Identity Mgt & Web Fraud – The Week’s Best News – 2018.12.20

A Review of the Best News of the Week on Identity Management & Web Fraud

Facebook Carved an Opening for Tech Giants (The New York Times, Dec 19 2018)
Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.

Extortion Email Causes Widespread Panic Across US (Infosecurity Magazine, Dec 14 2018)
Universities and offices were evacuated after receiving a bomb threat in an email hoax.

Real-Time Attacks Against Two-Factor Authentication (Schneier on Security, Dec 14 2018)
“Attackers are targeting two-factor authentication systems…This isn’t new. I wrote about this exact attack in 2005 and 2009.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

How Hackers Bypass Gmail 2FA at Scale (Motherboard, Dec 19 2018)
The hackers’ tool then automatically creates an App Password—a separate password that lets third party applications have access to the email account—so the hackers can maintain a hold on the user’s account.

Who Are You, Really? A Peek at the Future of Identity (Dark Reading, Dec 14 2018)
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.

Unlocking Android phones with a 3D-printed head (Graham Cluley, Dec 13 2018)
Forbes journalist Thomas Brewster wanted to find out just how well a variety of Android phones and a top-of-the-range Apple iPhone would fare against a determined attempt to break facial recognition. And he did that by having a 3D-model printed of his head.

McAfee researchers analyze cybercriminal markets, reveal tactics, targets (Help Net Security, Dec 19 2018)
The third quarter of 2018 saw the Dream, Wall Street, and Olympus markets clamoring for market share, until the mysterious disappearance of Olympus. In an effort to evade law enforcement and build trust directly with customers, some entrepreneurial cybercriminals have shifted away from using larger markets to sell their goods and have begun creating their own specialized shops.

Save the Children Hit by $1m BEC Scam (Infosecurity Magazine, Dec 17 2018)
US charity on the receiving end of sophisticated email fraud

Facebook has filed patents to predict our future locations (Naked Security – Sophos, Dec 14 2018)
One such use would be to pre-stuff our devices with ads and other content before we wander into a Wi-Fi dead zone.

Identity Intelligence Firm 4iQ Lands $18 Million in Series B Funding (SecurityWeek, Dec 14 2018)
The company focuses on helping organizations discover stolen credentials, personal information and proprietary documents that may be exposed and pose a risk.

The most popular passwords of 2018 revealed: Are yours on the list? (WeLiveSecurity, Dec 17 2018)
Besides the usual suspects among the worst of passwords, a handful of notable – but similarly poor – choices make their debuts

How Russian Trolls Used Meme Warfare to Divide America (Wired, Dec 17 2018)
A new report for the Senate exposes how the IRA used every major social media platform to target voters before and after the 2016 election.

Insight into the growing problem of highly sophisticated fraud (Help Net Security, Dec 18 2018)
Sophisticated fraud campaigns are beginning to outwit machine learning solutions especially the ones that only detect known fraud patterns based on historic loss experience, according to DataVisor.

Met Slammed for Using Dodgy Facial Recognition Cameras (Infosecurity Magazine, Dec 18 2018)
Cameras are 100% inaccurate, claims rights group

Google will make it easier for people without accounts to collaborate on G Suite documents (TechCrunch, Dec 18 2018)
Using the pin code to gain access allows invitees to view, comment on, suggest edits to or directly edit Google Docs, Sheets and Slides. The owners and admins of the G Suite files monitor usage through activity logs and can revoke access at any time.

Instagram became the preferred tool in Russia’s propaganda war (Naked Security – Sophos, Dec 19 2018)
Facebook and Twitter got a lot of heat, but Instagram’s appeal is that’s where the kids are, and that seems to be where the Russians went.

Cloud Identity for Customers and Partners (CICP) is now in beta and ready to use (Google Cloud Blog, Dec 17 2018)
“add Google-grade identity and access management (IAM) functionality to your apps, protect user accounts, and scale with confidence—even if those users are customers, partners, and vendors who might be outside of your organization. CICP is now available in public beta.”

A Devious Phishing Scam Targets Apple App Store Customers (Wired, Dec 19 2018)
Be on the lookout for emails that claim to be from the App Store.

Share on facebook
Share on twitter
Share on linkedin