A Review of the Best News of the Week on Identity Management & Web Fraud

T-Mobile Sued Over Theft of Customer’s Cryptocurrency (PCMag, Feb 06 2018)
Hackers tricked T-Mobile customer service into transferring a man’s account to AT&T, and then drained his cryptocurrency account of about $50,000.

U.S. Announces Takedown of Global Cyber Theft Ring (SecurityWeek, Feb 07 2018)
The US Justice Department announced indictments Wednesday for 36 people accused of running a transnational ring stealing and selling credit card and personal identity data, causing $530 million in losses.

Microsoft, IBM Facial Analyses Struggle With Race and Gender (Wired, Feb 06 2018)
Study finds that facial-recognition services from Microsoft and IBM are significantly more accurate for men than women and for whites than blacks, adding to concerns about bias in artificial intelligence.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

How Long is Long Enough? Minimum Password Lengths by the World’s Top Sites (Troy Hunt, Feb 06 2018)
“So, rather than projecting my own views on minimum password length, I thought I’d go and check what the world’s top sites are doing. Here’s 15 of the biggest with a summary and some further commentary…”

Uber data breach aided by lack of multi-factor authentication (Naked Security – Sophos, Feb 08 2018)
How to bolt a stable door when the horse is already miles down the road…

Scammers Are Stealing Bitcoin on Twitter With a Classic Scheme (Wired, Feb 07 2018)
A new twist on the classic Nigerian Prince scheme has jumped from gaming communities to Twitter. And now it’s spreading.

Machine Learning Techniques for Fraud Analytics, Part 1 (ThreatMetrix, Feb 07 2018)
“There are many different machine learning techniques with advantages, disadvantages, and varying degrees of complexity. Let’s examine this from a modus operandi perspective to pick the right tools for the right job.”

Scammers steal nearly $1 million from Bee Token ICO would-be investors (Help Net Security, Feb 02 2018)
Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) were tricked into sending the money to scammers instead.

California says no, you can’t cover your license plate (Naked Security – Sophos, Feb 02 2018)
The now-rejected SB-712 bill was meant to protect location data privacy from the spying electronic eyes of automated license plate readers

Cloud computing chaos is driving identity management changes (CSO Online, Feb 02 2018)
Cloud and mobility are exacerbating problems in an already-fragile IAM infrastructure. This will drive changes to areas such as single sign-on, multi-factor authentication, IAM centralization, and skills.

Mixpanel analytics accidentally slurped up passwords (TechCrunch, Feb 05 2018)
The passwords of some people using sites monitored by popular analytics provider Mixpanel were mistakenly pulled into its software.

OAuth 2.0: The Complete Guide (Auth0 Blog, Feb 07 2018)
Describing OAuth 2.0 for the masses, demystifying the technology behind this common authorization technique

Identity Fraud Hits All-Time High in 2017 (Dark Reading, Feb 06 2018)
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.

Realistic, well-positioned Reddit clone is out to grab users’ login credentials (Help Net Security, Feb 06 2018)
“They’ve put in the time and effort to create a remarkably realistic website that even shows a secure SSL certificate in your browser window. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks…”

Advancing the Usability of PKIs (Infosec Island, Feb 06 2018)
If your organization is going to rely on PKI, it’s important to also leverage the benefits that automation can provide.

Rapid7 Previews InsightPhish for Phishing Email Security (eWEEK, Feb 07 2018)
The new service brings phishing simulation, analysis and defense to security operations teams.

Identity fraud enters a new era of complexity (Help Net Security, Feb 07 2018)
The number of identity fraud victims increased by eight percent (rising to 16.7 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003.

Credential phishing kits target victims differently depending on location (Help Net Security, Feb 08 2018)
In a recent case uncovered by PhishMe Intelligence, a phishing kit was crafted to target residents of specific regions using either TrickBot or Locky. Instead of determining what malware to deploy, this kit determined what personal information to collect from its victims.

Zero Trust Security for the New Australian Data Breach Law (Centrify, Feb 07 2018)
Many Australian businesses need to rethink their approach to security to prepare for their nation’s new mandatory data breach notification law which take effect this month.

Identity and the smart city (CSO Online, Feb 06 2018)
The smart city needs smart identity. It will be the power station behind how the city operates. We need to start building those smart identifiers now with smart use cases in mind. We can no longer create static, hard-coded architectures for our IAM infrastructure.