A Review of the Best News of the Week on Identity Management & Web Fraud

LabCorp Breach – Millions of Health Records at Risk (Infosecurity Magazine, Jul 18 2018)
LabCorp has shut down its systems after a suspected network breach, which could have put millions of health records at risk

Facial recognition technology: The need for public regulation and corporate responsibility (Microsoft, Jul 16 2018)
Facial recognition will require the public and private sectors alike to step up – and to act.

The SIM Hijackers (Motherboard, Jul 17 2018)
Meet the hackers who flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim’s weakness? Phone numbers.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Walmart files patent for audio surveillance technology to monitor employees and customers (SC Magazine, Jul 16 2018)
America’s largest retailer claims the audio would help cut costs and improve the shopping experience, while also monitoring “if employees are performing their jobs efficiently and correctly,” according to the patent filing.

Meet Jonathan Albright, The Digital Sleuth Exposing Fake News (Wired, Jul 18 2018)
Buried in media scholar Jonathan Albright’s research was proof of a massive political misinformation campaign. Now he’s taking on the the world’s biggest platforms before it’s too late.

Could semantic icons replace passwords and PINs? (Naked Security – Sophos, Jul 18 2018)
SemanticLock replaces passwords, PINs and patterns with a sequence of graphical icons which work semantically.

Business email compromise scams have netted $12.5 billion, says FBI (Graham Cluley, Jul 18 2018)
The FBI is once again warning businesses of the serious dangers posed by business email compromise (BEC) scams, saying that losses globally have risen by 136% since December 2016.

Delegate permission management to developers by using IAM permissions boundaries (AWS Security Blog, Jul 13 2018)
AWS released a new IAM feature that makes it easier for you to delegate permissions management to trusted employees. As your organization grows, you might want to allow trusted employees to configure and manage IAM permissions to help your organization scale permission management and move workloads to AWS faster.

Does Decentralized Identity Need an Identity Neutrality Manifesto (Gartner Blog Network, Jul 12 2018)
The promise of decentralized identity – self-sovereign identity in the case of people identity – is to put people in charge of their identity and personal data. Obviously this is a noble idea and great step forward for identity management. But what about all the existing identity providers that invested so much in establishing people identity within their organizations?

Identity eats security: How identity management is driving security (CSO Online, Jul 12 2018)
New intelligent identity management systems are changing the way organizations authenticate users and devices, and they’re making identity the new security perimeter.

Former Apple engineer arrested for stealing secret info on autonomous car project (SC Magazine, Jul 12 2018)
Hardware engineer Xiaolang Zhang was picked up by authorities as he waited to board a plane to China.

Okta nabs ScaleFT to build out ‘Zero Trust’ security framework (TechCrunch, Jul 18 2018)
Okta, the cloud identity management company, announced today it has purchased a startup called ScaleFT to bring the Zero Trust concept to the Okta platform. Terms of the deal were not disclosed.

RealNetworks Launches Free Facial Recognition Tool for Schools (Wired, Jul 17 2018)
A new facial recognition tool by RealNetworks aims to keep kids safe in school. But privacy experts fear the unchecked surveillance of kids could go awry.

Gargoyle: Innovative solution for preventing insider attacks (Help Net Security, Jul 13 2018)
A group of researchers from UNSW Sydney, Macquarie University, and Purdue University has released a paper on a new and very promising network-based solution for preventing insider attacks.

Reasonably Clever Extortion E-mail Based on Password Theft (Schneier on Security, Jul 16 2018)
Imagine you’ve gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it’s for isn’t very valuable. How do you use it? You convince the owners of the password to send you money.

7 Nigerians Indicted for Fraud Operation on Dating Sites (Dark Reading, Jul 17 2018)
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.

Microsoft offers bug bounties for holes in its identity services (Help Net Security, Jul 18 2018)
Microsoft is asking security researchers to look for and report technical vulnerabilities affecting its identity services and OpenID standards implementations, and is offering bug bounties that can reach as high as $100,000.

Microsoft tops list of brands impersonated by phishers (Help Net Security, Jul 18 2018)
The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, says email security company Vade Secure. The company credits the surging of adoption of Microsoft Office 365 for this unfortunate statistic.

Searching for Geographically Improbable Login Attempts (/dev/random, Jul 17 2018)
“I published the following diary on isc.sans.org: “Searching for Geographically Improbable Login Attempts“: For the human brain, an IP address is not the best IOC because, like phone numbers, we are bad to remember them.”

Blockchain as a tool for anti-fraud (Microsoft Azure Blog, Jul 17 2018)
There are two root vulnerabilities in healthcare organizations: insufficient protection of data integrity, and a lack of transparency.