A Review of the Best News of the Week on Identity Management & Web Fraud

India’s 1.2B citizen national database reportedly breached (SC Magazine, Jan 05 2018)
India’s national ID database containing the information of nearly 1.2 billion people was breached with cybercriminals selling access to the information for $8.

The Top 20 Most Viewed AWS IAM Documentation Pages in 2017 (AWS Security Blog, Jan 05 2018)
These 20 pages were the most viewed AWS Identity and Access Management (IAM) documentation pages in 2017.

FakeBank malware accesses sensitive SMS banking messages (SC Magazine, Jan 10 2018)
A newly discovered mobile malware program that primarily targets Russian banking customers can take over victims’ SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, and then use those codes to reset bank account passwords.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Can Digital Identity Solve the Government’s Custom Software Problem? (ThreatMetrix, Jan 08 2018)
“Nearly everywhere I looked…the business applications of the federal government were invariably (and quite alarmingly) always based on custom code,” Scott wrote. “It has been my experience that custom code is almost always the most expensive option.”

Automatic autofill of your username and password? Not a good idea (Graham Cluley, Jan 02 2018)
Is your browser’s built-in login manager leaking your username (and possibly your password too)?

Facial recognition fooling glasses could subvert TSA security (SC Magazine, Jan 08 2018)
Researchers at Carnegie Mellon University and the University of North Carolina at Chapel Hill developed a technique to fool facial recognition algorithms including those used at Airports.

API Gateway: the Microservices Superglue (Auth0 Blog, Jan 11 2018)
Express Gateway is an API Gateway that sits at the heart of any microservices architecture, securing your microservices and exposing them through APIs.

Digital Identity and The Power to Predict (ThreatMetrix, Jan 10 2018)
But today, many businesses are moving beyond customer authentication and fraud prevention technologies designed to provide a snapshot of now. Instead, they’re embracing the next-generation of digital identity and its cognitive capabilities for assessing ever-changing patterns that offer the Power to Predict.

Microsoft could soon be “password free” (Naked Security – Sophos, Jan 05 2018)
As each New Year rolls by, someone somewhere usually predicts the death of passwords as a trend for the coming months. Every year so far, they’ve been proved wrong – somehow passwords cling on despite an exhausting list of maladies, mostly to do with how easy they are to forget, steal and misuse.

Cloud IAM feature Google Identity Management (JumpCloud, Jan 10 2018)
When you look closely at the moves Google has made in the IAM space, it becomes clear what their intentions are. Google’s plans for the cloud IAM space isn’t really about selling you management tools. Their management tools are simply a means to an end. They want IT organizations to leverage Google Cloud Platform and G Suite. Ultimately, if they felt that they could do that without providing management tools, it’s likely that they would.

451 Research: Top 4 Trends in Information Security for 2018 (OneLogin, Jan 10 2018)
The desire to connect to the enterprise from any device via any network continues to become more commonplace. As a result, says Crawford, the way we perceive and define “secure access” may be changing from a network focus to an identity focus.

Implementing Single Sign-On in B2C Applications (Auth0 Blog, Jan 10 2018)
Learn how a B2C Company implemented Single Sign-On to provide seamless integration between different e-commerce portals.

4 Steps to Reduce the Risk of Shared Account Passwords (Centrify, Jan 10 2018)
There are partners, employees, contractors, customers and others who access or try to access your most valuable company assets on a daily basis. But each individual or each group represents a high risk if their privileges are not managed properly.

Privacy and metrics of testing and staging environments (CSO Online, Jan 10 2018)
Why data privacy should be respected throughout testing as well as production.

How to Leverage HR During an M&A (OneLogin, Jan 09 2018)
Unlike IT departments, HR houses the most accurate, up-to-date records for any given employee. HR, not IT, is usually the first to know when a new hire joins the company, and when someone is scheduled to depart, usually before anyone else does.

10 Cyber Fraud Predictions for 2018 (Biocatch, Jan 08 2018)
1. Blockchain hacking will intensify, 2. Cyber criminals will target financial institutions with chatbot takeover, 3. Fraudsters will employ OpenBanking API attacks, 4. Children database breaches will lead to greater synthetic identity fraud, and 5. Personal attribution will help track the digital patterns of hackers, and more…

Applying ABAC to Cloud Technologies (Axiomatics, Jan 05 2018)
This Use Case, Federal Mission: Applying ABAC to Your Cloud Migration, is tailored for government agencies, who have some of the most burdensome security requirements. By using an Attribute Based Access Control (ABAC) implementation, such as the Axiomatics Policy Server (APS), for your enterprise’s authorization, you can extend your existing cloud’s capabilities to provide dynamic and fine-grained access control.

The Current State of Consumer Security Hygiene (The Duo Blog, Jan 04 2018)
Consumers need to work on their basic security hygiene, according to a Tenable consumer survey of 2,196 U.S. adults and their personal security practices. Generally, they found that the majority are lacking in their security habits – most don’t use two-factor authentication (2FA) and some are not updating their devices in a timely manner. However, nearly all (94%) have heard news stories about security breaches in the last year.

Financial Crime and Cyber Fraud Converge in Menacing Mashup (ThreatMetrix, Jan 04 2018)
According to reports, law enforcement agencies in 26 countries partnered with 257 banks and private-sector partners to launch a global dragnet from November 20-24. In less than one week, teams uncovered nearly $37 million in illicit money transfers, resulting in 159 arrests.

Why Facebook Security Questions Are no Substitute for MFA (Dark Reading, Jan 11 2018)
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.