A Review of the Best News of the Week on Identity Management & Web Fraud

Preparing for a BeyondCorp world at your company (Google, Jul 03 2018)
“Since then, we received lots of great feedback, including many who asked, “How do I start?” They’re looking for step-by-step help in applying these context-based access practices in their particular organizations, so we’ve created a series about some of our best practices at Google.”

Facebook quizzes may have exposed 120 million users personal information (SC Magazine, Jun 29 2018)
Facebook’s data privacy woes continue to grow as a security researcher uncovered the social media’s popular “tests“ not only told users which Disney princess they were, but also exposed the private data of about 120 million people who took the test.

While no one was looking, California passed its own GDPR (Network World Security, Jul 05 2018)
The California Consumer Privacy Act of 2018 is similar to the EU’s GDPR. Companies that hold data on more than 50,000 people and do business in California must comply.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Capital Gazette shooter ID’d with facial recognition tech, report (SC Magazine, Jun 28 2018)
The man reportedly damaged his fingers so he couldn’t be easily identified, compelling authorities to use facial recognition software, according to reports.

Twitter Unveils New Processes for Fighting Spam, Bots (SecurityWeek, Jun 28 2018)
Twitter this week shared some details on new processes designed to prevent malicious automation and spam, along with data on the positive impact of the measures implemented in the past period.

Wikimedia v. NSA Highlights the ACLU’s Challenges in Fighting Mass Surveillance (Wired, Jun 29 2018)
The ACLU has been trying to challenge the NSA’s bulk surveillance for years. A hearing in *Wikimedia v. NSA* Friday could mark a breakthrough.

Plant Your Flag, Mark Your Territory (Krebs on Security, Jun 28 2018)
What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.

Manipulative Social Media Practices (Schneier on Security, Jun 28 2018)
The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy.

Want to beat facial recognition? Join the Insane Clown Posse (Naked Security – Sophos, Jul 04 2018)
The black and white clown makeup worn by the rap duo and their fans fools facial recognition.

New iOS 12 Feature Risks Exposing Users to Online Banking Fraud (Vasco, Jul 05 2018)
Security Code AutoFill is a new feature for iPhones in iOS 12. It is supposed to improve the usability of two-factor authentication, but could expose users to online banking fraud by removing the human validation aspect of the transaction signing/authentication process.

Fake Bitcoin exchange traps drug dealers on the dark web (Naked Security – Sophos, Jul 02 2018)
As around 35 alleged drug vendors have found out to their cost, you never know who you’ll meet on the dark web.

Facebook gave certain companies special access to customer data (Naked Security – Sophos, Jul 03 2018)
What do Mail.ru, Nissan, Spotify, and Nike have in common? They were all afforded temporary extensions to access private Facebook data API.

Gmail Privacy Fears Emerge Over Third-Party Apps (Infosecurity Magazine, Jul 04 2018)
Report claims thousands of developers read users’ emails

OneLogin and Cloudflare collaboration eliminates the need for VPNs (Help Net Security, Jul 02 2018)
OneLogin’s cloud-based Unified Access Management Platform now integrates with Cloudflare Access, providing a solution for enterprises to monitor and enable access requests inside and outside the corporate firewall.

Brave adds Tor to reinvent anonymous browsing (Naked Security – Sophos, Jul 02 2018)
The Brave privacy browser has added another feature to bolster its blossoming anti-surveillance credentials – the ability to use the Tor anonymity system by launching a tab.

Two Arrested for Hacking 700,000 Accounts (SecurityWeek, Jun 29 2018)
Russian law enforcement this week said two individuals were arrested for compromising accounts of loyalty program members from popular websites.

The principle of least privilege: A strategy of limiting access to what is essential (WeLiveSecurity, Jul 02 2018)
The principle of least privilege is a security strategy applicable to different areas, which is based on the idea of only granting those permissions that are necessary for the performance of a certain activity

ThetaRay Raises $30M to Block Money Laundering (Dark Reading, Jul 03 2018)
With a total $60 million raised to date, the Israeli startup plans to expand operations in Europe, Asia, and the United States.

Immigrant identity thief and ICE lawyer gets four years (Naked Security – Sophos, Jul 03 2018)
A former high-ranking lawyer at US Immigration and Customs Enforcement is going to jail for four years after stealing the identities of US immigrants.

Elderly scam victims are too embarrassed to speak up (Naked Security – Sophos, Jul 04 2018)
Financial talk itself is taboo. Admitting to getting fleeced and losing all your savings? That qualifies as super taboo, a new report says.