A Review of the Best News of the Week on Identity Management & Web Fraud

Government to Begin DNA Testing on Detained Immigrants (New York Times, Oct 03 2019)
The Department of Homeland Security said it would begin testing on hundreds of thousands of immigrants in federal detention facilities.

Disinformation campaigns cheap and easy to launch: Recorded Future (SC Magazine, Sep 30 2019)
Researchers conducted an experiment to see what it would take for malicious actors to either boost a company’s online stature or tear it down and found both could be accomplished in about 30 days and cost just a few thousand dollars.

MyPayrollHR CEO Arrested, Admits to $70M Fraud (Krebs on Security, Sep 27 2019)
“Earlier this month, employees at more than 1,000 companies saw one or two paycheck’s worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers. On Monday, the CEO was arrested and allegedly confessed that the diversion was the last desperate gasp of a financial shell game that earned him $70 million over several years.”

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Driver’s License Thefts Spur ADOT to Boost Online Safeguards (SecurityWeek, Sep 28 2019)
Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver’s licenses.

Privacy Regulation Stays Local – For Now (Gartner Blog Network, Sep 25 2019)
In a much watched and contested case, EU regulators side with those who see privacy and the ‘right to be forgotten’ as a local, country or regional consideration. On Tuesday, the European Court of Justice decided that firms like Google don’t have to apply the EU’s ‘right to be forgotten’ to versions of its search engine accessed outside the EU.

Former Yahoo engineer admits using his access to steal users’ sexual images (Ars Technica, Oct 01 2019)
The 34-year-old man targeted accounts of younger women, including friends and colleagues.

Zendesk Breach Hits 10,000 Corporate Accounts (Infosecurity Magazine, Oct 03 2019)
Personal info and passwords were accessed in 2016 incident

Google Expands Use of Password Checkup Tool, Unveils New Privacy Features (SecurityWeek, Oct 02 2019)
Google on Wednesday announced that its Password Checkup tool has been added to the Account password manager, and the company has unveiled some new security and privacy features for YouTube, Maps and Assistant.

China’s 500 megapixel camera is capable of mega-facial-recognition (Naked Security – Sophos, Oct 01 2019)
The ‘super camera’ can identify people dozens of meters away using facial recognition.

The Etiquette of Respecting Privacy in the Age of IoT (Dark Reading, Sep 28 2019)
Is it rude to ask someone to shut off their Alexa? Ask the family who’s written the book on etiquette for nearly 100 years – the descendants of Emily Post herself.

Security by Sector: Bad Bots Targeting the E-Commerce Industry (Infosecurity Magazine, Sep 27 2019)
Research finds e-commerce bot activity is becoming more sophisticated and harder to detect

Global Consumers Reject Government-Mandated Encryption Backdoors (Infosecurity Magazine, Sep 27 2019)
Venafi reveals low levels of trust in governments’ data protection promises

Match knowingly puts people at risk from scammers, FTC charges (Naked Security – Sophos, Sep 27 2019)
Match.com allegedly put users on its free version at risk – by not filtering out communications that it knew were from fake accounts.

Ring Camera Surveillance Is Transforming Suburban Life (Wired, Sep 26 2019)
Consumer surveillance cameras are everywhere now, and they’re capturing moments we otherwise would never have known happened.

Father of Identity Theft’ Convicted on 13 Federal Counts (Dark Reading, Oct 01 2019)
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.

Stalkerware on the Rise Globally (Dark Reading, Oct 02 2019)
Stalkware is being installed on more and more victims’ devices, and the trend is only accelerating, according to a new report.

Massive uptick in eCrime campaigns, retail among top targeted industries (Help Net Security, Oct 02 2019)
This is in stark difference from last year, but does not indicate a reduction in state-sponsored activity overall. Rather, it reflects a continued shift in eCrime adversary behavior to focus more on leveraging nation-state style intrusions versus targeted spray and pray attacks in pursuit of more and larger payouts.

Over 20 Million Russian Tax Records Exposed in Privacy Snafu (Infosecurity Magazine, Oct 03 2019)
Ukrainian company fails to secure AWS Elasticsearch cluster

How Incognito Google Maps Protects You—and How It Doesn’t (Wired, Oct 02 2019)
Turning on the new Incognito Mode in Google Maps won’t make you as invisible as it might sound.