A Review of the Best News of the Week on Identity Management & Web Fraud

Facebook acquires biometric ID verification startup Confirm.io (TechCrunch, Jan 25 2018)
Facebook has acquired Confirm.io. The startup offered an API that let other companies quickly verify someone’s government-issued identification card, like a driver’s license, was authentic.

Oh, baby! Infants’ Social Security numbers spotted for sale on dark web (SC Magazine, Jan 23 2018)
The personal identifiable information (PII) of infants, including Social Security numbers, were spotted advertised for sale on the dark web.

Global Levels of Fraud Reached an All-Time High in 2017 (Infosecurity Magazine, Jan 22 2018)
About 84% of companies surveyed worldwide experienced a fraud incident in 2017, according to the Kroll Annual Global Fraud & Risk Report.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Hawaii Gov. couldn’t flag false missile alert on Twitter – didn’t know password (Naked Security – Sophos, Jan 24 2018)
Two words, governor: password manager.

Are YOU too smart to be scammed? (Mail Online, Jan 25 2018)
The quiz is part of the UK government-backed ‘Take Five to Spot Fraud Week’ which aims to raise awareness about the dangers crooks and fraudsters pose to our cash.

Reddit rolls out 2-factor authentication for users (Help Net Security, Jan 25 2018)
The 234 million or so unique Reddit users are finally getting the option of setting up 2-factor authentication for their account(s).

After ignoring for months, Uber fixes two-factor bypass bug after all (ZDNet, Jan 25 2018)
“There is no need for a novelty 2FA if it doesn’t actually serve a purpose.”

Facebook to give you more control over your data (Naked Security – Sophos, Jan 25 2018)
In preparation for a tough new data law coming in May to the European Union – the General Data Protection Regulation (GDPR), considered by many as the biggest overhaul of personal data privacy rules since the internet was born – Facebook plans to make it easier for users to manage their own data, Chief Operating Officer Sheryl Sandberg said on Tuesday.

7 Identity Trends That Will Dominate 2018 (Jumio, Jan 25 2018)
The reliable trait of the identity verification space is that it is ever evolving. Technology continues to be infused through daily life and with it, new security and fraud issues.

California to make it harder for your license plate to be tracked (Naked Security – Sophos, Jan 22 2018)
In other words keep data-collecting, privacy-invading license plate cameras away from our cars.

Can Biometrics Solve the Authentication Problem? (SecurityWeek, Jan 22 2018)
There is probably no physical biometric factor that has not been defeated by hackers or researchers. Which begs the question: are biometrics as a form of authentication over-hyped and unreliable? Can they possibly provide an alternative to the much denigrated password?

The $6bn Crime: 17 Million UK Consumers Hit Last Year (Infosecurity Magazine, Jan 23 2018)
Cybercrime cost 17 million UK consumers an estimated £4.6bn ($6bn) last year, according to Symantec. The vendor polled over 21,000 adults across 21 markets, including 1000 in the UK,

How to Create an AWS IAM Policy to Grant AWS Lambda Access to an Amazon DynamoDB Table (AWS Security Blog, Jan 23 2018)
How to create an AWS Identity and Access Management (IAM) policy that will be attached to an IAM role. The role is then used to grant a Lambda function access to a DynamoDB table.

Transforming secure access to take on today’s cyber threats (CSO Online, Jan 22 2018)
Last year, 81% of cyber attacks involved compromised passwords—up from 63% the previous year. How much worse can it get?