A Review of the Best News of the Week on Identity Management & Web Fraud

New Australian Backdoor Law (Schneier on Security, Dec 12 2018)
“Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it’s really bad.”

Report: Pioneering Privileged Access Management (Help Net Security, Dec 07 2018)
Gartner released the first-ever Magic Quadrant for Privileged Access Management*, – it is, in our view, a significant milestone for the industry. We believe it spotlights the critical importance of protecting privileged credentials amidst digital transformation initiatives and the ever-changing threat landscape.

Privacy Regulation Round-Up (Info-Tech Research Group, Inc., Dec 11 2018)
This Privacy Regulation Round-Up summarizes the latest major global privacy regulatory development, announcements, and changes. This report is updated on a monthly basis.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Shocking extent of how big firms harvest your data (Mail Online, Dec 06 2018)
Analysis by the Mail found that Marriott International, Facebook, Asda, Paypal, BT and Tesco engaged in hidden data harvesting and sharing.

Google’s private browsing doesn’t keep your searches anonymous (Naked Security – Sophos, Dec 06 2018)
DuckDuckGo says you can go right ahead and log out of Google, then enter private browsing mode, but you’ll still see tailored search results.

168 Arrested in Money Mule Crackdown (SecurityWeek, Dec 07 2018)
Europol this week announced that 168 people were arrested in a massive operation that resulted in the identification of 1,504 money mules.

Your Personal Data is Already Stolen (Schneier on Security, Dec 06 2018)
“you realize that expecting another company to safeguard your security is a fool’s errand, and that it makes far more sense to focus instead on doing everything you can to proactively prevent identity thieves, malicious hackers or other ne’er-do-wells from abusing access to said data.”

30% of healthcare databases are exposed online (Help Net Security, Dec 11 2018)
Despite the fact that electronic health records (EHR) contain extremely sensitive information about individuals, it is shockingly easy for malicious actors to get their hands on them…

Privacy a Key Concern for Telecoms and Consumers (, Dec 10 2018)
As the IoT continues to grow, telecoms and consumers say security is critical.

Dark web goldmine busted by Europol (Naked Security – Sophos, Dec 11 2018)
What’s the safest way to buy counterfeit banknotes? Not on the dark web market, as 235 people have just discovered to their cost.

Facebook fined $11m for misleading users about how data will be used (Naked Security – Sophos, Dec 11 2018)
They said Facebook emphasizes the service being free, not that it’s making big bucks off users’ data. They ordered the company to apologize.

Battling Bots Brings Big-Budget Blow to Businesses (Dark Reading:, Dec 11 2018)
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.

Password-less security arrives on macOS with HYPR (Help Net Security, Dec 11 2018)
Unlike authentication providers that rely on centralized passwords, HYPR moves user authentication keys to their personal mobile devices…

Bad news for scammers. Huawei executive Meng Wanzhou has been released on bail (Graham Cluley, Dec 12 2018)
Scammers want you to send $2000 to help Huawei’s CFO bribe her way out of jail.

NIST on Privileged Access Management: Secure the Keys to your Kingdom (The LastPass Blog, Dec 06 2018)
you can implement stronger password controls, hide passwords when sharing with users, receive insights on password reuse within your organization, implement role-based permissions and more all to secure the “keys to your kingdom.”

Worst Passwords of 2018? These “Password Offenders” Lead the Pack (Dashlane Blog, Dec 13 2018)
Dashlane today announced its third annual list of the “Worst Password Offenders.” See who had the worst passwords and password habits in 2018.