Subject: Noem terminates 24 FEMA workers for failing to address cyber vulnerabilities
Source: Nextgov/FCW
https://www.nextgov.com/people/2025/08/noem-terminates-24-fema-workers-failing-address-cyber-vulnerabilities/407807/
An internal FEMA email obtained by Nextgov/FCW ordered all agency employees to change their passwords “due to recent cybersecurity incidents and threats.
”Homeland Security Secretary Kristi Noem is terminating two dozen members in the Federal Emergency Management Agency’s IT department after the DHS agency said the employees failed basic security protocols that allowed hackers to access its networks.
Noem’s office said agency Chief Information Officer Charles Armstrong and Chief Information Security Officer Gregory Edwards were terminated, alongside 22 others. They could not be immediately reached for comment.
FEMA’s IT employees “resisted any efforts to fix the problem,” avoided scheduled inspections and “lied” to officials about the scope of the cyber vulnerabilities, the agency added.
Source: Gizmodo
https://gizmodo.com/verizon-outage-over-2000651331
Verizon said thousands of people who were affected nationwide by a massive outage now have service back. If your Verizon-backed phone was out most of yesterday or even still down today, you weren’t alone. The company said the blackout was caused by a “software issue” but did not respond to a request to elaborate on what exactly that meant.
According to Downdetector data, most networks in the New York City, Houston, Chicago, Seattle, the Bay Area, and other major urban centers had been restored by 7:30 p.m. PDT, though a residual few hundred reports of outages persisted nationwide into midnight.
Users were not happy about Verizon’s outage. What the heck happened – The outage was first reported around midday, with thousands of customers taking to social media to complain about their phones being stuck in “SOS” mode since Saturday morning.
Many users expressed frustration over the slow pace of Verizon’s response, with some criticizing the company for not providing more timely and transparent updates.
Overall, the outage underscored the vulnerabilities inherent in even the most sophisticated telecommunications networks, and highlighted the importance of rapid, transparent communication during service disruptions. Customers and industry observers alike will be watching closely to see how Verizon manages similar incidents in the future, particularly in terms of response times and customer service.
Source: New York Times
https://www.nytimes.com/2025/08/30/us/school-shooting-hoax-universities-purgatory-swatting.html?unlocked_article_code=1.iU8.Gnx2.IOQdFeTWxl7e&smid=url-share
[though this article doesn’t specify the cybersecurity issue, it does link to a course that discussions why it is]
Keven Hendricks, a cybercrime expert who teaches law enforcement officers how to investigate swatting, said in an interview that Purgatory seemingly shares ideology aligned with nihilistic, and sometimes violent, extremist groups like the Com, which has been involved in extortion and other criminal activities, according to the F.B.I.
Source: Android Headlines
https://www.androidheadlines.com/2025/09/android-users-targeted-by-brokewell-malware-that-outsmarts-2fa.html
Cybersecurity researchers have discovered that Brokewell malware is spreading on Android through fake TradingView ads that trick users into downloading malicious APKs. Once installed, the malware can steal banking info, crypto details, and even bypass Google Authenticator 2FA codes.
What happens if you’re infected? When your device has been infected, all sorts of terrible things take place in the background. The malware is capable of scanning for BTC, ETH, USDT, and bank account numbers. It can steal accounts by overlaying fake login screens. It can also record screens, keystrokes, steal cookies, and more. What’s even more alarming is that it can even steal and export codes from Google Authenticator. This would essentially render two-factor authentication moot.
If anything, this makes sense that Google is making it harder for users to sideload apps in a future version of Android. At least with more restrictions in place, it would make it harder for criminals to trick users into installing apps or downloading APKs outside the Play Store.
Source: Privacy Guides
https://www.privacyguides.org/articles/2025/06/07/selling-surveillance-as-convenience/
[I think you’ll find this article particularly of interest [h/t beSpacific] esp. parking apps /pmw1]
Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.
As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of Privacy by Design that should guide development from the start.
Source: The Guardian
https://www.theguardian.com/us-news/2025/sep/02/trump-immigration-ice-israeli-spyware
Trump administration contract with Paragon Solutions gives immigration agency access to one of the most powerful stealth cyberweaponsUS immigration agents will have access to one of the world’s most sophisticated hacking tools after a decision by the Trump administration to move ahead with a contract with Paragon Solutions, a company founded in Israel which makes spyware that can be used to hack into any mobile phone – including encrypted applications.
The Department of Homeland Security first entered into a contract with Paragon, now owned by a US firm, in late 2024, under the Biden administration. But the $2m contract was put on hold pending a compliance review to make sure it adhered to an executive order that restricts the US government’s use of spyware, Wired reported at the time.
That pause has now been lifted, according to public procurement documents, which list US Immigration and Customs Enforcement (Ice) as the contracting agency.
…
The story was first reported by the journalist Jack Poulson on his All-Source Intelligence Substack newsletter.
…
When it is successfully deployed against a target, the hacking software – called Graphite – can hack into any phone. By essentially taking control of the mobile phone, the user – in this case, Ice – can not only track an individual’s whereabouts, read their messages, look at their photographs, but also open and read information held on encrypted applications, like WhatsApp or Signal. Spyware like Graphite can also be used as a listening device, through the manipulation of the phone’s recorder.
…
“Spyware like Paragon’s Graphite poses a profound threat to free speech and privacy,” Farid Johnson said. “It has already been used against journalists, human rights advocates and political dissidents around the world. The quiet lifting of the stop work order also raises the troubling prospect that parts of the executive branch are acting without adherence to the government’s own vetting requirements.”
Explore more on these topics
Source: Techdirt
https://www.techdirt.com/2025/09/02/wired-business-insider-editors-duped-by-completely-bogus-ai-using-journalist-who-made-up-towns-people-that-dont-exist/
The rushed integration of half-cooked automation into the already broken U.S. journalism industry simply isn’t going very well. There have been just countless examples where affluent media owners rushed to embrace automation and LLMs (usually to cut corners and undermine labor) with disastrous impact, resulting in lots of plagiarism, completely false headlines, and a giant, completely avoidable mess.As U.S. news outlets fire staffers and editors, cut corners, and endlessly compromise integrity and standards, they’re also apparently being increasingly duped by people using AI to generate bogus stories and reporting. Like this freelancer for Business Insider and Wired, who apparently tricked editors at both publications into publishing several completely fabricated stories written mostly by LLMs.
The freelancer, who called herself Margaux Blanchard, apparently doesn’t exist. She pitched both outlets on a story about a town called Gravemont, “a decommissioned mining town in rural Colorado” that was purportedly repurposed into “one of the world’s most secretive training grounds for death investigation.” Except the town in question, like the author, apparently doesn’t exist.
The Press Gazette did a little digging and found that “at least” six publications published various articles by the fake person using AI, which all kind of piggybacked on each other to give the fake journalist credibility to get future stuff published. Including one article about a couple who met in Roblox, fell in love, and got married. But the couple, and nobody else in the article, appears to exist:
Wired was at least transparent about the *uck *p, publishing an article explaining how they were tricked, noting they only figured things out when the freelancer refused payment via traditional systems. But they acknowledge they didn’t adhere to traditional standards for fact checking (who has the time, apparently):
We made errors here: This story did not go through a proper fact-check process or get a top edit from a more senior editor. First-time contributors to WIRED should generally get both, and editors should always have full confidence that writers are who they say they are.”
Filed Under: ai, fabrication, fact checking, journalism, llms, margaux blanchard, media, scams
Companies: business insider, conde nast, wired
Source: Business Insider
https://www.businessinsider.com/amazon-ready-enter-ai-agent-race-2025-9
- Amazon is testing new AI-powered agentic workplace software, internal documents show.
- The new technology will let companies design custom agents for business and team needs.
- Early users include BMW, Intuit, and Koch Industries, according to one of the documents.
Source: Gizmodo
https://gizmodo.com/waymo-says-youre-not-getting-its-footage-without-a-warrant-2000653627
The move is one of several signaling a growing tension between innovation, privacy, and law enforcement power.
Waymo is quietly drawing new boundaries over how authorities access data from its autonomous vehicles. The company said it will reject any requests that are not backed by a legal request such as a warrant or court order.
The move is one of several signaling a growing tension between innovation, privacy, and law enforcement power.
A new privacy guardrail – Waymo co-CEO Tekedra Mawakana recently emphasized that the company will challenge, limit, or reject robotaxi footage requests from law enforcement that are not backed by a valid legal process, such as a warrant or court order. […]
Tagged: