A Review of the Best News of the Week on Identity Management & Web Fraud

Google quietly bought Mastercard credit and debit card records (Sophos, Sep 03 2018)
The multimillion dollar data buy allows Google to link what we buy in brick-and-mortar stores to what ads we clicked online.

Google Claims MasterCard Data Deal Doesn’t Violate Privacy Rights (eWEEK, Sep 06 2018)
Google says its Store Sales Measurement program allows advertisers to see how well their online ads are performing using aggregated and highly-anonymized data.

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records (Krebs on Security, Sep 04 2018)
“mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

NIST Calls For Comment of Ecommerce Security (Infosecurity Magazine, Aug 31 2018)
The NIST announces a draft of MFA security solutions to defend against ecommerce fraud.

Twitter testing new feature that reveals when you’re online (Graham Cluley, Sep 03 2018)
Good news for stalkers! Bad news for privacy. Twitter is working on a feature which will reveal when a user is currently online.

Implications of the California Consumer Privacy Act of 2018 (Help Net Security, Sep 05 2018)
Going into effect January 1, 2020, the CCPA applies to businesses that collect, sell, or otherwise process information about California residents. The CCPA provides California consumers with significantly expanded rights as to the collection and use of their personal information by businesses.

Forcing iPhone unlock violates Fifth Amendment, says Court of Appeals (Naked Security – Sophos, Aug 31 2018)
Police want to unlock the iPhone of a woman who accused a man of rape after it was alleged that she was actually stalking him.

Google Set to Restrict Tech Support Ads (Infosecurity Magazine, Sep 04 2018)
Search giant sees uptick in possible fraudulent activity

How refusing to give police your Facebook password can lead to prison (Naked Security – Sophos, Sep 04 2018)
A suspect will be jailed for 14 months for refusing to hand over his Facebook password to detectives investigating a 13-year-old’s murder.

Privacy advocates are back in court fighting NSA surveillance. It’s an uphill battle. (Washington Post, Sep 05 2018)
The government has prevailed in every other case so far.

The elements that make security an enabler rather than a hindrance (C4ISRNET, Sep 06 2018)
The Defense Information Systems Agency is taking action to improve its authentication practices. Agency leaders no longer consider the Common Access Card (CAC) optimal for authentication in today’s mobile-centric environment and are exploring alternatives.

Collaborative NIST Project to Manage Privacy Risk (Infosecurity Magazine, Sep 05 2018)
NIST launches a new privacy framework to give organizations strategies to mitigate privacy risks.

Jennifer Lawrence nude photo thief is going to the slammer (Naked Security – Sophos, Aug 31 2018)
George Garofano has been sentenced to prison for his part in hacking into and stealing personal images from 240 iCloud accounts.

Mobile Phishing Campaign Offered Free Flights (Infosecurity Magazine, Aug 31 2018)
Phishing scam offers free airfare when users share malicious link with WhatsApp contacts.

Twitter to Verify Those Behind Hot-button US Issue Ads (SecurityWeek, Sep 04 2018)
Twitter on Thursday started requiring those behind hot-button issue ads in the US to be vetted as part of the effort by the social network to thwart stealth campaigns aimed at influencing politics.

Number of smartphone users relying on software-only biometric security to grow 250% (Help Net Security, Sep 04 2018)
The biggest shift in mobile payment security will be the move towards software-based methods, which rely on standard smartphone components.

Mozilla Taps Former Google Exec as it Rethinks Privacy (Dark Reading, Sep 04 2018)
News of the recent hire closely follows Mozilla’s decision to block trackers in its Firefox browser by default.

BEC Fraud Hits 500K UK SMEs (Infosecurity Magazine, Sep 05 2018)
Get Safe Online warns of 58% surge since 2017

Ungagged Google warns users about FBI accessing their accounts (Naked Security – Sophos, Sep 06 2018)
Some of those who received the letters conjecture that it may be because they purchased the LuminosityLink RAT.

Authentication Grows Up (Dark Reading, Sep 04 2018)
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.