A Review of the Best News of the Week on Identity Management & Web Fraud

Can IAM solutions benefit from Blockchain? (Gemalto blog, Nov 22 2017)
Blockchain is a database where all participating systems store an identical copy of unchangeable information, which is linked to the previous one, thus forming a chain. This makes it ideal for storing and archiving data. Can Blockchain be leveraged for IAM Solutions?

FCC: robocalls can go get BLOCKED (Naked Security – Sophos, Nov 20 2017)
Many of the calls you receive are legitimately spoofed for very good reasons – when you get a call from an extension at your bank, but your caller ID shows the bank’s main number, for example, it came through a PBX, and that is a “spoofed” call. Other legal reasons to spoof a phone number include when people have legitimate reasons to hide their information: for example, it’s legal to spoof numbers of investigators working on cases, of victims of domestic abuse, or of doctors who need to discuss private medical matters.

Here’s How Much Your Identity Goes for on the Dark Web (PCMag, Nov 20 2017)
For people with high credit scores, a Social Security number, birth date, and full name can sell for $60 to $80 on the digital black market, security firm Flashpoint says.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Why BYOD Authentication Struggles to be Secure (Infosecurity Magazine, Nov 17 2017)
Over a quarter (28%) of organizations rely solely on user-generated passwords to secure BYOD, potentially exposing countless endpoints to credential guessing, cracking and theft.

Predictive Analytics: Why Is It Important? (Auth0 Blog, Nov 20 2017)
Predictive analytics is the term used to describe using data to make highly informed guesses about future outcomes. In this article, Auth0 explores the technique and see the benefits.

Confessions of a Fraud Analyst – Part 2 (Sift Science Blog, Nov 20 2017)
To succeed as a fraud analyst, you’ve got to be part Sherlock Holmes, part diplomat, and part Jedi. You’ve got to have a sharp mind and nerves of steel. When everything goes well, your company can win big. But when things go wrong…well, at least you’ll have a great story to tell!

KeePass – a password manager that’s cloud-less (but complex) (Naked Security – Sophos, Nov 17 2017)
It does all the things you’d expect a password manager to do – without the cloud.

DMARC Implementation Lags as Email Fraud Surges (Infosecurity Magazine, Nov 21 2017)
Yet just 0.5% of the top million domains have protected themselves from impersonation by DMARC email authentication.

1 in 25 Black Friday Apps Fake, Finds RiskIQ, Threatening $10.8B in Projected Black Friday Online Sales (Business Insider, Nov 20 2017)
To fool consumers into giving up their login credentials and credit card information, threat actors use the keywords, brand names, and branding of popular e-tailers alongside “Black Friday” in fake apps and landing pages promoting deals and coupons.

Identity theft concerns won’t hold back holiday shopping (Help Net Security, Nov 21 2017)
Despite concerns about identity theft and fraud, consumers don’t plan to curb their holiday shopping, according to Discover.

Enterprises must address Internet of Identities challenges (CSO Online, Nov 22 2017)
No one owns identity at many organizations and identity skills are lacking. In lieu of a solution, these issues could lead to IoT roadblocks and security vulnerabilities.

Why you don’t need an RFID-blocking wallet (CSO Online, Nov 22 2017)
RFID wallets, sleeves and clothing are security snake oil. You don’t need RFID protection because there is no RFID crime.

Your Employee’s Laptop is Stolen. Now What? (OneLogin Blog, Nov 22 2017)
When a laptop is stolen, it’s only natural to get a company’s IT department involved. But as employee identities become more complex and when sensitive data is at risk, it’s equally important to involve the human resources department as well.

Call Center Fraud Vectors & Fraudsters Defeated | Recap (Pindrop, Nov 22 2017)
Call center agents may also be characterized by a skewed understanding of the existing fraud problem, paired with a lack of training and internal resources to detect fraud attacks.

Examining Personal Protection Devices: Hardware and Firmware Research Methodology in Action (The Duo Blog, Nov 20 2017)
In a technical paper released today, Duo Labs details research into two personal protection devices based on ARM Cortex M microcontrollers. Tools and techniques are shared, and a novel bypass affecting readback protection in one microcontroller is shown.