A Review of the Best News of the Week on Identity Management & Web Fraud
Google+ chose not to go public about bug that exposed users (Graham Cluley, Oct 08 2018)
The really big news today is not that Google is shutting down Google Plus (who cares?), but rather that Google knew months ago that user data had been exposed and kept the fact quiet.
Centrify Spins Out IDaaS into new Vendor Idaptive (Infosecurity Magazine, Oct 09 2018)
Centrify has spun out its Identity-as-a-Service (IDaaS) service into a new company, which it has named Idaptive
For $14.71, You Can Buy A Passport Scan on the Dark Web (Dark Reading, Oct 04 2018)
That’s the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
BEC-as-a-Service: Hacked accounts available from $150 (Help Net Security, Oct 05 2018)
The FBI has estimated that scams resulting from business email compromise – such as fake invoices and wire fraud – have cost businesses $12bn globally over the last five years.
Identity fraudsters are getting better and better at what they do (Help Net Security, Oct 05 2018)
The study assessed hundreds of indicators of fraud to determine how reliable they are for detecting fake identities. Here are eight of the most interesting indicators…
Identity awareness: it’s more than just a packet (Network World Security, Oct 04 2018)
The right way forward for policy enforcement is not dependent on IP or applications as identifiers anymore. We needed to dig deep, which we now have started to. We need the ability to define policy based on the user, not the endpoint device. It is the ability to define the policy based on username, department, business unit or other identity-related affiliation that brings the network closer to the business logic.
Instagram tests sharing your location history with Facebook (Naked Security – Sophos, Oct 11 2018)
Instagram is testing Facebook Location History – which allows the tracking of precise locations from your device – in its app.
Google expands its identity management portfolio for businesses and developers (TechCrunch, Oct 11 2018)
Cloud Identity for Customers and Partners, which is now in beta. While Cloud Identity is very much meant for employees at a larger company, this new product allows developers to build into their own applications the same kind of identity and access management services.
Passware Kit: Forensic software recovers passwords for Bitcoin wallets (Help Net Security, Oct 05 2018)
To recover the password, Passware Kit needs the wallet file, which is named wallet.aes.json (for Blockchain.com wallet) or wallet.dat (for Bitcoin Core wallet), and is stored on a suspect’s computer or can be downloaded from the wallet site. The software achieves the speed of 500,000 passwords per second on a single graphics processing unit (GPU). This speed is further accelerated with use of distributed computing (the Passware Kit Forensic license includes five Passware Kit Agents).
Security Gets Messy: Emerging Challenges from Biometrics, New Regulations, Insiders (Infosec Island, Oct 11 2018)
Information security professionals are facing increasingly complex threats—some new, others familiar but evolving.
Sharp Rise in Young Brits Becoming Money Mules (Infosecurity Magazine, Oct 11 2018)
Cifas stats also reveal more under-21s are victims of fraud
Volume of Stolen Credentials Soars 141% in North America (Infosecurity Magazine, Oct 11 2018)
Blueliv stats reveal declines in other regions this year
Successful Scammers Call After Lunch (Dark Reading, Oct 05 2018)
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control (Dark Reading, Oct 05 2018)
Technology such as Apple’s device trust score that decides “you” is “not you” is a good thing. But only if it works well.
Credential-Phishing Attempts Highest on Tuesdays (Infosecurity Magazine, Oct 05 2018)
OneDrive, LinkedIn and Office 365 logins are the most popular phishing lures, says Menlo Security.
Don’t fall for the Facebook ‘2nd friend request’ hoax (Naked Security – Sophos, Oct 09 2018)
Cloned accounts are a real thing, but this viral message isn’t. Don’t forward it!
Privileged account practices are poor, and IT security teams know it (Help Net Security, Oct 10 2018)
One in 20 IT security professionals admit they have no way of knowing if a user is fully deprovisioned when they leave the company or change their role. Additionally, a single password reset takes more than 30 minutes to complete in nearly 1 in 10 IT environments.
Most consumers don’t trust companies to keep personal information secure (Help Net Security, Oct 10 2018)
The research also shows roughly 80% of businesses have superior or strong protections in place for their own operational and financial data, but they are less secure with consumers’ personal (42%) and financial (33%) information.
#ISC2Congress: The Promise of Blockchain (Infosecurity Magazine, Oct 10 2018)
At the 2018 Security Congress, experts from CA Technologies say blockchain is revolutionizing cybersecurity.
The Battle Between Build vs. Buy (Okta, Oct 09 2018)
C-level executives cite bringing products to market faster, increasing sales, and differentiating products / services vs. competitors as the top 3 areas where developers can have an impact. Of those polled, 96% agree that increasing the productivity of its developers is a high to medium priority.