A Review of the Best News of the Week on Identity Management & Web Fraud
How the West Got China’s Social Credit System Wrong (Wired, Jul 29 2019)
It occupies a spot next to ‘Black Mirror’ and Big Brother in popular imagination, but China’s social credit project is far more complicated than a single, all-powerful numerical score.
Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web (Dark Reading, Jul 26 2019)
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.
Russian Fake News Targeted Ukraine Elections (Infosecurity Magazine, Jul 29 2019)
Facebook forced to remove over 100 accounts
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Researchers Find 23 Million Stolen Cards For Sale (Infosecurity Magazine, Jul 26 2019)
Dark web trade appears to be thriving
Companies’ ‘Anonymized’ Data May Violate GDPR, Privacy Regs (Dark Reading, Jul 26 2019)
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.
The rise of biometrics and passwordless security (Help Net Security, Jul 29 2019)
In a true passwordless world, passwords, PINs, SMS codes, and other authentication technologies are replaced with public-key cryptography. Private keys are generated by the user on their device and remain on-device at all times. Biometric sensors such as those currently available in the most recent versions of Apple, Android, and Windows mobile devices counterparts can unlock these credentials that are verified against an authentication server using public key cryptography.
Scam impersonates WhatsApp, offers ‘free internet’ (WeLiveSecurity, Jul 29 2019)
The fraudulent campaign is hosted by a domain that is home to yet more bogus offers pretending to come from other well-known brands
Sextortion Email Scams Rise Sharply (Dark Reading, Jul 30 2019)
Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.
Flaws Allow Hacker to Bypass Card Limits (Infosecurity Magazine, Jul 29 2019)
Researchers bypass the payment limits of Visa contactless cards.
Campaign Leverages RFI Attacks to Deploy Phishing Kits (SecurityWeek, Jul 30 2019)
A recently detected series of targeted attacks is attempting to exploit Remote File Inclusion (RFI) vulnerabilities to deploy phishing kits, Akamai has discovered.
More Companies Don’t Rely on Passwords Alone Anymore (Dark Reading, Jul 31 2019)
New research shows how enterprises are adding additional layers of authentication.
Assessing the efficiency of phishing filters employed by email service providers (Help Net Security, Jul 31 2019)
In the significant majority of cases (75% without links and 64% with links) the potential phishing messages made it into inboxes and were not in any way labelled to highlight them as spam or suspicious. Moreover, only 6% of messages were explicitly labelled as malicious.
$1.7 million still missing after North Carolina county hit by business email compromise scam (Graham Cluley, Jul 31 2019)
Cabarrus County in North Carolina, home to NASCAR races at the Charlotte speedway, was duped into believing it was paying a contractor when it moved US $2.5 million into the pockets of online criminals.