A Review of the Best News of the Week on Identity Management & Web Fraud

WPA3 Brings New Authentication and Encryption to Wi-Fi (Dark Reading, Jun 25 2018)
The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker.

The Digital Privacy Wins Keep Coming (Wired, Jun 27 2018)
From *Carpenter v. United States* to a landmark bill in California, privacy advocates sense a shift in what people will accept from Facebook, mobile carriers, and more.

Twitter adds support for login verification with USB security key (Help Net Security, Jun 27 2018)
Twitter has some good news for users looking to improve the security of their account: the company has begun rolling out the “login verification with a security key” option.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Security, privacy experts weigh in on the ICE doxxing (TechCrunch, Jun 22 2018)
In what appears to be the latest salvo in a new, wired form of protest, developer Sam Lavigne posted code that scrapes LinkedIn to find Immigration and Customs Enforcement employee accounts. His code, which basically a Python-based tool that scans LinkedIn for keywords, is gone from Github and Gitlab and Medium took down his original post.

Researchers release app that masks printers’ tracking dots (Help Net Security, Jun 27 2018)
Did you know that nearly all modern color laser printers put tracking patterns of tiny yellow dots on each piece of paper they print?

To Trust or Zero Trust? (The Duo Blog, Jun 27 2018)
Although the term “zero trust” is a popular term for the alternative security model that everyone’s talking about these days, it’s not always clear what it means, or whether it describes what policy changes you may want to make in your organization.

[Infographic] The 9 Flavors of Content Spam (Sift Science Blog, Jun 27 2018)
Scammers have moved on to plague communities, forums, social networks, marketplaces, and other destinations that host user-generated content.

HMRC collected voiceprints of 5.1 million UK taxpayers (Help Net Security, Jun 25 2018)
Her Majesty’s Revenue and Customs (HMRC) has collected voiceprints of some 5.1 million UK taxpayers without their explicit consent, and won’t reveal whether these IDs are shared with other government departments.

Orlando airport all in on facial recognition security screening (SC Magazine, Jun 22 2018)
Biometrics screening will shorten lines at security, Customs and Border Patrol officials said.

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records (Wired, Jun 27 2018)
The leak may include data on hundreds of millions of Americans, with hundreds of details for each, from demographics to personal interests.

Connecting ABAC to identity governance and administration to extend access control capabilities (CSO Online, Jun 25 2018)
Enterprises need an approach to improve synergies between existing IAM technologies.

BigID scores $30 million Series B months after closing A round (TechCrunch, Jun 25 2018)
BigID announced a big $30 million Series B round today, which comes on the heels of closing their $14M A investment in January. It’s been a whirlwind year for the NYC data security startup as GDPR kicked in and companies came calling for their products.

Ping Identity Acquires Elastic Beam for AI-Powered API Security (eWEEK, Jun 26 2018)
Ping Identity revealed its purchase of Elastic Beam, a developer of API security solutions, along with plans to release a new PingIntelligence system designed to protect APIs.

Hundreds Report WannaCry Phishing Campaign (Infosecurity Magazine, Jun 25 2018)
Action Fraud warns UK users not to fall for scam

Oregon.Gov Email Domain Remains Blacklisted (Infosecurity Magazine, Jun 25 2018)
A successful phishing campaign leaves oregon.gov email on many blacklists.

Yubico launches FIPS 140-2 validated YubiKey series (Help Net Security, Jun 26 2018)
Yubico announced the certification and availability of the YubiKey FIPS Series, a product line that meets cryptographic security requirements of the Federal Information Processing Standard (FIPS) 140-2.

Kantara welcomes IDESG to enhance protection of online identities (Help Net Security, Jun 26 2018)
Kantara Initiative and the Identity Ecosystem Steering Group (IDESG) jointly announced that Kantara will take on the work artifacts, current workstreams, committees and membership of the IDESG.

3M draws attention to physical privacy issues (Help Net Security, Jun 25 2018)
3M is highlighting the need for physical safeguards against data privacy threats, including making sure that screens and printed documents are not easily viewable or accessible by unauthorised people.

School facial recognition system sparks privacy concerns (Naked Security – Sophos, Jun 26 2018)
A New York school district is hoping to use technology to make its children safer. But not everyone is happy about it.

Certificate Authorities Aim to Improve Identity Assurance (eWEEK, Jun 28 2018)
A group of leading SSL/TLS Certificate Authorities are working on the London Protocol effort to figure out what’s needed to improve certificate identity assurance.