A Review of the Best News of the Week on Identity Management & Web Fraud
10 Fraud Myths: The fraudiest country is…Mauritania! (Sift Science, Oct 23 2018)
We took a magnifying glass to 165 billion recent transactions and events among our data set and uncovered 10 surprising insights about how fraud happens. These findings illustrate the kinds of patterns that might be invisible to your business, without the right technology to uncover them.
Uber drivers are getting fleeced by con artists (CNET, Oct 25 2018)
On that Wednesday, the LA driver did what that caller told him to do. He pulled over and canceled the trip. The caller asked for his email. He gave it. The caller asked for his Uber account password. He gave him that, too, after a brief hesitation. Then the caller said to tell him the confirmation code he’d be receiving shortly via text. The driver told him the code once he got the text. This was the two-factor authentication needed to get into the driver’s Uber account.
New York Attorney General Expands Inquiry Into Net Neutrality Comments (The New York Times, Oct 25 2018)
Most strikingly, many comments on net neutrality were falsely submitted under the names of real people, in what amounted to mass acts of virtual identity theft. Some comments used the name of dead people. Ms. Underwood’s investigators have estimated that almost half of all of the comments — more than nine million — used stolen identities.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
TeleSign to deliver identity verification and fraud prevention with enhanced Mobile Identity Solutions (Help Net Security, Oct 19 2018)
TeleSign enhanced coverage of mobile identity services in China, Brazil, and other emerging markets. International businesses can now leverage TeleSign’s solutions to onboard new customers, prevent account takeover and registration fraud, and optimize the user experience in new markets.
Apple privacy portal lets you see everything it knows about you (Naked Security – Sophos, Oct 19 2018)
The Apple website’s privacy and data area lets you download and correct your data.
West Virginia’s voting experiment stirs security fears (Politico, Oct 19 2018)
Overseas residents will be able to cast ballots via mobile app on Election Day, using the same tech that underlies Bitcoin. But is that a wise idea?
Now Apps Can Track You Even After You Uninstall Them (BloombergQuint, Oct 22 2018)
Companies that cater to app makers have found ways to game both iOS and Android, enabling them to figure out which users have uninstalled a given piece of software lately—and making it easy to pelt the departed with ads aimed at winning them back.
Who Is Agent Tesla? (Krebs on Security, Oct 22 2018)
A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay subscription fees to license the software.
On Disguise (Schneier on Security, Oct 23 2018)
The former CIA Chief of Disguise has a fascinating video about her work….
Apple’s Tim Cook delivers searing critique of Silicon Valley (Washington Post, Oct 24 2018)
He lamented poor privacy practices, the ills of social media and eroding trust.
Anatomy of Twitter Bots: Fake Followers (Duo Security, Oct 25 2018)
In this post, we’ll explore how fake followers operate, showing how to find an initial list of fake followers and then using this initial list to uncover a larger botnet measuring at least 12,000 accounts.
Scraping Social Security Numbers on the Web (Tripwire, Oct 21 2018)
“The most commonly known and utilized are Pastebin, Gist and Slexy. At OCD-Tech we have been developing a tool that constantly scrapes these anonymous posting sites for sensitive information, one of which is Social Security Numbers. We were able to capture 28,260 unique Social Security Numbers over about a year and 3 months.”
Safeguarding hybrid-cloud infrastructures through identity privilege management (Help Net Security, Oct 22 2018)
“Who can touch the infrastructure? How many identities have access to the infrastructure? What privileges do they have? What can they do with those privileges? What privileges are they actually using? Not using? Which resources are they performing actions on?”
Plaintext Passwords Often Put Industrial Systems at Risk (SecurityWeek, Oct 23 2018)
Plaintext passwords crossing the network, outdated operating systems, direct connections to the Internet, and the lack of automated updates for security solutions often put industrial systems at risk of attacks…
Criminals Earn Big with Fraudulent Label Services (Infosecurity Magazine, Oct 23 2018)
Criminals cash out on fraudulent purchases using illicit shipping labels, says Flashpoint.
Fortinet Tackles Insider Threats with ZoneFox Acquisition (SecurityWeek, Oct 23 2018)
Cybersecurity solutions provider Fortinet today announced that it has completed the acquisition of insider threat detection and response company ZoneFox.
66% UK SMBs believe they are being aggressively targeted by fraudsters (Help Net Security, Oct 24 2018)
In the UK over half of SMBs (62%) believe that longer verification processes during the payment stage – which could potentially combat these issues – runs the risk of losing consumers, and 65% admit they don’t know how to balance security with an acceptable customer experience, highlighting the trade-off faced by UK online merchants.
BigID adds consent governance capabilities ahead of CCPA (Help Net Security, Oct 18 2018)
BigID introduced new consent governance capabilities to the BigID platform. The enhancements help organizations correlate consent logs from existing applications with data and people to provide a centralized view of consent without centralizing its collection.
ID Analytics introduces solution to address multifaceted synthetic fraud challenges (Help Net Security, Oct 22 2018)
ID Analytics released two new products designed to provide businesses with a solution to the disparate challenges of synthetic identities.