A Review of the Best News of the Week on Identity Management & Web Fraud
Why Is Your Location Data No Longer Private? (Krebs on Security, May 26 2018)
“In the wake of these consumer privacy debacles, many are left wondering who’s responsible for policing these industries? How exactly did we get to this point? What prospects are there for changes to address this national privacy crisis at the legislative and regulatory levels? These are some of the questions we’ll explore in this article.”
New analyst report: Gartner’s Market Guide for Online Fraud Detection (Sift Science, May 31 2018)
An overview of the market’s direction, from approaches that offer static data-based identification to those providing continuous risk assessment.
Signifyd Secures $100 Million Series D Funding (Signifyd, May 30 2018)
Signifyd, the world’s largest provider of guaranteed fraud protection for ecommerce businesses, today announced it has secured $100 million in a Series D round
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
European users can request a copy of the data Apple keeps on them (Help Net Security, May 25 2018)
For now, only users from the European Union, Iceland, Liechtenstein, Norway, and Switzerland will be able to download the Apple ID and iCloud data associated with their account. Users from the rest of the world will get the option in the coming months.
BackSwap malware finds innovative ways to empty bank accounts (WeLiveSecurity, May 25 2018)
Instead of using complex process injection methods to monitor browsing activity, the malware hooks key window message loop events in order to inspect values of the window objects for banking activity. Once banking activity is detected, the malware injects malicious JavaScript into the web page, either via the browser’s JavaScript console or directly into the address bar.
Detecting Lies through Mouse Movements (Schneier on Security, May 25 2018)
While truth-tellers respond automatically to unexpected questions, liars have to “build” and verify their responses. This lack of automaticity is reflected in the mouse movements used to record the responses as well as in the number of errors. Responses to unexpected questions are compared to responses to expected and control questions (i.e., questions to which a liar also must respond truthfully).
Amazon Is Selling Cheap, Real-Time Facial Recognition Technology to Cops (Motherboard, May 29 2018)
The ACLU says the technology, called ‘Rekognition,’ is dangerous and has demanded that Jeff Bezos stop selling it to governments. Amazon has advertised it to law enforcement for use on body cameras.
Your Firefox account can now be secured with 2FA (Naked Security – Sophos, May 29 2018)
Mozilla is rolling out support for two-factor (or two-step) authentication for anyone who has a Firefox account.
T-Mobile bug exposed personal customer data (SC Magazine, May 25 2018)
A glitch in T-Mobile’s employee website allowed anyone to look up customer account details.
Pwned Passwords in Practice: Real World Examples of Blocking the Worst Passwords (Troy Hunt, May 29 2018)
“That up-tick on the 17th and then the really sizeable one on the 22nd are due to a few big players making really good use of the service. I want to detail those use-cases here because I’m always getting asked by people how the service is being used. So here it is…”
Open Source Tool From FireEye Helps Detect Malicious Logins (SecurityWeek, May 29 2018)
FireEye has released GeoLogonalyzer, an open source tool that can help organizations detect malicious logins based on geolocation and other data.
Fraud data shows 680% spike in fraudulent mobile app transactions (Help Net Security, May 25 2018)
Phishing remains at #1 for cyber criminals – Despite being one of the oldest online fraud tactics, phishing accounted for 48 per cent of all fraud attacks observed in Q1 2018.
New Bill to Reduce Synthetic Identity Fraud (Infosecurity Magazine, May 24 2018)
Congress moves to protect the privacy of minors and other vulnerable consumers.
Apple Device Access Requests Decline (Infosecurity Magazine, May 29 2018)
Report comes amid calls for more transparency on foreign access to source code
Kidnapping Fraud (Schneier on Security, May 29 2018)
“So having tricked the victims in Australia into providing the photographs, and money and documents and other things, they then present the information back to the unknowing families in China to suggest that their children who are abroad are in trouble”
Prolific Phisher ‘Courvoisier’ Gets 10 Years Behind Bars (Infosecurity Magazine, May 29 2018)
UK man stole details of tens of thousands of consumers
Hacker Sentenced to 5 Years in Yahoo Credential Theft Case (Dark Reading, May 30 2018)
Karim Baratov given prison time and seven-figure fine after guilty plea in the massive Yahoo data breach
Privacy Survey Says: Americans Don’t Want to Sell Their Data (Dark Reading, May 24 2018)
A new survey shows the extent to which Americans are reluctant to sell their personal information for any price.
Two Canadian banks warn attackers may have stolen customer data (WeLiveSecurity, May 29 2018)
Simplii Financial and Bank of Montreal are believed to have suffered a twin attack that was soon followed by blackmail threats
Scammers raid man’s bank account while he waits on hold to fraud hotline (WeLiveSecurity, May 28 2018)
A man watched helplessly as cybercriminals stole £9,000 (nearly US$12,000) from his account at British bank TSB while he waited – for four-and-a-half hours – to get through to the bank’s fraud line, according to a BBC report.