A Review of the Best News of the Week on Identity Management & Web Fraud

Fingerprinting iPhones (Schneier on Security, May 22 2019)
This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors.

Amazon Shareholders Support Selling Face Recognition Tech to Police (SecurityWeek, May 22 2019)
Amazon on Wednesday confirmed that shareholders rejected proposals to prohibit sales of facial recognition technology to governments and study how it might threaten privacy or civil rights.

OMB releases replacement to M-04-04 (OMB, May 21 2019)
M-19-17, Enabling Mission Delivery through Improved Identity, Credential, and Access Management

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Amazon Faces Investor Pressure Over Facial Recognition (The New York Times, May 21 2019)
Shareholders are voting on whether to push the tech giant to examine the human rights and financial risks of the surveillance technology.

How effective are login challenges at preventing Google account takeovers? (Help Net Security, May 21 2019)
Despite implementation bugs that might affect the security of physical security keys, they are the strongest protection against phishing currently available, Google maintains.

Legal Threats Make Powerful Phishing Lures (Krebs on Security, May 22 2019)
“Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.”

CEO told to hand back 757,000 fraudulently obtained IP addresses (Naked Security – Sophos, May 20 2019)
A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.

Facebook bans accounts of fake news firm (Naked Security – Sophos, May 20 2019)
It’s not clear who paid Archimedes Group for its reality-warping campaigns, but it’s clear disinformation is now a global scourge.

The False Promise of “Lawful Access” to Private Data (Wired, May 16 2019)
Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition.

Feds Target $100M ‘GozNym’ Cybercrime Network (Krebs on Security, May 16 2019)
Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name.

Five ways automating IAM saves you money (Help Net Security, May 21 2019)
It also saves you money and time. Here are some of the financial benefits companies can gain by using an automated IAM.

Introducing state privacy legislation amidst national privacy law discussions (SC Magazine, May 21 2019)
Several states recently presented and passed data privacy legislation introducing individual consumer rights as well as data breach notification rules which in some ways reflect the protections afforded by Europe’s General Data Protection Regulation (GDPR).

Identity Management Firm Auth0 Raises $103 Million (SecurityWeek, May 21 2019)
Identity-as-a-Service (IDaaS) company Auth0 this week announced the close of a $103 million Series E funding round led by Sapphire Ventures, at a valuation of more than $1 billion.

What the ban on facial recognition tech will – and will not – do (WeLiveSecurity, May 20 2019)
As San Francisco moves to regulate the use of facial recognition systems, we reflect on some of the many ‘faces’ of the fast-growing technology

The Concept of “Return on Data” (Schneier on Security, May 20 2019)
This law review article by Noam Kolt, titled “Return on Data,” proposes an interesting new way of thinking of privacy law.

What’s new and next with Cloud Identity (Google Blog, May 15 2019)
a number of new and upcoming features in Cloud Identity and share how you can get started.

The Rise of Account Takeover Fraud in the Media Industry (Infosecurity Magazine, May 22 2019)
A robust criminal ecosystem is acting as a parasite on the wave of content shifting to OTT delivery models

Facial Recognition Has Already Reached Its Breaking Point (Wired, May 22 2019)
Facial recognition technology has proliferated unchecked in the US so far. Congress finally seems ready to do something about it.