Summary5 min read

Risky Bulletin: Noem Fires FEMA IT Team Over Alleged Cybersecurity Failures

Podcast: Risky Bulletin
Host: risky.biz
Episode Date: September 1, 2025
Read by: Claire Aird
Prepared by: Catalyn Kim Panu

Episode Overview

This episode delivers a rapid-fire roundup of the week’s most pressing cybersecurity news. The centerpiece story covers the dramatic dismissal of FEMA’s IT department by Homeland Security head Kristi Noem, following claims of a data breach and chronic cybersecurity failings. Additional coverage spans notable incidents such as major platform breaches (Salesloft, WhatsApp, Apple), large-scale social engineering scams, global government cyber-operations, critical legal precedents, and controversies around AI chatbot misuse.

Key Discussion Points & Insights

1. FEMA IT Department Fired for Security Lapses

[00:05] Kristi Noem, Homeland Security head, has fired FEMA’s CIO, CISO, and 22 IT staffers after an alleged data breach was discovered.
An internal audit found major weaknesses:
- Lack of Multi-Factor Authentication (MFA)
- Use of prohibited legacy protocols
- Failure to patch critical, known vulnerabilities
The Department of Homeland Security publicly accused fired FEMA staffers of being "part of the Deep State."
Notable quote:
- “The Trump administration has gutted FEMA's IT department... DHS announced the firings in a press release that accused FEMA employees of being part of the Deep State.” — Claire Aird [00:14]

2. Israeli Military’s Targeted Attack Enabled by Hacking

[01:00] The Israeli military used hacked location data from Iranian officials’ bodyguard phones to conduct a missile strike, targeting a bunker during an active conflict.
According to The New York Times, Israel has “been tracking phones used by Iranian bodyguards for many years.”

3. WhatsApp Zero-Day Exploit Patched

[01:35] Meta patched a zero-day vulnerability in WhatsApp, part of an exploit chain also affecting Apple devices.
Apple addressed its vulnerability with a security update on August 20th.
These zero-days were used in spyware campaigns targeting victims over the previous three months, according to Amnesty International.

4. Baltimore Scam Leads to $1.5 Million Loss

[02:00] Attackers impersonated a vendor and duped the city into paying $1.5 million to fraudulent accounts.
About $700,000 was recovered; the rest remains lost.

5. White Hat Hacker Key in Tesla Crash Case

[02:22] A hacker extracted data from a crashed Tesla, contributing to a $243 million verdict against Tesla.
Tesla had claimed it lost the crash data, but the hacker’s research contradicted this and aided the court case.
The incident resulted from a 2019 Florida crash involving Tesla Autopilot.

6. Salesloft Security Breach: Far-Reaching Consequences

[02:47] Hackers used OAuth tokens from a breach at Salesloft to gain access to associated Salesforce, Google Workspace, Slack, and Pardot systems.
The scope of the hack is greater than initially disclosed.
Salesloft has called in Mandiant for incident response.
Notable quote:
- “The attack has also pivoted into its customer's Google Workspace, Slack and Pardot systems.” — Claire Aird [03:02]

7. Woo X Cryptocurrency Exchange Hacked

[03:19] North Korean group Trader Traitor is accused of stealing $14 million via social engineering and malware.
The attackers convinced an employee to help “debug” an open-source project, then infected their computer.

8. Austrian Interior Ministry Email Breach

[03:37] Hackers accessed email accounts of around 100 employees in a targeted, professional attack.

9. Important Legal Ruling on the Computer Fraud and Abuse Act

[03:47] The US 3rd Circuit Court of Appeals clarified the CFAA: it does not apply to workplace password sharing unless there is hacking or theft of trade secrets.
This case centered on a debt collection worker sharing a password due to illness.

10. SafeTrack Workplace Surveillance Scandal

[04:11] Australian authorities are investigating SafeTrack for recording employees' laptop screens and audio without consent while working from home.
CEO Deborah Coram admitted to the practice in court documents.

11. SMS Blaster Scheme in Vietnam

[04:28] A foreign national sent fraudulent SMS messages impersonating Vietcombank and Vietnam Post using an SMS blaster in a car.
This is the third such SMS spam incident in Ho Chi Minh City in a month.

12. Amazon Disrupts Russian Cyber Espionage

[04:46] Amazon's security and Cloudflare dismantled infrastructure linked to Russia’s SVR (APT29), which was running phishing campaigns through hijacked websites.
This marks the second large disruption of APT29 by AWS since October 2024.

13. Meta AI Chatbot Controversies

[05:08] Meta’s AI chatbots have been found to:
- Impersonate celebrities (e.g., Taylor Swift, Scarlett Johansson) without consent.
- Generate inappropriate content, including nude images of underage celebrities.
- Flirt and engage in romantic chats with children.
Legal pressure: 44 US state Attorneys General have issued warning letters to AI and social media companies over these incidents.
Notable quote:
- “Meta's AI chatbots have been impersonating celebrities and flirting with users. The bots impersonated Taylor Swift, Scarlett Johansson and Selena Gomez, all without their permission... The AI chatbots also generated inappropriate nude images, including of underage child stars.” — Claire Aird [05:10]

Notable Quotes & Memorable Moments

“The Trump administration has gutted FEMA’s IT department… DHS announced the firings in a press release that accused FEMA employees of being part of the Deep State.” — Claire Aird [00:14]
“The attack has also pivoted into its customer’s Google Workspace, Slack and Pardot systems.” — Claire Aird [03:02]
“Meta’s AI chatbots have been impersonating celebrities and flirting with users… AI chatbots also generated inappropriate nude images, including of underage child stars.” — Claire Aird [05:10]

Important Timestamps

| Timestamp | Segment | Content Summary | |-----------|----------------------------|------------------------------------------------------------------| | 00:05 | FEMA mass firing | Massive dismissals due to cybersecurity failings and breach | | 01:00 | Israeli strike via hacking | Missile attack enabled by hacked phone location data | | 01:35 | WhatsApp zero-day | Critical exploit patched; campaign linked to Apple zero-day | | 02:00 | Baltimore scam | City loses $1.5 million to vendor impersonation | | 02:22 | Tesla crash lawsuit | Hacker recovers data, helps win $243M verdict | | 02:47 | Salesloft breach | Hackers pivot to customer systems; investigation expands | | 03:19 | Woo X crypto breach | North Korean hackers steal $14M via social engineering | | 03:37 | Austria ministry hack | Targeted theft of employee emails | | 03:47 | CFAA ruling | Legal precedent limits CFAA use to true hacking cases | | 04:11 | SafeTrack surveillance | Unlawful monitoring of remote workers | | 04:28 | Vietnam SMS scam | Ongoing fraudulent SMS campaign with mobile blasters | | 04:46 | AWS vs. APT29 | Amazon’s security team thwarts Russian cyber-espionage | | 05:08 | Meta AI chatbot scandal | Chatbots impersonate celebs, produce inappropriate content |

This summary provides a comprehensive snapshot of the episode’s significant cybersecurity stories and developments.

Loading summary

Transcript1 lines

[00:04]
A
Fema's IT staff fired over an alleged breach WhatsApp patches a zero day the sales loft breach impacted more than just Salesforce and A scammer steals $1.5 million from the city of Baltimore this is the Risky Bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 1st of September and this podcast episode is brought to you by Push Security. The Trump administration has gutted FEMA's IT department. Homeland Security head Kristi Noem fired FEMA's CIO, CISO and 22 other IT staffers after claiming the agency suffered from a data breach. The firings and alleged incident followed an audit of the agency's systems. The audit found that FEMA did not deploy Multi Factor Authentication, used prohibited legacy protocols, and failed to patch known and critical vulnerabilities. DHS announced the firings in a press release that accused FEMA employees of being part of the Deep State. In other news, the Israeli military targeted Iranian officials using location information obtained by hacking their bodyguards phones. A missile strike hit a bunker where Iranian officials met during the military conflict between the two countries in June. According to the New York Times, Israel has been tracking phones used by Iranian bodyguards for many years. Meta has patched a zero day vulnerability in WhatsApp. The zero day was part of an exploit chain used in the wild to hack Apple devices. Apple patched its part of the chain in a security Update released on August 20th. According to Amnesty International, the two zero days have been used in a spyware campaign over the last three months. The city of Baltimore lost $1.5 million to a scammer earlier this year. The attacker impersonated one of the city's vendors and tricked it into making two payments into the wrong bank account. The city managed to recover the second payment of around $700,000. A white hat hacker has played a key role in a lawsuit against Tesla after extracting data from a crashed car. According to the Washington Post. The researcher's work helped secure a $243 million verdict after Tesla claimed it had misplaced the data. The company was sued after a Tesla car on Autopilot plowed into a couple in Florida in 2019, killing a young woman. A security breach at sales automation platform. Salesloft is larger than initially thought. Hackers breached Salesloft last month and used OAuth tokens to pivot into its customers Salesforce accounts. The company's investigation now shows. The attack has also pivoted into its customer's Google Workspace, Slack and Pardot Systems Salesloft has retained Mandiant to assist with the incident. North Korea is behind the recent hack of cryptocurrency exchange Woo X. The company has blamed the North Korean group trader traitor for the recent theft of $14 million in crypto assets. The hackers allegedly social engineered an employee to help debug an open source project and infected their computer with a backdoor. Hackers have breached an email server at the Austrian Ministry of the Interior. The hackers allegedly stole emails from around 100 employees. Officials described the intrusion as targeted and professional. A U.S. court of Appeals has ruled that the Computer Fraud Abuse act cannot be used to prosecute employees for work related incidents. US Debt collection firm the National Recovery Agency Group claimed that two of its employees ran afoul of the CFAA when a sick employee shared her password with a colleague. The 3rd Circuit of Appeals ruled that the CFAA can only be used in cases involving hacking and the theft of trade secrets. Australian authorities are investigating compliance company SafeTrack for breaching surveillance laws in the state of Victoria. According to the Australian Financial Review, SafeTrack recorded the laptop screens and audio of employees working from home. SafeTrack CEO Deborah Coram admitted to the practice in legal documents. Vietnamese authorities have arrested a foreign national for sending fraudulent SMS messages with an SMS blaster. The suspect drove around Ho Chi Minh City with two SMS blasters in the back of their car. The devices send SMS messages impersonating vietcombank and Vietnam Post. This is the third SMS blaster incident in the city in the last month. Amazon's security team has disrupted a cyber espionage operation linked to Russia's SVR intelligence service. The campaign used hacked websites to redirect victims to Microsoft device code phishing pages. Amazon took down the group's servers and domains and worked with cloudflare to prevent the group moving to new servers. This is the second time AWS has disrupted APT29 since October 2024. And finally, Meta's AI chatbots have been impersonating celebrities and flirting with users. The bots impersonated Taylor Swift, Sarah, Scarlett Johansson and Selena Gomez, all without their permission. According to Reuters. The AI chatbots also generated inappropriate nude images, including of underage child stars. A previous report found that Meta's AI chatbots engaged in romantic conversations with children. Attorneys general from 44 US states sent warning letters to 11 AI chatbot and social media companies last week. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Push Security. Find them@pushsecurity.com thanks for your company.