A Review of the Best News of the Week on Identity Management & Web Fraud
Google Prepares to Launch New Privacy Tools to Limit Cookies (WSJ, May 07 2019)
Google is set to unveil a new way to limit the use of browser-tracking cookies, a move that could strengthen the search giant’s advertising dominance and deal a blow to other digital-marketing companies.
Facebook deletes more accounts linked to Russia (Reuters, May 07 2019)
Facebook Inc said on Monday it had removed multiple pages, groups and accounts linked mostly to Russia that were used to spread misleading information on the social network and its Instagram service.
Google offers auto-delete option for location, web tracking history (Help Net Security, May 03 2019)
Google has added a control option to users’ accounts that will allow them to instruct the company to auto-delete their location history, browsing and search data once a certain length of time has passed.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Facebook sponsored posts selling access to hacked PayPal accounts (Graham Cluley, May 07 2019)
Have you ever been curious just how much vetting Facebook does before it accepts cash for an ad or a sponsored post? Judging by what’s popping up in some users’ newsfeeds, the answer is not that much.
PSD2 and strong customer authentication: Are all elements equal? (Help Net Security, May 06 2019)
The European Payment Services Directive 2 (PSD2), introduced in January 2018, contains the requirement for additional security features for certain online transactions. These security requirements, known as Strong Customer Authentication (SCA), come into force on September 14, 2019 and define strong authentication as…
Understanding ICO Password Recommendations (Infosecurity Magazine, May 07 2019)
Passwords may be a small part of GDPR requirements, but they also represent the easiest way to gain unauthorized access to personally identifiable data
Watch and learn: Identity & access management sessions at Next ’19 (Google Cloud Blog, May 03 2019)
“We have been hard at work building enterprise-ready identity and access management (IAM) services for our customers and partners, and made multiple product announcements at Next ‘19. During the show, we also hosted 10 sessions on IAM, all of which you can now watch on-demand, from any device. “
Getting started with Identity Platform (Google Cloud Blog, May 01 2019)
“In April, we made Identity Platform generally available to help you add Google-grade identity and access management functionality to your apps and services, protect user accounts, and scale with confidence.”
Consumers care deeply about their privacy, security, and how their personal information is handled (Help Net Security, May 03 2019)
65% of consumers are concerned with the way connected devices collect data. More than half (55%) do not trust their connected devices to protect their privacy and a similar proportion (53%) do not trust connected devices to handle their information responsibly, according to a survey by IPSOS Mori on behalf of the Internet Society and Consumers International.
HMRC to finally erase five million voice records it collected without permission (Graham Cluley, May 03 2019)
The biometric voice data had been collected without explicit consent from people calling the HMRC’s telephone hotline for advice.
Protecting Yourself from Identity Theft (Schneier on Security, May 06 2019)
“The best way for you to protect yourself is to change that incentive, which means agitating for government oversight of this space. This includes proscriptive regulations, more flexible security standards, liabilities, certification, licensing, and meaningful labeling. Once that happens, the market will step in and provide companies with the technologies they can use to secure your data.”
What will phishers do once push-based MFA becomes widely used? (Help Net Security, May 06 2019)
Office 365 users are preferred targets. Successful attackers are using Microsoft’s hosted Office 365 infrastructure to pull off every phase of the attack. They send the phishing email from an Office 365 account and point the victims to a phishing page that is hosted on OneDrive or SharePoint. “This makes it near-impossible for traditional anti-phishing technology to block the attack,” Higbee pointed out.
Better Behavior, Better Biometrics? (Dark Reading, May 07 2019)
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
An attempt to phish my Amazon Web Services account (Graham Cluley, May 07 2019)
What I don’t remember receiving before is an email purporting to come from Amazon Web Services (AWS), claiming that unless I confirm I have given my correct contact information for a domain’s WHOIS record, a website I administer could be suspended.
Federal bill to curtail CBP PII reveals, Illinois tackles digital assistant eavesdropping (SC Magazine, May 06 2019)
A bipartisan group of Senators plan to introduce a bill that would stop U.S. Customs and Border Protection (CBP) from selling the PII of citizens who move out of the country.
Privileged Access Management Solutions Are Shifting to the Cloud: Survey (SecurityWeek, May 07 2019)
Most companies are planning to move to, or adopt, cloud solutions for their privileged access management (PAM) deployments, at least according to a new survey suggesting that only 36% of companies plan to keep their PAM solution on-premise.
The Dark Web is Smaller Than You Think (Dark Reading, May 07 2019)
The number of live, accessible .onion sites amounts to less than 0.005% of surface web domains, researchers report.
Microsoft gets FIDO2 certification for Windows Hello (Help Net Security, May 07 2019)
FIDO Alliance announced that Microsoft has achieved FIDO2 certification for Windows Hello. With this news, any compatible device running Windows 10 is now FIDO2 Certified out-of-the-box following the Windows 10 May 2019 update.
Google I/O 2019: Google Loosens Its Grip on Hoarding Your Data (Wired, May 07 2019)
Google has a new feature that lets you delete your web and app activity after three months. Here’s how to use it.