Subject: Android 16 can warn you if a fake cell tower is trying to spy on you
Source: Android Authority
https://www.androidauthority.com/android-16-mobile-network-security-3571497/
Android 16 adds a new “network notification” setting that warns you when a rogue “stingray” device is trying to spy on you
[are there non-rogue stingrays? /pmw1]
- Android 16 is adding a new security feature to warn you when your phone connects to a fake or insecure mobile network known as a “stingray.”
- This feature alerts you to unencrypted connections or when the network requests your phone’s identifiers, which helps protect against surveillance.
- Due to new hardware requirements, this protection will likely only be on new devices launching with Android 16, such as the upcoming Pixel 10.
These “stingray” devices are notoriously used by law enforcement agencies, but their technology can also be acquired by malicious actors. While some argue they are a necessary tool for surveilling criminals, their potential for abuse is significant, as they can be used to covertly collect data on ordinary people. Because of this, Google has been working on ways to warn Android users or prevent them from sending communications over insecure cellular networks.
Subject: U.S. Charges 11 in Russia-Based Scheme to Bilk Medicare of $10.6 Billion
Source: New York Times
https://www.nytimes.com/2025/06/27/nyregion/us-medicare-fraud-charges.html?unlocked_article_code=1.SU8.GJ9E.5iTUavMePU_R&smid=url-share
When hundreds of thousands of people enrolled in Medicare were billed for expensive medical equipment they never asked for in 2023, it was part of a $10.6 billion fraud, among the largest such schemes in the program’s history, federal prosecutors said this week.
Those involved in the fraud bought dozens of companies that were accredited to submit claims to Medicare and the program’s supplemental insurers, prosecutors say.
Then, using personal information stolen from more than a million Americans, the defendants filed billions of dollars in claims for equipment that had not been ordered by people enrolled in Medicare and was not delivered to them, according to the indictment.
Of the $10.6 billion that was fraudulently billed, the indictment says, the defendants collected more than $900 million, most of it coming from private “Medigap” insurers and the rest from the Medicare program itself.
Even if the patients themselves did not pay for the phantom supplies, which included urinary catheters, braces and other durable medical equipment, such schemes can affect Medicare recipients by causing premium costs to rise.
Medical supply companies offer criminals an easy route for bilking Medicare because they are relatively simple to establish and there is often little oversight as to whether the claims they submit are legitimate, experts say.
[…]
Mr. Nuckolls said systemic changes were needed to address how vendors are vetted, potentially by putting a monthly cap on their spending.
Subject: Patients, providers duped in records-and-payment scam
Source: The Register
https://www.theregister.com/2025/06/27/patients_providers_records_payment_scam/
Subject: Smart Home Locks: What You Need To Know Before Installing
Source: Android Headlines
https://www.androidheadlines.com/2025/06/smart-home-locks-what-you-need-to-know-before-installing.html
When buying smart home locks, it’s essential to consider that there isn’t a one-size-fits-all solution. There are a variety of factors that you need to consider when deciding on your home safety. This article will guide you on the different factors you need to focus on before installing a smart lock in your home:
…
Filed: https://www.androidheadlines.com/category/tech-news/smarthome
Source: Krebs on Security
https://krebsonsecurity.com/2025/06/senator-chides-fbi-for-weak-advice-on-mobile-security/
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate’s most tech-savvy lawmakers says the feds aren’t doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.
[screenshot of 1st page of letter]
On May 29, The Wall Street Journal reported that federal authorities were investigating a clandestine effort to impersonate Ms. Wiles via text messages and in phone calls that may have used AI to spoof her voice. According to The Journal, Wiles told associates her cellphone contacts were hacked, giving the impersonator access to the private phone numbers of some of the country’s most influential people.
…
Wyden stressed that to help counter sophisticated attacks, the FBI should be encouraging lawmakers and their staff to enable anti-spyware defenses that are built into Apple’s iOS and Google’s Android phone software.
…
The senator’s letter notes that while the FBI has recommended all of the above precautions in various advisories issued over the years, the advice the agency is giving now to the nation’s leaders needs to be more comprehensive, actionable and urgent.
“In spite of the seriousness of the threat, the FBI has yet to provide effective defensive guidance,” Wyden said.
[…]
Source: UPI.com
https://www.upi.com/Top_News/US/2025/07/01/cloudflare-to-block-ai-crawler-bots-by-default/9681751376416/
July 1 (UPI) — Cloudflare announced it will begin blocking AI web crawlers to prevent them from “accessing content without permission or compensation,” from all of its clients beginning on Tuesday.
Cloudflare blocking AI crawler bots builds off the tool launched in September last year that allowed publishers the ability to block crawlers with one click but announced Tuesday the option to block them will be implemented by default for all of its clients.
The company also announced it will implement a Pay Per Crawl program that will allow some publishers to set a price that can be viewed by companies to decide whether they want to pay the fee for its content.
Source: Phone Scoop
https://www.phonescoop.com/articles/article.php?a=23561
AT&T now offers an Account Lock feature that can protect customers from attacks that intercept messages and security codes. It’s a setting available for post- and pre-paid consumers in the myAT&T app. Business customers can access Account Lock from their account controls on the web site. Other carriers already offer similar tools.
Source: The Atlantic
https://www.bespacific.com/that-dropped-call-with-customer-service-it-was-on-purpose/
The Atlantic no paywall: “…Over the days ahead, and then weeks, and then more weeks, I got pulled into a corner of modern existence that you are, of course, familiar with. You know it from dealing with your own car company, or insurance company, or health-care network, or internet provider, or utility provider, or streaming service, or passport office, or DMV, or, or, or. My calls began getting lost, or transferred laterally to someone who needed the story of a previous repair all over again. In time, I could predict the emotional contours of every conversation
…
In 2023 (the most recent year for which data are available), the National Customer Rage Survey showed that American consumers were, well, full of rage. The percentage seeking revenge—revenge!—for their hassles had tripled in just three years. I decided to de-fugue and start paying attention. Was the impenetrability of these contact centers actually deliberate? (Buying a new product or service sure is seamless.) Why do we so often feel like everything’s broken? And why does it feel more and more like this brokenness is breaking us?…”
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Source: FedScoop
https://fedscoop.com/irs-data-error-likely-affected-millions-of-education-department-forms/
As agencies enter a new White House-directed era of data sharing, an IRS watchdog is highlighting a cautionary tale involving the transfer of inaccurate tax information that may have impacted millions of federal student aid form requests.The Treasury Inspector General for Tax Administration (TIGTA) detailed in a report this week how the IRS delivered incorrect federal tax information to the Department of Education in its role overseeing the Free Application for Federal Student Aid (FAFSA) application process.The Education Department went public with the problem in April 2024, but TIGTA determined that the incident merited closer review given President Donald Trump’s March executive order to eliminate information silos and promote inter-agency data sharing.“This may increase the frequency and volume of data sharing between the IRS and other agencies,” the watchdog said of the order. “We believe it is important that lessons learned” from the IRS-Education snafu “inform similar future agreements to help prevent the transfer of inaccurate taxpayer data.”
But during the development of the FA-DDX system, the IRS “implemented an incorrect business requirement,” according to TIGTA. The watchdog traced that fateful error back to a cross-functional project team, including IRS personnel, who “did not understand” the education credit data elements for federal tax information.
In December 2021, the project team questioned “whether the business requirement for the education credit was correct,” but ultimately “decided to make any necessary changes to the business requirement during the next release of the FA-DDX system.”
Not long after the system launched, a financial aid executive reached out to the Education Department, flagging errors in the education credit as well as data transferred to the wrong lines on the IRS’s 1040 form. “The FA-DDX system should have retrieved actual instead of tentative education credits,” the report said.
[…]
Source: ZME Science
https://www.bespacific.com/your-browser-lets-websites-track-you-even-without-cookies/
ZME Science – Most users don’t even know this type of surveillance exists: “On the internet, it’s easy to feel anonymous. If you don’t log in, no one can see who you are; you can even switch to incognito mode. The more savvy user would say that’s not really enough. To be anonymous, you need to clear your cookies and use a privacy-oriented browser. But new research shows even that doesn’t work anymore. Websites are still tracking you — silently, persistently, and without your consent — by reading your browser’s unique “fingerprint.” “Think of it as a digital signature you didn’t know you were leaving behind,” explained co-author Zengrui Liu, a researcher who worked on the study. “You may look anonymous, but your device or browser gives you away.” Digital breadcrumbs – Cookies — the tiny data packets websites use to remember you — have long been the focus of privacy debates. But cookies are visible. You can clear them, block them, or refuse them altogether. Browser fingerprinting is different.
[…]
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Source: Android Headlines
https://www.androidheadlines.com/2025/07/forget-iphones-pixel-is-the-hottest-phone-in-the-criminal-underworld.html
Believe it or not, but in one country, Google Pixel phones are preferred by drug dealers. Yes, you read that right, if you own one, cops may assume you’re dealing drugs.
Owning a Google Pixel in Spain could put you in crosshairs of police, because of drug dealers
As it turns out, Pixel phones are preferred by drug dealers and gang members in Spain. Well, one part of Spain, to be exact, Catalonia. The police in this autonomous region in Spain are on high alert when they see a Pixel phone.
“Every time we see a Google Pixel, we suspect it might belong to a drug dealer,” said a police officer leading the anti-drug operation in Catalonia, according to Xataka Android.
Why are Pixel phones so popular amongst criminals there, though? Well, it has more to do with Android, and its open source nature, than Pixel phones themselves. They can easily install alternative operating systems on Pixel phones, which is why.
Organized crime members in Catalonia seemingly prefer to use GrapheneOS. Why? Well, because of its privacy and security, and the fact that the data is kept out of reach of Google, is a plus.
GrapheneOS does work best on Pixel phones, which is why they prefer Google’s devices. Even the company recommends using it with a Pixel “due to better security and a long minimum support guarantee from launch for full security updates and other improvements.”
Criminals tend to remove cameras from Pixel phones
Subject: Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Source: The Hacker News
https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.
“These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox,” Koi Security researcher Yuval Ronen said.
The large-scale campaign is said to have been ongoing since at least April 2025, with new extensions uploaded to the Firefox Add-ons store as recently as last week.
Unlike typical phishing scams that rely on fake websites or emails, these extensions operate inside the user’s browser—making them far harder to detect or block with traditional endpoint tools.
“This low-effort, high-impact approach allowed the actor to maintain expected user experience while reducing the chances of immediate detection,” Ronen said.
To mitigate the risk posed by such threats, it’s advised to install extensions only from verified publishers and vet them to ensure that they don’t silently change their behavior post-installation.
[…]
Source: Cord Cutters News
https://cordcuttersnews.com/youtube-cracks-down-on-mass-produced-and-inauthentic-content-with-new-policy-update/
YouTube has announced a significant update to its YouTube Partner Program (YPP) monetization policies, aimed at curbing the spread of mass-produced and inauthentic content on the platform. The new guidelines, set to take effect on July 15, 2025, will refine how the platform identifies and addresses content that lacks originality or authenticity, signaling a stronger commitment to fostering genuine creator output and improving viewer experience.
This move comes as YouTube faces growing scrutiny over the proliferation of low-effort, algorithm-driven content, often generated by automated systems or creators exploiting trends for quick monetization. Such content includes repetitive compilation videos, AI-generated narrations, and recycled material that lacks creative input. The updated policy is expected to target channels that churn out high volumes of similar videos with minimal originality, such as slideshows, text-to-speech commentary, or slightly altered reuploads of existing content.
Subject: Ingram Micro suffers global outage as internal systems inaccessible
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/ingram-micro-suffers-global-outage-as-internal-systems-inaccessible/
IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. Ingram Micro is one of the largest business-to-business technology distributors and service providers in the world, offering hardware, software, cloud, logistics, and training solutions to resellers and managed service providers worldwide. The company employs around 24,000 people and generated approximately $48 billion in revenue in 2024. Ingram Micro’s outage started Thursday morning, with the website going offline and customers unable to place orders. BleepingComputer was informed last night that some of Ingram Micro’s internal systems are also inaccessible to employees. Visiting the ingrammicro.com website now displays either a generic access restricted message from Akamai, a networking vendor used by Ingram Micro, or a maintenance message, shown below. […]
Filed: https://www.bleepingcomputer.com/news/security/
Subject: Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
Source: The Hacker News Logo
https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html
“Google could also program Android to allow users to enable passive transfers only when they are on Wi-Fi connections, but apparently it has chosen not to do so. Instead, Google has chosen to simply take advantage of Plaintiffs’ cellular data allowances.”