A Review of the Best News of the Week on Identity Management & Web Fraud
Uber fights off scammers every day. Here’s how it learned the tricks (CNET, Jun 16 2018)
An exclusive look at the ride-sharing service’s never-ending battle against cybercriminals.
Remote Authentication GeoFeasibility Tool (FireEye, May 29 2018)
While the ability to access resources from anywhere is imperative for employees, threat actors often leverage stolen credentials to access systems and data. Due to large volumes of remote access connections, it can be difficult to distinguish between a legitimate and a malicious login. FireEye released GeoLogonalyzer to help organizations analyze logs to identify malicious logins.
AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties (Krebs on Security, Jun 19 2018)
In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T, Sprint and Verizon now say they are terminating location data sharing agreements with third parties.
New trends advance user privacy (Help Net Security, Jun 15 2018)
Let’s start with the current situation regarding the privacy on the internet. What kind of trends could you highlight?
Police Use of Driver’s License Databases to Nab Crooks Spurs Privacy Concerns (WSJ, Jun 17 2018)
Law-enforcement officials who advocate for using facial recognition searches of driver’s license photos argue that it is a valuable tool; civil liberties advocates say it infringes on privacy.
Alleged Silk Road Adviser Roger Clark Extradited To the US (Wired, Jun 15 2018)
Roger Clark allegedly served as Ross Ulbricht’s Silk Road consigliere. Friday, the feds announced his extradition from Thailand.
Fraudster exploited US govt staff info stolen in 2015 OPM breach (Help Net Security, Jun 19 2018)
The US Attorney’s Office for the Eastern District of Virginia announced on Monday that a Maryland woman has pleaded guilty to using that stolen identification information to obtain fraudulent personal and vehicle loans through Langley Federal Credit Union (LFCU).
Ex-Tesla employee sued for hacking and stealing company data (Graham Cluley, Jun 21 2018)
Tesla claims former employee has admitted writing software that hacked company systems, and leaked data to external third parties.
Account takeover – The tip of the cyberthreat iceberg (NuData Security, Jun 18 2018)
Credential testing is a key strategy used to pave the way for an ATO: it verifies stolen credentials en masse before launching the attack that will directly impact your customers’ experience, and your bottom line.
Gartner’s Magic Quadrant for Access Management, Worldwide 2018 (Okta blogs, Jun 19 2018)
This week, Gartner released its second Magic Quadrant for Access Management, Worldwide…
Convicted! Anonymous Twitter troll not as anonymous as they thought (Naked Security – Sophos, Jun 18 2018)
It’s surprising how many trolls don’t realise that if Twitter knows who they are, the police can find out too.
French authorities dismantle Black Hand dark web market (Help Net Security, Jun 18 2018)
The “Black Hand” forum, considered to be one of the most important illegal platforms of the dark web in France, has been dismantled by French law enforcement.
Errant email exposes PII of Chicago Public School systems students (SC Magazine, Jun 18 2018)
A Chicago Public Schools (CPS) worker accidentally emailed private student information to more than 3,700 families who have students in the system.
How a Nigerian Prince scam victim got his money back after 10 years (Naked Security – Sophos, Jun 19 2018)
The Nigerian prince never showed up but the victim’s $110,000 did, eventually.
Uber’s drunk passenger patent could be a ‘privacy nightmare for consumers. (SC Magazine, Jun 18 2018)
Uber recently applied for a patent to use artificial intelligence to spot drunken drivers
Crook gets 20 years for literal domain hijacking at gunpoint (SC Magazine, Jun 18 2018)
A man was sentenced to 20 years in prison after giving a new meaning to the term domain-hijacking when attempting to forcibly steal a domain name from someone at gunpoint.
Phishers Use ‘ZeroFont’ Technique to Bypass Office 365 Protections (SecurityWeek, Jun 19 2018)
Cybercriminals have been leveraging a technique that involves manipulating font sizes in an effort to increase the chances of their phishing emails bypassing the protections implemented by Microsoft in Office 365.
Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill (Schneier on Security, Jun 20 2018)
Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but…
Elderly victims conned out of millions by tech support scammer (Naked Security – Sophos, Jun 21 2018)
The FTC has been battling tech support scams for years, especially ones targeting older citizens who are seen by fraudsters everywhere as susceptible to these cons.
Defining Access Security for Cloud Applications (The Duo Blog, Jun 18 2018)
First, we’ll dive into a few examples of why cloud applications are being targeted. Next, we will go through a few of the different security risks associated with all cloud applications. Then, we explore what security controls can reduce the risks and prevent attacks associated with moving your organization to the cloud.