A Review of the Best News of the Week on Identity Management & Web Fraud
NSA Improperly Collected U.S. Phone Records a Second Time (WSJ, Jun 26 2019)
The National Security Agency collected data about calls and texts it wasn’t authorized to obtain last year in a second such incident, renewing concerns about its phone surveillance.
US CERT Warns of DHS Phishing Scam (Infosecurity Magazine, Jun 20 2019)
Victims are lured into downloading malware via an email pretending to be from the US’s DHS.
FIDO Alliance to Tackle Identity Verification and IoT Authentication (Dark Reading, Jun 26 2019)
Standards group forms two new working groups to develop new open specifications.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
UK Identity Fraud Jumps 8% to New All-Time High (Infosecurity Magazine, Jun 20 2019)
Cifas figures also reveal a sharp increase in money mule activity
Person in Latex Mask Impersonated French Minister (Schneier on Security, Jun 26 2019)
Forget deep fakes. Someone wearing a latex mask fooled people on video calls for a period of two years, successfully scamming 80 million euros from rich French citizens….
Privacy legislation may soon affect smaller businesses (WeLiveSecurity, Jun 21 2019)
Why smaller businesses cannot afford to ignore how they gather, store and protect data
Beating biometrics: Why biometric authentication alone is not a panacea (Help Net Security, Jun 24 2019)
Biometrics are under threat from a confluence of emerging technologies including artificial intelligence (AI), machine learning (ML), 3D printing, graphics, and advanced optics and sensors. These technologies threaten to undermine the very integrity of biometrics.
He Cyberstalked Teen Girls for Years—Then They Fought Back (Wired, Jun 24 2019)
How a hacker shamed and humiliated high school girls in a small New Hampshire town, and how they helped take him down.
Cop Gets $585K After Colleagues Snooped on Her DMV Data (Wired, Jun 21 2019)
A jury this week finds that Minneapolis police officers abused their license database access. Dozens of other lawsuits have made similar claims.
Why businesses need IAM to push their zero trust frameworks forward (Help Net Security, Jun 25 2019)
The idea of simply protecting the network perimeter has grown to be an archaic perspective on security. This model was created during a time when employees had to physically be present in offices to connect to business systems. Today’s age is one of proliferating network access points with the rise of the internet, the cloud and the mobile workforce. The sources of network access are far too many for a traditional perimeter model to handle effectively.
Presidential text alerts are open to spoofing attacks, warn researchers (Naked Security – Sophos, Jun 25 2019)
Researchers have shown that it’s technically possible for hackers to target the US Presidential text Alerts system to send fake messages.
400GB of hacked files from US border surveillance contractor are available for anyone to download (Graham Cluley, Jun 25 2019)
Stolen CBP data has been distributed via torrent sites, and is now available for anyone to download.
Every year, millions of web domains are registered to defraud businesses (Help Net Security, Jun 26 2019)
Of these fraudulent domains, more than 15 percent have Mail Exchanger (MX) records, indicating that they send and/or receive email. One-in-four also have security certificates – far more than appear in the aggregate domain landscape – which many internet users mistakenly equate with legitimacy and security.
Fake Ads that Lock Browsers Target Elders (Infosecurity Magazine, Jun 25 2019)
Fake food-related blogs and recipe sites are being used to scam older victims.
Google creates educational tools to help kids spot fake news (Naked Security – Sophos, Jun 26 2019)
Google has expanded its internet safety guide for children with techniques and games to help them be more info-literate online.
Introducing Workload Identity: Better authentication for your GKE applications (Google Cloud Blog, Jun 24 2019)
“An application has needs. Maybe it needs to connect to a data warehouse, or connect to a machine learning training set. No matter what your application needs to do, there’s a good chance it needs to connect to other services to get it done. If that app runs on Kubernetes, this kind of authentication has traditionally been a challenge, requiring workarounds and suboptimal solutions. Which is why today we’re excited to announce Workload Identity, the new—and now recommended—way for GKE applications to authenticate to and consume other Google Cloud services.”
Office 365 Multifactor Authentication Done Right (Dark Reading, Jun 27 2019)
Why the ubiquitous nature of Office 365 poses unique challenges for MFA-based security and how organizations can protect themselves.
Payment Fraud Linked to Terrorism and Trafficking (Infosecurity Magazine, Jun 27 2019)
Terbium Labs calls for bigger anti-fraud effort from financial institutions
Are heart electrocardiograms the next big thing in biometrics? (Naked Security – Sophos, Jun 27 2019)
After fingers, the iris of the eye, ears and even lips, it was probably inevitable that someone would propose the human heart might be the next big thing in biometric security.
Firefox Will Give You a Fake Browsing History to Fool Advertisers (VICE, Jun 26 2019)
Using the ‘Track THIS’ tool opens up 100 tabs at a time that will make you seem like a hypebeast, a filthy rich person, a doomsday prepper, or an influencer.