A Review of the Best News of the Week on Identity Management & Web Fraud

Less than 1 in 10 Gmail users enable 2-factor authentication (The Register, Jan 18 2018)
It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it.

Yes, Hawaii emergency management stuck a password on a sticky note (Naked Security – Sophos, Jan 18 2018)
The worsitude comes in the flimsiest but all too familiar of forms: a yellow sticky note, spotted in an Associated Press photo from July, at the agency’s headquarters at Diamond Head, bearing a password and stuck to a computer screen.

Google’s new G Suite security center gives admins a new perspective on their organization’s security (TechCrunch, Jan 17 2018)
Google launched a new tool for G Suite admins that gives them a better view of the state of their organization’s security. The new G Suite Security Center, which is only available to G Suite Enterprise users, features two main components…a dashboard that gives admins an overview of current security metrics across services like Gmail (think incoming phishing emails), Google Drive and Mobile Management..the second main feature is a security health checkup.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Fingerprinting Digital Documents (Schneier on Security, Jan 11 2018)
In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files….

Prepare for Department Stores and Fast Food Joints to Start Scanning Your Face (Slate Magazine, Jan 12 2018)
It’s a small number of tests right now. Will it stay that way?

Gluu Business Model Update (Gluu, Jan 12 2018)
Gluu documents its business model using one of the method’s described in the book Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers.

The Risks ​of ​Privileged Access ​Management ​– and How to Protect Your Company (Okta, Jan 12 2018)
Okta outlines considerations for expanding your identity protocols to your privileged users, which will help mitigate potential threats from within the organization.

Commercial Momentum for FIDO Authentication Accelerates in Japan (FIDO Alliance, Jan 11 2018)
NTT DOCOMO now supports the protocol in its d ACCOUNT application. This implementation showcases an important enhancement to the FIDO UAF specification — support for native hardware-backed key attestation in Android 8.0. This means that all developers and service providers now have APIs for adding FIDO Authentication to native applications they build on any Android 8.0 (or later) device.

2018: Changing the “Directory” Definition (Imanami, Jan 12 2018)
While still a valid and pertinent message today, a lot of changes in the industry give us pause to consider Active Directory’s role in the larger picture, and to reflect on how the very same group lifecycle management tactics apply to a more complex definition of an organization’s directory.

Top 500 Most Common Passwords Visualized (Information is Beautiful, Jan 16 2018)
Is yours here?

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com (Krebs on Security, Jan 15 2018)
Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com.

Netflix phishing campaign goes after your login, credit card, mugshot and ID (Naked Security – Sophos, Jan 15 2018)
Netflix phishing campaign goes for login, credit card, mugshot and ID

1 in 9 Online Accounts Created in 2017 Was Fraudulent (Dark Reading, Jan 16 2018)
Account takeovers hot, stolen credit cards not.

One Identity acquires Balabit to bolster PAM solutions (Help Net Security, Jan 17 2018)
One Identity announced the acquisition of Balabit, terms of the transaction were not disclosed. Balabit’s PAM solution provides protection from threats posed by high-risk, privileged accounts, while its privileged account analytics solution provides an additional layer of protection by collecting and analyzing data from privileged sessions to help identify anomalous activity. Currently, Balabit’s session management technology is embedded into the recently announced One Identity Safeguard solutio

Twitter denies claims that it snoops on your private messages (Naked Security – Sophos, Jan 17 2018)
Twitter has pushed back against allegations that its employees “view everything” users post on their servers, including private messages

Okta teams up with ServiceNow to bring identity layer to breach containment (TechCrunch, Jan 18 2018)
It’s available in the ServiceNow app store and has been designed for customers who are using both toolsets. When a customer downloads and installs the app, it adds a layer of identity information inside the ServiceNow security operations interface, giving the operations team access to information about who specifically is involved with a security problem without having to exit their tool to find the information.

Phishing Campaign Targets U.S. Senators & Political Organizations (The Duo Blog, Jan 18 2018)
Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report.