A Review of the Best News of the Week on Identity Management & Web Fraud
U.S. Mobile Giants Want to be Your Online Identity (Krebs on Security, Sep 12 2018)
“The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf.”
In a Few Days, Credit Freezes Will Be Fee-Free (Krebs on Security, Sep 10 2018)
“all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents.”
Get In-App Autofill with LastPass and iOS 12 (The LastPass Blog, Sep 12 2018)
In addition to in-app autofill, you will also be able to autofill in mobile sites in Safari with fewer taps.Thanks to iOS 12, Apple has caught up to Android which already offers autofill functionality.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Apple’s new tool will make it easier for law enforcement to request data (Naked Security – Sophos, Sep 10 2018)
Apple is planning to create an online portal that will allow law enforcement officials around the world to request information about its users more easily.
Google Chrome will now generate unique passwords for you (Naked Security – Sophos, Sep 10 2018)
Chrome will now generate a unique password for users as a part of the everyday credential creation process.
IRS Call Scammers Sentenced in Texas (Gary Warner Blog, Sep 11 2018)
Back in 2016 we blogged about a major set of arrests in India and the United States related to a call center scam imitating the IRS. This post lists details about the people who were arrested. Interesting read…
Phished credentials caused twice as many breaches than malware in the past year (Help Net Security, Sep 13 2018)
Personal device use for remote work poses the biggest security risk to organisations safeguarding their increasingly mobile and cloud-based IT environment, according to a new survey of 100 UK-based senior IT security professionals.
Fraud Jumps 24% as Cybercriminals Target the Mobile Revolution (ThreatMetrix, Sep 12 2018)
It’s been estimated that 1 in every 17 mobile devices across all six major mobile networks are now part of botnets, acting as launching pads for highly advanced bot attacks.
Google Case Set to Examine if EU Data Rules Extend Globally (SecurityWeek, Sep 10 2018)
Google is going to Europe’s top court in its legal fight against an order requiring it to extend “right to be forgotten” rules to its search engines globally.
European Court Rules Against UK Mass Surveillance (Infosecurity Magazine, Sep 13 2018)
Lack of independent oversight means old regime breaks the law
Bomgar to Acquire BeyondTrust (Infosecurity Magazine, Sep 13 2018)
A new acquisition aims to enhance security with BeyondTrust’s privileged access management platform.
Microsoft purges 3,000 tech support scams hiding on TechNet (Naked Security – Sophos, Sep 12 2018)
Microsoft has taken down thousands of ads for tech support scams that infested the company’s TechNet support domain.
Silicon Valley CEO Pleads Guilty to $1.5m Fraud (Infosecurity Magazine, Sep 10 2018)
Renato Libric, former CEO of digital gift-card start-up Bouxtie [pronounced “bow-tie”], admitted overstating the financial prospects of the firm and forging documents that gave him authority to sell shares to investors.
Broker Received Passwords from Westpac Employee (Infosecurity Magazine, Sep 10 2018)
Multiple incidents of misuse of customer and employee data spans six years
FIDO Certification Programs: Introducing New Biometric Component Certification, Authenticator Levels and Certified Companies (FIDO Alliance, Sep 06 2018)
The new Biometric Component Certification Program utilizes independent labs to certify that biometric subcomponents meet globally recognized performance standards for reliable identification and are fit for commercial use.
Announcing Offline Multi-Factor Authentication for Windows (The Duo Blog, Sep 10 2018)
The most commonly seen need for offline MFA is to support users who are required to complete multi-factor authentication but are occasionally offline by the nature of their job function — for example, a frequent traveler on a plane who needs to authenticate to their laptop, or an employee working remotely at a contract customer location, where network access is not allowed.