A Review of the Best News of the Week on Identity Management & Web Fraud
Stripe debuts anti-fraud AI tools, halted $4B in fraud (TechCrunch, Apr 18 2018)
Stripe is announcing Radar for Fraud Teams, an expansion of its free AI-based Radar service that runs alongside Stripe’s core payments API to help identify and block fraudulent transactions.
From NSTIC to improved federal identity, credential and access management (CSO Online, Apr 13 2018)
OMB’s ICAM policy change leverages NIST’s Digital Identity Guidelines permitting the use of non-PIV, AAL 3 credentials for logical access, and tasks agencies to accept federated credentials for consumers conducting transactions online.
Discover How Access Management Helps You Comply With GDPR (Gemalto, Apr 12 2018)
To address specific use cases, policies can be set up so that only authorized personnel can access personal data belonging to EU citizens, elevating assurance with multi-factor authentication after a single sign-on session is launched for the appropriate user groups, resources and applications.
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
BigID is this year’s most innovative startup at RSA Conference (Help Net Security, Apr 17 2018)
Based in New York and Tel Aviv, BigID uses advanced machine learning and identity intelligence to help enterprises better protect their customer and employee data at petabyte scale. Using BigID, enterprises can better safeguard and assure the privacy of their most sensitive data, reducing breach risk and enabling compliance with emerging data protection regulations like the EU GDPR.
Deleted Facebook Cybercrime Groups Had 300,000 Members (Krebs on Security, Apr 16 2018)
Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network’s platform.
WhatsApp image showing drug dealer’s fingerprints leads to arrest (Naked Security – Sophos, Apr 17 2018)
Enhanced social media images of the man’s fingers led to the takedown of 11 members of a drug ring and his sentencing.
Researchers develop algorithm to detect fake users on social networks (Help Net Security, Apr 17 2018)
Ben-Gurion University of the Negev and University of Washington researchers have developed a new generic method to detect fake accounts on most types of social networks, including Facebook and Twitter.
48 Million Detailed Psychometric Records on Individuals Leaked (Infosecurity Magazine, Apr 18 2018)
The data consists of Cambridge Analytica-style profile information from tens of millions of people, scraped from multiple sources.
Online Financial Fraud Doesn’t Have an Age Bias (ThreatMetrix, Apr 13 2018)
Who’s more likely to fall victim to online financial fraud – a millennial or a senior?
Facial Recognition Spots Criminal in Crowd of 60,000 (PCMag, Apr 13 2018)
In China, there’s nowhere to hide from the combo of cameras, facial recognition, AI, and all-knowing database.
Gmail’s new ‘Confidential Mode’ won’t be completely private (Naked Security – Sophos, Apr 17 2018)
Have you ever wished it were possible to delete an email from a recipient’s inbox days, weeks or months after it was sent? If so and you’re a Gmail or G Suite user, it looks as if Google might be about to enable this kind of ‘self-destructing’ email feature on its platform.
Ikea’s TaskRabbit investigating cybersecurity incident (SC Magazine, Apr 17 2018)
Ikea’s freelance labor marketplace Task Rabbit temporarily shut down its app and website amid an investigation of a “cyber-security incident.”
Oblivious DNS (Schneier on Security, Apr 18 2018)
Oblivious DNS (ODNS), which is a new design of the DNS ecosystem that allows current DNS servers to remain unchanged and increases privacy for data in motion and at rest.
Few RSA Conference Exhibitors Implemented DMARC (SecurityWeek, Apr 18 2018)
A vast majority of the companies present this week at the 2018 RSA Conference in San Francisco have not implemented the DMARC email authentication system on their domains, opening the door to fraudulent and fake emails.
Lifting a Fingerprint from a Photo (Schneier on Security, Apr 19 2018)
Police in the UK were able to read a fingerprint from a photo of a hand.
Facebook shines a little light on ‘shadow profiles’ (Naked Security – Sophos, Apr 13 2018)
Shadow… what now?
Facebook: 3 reasons we’re tracking non-users (Naked Security – Sophos, Apr 18 2018)
It’s just how the internet works, Facebook said.
Email hoaxes and phishing scams prey off of school violence fears (SC Magazine, Apr 13 2018)
A Swiss hacking group has reportedly claimed credit for using a hijacked email domain to bombard schools around the U.S. with fake threats of violence. Meanwhile, a credentials phishing campaign is also stoking school shooting fears by impersonating a campus security alert.
UK ID Fraud Hits an All-Time High (Infosecurity Magazine, Apr 18 2018)
Cifas reveals scammers now targeting online retail, telecoms and insurance
40% of all account access attempts are high-risk, says NuData Security (NuData Security, Apr 18 2018)
Looking at the billions of events monitored by NuData Security, 40% were flagged as high-risk. Half of all login attempts deemed high risk compared to 15% in 2016, and account takeovers increased ten-fold in 2017.