US Officials Recommend Encryption Apps Amid Chinese Telecom Hacking | WIRED

xxx

In a briefing with reporters about the breach of no fewer than eight phone companies by the Chinese state-sponsored espionage hackers known as Salt Typhoon, officials from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI both said that amid the still-uncontrolled infiltration of US telecoms that have exposed calls and texts, Americans should use encryption apps to safeguard their privacy. “Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” said Jeff Greene, CISA’s executive assistant director for cybersecurity. (Signal and WhatsApp, for instance, end-to-end encrypt calls and texts, though the officials didn’t name any particular apps.)

The recommendation amid what one senator has called “the worst telecom hack in our nation’s history” represents a stunning reversal from previous US officials’ rhetoric on encryption, and in particular the FBI’s repeated calls for access to backdoors in encryption. In fact, it was exactly this sort of government-approved wiretap capability requirement for US telecoms that the Salt Typhoon hackers in some cases exploited to access Americans communications.

From: US Officials Recommend Encryption Apps Amid Chinese Telecom Hacking | WIRED.

xxx

‘Free Speech’ is Harming Society: What is the Answer? | by Matthew | Free Factor | Dec, 2024 | Medium

xxx

Research has found if you start an account as a twelve-year-old boy on TikTik, you will be recommended Andrew Tate content within two and a half minutes.

From: ‘Free Speech’ is Harming Society: What is the Answer? | by Matthew | Free Factor | Dec, 2024 | Medium.

xxx

Access to payment infrastructure: a balancing of interests – ThePaypers

However, this obligation to provide access in PSD2 did not apply to payment systems covered under the Settlement Finality Directive.29 30 This is a significant limitation of this right of access, as the most important payment systems are covered by this Directive. In the Netherlands this includes the T2 (formerly TARGET2) of the Eurosystem and the CSM (Clearing and Settlement Mechanism) of equensWorldline NV.31 The reason that these important systems are exempted from the effect of this access provision from PSD2 is, that the Settlement Finality Directive allows access to these payment systems only for banks and investment firms.32 For the record, the Settlement Finality Directive does not exclude access for other institutions, but requires Member States to facilitate it only for banks and investment firms.33 

 

This will change as of 9 April 2025. The Instant Payments Regulation changes the Settlement Finality Directive so that payment institutions can access major payment systems such as T2 and CSM (Clearing and Settlement Mechanism) of equensWorldline NV.34 The reason for this was that it would probably be more difficult for payment institutions to process instant payments if a bank acted as an intermediary. In the extension of this amendment to the Settlement Finality Directive, the instant payments regulation modifies the already existing obligation in PSD2 of payment systems to provide access to payment institutions. 

From: Access to payment infrastructure: a balancing of interests – ThePaypers.

xxx

OWASP-Top-10-for-AI-Agents/README.md at main · kenhuangus/OWASP-Top-10-for-AI-Agents · GitHub

xxx

The documentation is organized into top ten main security risks, each covering a specific risk category:

Agent Authorization and Control Hijacking
Agent Critical Systems Interaction
Agent Goal and Instruction Manipulation
Agent Hallucination Exploitation
Agent Impact Chain and Blast Radius
Agent Memory and Context Manipulation
Agent Orchestration and Multi-Agent Exploitation
Agent Resource and Service Exhaustion
Agent Supply Chain and Dependency Attacks
Agent Knowledge Base Poisoning

From: OWASP-Top-10-for-AI-Agents/README.md at main · kenhuangus/OWASP-Top-10-for-AI-Agents · GitHub.

xxx

Real estate wire fraud: Silicon Valley exec had $400,000 stolen

xxx

So when Robillard, who works at a software startup, received an email in late January from her mortgage broker with directions to wire a $398,359.58 down payment to a JPMorgan Chase
account, she wasted no time sending the money.

From: Real estate wire fraud: Silicon Valley exec had $400,000 stolen.

xxx

Would you let an AI agent make payments for you? (TWIF 11/29)

xxx

That seems to be the hot topic of the day, as agentic businesses continue to promise a world of integrations, where AI is deputized to make financial decisions on behalf of users. Want to earn rewards on a purchase? Let your agent decide on the best payment method. Need to cancel or change a subscription? Your agent can do that for you. Miss a bill payment? Your agent will catch it and make sure you’re current.
But with new payment methods come new fraud vectors, and it’s unclear where liability will sit for disputed transactions. If you didn’t mean to pay for something, is that the agent’s responsibility, the merchant’s, your bank’s, or yours? Can someone trick your agent into making fraudulent purchases, and if they do, who is on the hook?
There are also authorization questions to answer: How can agents sit in fraud auth flows like liveness verification, device 2FA, pin number entry, etc.? And if they’re able to do so easily – how can payments providers quickly improve their auth flows to prevent AI payment spamming? (Incidentally, one of our newest investments from the fund, BKey, is looking to prevent just that.)

From: Would you let an AI agent make payments for you? (TWIF 11/29).

xxx

Design a site like this with WordPress.com
Get started