A Review of the Best News of the Week on Identity Management & Web Fraud
Busting SIM Swappers and SIM Swap Myths (Krebs on Security, Nov 07 2018)
“KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked.”
Here’s Why [Insert Thing Here] Is Not a Password Killer (Troy Hunt, Nov 05 2018)
Despite its many flaws, the one thing that the humble password has going for it over technically superior alternatives is that everyone understands how to use it. Everyone.
SMS Phishing + Cardless ATM = Profit (Krebs on Security, Nov 02 2018)
“Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.”
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Google’s stealthy sign-in sentry can pick up pilfered passwords (Naked Security – Sophos, Nov 02 2018)
The search giant’s secret sauce can see when somebody’s using your stolen password.
Is the US about to get a nationwide, privately owned, biometrics system? (Naked Security – Sophos, Nov 06 2018)
Two US biometric companies have partnered to research a private, nationwide biometrics system.
The building blocks of blockchain-based digital identity (Help Net Security, Nov 05 2018)
A shared digital identity solution needs to be much more than just the blockchain and the smart contracts that can be run on the blockchain. In fact, most of these solutions are not engineered for enterprise use because they are not built to meet enterprise requirements around branding, consumer experience, deployment, security and predictable pricing.
SIM Swap Danger as Telco Staff Waive ID Checks (Infosecurity Magazine, Nov 02 2018)
Secret filming showed two Vodafone staff failing to follow strict security policies to check the identity of the person requesting the replacement SIM card in-store, according to The BBC’s Watchdog Live.
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million (Dark Reading, Nov 02 2018)
Three individuals who worked for DRAM maker’s Taiwan subsidiary stole Micron IP to benefit company controlled by China’s government, US says in indictment.
NITTF Releases New Model for Insider Threat Program (Dark Reading, Nov 02 2018)
The Insider Threat Program Maturity Framework is intended to help government agencies strengthen their programs.
Beagle free visual analytics tool helps bring cybercriminals to justice (Help Net Security, Nov 05 2018)
A team of researchers is helping law enforcement crack down on email scammers, thanks to a new visual analytics tool that speeds up forensic email investigations and highlights critical links within email data.
Over 80,000 Facebook User Accounts Compromised (Infosecurity Magazine, Nov 05 2018)
Dark web seller shares private messages
Stolen Data Valued at Less Than $50 on Dark Web (Infosecurity Magazine, Nov 05 2018)
Cyber-criminals could sell someone’s complete digital life – including social media accounts, banking details, app data, gaming accounts and even remote access to servers or desktops – for less than $50 on the dark web…
Facebook wants to reveal your name to the weirdo standing next to you (Naked Security – Sophos, Nov 06 2018)
Facebook’s latest idea is to wirelessly sniff out people around you and make friend suggestions based on what it finds.
It’s End of Life for ASafaWeb (Troy Hunt, Nov 06 2018)
“Considering all that combined with the fact that ASafaWeb had fallen well and truly behind the technology curve and was no longer accurate for a bunch of newer sites it was scanning, I made the call to pull the pin on it.”
U.S. Government Publishes New Insider Threat Program Maturity Framework (SecurityWeek, Nov 06 2018)
National Insider Threat Task Force (NITTF) Releases New Insider Threat Program Maturity Framework
Why Password Management and Security Strategies Fall Short (Dark Reading, Nov 07 2018)
Researchers say companies need to rethink their password training and take a more holistic approach to security.
Voting machine manual tells officials to reuse weak passwords (Naked Security – Sophos, Nov 07 2018)
The manual turns good advice on its head, telling officials to use, reuse and recycle weak passwords.
Police crack encrypted chat service IronChat and read 258,000 messages from suspected criminals (Graham Cluley, Nov 07 2018)
Dutch police have revealed that they were able to spy on the communications of more than 100 suspected criminals, watching live as over a quarter of a million chat messages were exchanged.
UK consumers are ready to adopt the new biometric payment card (Gemalto blog, Nov 06 2018)
Gemalto surveyed 821 consumers in the UK to evaluate their perception of the biometric EMV card.
In Their Own Words: A Healthcare CISO’s Journey to Zero Trust (The Duo Blog, Nov 06 2018)
Healthcare Chief Information Security Officers (CISOs) and other security/IT team leaders are responsible for identifying patient safety or care issues, while driving the selection and adoption decisions on technology purchases to help address those concerns.