A Review of the Best News of the Week on Identity Management & Web Fraud
Is Your Google Groups Leaking Data? (Krebs on Security, Jun 01 2018)
Many Google Groups leak emails that should probably not be public but are nevertheless searchable on Google, including personal information such as passwords and financial data, and in many cases comprehensive lists of company employee names, addresses and emails.
Facebook Gave Device Makers Deep Access to Data on Users and Friends (New York Times, Jun 04 2018)
The company formed data-sharing partnerships with Apple, Samsung and dozens of other device makers, raising new concerns about its privacy protections.
Account Takeover Scheme Targeting Bank-Related Search Results (ThreatMetrix, May 31 2018)
This new account takeover approach involves compromising well-trafficked business websites with plenty of five-star ratings and positive reviews, and then leveraging enviable SEO expertise to boost the sites’ search rankings using financial-related search phrases.
Face, Iris and Pulse Biometrics Close in on Fingerprint Tech (Infosecurity Magazine, Jun 01 2018)
ABI Research claims newer authentication methods are gaining traction
An advert against online privacy (Graham Cluley, Jun 01 2018)
The challenge that the tech industry is facing is that users are increasingly waking up to the fact that so-called “free” content and services often aren’t free at all. You’re paying by being tracked, and through the collection and exploitation of your data.
End-to-end encryption doesn’t stop the FBI reading your messages. Just ask Paul Manafort (Graham Cluley, Jun 05 2018)
End-to-end encryption is really neat, but it only encrypts *between* those who are doing the communicating.
Paul Manafort’s Terrible Encrypted Messaging OPSEC Got Him Additional Charges (Motherboard, Jun 05 2018)
Don’t commit crimes. But if you do, don’t back up the evidence of your crimes to Apple or Google’s cloud, where it doesn’t matter that the evidence was originally end-to-end encrypted.
Blocking facial recognition surveillance using AI (Naked Security – Sophos, Jun 06 2018)
If AI is increasingly able to recognise and classify faces, then the only way to counter this creeping surveillance is to use another AI to defeat it. Thanks to the University of Toronto, this may soon be possible.
Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage (Krebs on Security, Jun 05 2018)
MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users.
Facebook defends practice of giving deep data access to device makers (Naked Security – Sophos, Jun 05 2018)
On Friday, Facebook took down another 13 apps that might prove to be tied to AggregateIQ.
Facebook Says Chinese Phone Makers Got Access to Data (SecurityWeek, Jun 05 2018)
Facebook on Tuesday confirmed that a Chinese phone maker deemed a national security threat by the US was among companies given access to data on users.
The Good News about Cross-Domain Identity Management (Dark Reading, May 31 2018)
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Canadians Unsure What to Do Post-Identity Theft (Infosecurity Magazine, May 31 2018)
Results showed that 83% of respondents don’t know what to do to restore their identities.
Masterminds behind prolific CEO fraud ring arrested (Help Net Security, Jun 04 2018)
It took two years and a collaborative effort of French, Belgian, Romanian and Israeli law enforcement agencies to take down an organised crime group that was behind at least 24 cases of CEO fraud across Europe, Europol has announced.
Australian bank mistakenly sent data on 10K customers to wrong domain (SC Magazine, Jun 05 2018)
The bank investigated the incident, which occurred last year, finding that 651 internal emails were sent to cba.com instead of cba.com.au.
Five Indicted for Conning Target, Shoppers Out of Nearly $800K (Dark Reading, Jun 06 2018)
Members of a fraud ring were charged with compromising Target’s internal gift-card system and defrauding customers out of almost $800,000.
Auth0 Glitch Allows Attackers to Launch Phishing Attacks (Threatpost, Jun 07 2018)
A glitch in Auth0 could allow attackers to spoof a legitimate website and collect sensitive information from visitors.
7 reasons why Mobile is the future of Digital ID (Gemalto, Jun 07 2018)
Bizarrely, more people today own a mobile device than a toothbrush (a statistic that will haunt many dentists). With more than 5 billion unique mobile subscribers across the world, mobile is…