RFI), seeks to examine whether actions such as banning, shadow banning, demonetizing, or otherwise restricting user access constitute unfair or deceptive practices—or even anti-competitive behavior. The agency emphasized that such conduct by tech platforms could harm consumers, stifle competition, or stem from a lack of competitive pressure in the industry.
“Censorship by technology platforms is not just un-American, it is potentially illegal,” the FTC stated in its announcement. The agency highlighted how tech firms often rely on opaque or inconsistent internal policies that leave users unexpectedly cut off from services, sometimes without recourse or an appeals process. These practices, the FTC suggests, may not only infringe on individual rights but also raise significant legal and competitive concerns.
The agency has set a deadline of May 21, 2025, for submissions, which will be publicly posted on Regulations.gov. For those preferring confidentiality, a private reporting option is available at ReportFraud.ftc.gov under the “Report Now” feature.
… have fueled debates about the balance between platform autonomy and user rights. Critics argue that inconsistent or overly broad moderation policies can suppress legitimate speech, while supporters contend that such measures are necessary to curb misinformation and hate speech.
Legal experts see the FTC’s move as a potential game-changer. The agency’s authority under Section 5 of the FTC Act allows it to address unfair or deceptive acts and practices, as well as anti-competitive behavior. If the inquiry uncovers evidence of systemic violations, it could lead to enforcement actions, fines, or even structural changes for major platforms like Google, Meta, or X. “This isn’t just about free speech—it’s about whether these companies are leveraging their market power to control discourse in ways that harm consumers and competition,” said Sarah Miller, executive director of the American Economic Liberties Project.