A Review of the Best News of the Week on Identity Management & Web Fraud
Florida Man Arrested in SIM Swap Conspiracy (Krebs on Security, Aug 07 2018)
“Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.”
Quantifying the impact of the Twitter fake accounts purge – a technical analysis (Elie Bursztein with Aude Marzuoli (Google), Aug 07 2018)
This post provides an overview of the impact of the Twitter 2018 accounts purge through the lens of its impact on 16k of Twitter’s most popular accounts.
Facebook wants to be the future of online banking (Naked Security – Sophos, Aug 08 2018)
Facebook says to banks: tell us who your customers are, and we’ll get them talking to you in Messenger.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Amnesty International spearphished with government spyware (Naked Security – Sophos, Aug 03 2018)
Pegasus spyware is supposed to be used solely by governments, to enable them to invisibly track criminals and terrorists
MyHeritage, 23andMe, genetic testing firms join forces with FPF to develop guidance to protect DNA data (SC Magazine, Aug 06 2018)
The Privacy Best Practices for Consumer Genetic Testing Services recommends guidelines for transparency, consent, data use and transfer, data access, integrity, retention and deletion, accountability, security and privacy by design.
How safe is your DNA data? (Naked Security – Sophos, Aug 03 2018)
A group of DNA collection and genealogy websites have agreed on new guidelines for handling sensitive genetic and family data.
23andMe’s Pharma Deals Have Been the Plan All Along (Wired, Aug 03 2018)
A new partnership with GlaxoSmithKline drew intense scrutiny from customers, reflecting eroding public trust in companies’ ability to protect private information.
Hacking the McDonald’s Monopoly Sweepstakes (Schneier on Security, Aug 06 2018)
Long and interesting story — now two decades old — of massive fraud perpetrated against the McDonald’s Monopoly sweepstakes. The central fraudster was the person in charge of securing the winning tickets….
Heads-up: 2FA provider Duo Security to be acquired by Cisco (ugh) (Ars Technica, Aug 02 2018)
Both companies insist nothing will change, but this former Cisco customer has doubts.
Symantec Warns of Increasingly Sophisticated Tech Support Scams (eWEEK, Aug 03 2018)
Symantec blocked 93 million tech support scams in the first six months of 2018, as fraudsters look to improve their attack methods.
Cybercrime gangs continue to go where the money is (Help Net Security, Aug 03 2018)
…phishing in the first part of 2018 surged 46 percent higher than late 2017. The total number of phish detected in the first quarter of 2018 was 263,538. That was up from the 180,577 observed in the fourth quarter of 2017. It was also significantly greater than the 190,942 seen in the third quarter of 2017.
Rise in email impersonation attacks makes companies re-assess their security efforts (Help Net Security, Aug 03 2018)
Most companies believe they’ve experienced serious data breaches driven by email impersonation in the past 12 months – but are not doing nearly enough to prevent future impersonation attacks, according to a new study conducted by the Ponemon Institute.
Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months (Krebs on Security, Aug 03 2018)
“TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018.”
Avast Pulls the Latest Version of CCleaner Following Privacy Controversy (Slashdot, Aug 05 2018)
Piriform, the maker of CCleaner, has pulled v5.45 of its suite from the website after users expressed concerns over the privacy changes in the application, the company, which was acquired by Avast last year, said.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots (Dark Reading, Aug 06 2018)
Duo security researchers compiled a massive dataset of public Twitter profiles and built a tool to scour profiles and detect the fakes.
No, Michael J Fox isn’t dead (Graham Cluley, Aug 07 2018)
Calm down. Michael J Fox isn’t dead. A rumour spread across social media that the star of sitcom “Family Ties” and the “Back to the Future” movie trilogy had carked it at the age of 57.
Making millions out of prisoners’ email (Graham Cluley, Aug 06 2018)
Big business turns a blind eye to the human cost of exploiting US prisoners and their loved ones.