A Review of the Best News of the Week on Identity Management & Web Fraud

The 600+ Companies PayPal Shares Your Data With (Schneier on Security, Mar 14 2018)
One of the effects of GDPR — the new EU General Data Protection Regulation — is that we’re all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with.

Nearly 90% of Firms Will Use Biometrics by 2020 (Infosecurity Magazine, Mar 13 2018)
The vast majority of organizations will use biometric authentication technology by 2020, but concerns over vendor transparency persist, according to Spiceworks.

Checked Your Credit Since the Equifax Hack? (Krebs on Security, Mar 11 2018)
A recent consumer survey suggests that half of all Americans still haven’t checked their credit report since the Equifax breach last year exposed the Social Security numbers, dates of birth, addresses and other personal information on nearly 150 million people. If you’re in that fifty percent, please make an effort to remedy that soon.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Twitter to Open Verification to Everyone…Eventually (PCMag.com, Mar 10 2018)
In November, Twitter suspended handing out new badges after a white supremacist received one, but ‘the intention is to open verification to everyone,’ CEO Jack Dorsey says.

Behavioral Biometrics Firm BioCatch Raises $30 Million (SecurityWeek, Mar 12 2018)
New York and Tel Aviv-based behavioral biometric authentication firm BioCatch has raised $30 million in new growth financing led by Maverick Ventures, and including American Express Ventures, NexStar Partners, Kreos Capital, CreditEase, OurCrowd, JANVEST Capital and other existing investors.

Firefox turns out the lights on two privacy-sucking features (Naked Security – Sophos, Mar 13 2018)
Did you know that the websites you browse can ask your phone how far away your face is from the screen, and that they can determine the ambient light levels of the room you’re in?

YouTube conspiracy videos to get links to Wikipedia and other sources (Naked Security – Sophos, Mar 15 2018)
YouTube is planning to slap excerpts from Wikipedia and other websites onto pages containing videos about hoaxes and conspiracy theories, such as the ones relating to moon landings.

With Spoofed Calls on the Rise, FCC Seeks New ID Authentication Program (Phishlabs, Mar 15 2018)
“This technology allows for authenticating caller ID information and for that information to be transmitted to carriers along the call path. While several voice providers have already begun testing these protocols, the technology is still currently in development,” stated Eduard Bartholme, Chairperson FCC Consumer Advisory Committee

One in five healthcare employees willing to sell patient data, study finds (WeLiveSecurity, Mar 09 2018)
Almost one in five (18%) employees in the healthcare industry in the United States and Canada said that they would be willing to give access to confidential medical data about patients to an unauthorized outsider for financial gain, a survey for Accenture has revealed.

Weighing Privacy vs. Security for the Internet’s Address Book (Wired, Mar 13 2018)
European Union privacy rules may prompt removal of personal information from Whois lookups.

Europe’s privacy mega-fines raise cybersecurity stakes (Austrailian Financial Review, Mar 13 2018)
Start-ups are not exempt from Europe’s looming data protection legislation, set to punish lax cybersecurity with fines up to $31 million or 4 per cent of turnover.

TypingDNA launches Chrome extension that verifies your identity based on typing (TechCrunch, Mar 14 2018)
The startup, which is part of the current class at Techstars NYC, is pitching this as an alternative to two-factor authentication — namely, the security feature that sends unique codes to a separate device (usually your phone) to make sure someone else isn’t logging in with your password.

Fraud Protection for Government Agencies (ThreatMetrix, Mar 13 2018)
We know from digital identity deployments that 95 percent of online visitors can typically be identified instantly and transparently the moment they attempt to transact. Among those, typically 92 percent are recognized as legitimate users, 2 percent as fraudsters and the remaining 6 percent as questionable to varying degrees. Of course, every organization is going to have their unique mix, but those statistics can be used as a basis for a business-improvement strategy fueled by digital identity.

What is – and Isn’t – a Customer Data Platform? (Gartner Blog Network, Mar 09 2018)
The CDP has piqued industry interest. In 2017, Gartner client inquiries about them quadrupled over the previous year, with marketers looking to understand what they do, what they don’t do, and whether or not they really need one.

Authentication via SMS – Has it become a thing of the past? (CA Technologies, Mar 08 2018)
The final decision about whether or not an OTP via SMS is compliant with the guidelines for two-factor authentication has been delegated to the national regulator in each EU member state.

CyberArk Buys Vaultive for Privileged Account Security Technology (Dark Reading, Mar 12 2018)
The account security firm will use Vaultive’s tech to protect privileged users at heightened risk for cyberattacks.

LinkedIn Updates Policies for GDPR Compliance (Infosecurity Magazine, Mar 12 2018)
LinkedIn has updated its terms of service and will become GDPR-compliant in May.

Thycotic Releases 2018 Global State of Privilege Access Management Risk and Compliance Report (Thycotic, Mar 13 2018)
Report Finds Nearly Three Out of Four Organizations Would Fail an Access Controls Audit, Putting Privileged Credentials at High Risk

Dangerous CredSSP flaw opens door into corporate servers (Help Net Security, Mar 13 2018)
A critical vulnerability in the Credential Security Support Provider protocol (CredSSP), introduced in Windows Vista and used in all Windows versions since then, can be exploited by MitM attackers to run code remotely on previously uninfected machines and servers in the attacked network.

Getting to know Cloud IAM (Google Cloud Platform, Mar 08 2018)
“To help you implement these controls, we’ve created a flowchart to help you navigate Cloud IAM. Whether you’re new to IAM or familiar with it and just need a gentle reminder, this flowchart can serve as a handy checklist of steps you need to follow.”