A Review of the Best News of the Week on Identity Management & Web Fraud

Google introduces ‘Context-aware’ access to supplement logons (TechCrunch, Jul 25 2018)
“Context-aware access allows organizations to define and enforce granular access to GCP APIs, resources, G Suite, and third-party SaaS apps based on a user’s identity, location, and the context of their request,” Google explained.

Google takes on Yubico and builds its own hardware security keys (TechCrunch, Jul 25 2018)
These so-called Titan Security Keys will go up against similar keys from companies like Yubico, which Google has long championed as the de facto standard for hardware-based two-factor authentication for Gmail and other services.

LifeLock Bug Exposed Millions of Customer Email Addresses (Krebs on Security, Jul 25 2018)
“Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

1Password’s Travel Mode (Schneier on Security, Jul 23 2018)
The 1Password password manager has just introduced “travel mode,” which allows you to delete your stored passwords when you’re in other countries or crossing borders: Your vaults aren’t just hidden; they’re completely removed from your devices as long as Travel Mode is on.

72% of CEOs Steal Corporate IP from Former Employers (Dark Reading, Jul 24 2018)
Employees often take corporate IP because they feel ownership over their work, a trend security experts say is a problem.

Here’s why Twitter will lock your account if you change your display name to Elon Musk (Graham Cluley, Jul 25 2018)
For months scammers have been creating Twitter profiles which pose as tech billionaire, in an attempt to defraud unwary users out of cryptocurrency. The scam works like this. The real Elon Musk (@elonmusk) posts a message to his 22 million followers. Some of his followers reply. Perhaps even the real Elon Musk responds to some of the comments he receives.

Adopting a Zero Trust approach is the best strategy to control access (Help Net Security, Jul 25 2018)
A new study conducted by Forrester Consulting found that organizations powering Zero Trust Security with next-gen access solutions reported twice the confidence to accelerate new business models and customer experiences.

On Financial Fraud (Schneier on Security, Jul 25 2018)
There are some good lessons in this article on financial fraud…

Password Check Required’? Not So Fast (Dark Reading, Jul 25 2018)
The most successful phishing emails tell users to check their passwords or investigate security alerts.

Beyond Passwords: Why Your Company Should Rethink Authentication (Dark Reading, Jul 19 2018)
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here’s how to get started.

Macro 4’s session manager improves mainframe security through roll-out of MFA (Help Net Security, Jul 25 2018)
Macro 4 has launched a new version of the Tubes for z/OS session management software that enables enterprises to roll out IBM’s multi-factor authentication system for z/OS as they bid to make access to mainframe applications more secure.

Bomgar releases free privileged account Discovery Tool (Help Net Security, Jul 25 2018)
This free product generates a report revealing issues that could put an organization at risk for data breaches and failed regulatory compliance audits.

Intro to Attribute Based Access Control (ABAC) (Axiomatics, Jul 24 2018)
ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes.

Singapore Health Database Hit by ‘Major’ Cyberattack (Infosec Island, Jul 20 2018)
Singapore’s Ministry of Health (MOH) said that a Singapore Health Services (SingHealth) database containing patient data, including personal information on Prime Minister Lee Hsien Loong, was hit by a “major” cyberattack.

24 Sentenced in India-Based Call Center Operation (Dark Reading, Jul 23 2018)
The scheme targeted US residents with fraudulent phone calls and conned victims out of hundreds of millions of dollars.

London Calling with New Strategies to Stop Ransomware (Dark Reading, Jul 23 2018)
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.

Privacy pros gaining control of technology decision-making over IT (Help Net Security, Jul 24 2018)
Surveying privacy professionals worldwide, the findings of the survey show that privacy management technology usage is on the rise across all regions and that privacy teams have significant influence on purchasing decisions for eight of the ten technology categories surveyed.

UK university domains spoofed in massive fraud campaign targeting suppliers (Graham Cluley, Jul 24 2018)
Be on your guard if your company has received an order which appears to come from a UK university email address.

Customer Identity and Access Management Firm LoginRadius Raises $17 Million (SecurityWeek, Jul 25 2018)
Vancouver, Canada-based customer identity and access management (cIAM) firm LoginRadius has raised $17 million Series A funding led by ForgePoint Capital and Microsoft’s venture fund, M12.

Don’t Ignore Identity Governance for Privileged Users (SecurityWeek, Jul 25 2018)
Privileged Access Management (PAM) isn’t enough