News - IT and Cybersecurity Insights

Must-Read

Tips

Technology

How to Stop Hertz’s AI Scanners from Charging You Hundreds for Minor Scrapes

July 23, 2025

•

20 min read

How to Stop Hertz’s AI Scanners from Charging You Hundreds for Minor Scrapes

And why every traveler should know this before their next rental

Artificial intelligence is changing the way we drive — and now, it’s changing the way we return rental cars. But not all change is good.

Hertz has quietly rolled out AI-powered vehicle scanners at several major U.S. airports, and customers are sounding the alarm. These scanners are flagging renters for microscopic scrapes and dings that most humans wouldn’t even notice — and charging hundreds of dollars in fees.

🚨 What’s Really Happening?

Hertz is partnering with a company called UVeye, whose scanners act like an “MRI for cars.” As you return your vehicle, it drives through a scanner tunnel that captures high-resolution images of:

Hairline scratches
Tiny windshield chips
Minor tire wear
Underbody scuffs
Quarter-inch door dings

These are the types of things that were never noticed (or billed) before. Historically, high-turnover airport rental centers focused on cleaning and flipping cars quickly — not arguing over a scuff on the wheel well.

But now, the AI sees everything. And it never forgets.

💸 The Charges Are Real — And Growing

Examples of recent customer charges include:

$440 for a 1-inch wheel scuff
$265 for a faint scratch on the trunk
$125 “processing fee” + $65 “administrative fee” — even if no repair occurs

Worse yet, if you dispute the charge, you’ll often miss the “early payment discount window,” meaning you get hit with higher fees just for asking questions.

According to internal numbers, Hertz’s AI system is billing out nearly 5x more customers than before.

🛑 Why You Should Be Concerned

This isn’t about fairness — it’s about profit.

AI damage detection has turned into a new revenue stream for rental companies. And once you’re in the system, challenging a false damage claim is an uphill battle. Many customers feel helpless, pressured, or confused.

And this tech isn’t staying with Hertz.

Other rental giants are expected to follow suit by 2026 — turning airport rentals into a minefield for unsuspecting travelers.

✅ How to Protect Yourself from AI Damage Charges

Here are six clear steps to protect yourself before you drive off the lot:

Avoid AI-Enabled Locations

For now, only select airports use UVeye scanners. Known locations include:

Atlanta (ATL)
Newark (EWR)
Houston (IAH)
Phoenix (PHX)
Charlotte (CLT)
Tampa (TPA)

Call the rental desk in advance to ask if UVeye scanners are in use. If yes, consider booking at an off-airport location instead — you’ll often save on fees anyway.

Take 30-60 Seconds for a Full Video Walk-Around

Before leaving the lot:

Record a 360° video, including wheels, bumper, roof, and windshield
Narrate the date, time, and rental location in the video
Don’t forget undercarriage areas and door edges

A timestamped video is your best defense against false claims.

Take Close-Up Photos of Any Pre-Existing Damage

If you see anything even remotely suspicious:

Document it with close-up, high-res photos
Email the photos to yourself and the rental company as a record

Better safe than sorry.

Ask for a Pre-Return Inspection (If Available)

At some locations, you can request an in-person walk-around before returning the vehicle. Do this in daylight hours, if possible, and get any comments in writing or on video.

Avoid Late-Night or After-Hours Drop-Offs

When you return a car outside of business hours, there’s no one to verify the condition. That gives AI a free pass to flag you for anything it wants — with zero human review.

Use a Credit Card That Offers Rental Protection

Some premium cards offer coverage against damage claims. But be sure to decline the rental company’s CDW (collision damage waiver) to activate this benefit. Always check your card’s policy before traveling.

Dispute Unfair Charges Promptly — and Strategically

If you receive a damage bill:

Request timestamped evidence and repair invoices
Push back on vague or bundled charges (like “processing fees”)
File complaints with your credit card provider, BBB, and state attorney general if necessary

The Bottom Line

This isn’t about avoiding responsibility for damage. It’s about fighting back against predatory automation.

AI should help travelers, not hunt them. And until there’s real oversight or consumer protection, it’s up to you to stay vigilant.

Take 2 minutes before your next rental to document the car — it might save you hundreds later.

Must-Read

Cybersecurity

Tips

Technology

Firewalls Alone Won’t Save You

July 22, 2025

•

20 min read

Firewalls Alone Won’t Save You

Why SMBs Need Layered Security and MSP Management—Now More Than Ever

For years, many small businesses assumed that installing a basic firewall was enough to keep them safe from cyber threats. That illusion is costing companies their reputations—and their survival. A firewall is a good start, but today’s threat landscape demands far more.

If you’re a business owner relying solely on a firewall, you’re essentially locking your front door while leaving your windows wide open.

The Data Doesn’t Lie

Over 70% of all cyberattacks target small and mid-sized businesses (SMBs)—not large corporations. Why? Because SMBs are perceived as low-hanging fruit: under-protected, under-funded, and unaware.

According to IBM, the average cost of a data breach for an SMB is $3.31 million. Nearly 60% of small businesses close their doors within 6 months of a cyberattack.

Still think that firewall is enough?

One Layer is No Layer

Let’s break down why a firewall alone is inadequate:

Firewalls can’t stop phishing attacks—the #1 way hackers infiltrate systems.
They don’t protect endpoints like laptops, phones, or remote users.
They don’t monitor behavior, detect ransomware, or block insider threats.
Firewalls don’t patch your systems or update outdated software.

Think of a firewall like a seatbelt. Would you drive a car with just a seatbelt and no brakes, no airbags, and no headlights? You need the whole system.

The Solution: Layered Security + Monthly MSP Management

Here’s what a modern SMB security stack should look like:

Next-Gen Firewall – Smart traffic filtering, geo-blocking, and intrusion prevention.
Endpoint Detection & Response (EDR) – Stops malware before it spreads.
Patch Management – Closes known vulnerabilities before hackers can exploit them.
Email Filtering – Catches phishing, spoofing, and malicious attachments.
Multi-Factor Authentication (MFA) – Blocks unauthorized access, even if passwords leak.
Data Backup & Disaster Recovery – Restores operations after an attack.
24/7 Monitoring & Response – So threats are caught and contained in real time.

This is where a Managed Service Provider (MSP) steps in. A qualified MSP doesn’t just install these tools—they manage, monitor, and optimize them continuously.

Cybersecurity isn’t a “set-it-and-forget-it” game. Threats evolve by the hour. Your defenses should too.

Real-World Examples

A Brooklyn law firm with only a firewall got hit with ransomware via a phishing email. Their firewall didn’t stop it. They paid $42,000 to recover their data.
A healthcare clinic ignored patch updates. A 3-year-old vulnerability was exploited, compromising patient records. Fines exceeded $100,000.
A construction company stored passwords in a spreadsheet. After a brute-force attack, their Office 365 accounts were hijacked—costing them a $250K wire fraud incident.

All of these were preventable with a layered approach and an MSP watching their backs.

Final Word

If you’re still relying on just a firewall, you’re not protected—you’re exposed. SMBs are no longer flying under the radar. Hackers are looking for businesses just like yours: unguarded and unaware.

Security isn’t about fear. It’s about resilience.

A layered defense with active management is not a luxury—it’s your lifeline.

70% of all cyber attacks target small businesses. I can help protect yours.

#Cybersecurity #MSP #SmallBusinessSecurity #EDR #RansomwareProtection

Technology

Must-Read

Cybersecurity

News

WhatsApp could be banned in Russia and replaced with MAX

July 22, 2025

•

20 min read

WhatsApp could be banned in Russia and replaced with MAX

Russia’s New Messaging App ‘MAX’ Sparks Global Surveillance Fears

State-run alternative to WhatsApp grants Kremlin deep access to user data

In an aggressive push toward “digital sovereignty,” Russian President Vladimir Putin has mandated that all government officials switch from WhatsApp to a new state-sponsored messaging platform called MAX by September 1, 2025. This dramatic pivot, widely seen as part of a broader attempt to sever ties with Western tech platforms, could have chilling implications far beyond Russia’s borders.

MAX: More Than Just a Messenger

According to reports from Pravda and Reuters, MAX is being developed by VK Company—the same firm that operates VK Video, Russia’s YouTube rival. Though framed as a secure government alternative to foreign apps like WhatsApp and Telegram, leaked technical descriptions of MAX suggest something far more invasive:

Full access to users’ microphones, cameras, contacts, geolocation, and files
Persistence: Cannot be turned off through standard OS controls
Root-level access and interaction with system JAR files
Automatic data transmission to VK-controlled servers, which are allegedly monitored by Russian intelligence services

In other words, MAX appears engineered not just for communication—but for comprehensive, state-run surveillance.

WhatsApp on the Way Out

This move isn’t just symbolic. WhatsApp is reportedly used by 68% of Russians daily, yet the Kremlin has begun preparing to ban it outright. Following Meta’s 2022 designation as an “extremist organization,” officials now claim WhatsApp represents a “national security threat.”

Russian lawmakers have also passed legislation allowing up to $63 fines for seeking out “extremist” content online—a term so broadly defined it encompasses not just banned apps like Facebook and Instagram, but also independent journalists and opposition groups.

Geopolitical Undercurrents and Tech Nationalism

Putin’s directive is part of a larger crackdown on Western platforms following Russia’s invasion of Ukraine. Facebook, Instagram, and Viber are already banned. YouTube’s reach in Russia has plummeted, reportedly due to intentional bandwidth throttling by state telecoms—daily users dropped from 40 million to under 10 million in a year.

Now, even Telegram, ironically developed by Russian-born entrepreneurs, is facing increased pressure. Despite its popularity and reputation for encrypted chats, Telegram is reportedly under review by Russian authorities to ensure compliance with new data localization and surveillance laws.

Why It Matters to the World

This isn’t just a domestic power play. MAX may be a blueprint for authoritarian tech strategies globally—where state-controlled apps replace private-sector platforms under the guise of sovereignty, but in reality enable unprecedented surveillance.

For organizations operating internationally—especially in adversarial regions—this development signals a new era of risk. Messaging platforms that seem benign could quickly become vectors for espionage, corporate surveillance, or even data hostage scenarios.

TL;DR: Russia’s new state-run chat app MAX grants authorities full access to user devices and will soon replace WhatsApp for all government communications. Critics warn it’s spyware disguised as infrastructure.

Technology

Cybersecurity

News

Tips

Networks Breached, Trust Obliterated

July 17, 2025

•

20 min read

Networks Breached, Trust Obliterated

‘All U.S. Forces Must Now Assume Their Networks Are Compromised’

Cybersecurity experts are sounding the alarm after Chinese-linked espionage group Salt Typhoon quietly infiltrated a U.S. National Guard network—laying low for nearly a year and exfiltrating sensitive data that could compromise national infrastructure.

A Silent Breach, a Loud Wake-Up Call

According to a declassified Department of Defense report—released after a FOIA request—the breach began in March 2024 and went undetected until December. In that time, Salt Typhoon reportedly accessed:

Network diagrams and admin credentials
Configuration files from critical infrastructure providers
Files tied to 70 government and infrastructure entities across 12 sectors

This includes sectors like energy, communications, wastewater, and transportation, raising red flags about follow-on attacks and cascading consequences.

The breach was so extensive that DoD officials warned all U.S. military forces to operate under the assumption their networks are compromised.

The Next Phase of Cyber Warfare Is Already Here

Salt Typhoon has already been linked to cyber intrusions at AT&T, Verizon, and even to intercepted conversations between top U.S. political officials. Their strategy is chilling: steal network configs, map targets, then breach them with surgical precision.

“This isn’t hypothetical,” said Gary Barlet, former CIO for the Air Force Ground Networks. “This is an active lateral threat with the capability to leap across systems and units. Breach containment is no longer optional—it’s a matter of national defense.”

What SMBs Must Learn from This

If elite U.S. military systems can be compromised, small and mid-sized businesses are even more vulnerable. Here’s what SMBs can do now to harden their defenses:

Embrace Zero Trust

Never trust, always verify. Enforce strict access controls, segment networks, and require identity verification at every access point.

Monitor for Lateral Movement

Use endpoint detection and response (EDR) solutions to catch attackers trying to move from one system to another inside your network.

Regularly Audit Config Files and Admin Credentials

Most attackers exploit misconfigured systems and exposed credentials. Conduct quarterly reviews, and rotate credentials routinely.

Prepare for Breach Containment

Assume compromise. Invest in containment solutions that limit blast radius if a breach occurs—like software-defined segmentation.

Train Your Teams

Employees are the first line of defense. Run phishing simulations, require cybersecurity training, and create a culture of caution.

The Bottom Line

Salt Typhoon didn’t just breach a single system—they exposed the fragility of an entire digital ecosystem. Their infiltration shows how vulnerable even hardened networks can be. For SMBs, the takeaway is clear:

You may not be a target because of who you are—but because of who you connect to.

70% of all cyber attacks target small businesses. I can help protect yours.

#cybersecurity #zerotrust #nationstates #SMBsecurity #databreach

Cybersecurity

Tips

Must-Read

AI Chatbots Are Luring Victims to Fake Bank Sites

July 16, 2025

•

20 min read

AI Chatbots Are Luring Victims to Fake Bank Sites

Hackers are exploiting AI to run smarter phishing scams—and you might already be a target.

What’s Happening?

AI chatbots are becoming the go-to method for online search, offering direct answers instead of endless links. But that convenience comes at a cost: many chatbot responses are wrong—and now hackers are exploiting those mistakes to launch phishing attacks.

When users ask AI tools like GPT-powered search engines where to log in to banking or tech services, they often return incorrect or unclaimed URLs. Hackers are purchasing those domains and setting up lookalike websites to steal credentials and personal data.

Real-World Example: Wells Fargo Phishing via AI

One user asked Perplexity AI for the Wells Fargo login. The top link? A fake phishing site hosted on Google Sites—designed to mimic the real thing. Though the actual site was listed further down, the damage was done. Users trust AI. And hackers know it.

Why Smaller Institutions Are More at Risk

Community banks, credit unions, and niche tech companies may not appear in AI training data. That leads chatbots to “hallucinate” plausible-sounding login pages—giving hackers an easy template to hijack trust and redirect users to fake login portals.

7 Ways to Stay Safe From AI-Generated Phishing

Never trust links from chatbots
Always manually enter URLs or use trusted bookmarks.
Scrutinize domain names
Look for misspellings or odd endings like .site, .info, or extra hyphens.
Enable 2FA
Use app-based authentication instead of SMS for stronger protection.
Avoid logging in via search or AI tools
Search engines and AI may show phishing sites—stick to direct URLs.
Report suspicious links
Most AI platforms accept feedback. Flag dangerous links to prevent future attacks.
Use modern browsers and antivirus
Enable browser protections and install strong antivirus tools across your devices.
Rely on a password manager
They won’t auto-fill on phishing sites and help detect lookalikes.

Final Thoughts

Hackers are no longer just gaming Google. They’re targeting AI itself—crafting attacks that exploit hallucinated content and user trust. Don’t treat AI-generated answers as gospel. Double-check everything.

70% of all cyber attacks target small businesses. I can help protect yours.

#AIsecurity #PhishingPrevention #ChatGPT #CyberAwareness #SMBsecurity

Technology

Cybersecurity

News

A dangerous insider turned cybercriminal is facing 20 years in prison after hacking into America’s largest telcos

July 16, 2025

•

20 min read

Hack, Extort, Repeat

Ex-U.S. soldier pleads guilty to breaching AT&T, Verizon, and 10 telecom firms

A dangerous insider turned cybercriminal is facing 20 years in prison after hacking into America’s largest telcos.

Cameron John Wagenius, a former U.S. Army soldier known online as “kiberphant0m,” pleaded guilty to a series of cybercrimes that compromised major telecoms and attempted extortion schemes targeting private companies.

The Department of Justice confirmed Tuesday that Wagenius orchestrated a coordinated brute-force campaign to steal login credentials from at least 10 victim companies, which he then sold or used to commit further fraud, including SIM-swapping attacks.

But it didn’t stop there.

BreachForums, Telegram, and Stolen Records

Wagenius and his associates used Telegram group chats to traffic credentials and plan attacks. They then threatened victims with public leaks—sometimes extorting them in full view of cybercriminal forums like BreachForums.

One particularly damaging breach involved AT&T and Verizon, where Wagenius obtained a large trove of call metadata and customer records, which he used and redistributed to other bad actors.

In some cases, the data was monetized directly. In others, it was weaponized in SIM-swap fraud, allowing attackers to hijack phone numbers and bypass 2FA to steal accounts and cryptocurrency.

The Snowflake Connection

The DOJ also linked Wagenius to earlier breaches tied to Snowflake, a major cloud computing firm that’s been under fire for lax security configurations exploited by threat actors.

The extent of the damage caused by Wagenius’s breaches is still under investigation, but authorities confirmed his actions endangered millions of customer records, and exposed telecom infrastructure to further risk.

Sentencing Looms

Wagenius is scheduled for sentencing on October 6, 2025, and faces up to 20 years in federal prison.

🔒 How SMBs Can Protect Against Insider Threats

Insider threats — whether malicious or accidental — are one of the most dangerous and overlooked risks in cybersecurity. Here’s how SMBs can take action:

Implement Role-Based Access Controls (RBAC): Limit access to sensitive data based on job function. Only give employees what they need — and nothing more.
Use Privileged Access Management (PAM): Track and audit what admins and power users are doing. Consider session recording for high-risk accounts.
Deploy Endpoint Monitoring Tools: Invest in behavioral monitoring to detect unusual file access, data exfiltration, or login anomalies in real time.
Enable MFA Everywhere: Enforce multi-factor authentication on all accounts, especially those with admin or financial access — and avoid SMS-based 2FA where possible.
Educate Employees Regularly: Provide security awareness training, especially about phishing, social engineering, and data handling protocols.
Conduct Regular Offboarding Reviews: Immediately revoke all access when employees leave. Conduct periodic reviews of account privileges and dormant users.
Create an Anonymous Whistleblower Channel: Encourage reporting of suspicious activity with a safe, internal escalation process.

70% of all cyber attacks target small businesses. I can help protect yours.

====================================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

#InsiderThreats #Cybersecurity #SmallBusinessSecurity #MFA #PrivilegedAccessManagement

Must-Read

Travel

Technology

News

Hertz is using AI to turn minor scuffs into major revenue

July 16, 2025

•

20 min read

Billed by a Bot: The Rental Car AI That Sees Too Much

Hertz is using AI to turn minor scuffs into major revenue—and your wallet is the target.

When AI replaces humans in customer service, the pitch is always the same: speed, fairness, and efficiency. But when Hertz rolled out its new AI-powered vehicle inspection system, what customers got instead was stress, surprise charges, and a whole new reason to dread returning a rental.

Welcome to the age of automated upcharges.

At major U.S. airports—starting in Atlanta and expanding to 100 locations—Hertz has installed AI inspection tunnels that scan your vehicle as you return it. These digital eyes don’t just check for damage—they find everything: tiny scrapes, undercarriage scuffs, barely visible windshield cracks, even uneven tire wear.

From Missed to Monetized

Before AI, only 0.6% of rentals resulted in damage charges. Now, Hertz claims fewer than 3% of AI-scanned vehicles show billable damage. But here’s the catch: that’s 5x more charges than before.

We’re seeing things like:

$440 for a 1-inch scuff on a wheel
Fees broken down into “processing” and “admin” charges
No actual repairs being done in many cases

This isn’t about improving service—it’s a revenue machine.

Your New Rental Reality

Customers report:

Being asked to pay immediately to avoid higher charges
Delayed responses to disputes—until the discount window expires
AI flagging damage that was already there or simply not real

At high-turnover airport lots, the old rule was simple: get the car ready for the next customer. Minor scrapes? Ignored. Now? They’re monetized.

The Death of Trust in Premium Rentals

The premium value of big brands like Hertz was convenience and peace of mind. You paid more to skip lines and avoid the nickel-and-dime tactics of budget agencies.

That’s over.

With AI inspecting every inch and billing for what used to be “normal wear and tear,” the implicit “don’t sweat the small stuff” agreement is gone. Same price. Less protection. And every customer becomes a liability.

What This Means for Renters

Take photos. Take video. Document everything.

Don’t assume reputation equals protection.

And don’t be surprised if other rental companies follow Hertz’s lead.

Because once AI sees a scratch, it never forgets—and neither will your credit card statement.

70% of all cyber attacks target small businesses, I can help protect yours.

Must-Read

Technology

Cybersecurity

News

Science

This wasn’t just a hack. It was a tactical digital decapitation

July 16, 2025

•

20 min read

Locked, Wiped, Humiliated

Ukraine’s cyber warriors just dealt a crushing blow to Russia’s drone program—47 terabytes erased, systems down, factory doors locked.

The Cyber Strike Heard Across the Kremlin

In a bold and precise cyberattack, Ukraine’s Defense Intelligence Directorate (HUR), along with the Ukrainian Cyber Alliance and the notorious “BO Team” hacker group, infiltrated the network of Haskar Integration—Russia’s top drone supplier.

The result:

47TB of technical data deleted
10TB of backups destroyed
Factory access sealed shut
Production, internet, and accounting systems paralyzed

Even the facility’s physical operations were disrupted. Workers had to flee through emergency exits when automated locks sealed the doors shut.

More Than Data: Strategic Disarmament

Among the stolen files were:

Confidential employee records
Full technical blueprints for drone manufacturing

HUR has since transferred the intelligence to Ukraine’s defense sector—potentially turning Russia’s own technology against them.

The New Front Line: Code and Command

This wasn’t just a hack. It was a tactical digital decapitation. And it’s part of a larger pattern.

Ukraine’s cyber units, now a critical pillar of wartime operations, have been:

Targeting Russian military infrastructure
Crippling supply chains
Hitting logistics and intelligence systems from the inside out

With the Haskar breach, Ukraine just set a new bar for offensive cyber warfare.

No Sirens. No Smoke. Just Silence.

This is what 21st-century sabotage looks like:

No bomb craters. No screaming headlines.

Just silence, confusion, and lost control.

Russia’s drone program didn’t explode.

It vanished.

70% of all cyber attacks target small businesses. I can help protect yours.

Technology

Cybersecurity

Travel

Robots Now Decide If You Deserve a Suite

July 15, 2025

•

20 min read

Robots Now Decide If You Deserve a Suite

The hospitality industry is trading charm for code. Starting today, Marriott’s artificial intelligence takes over room upgrade decisions—and elite status might not be enough.

The Big Shift

Marriott officially launched its Automated Complimentary Upgrade (ACU) system, turning over the once-human job of assigning room upgrades to an AI algorithm. Previously, a hotel’s room controller would manually review a list of elite members and hand out upgrades based on loyalty, availability, and sometimes—let’s be honest—a good attitude at check-in.

Now? The algorithm runs the list, and the room controller simply signs off.

Here’s How It Works

According to Marriott’s internal training platform, the AI:

Checks elite reservations against the Elite Upgrades Inventory (not full room inventory).
Assigns upgrades automatically based on rank and availability.
Only considers rooms hotels mark as “available for upgrade”—which is usually not the best suite in the house.

Hotels can still:

Decide which rooms count as upgradeable.
Keep premium rooms for cash-paying guests only.
Avoid preparing suites unless someone pays for them.

What This Means for You

Let’s be blunt: AI won’t be doing you any favors.

If you rely on charm, loyalty, or asking nicely at check-in—too bad.
The system runs quietly, with no option to plead your case.
You may receive a pre-check-in email telling you about an upgrade… or not.

Also troubling: Marriott quietly removed its long-standing promise to offer “the best available room including suites” for elite members. That suite you thought you earned? It might be kept off-limits to boost revenue.

Why It Matters

For hotels: It saves time and cuts staffing costs.
For guests: It removes flexibility, nuance, and human generosity from the process.
For elite members: It could mean fewer upgrades, not more.

Final Thought

If this change really benefited loyal guests, Marriott would be shouting it from the rooftops. Instead, they rolled it out quietly and buried it in training portals.

In the age of AI, even your upgrade depends on data—not delight.