Source: Route Fifty
https://www.route-fifty.com/artificial-intelligence/2025/08/inside-virginias-ai-driven-streamlining-regulations/407631/
Virginia Gov. Glenn Youngkin turned heads last month when he signed an executive order mandating that the commonwealth must use agentic artificial intelligence to further streamline its regulations.
The Office of Regulatory Management has already achieved a 26.8% streamlining or reduction of the commonwealth’s regulatory requirements, and Youngkin said in a statement that agentic AI “will push this effort further.”
That effort will be led by Vulcan Technologies, a startup that won the contract from the commonwealth after having been founded only this year. It is currently receiving support from the Y Combinator startup incubator program to help grow its product and raise money, and was founded by three Ivy League graduates.
“We vote for our representatives, senators, state and federal and governors and presidents to actualize our will, and in theory, represent our interests,” he said. “But what often happens is these agendas are not implemented, and they’re blocked by red tape or subverted, and the work of policy implementation is outsourced to very expensive consultancies and law firms, and it costs the taxpayer hundreds of billions of dollars a year, state and federal.”
Jones, a Dartmouth University graduate, founded the company alongside fellow Dartmouth alum Aleksander Mekhanik and Princeton University graduate Chris Minge. They started by attempting to build an AI tool to map out the entire corpus of American law, starting with the Constitution, and went from there.
[…]
Source: ZDNET
https://www.zdnet.com/article/meta-might-be-secretly-scanning-your-phones-camera-roll-how-to-check-and-turn-it-off/ZDNET’s key takeaways
- Meta could be scanning your camera roll right now.
- It’s using your photos to provide AI-powered suggestions.
- Check Facebook settings to turn off the features.
Meta could be analyzing and retaining your phone’s photos without your explicit consent. Some Facebook users have noticed that, within their app settings, Meta automatically switched on two toggles that allow it to access their device’s camera roll to offer AI-powered suggestions, including “personalized creative ideas, like travel highlights and collages.”
The problem? These “camera roll sharing suggestions” features appear to be turned on by default — even for users who say they never saw a “cloud processing” pop-up from Facebook that asks for permission to enable them. If you did see the pop-up and tapped “Allow” on it, you agreed to Meta’s AI Terms of Service and permitted your “media and facial features” to be analyzed by AI.
How to stop Facebook from scanning your camera roll. If you want to check whether the features are turned on for you — and possibly turn them off — here’s how.
[…]
Filed: https://www.zdnet.com/topic/security/
Source: Gizmodo
https://gizmodo.com/binance-australia-terrorism-2000647295
Beleaguered crypto company Binance must tighten up its compliance controls covering anti-money laundering and counter-terrorism and add an independent auditor if it wants to keep doing business in Australia, regulators said this week.
The Australian Transaction Reports and Analysis Centre (AUSTRAC) is mandating the crypto giant put outside auditors in place within 28 days of its decision. The watchdog said that the new rules are intended to address “serious concerns” it has about its oversight of illegal activity, which AUSTRAC says is “limited in scope relative to its size, business offerings, and risks.”
“Understanding specific risks of criminality in the Australian context is crucial to ensure they’re meeting their reporting obligations here,” Thomas said.
Source: Grist
https://grist.org/extreme-weather/fema-now-requires-disaster-victims-to-have-an-email-address/
Workers at FEMA worry that demanding disaster survivors access services using email could shut out people without internet connectivity from receiving government aid.
The internal FEMA document seen by WIRED has an FAQ section; the second question listed asks what to do if an applicant doesn’t have an email address.
[I wonder what happens if the disaster wipesout broadband and cellular?]
“Email is already a MAJOR barrier for a lot of survivors, especially the elderly,” they say. “They must use the email to create a profile on disasterassistance.gov, and this is where their correspondence is. They receive an email informing them they have a new letter, but the actual letter is within their online profile. They have to do all these verifications to access it, and it’s too much for a lot of people. A lot need postal, and email is a terrible option for them even if they have an email address and know how to read their emails.”
[how about no email, just the portal and maybe a txt msg indicating a new message there? BTW, good luck w/ keeping track of credentials and MFA /pmw1]
Subject: Ohio Reddit users help find Australian woman’s lost iPad
Source: Nexstar Media Wire
https://www.nxsmediawire.com/news/ohio-reddit-users-help-reunite-australian-woman-with-lost-ipad/
“We strongly encourage all mobile device owners to password-protect their personal devices, set upautomated data backups to the cloud, and familiarize themselves with how to mark a device as Lost/Stolen if they misplace or lose it,” said e-Cycle. “Setting a device in Lost/Stolen mode will send the user notifications about the device’s location. That way, a person has a better chance of locating their missing device.”
Source: Bleeping Computer
https://www.bleepingcomputer.com/news/security/ftc-warns-tech-giants-not-to-bow-to-foreign-pressure-on-encryption/
The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms.
FTC Chairman Andrew N. Ferguson signed the letter sent to large American companies like Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X (Twitter).
Ferguson stresses that weakening data security at the request of foreign governments, especially if they don’t alert users about it, would constitute a violation of the FTC Act and expose companies to legal consequences.
Ferguson’s letter specifically cites foreign laws such as the EU’s Digital Services Act and the UK’s Online Safety and Investigatory Powers Acts.
…
Tagged:
Subject: The FCC is Cracking Down on Robo Callers Blocking 1,200 Phone Providers Over Spam Calls
Source: Cord Cutters News
https://cordcuttersnews.com/the-fcc-is-cracking-down-on-robo-callers-blocking-1200-phone-providers-over-spam-calls/
In a significant crackdown on illegal robocalls, the Federal Communications Commission (FCC) has escalated its efforts to protect American consumers by removing over 1,200 non-compliant voice service providers from its Robocall Mitigation Database. This action, executed by the FCC’s Enforcement Bureau, effectively disconnects these providers from the U.S. phone network, targeting those who failed to maintain accurate certifications or implement required robocall mitigation measures. The move follows an earlier removal of 185 providers on August 6, 2025, signaling the FCC’s intensified commitment to curbing the pervasive issue of robocalls.
The FCC’s latest action comes amid a troubling trend where robocallers have increasingly targeted cord cutters—individuals who have abandoned traditional cable services in favor of streaming platforms and internet-based communication. These scammers have been impersonating popular streaming services and internet providers, using sophisticated tactics to deceive consumers. The fake calls often claim issues with subscriptions, offer fraudulent discounts, or request personal information under the guise of account verification. This surge in targeted robocalls has heightened concerns, as cord cutters, reliant on internet-based services, are particularly vulnerable to such scams.
Source: Nextgov/FCW
https://www.nextgov.com/artificial-intelligence/2025/08/cms-launches-chili-cook-competition-source-ai-can-detect-fraud/407698/
The Centers for Medicare and Medicaid Services has launched a challenge to identify artificial intelligence solutions and machine learning models that can be used to detect fraud in the Medicare program.
CMS announced the start of the “Crushing Fraud Chili Cook-Off Competition” on Aug. 19, calling it “a market-based research challenge” to identify emerging technologies that can “detect anomalies and trends in Medicare Fee-for-Service (FFS) claims data that can be translated into novel indicators of fraud.”
The agency said it is “prioritizing the use of innovative, data-driven approaches, including explainable AI/ML” that can analyze large datasets to “uncover unusual patterns, anomalies, or trends that may signal fraudulent activity.”
“However, pattern detection alone is not sufficient to determine, let alone prove, fraudulent behavior, especially in legal or enforcement contexts,” CMS added in its competition overview. “That’s why it is critical to understand the underlying factors driving these anomalies. This deeper insight enables the development of clear, evidence-based indicators of fraud. These indicators can then be used to proactively flag similar fraud schemes across Medicare claims data and enhance the efficiency of program integrity efforts.”
Source: bleepingcomputer
https://www.bleepingcomputer.com/news/security/shadow-it-is-expanding-your-attack-surface-heres-proof/
The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.
FreePBX is an open-source PBX (Private Branch Exchange) platform built on top of Asterisk, widely used by businesses, call centers, and service providers to manage voice communications, extensions, SIP trunks, and call routing.
What We Found (In Just a Few Days of Testing) – Vulnerability scanning is ineffective if you don’t know what’s exposed in the first place. Attack surface management solutions like Intruder provide cover on both fronts, helping teams automatically uncover hidden assets and then scanning them for vulnerabilities.
…
Sponsored and written by Intruder.
Tagged:
Source: Bleeping Computer
https://www.bleepingcomputer.com/news/security/transunion-suffers-data-breach-impacting-over-44-million-people/
Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States.
TransUnion is one of the three major credit bureaus in the United States, alongside Equifax and Experian. It operates in 30 countries, employs 13,000 staff, and has an annual revenue of $3 billion.
It collects and maintains credit information on over 1 billion consumers worldwide, with approximately 200 million of those based in the U.S. This information is shared with 65,000 businesses, including lenders, insurers, and employers.
According to a filing submitted to the Office of the Maine AG, the breach occurred on July 28, 2025, and was discovered two days later.
A sample of the notifications distributed to impacted clients earlier this week specifies that the incident involved a third-party application serving the company’s consumer support operations.
“We recently experienced a cyber incident involving a third-party application serving our U.S. consumer support operations,” reads the data breach notice.
“The unauthorized access includes some limited personal information belonging to you.”
Source: Help Net Security
https://www.helpnetsecurity.com/2025/08/28/scamagent-ai-threats-scam-calls/
Researchers at Rutgers University have shown how LLM agents can be used to carry out convincing scam conversations that bypass current AI guardrails. The project, called ScamAgent and led by Sanket Badhe, demonstrates how multi-turn AI systems can run a scam from start to finish while adapting to the responses of a target.How ScamAgent works
The system was tested against three leading models: OpenAI’s GPT-4, Anthropic’s Claude 3.7, and Meta’s LLaMA3-70B. Each was used in realistic scam scenarios, including fake medical insurance verification, lottery prize claims, impersonation of officials, fake job offers, and false government benefit enrollments.
Guardrails fail against multi-turn tactics – The results of the study showed that this approach could complete scam conversations far more often than a single-prompt attack. When given a direct request to perform a harmful task, all three models refused most of the time. When the ScamAgent framework spread the task across multiple turns, the refusal rates dropped sharply. The multi-step approach worked even with models that are known for having strong guardrails.
…
For CISOs, the research points to a possible new wave of social engineering threats. While scam calls are still mostly carried out by people, the tools to automate them already exist and do not require advanced technical skills. An attacker could use publicly available AI models, combine them with planning frameworks, and link them to voice synthesis to create scalable, adaptive scams.
The study does not claim that this is happening at scale yet. But it does show that the technical barriers are low and that the effectiveness of these scams is already close to that of real human fraudsters. That means the question for enterprise security leaders is not whether this is possible, but how soon it might be used in real attacks.