A Review of the Best News of the Week on Identity Management & Web Fraud
2020 Predictions: Privacy (SC Magazine, Dec 16 2019)
Predictions from executives at identity companies
Insights about the first five years of Right to Be Forgotten requests at Google (Elie Bursztein, Dec 13 2019)
The “Right to be Forgotten” (RTBF) is a landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information uncovered by queries containing the name of the requester. What makes this ruling unique and challenging is that it requires search engines, when contemplating the requested delisting of URLs, to decide whether an individual’s right to privacy outweighs the public’s right to access lawful information.
Amazon Conference Badges Tracked Attendees’ Movements (VICE, Dec 19 2019)
AWS said the data was anonymous and to help understand attendance at certain events.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Trump administration scooping up Americans’ data in effort to track undocumented immigrants, ACLU says (Washington Post, Dec 12 2019)
Immigration and border agents may be scooping up cellphone information from thousands of innocent U.S. citizens in their effort to track a few people who’ve crossed the border illegally — using invasive surveillance tools that were originally developed to protect military operations.
Weak account checks earn company $10.5 million privacy fine (Naked Security – Sophos, Dec 13 2019)
The telecomms company violates the EU’s GDPR by allegedly failing to fully authenticate people phoning up to access their accounts.
Airport Facial Recognition System Fooled (Infosecurity Magazine, Dec 13 2019)
Payment and airport facial recognition systems tricked by photos and masks
Get in line! 38,000 students and staff forced to queue for new passwords (Naked Security – Sophos, Dec 19 2019)
It’s not a bread line, and it’s not a line to see Santa – it’s an analog response to a nasty cyber attack.
SEC Charges Man With $42 Million Crypto Fraud Scheme (Infosecurity Magazine, Dec 13 2019)
Shopin raised millions in alleged fake ICO
New account fraud has more than doubled since 2014 (Help Net Security, Dec 16 2019)
New account fraud increased 27.8% worldwide YTD in 2019, compared to full-year 2018 results, and more than 100% compared to 2014 levels, Jumio reveals.
Mastercard tests new digital identity service (Help Net Security, Dec 15 2019)
Mastercard marked the first tests of a new digital service that has the potential to verify a person’s identity immediately, safely and securely in both the digital and the physical world. The initial in-market pilot will take place in Australia through two separate efforts with Australia Post and Deakin University.
Fake Payment Page Tricks Rooster Teeth Customers (Infosecurity Magazine, Dec 16 2019)
Another e-com site is hit by digital skimming/phishing raid
Data Leak Exposes One Million Web Browsing Records (Infosecurity Magazine, Dec 17 2019)
South African web filtering product is the culprit
Hackers steal data for 15 million patients, then sell it back to lab that lost it (Ars Technica, Dec 18 2019)
LifeLabs said it negotiated with hackers after they demanded a ransom.
Privacy Requirements & Penalties Grow, Causing Firms to Struggle (Dark Reading, Dec 19 2019)
Between Europe’s and California’s privacy laws, companies have a complex landscape to navigate in 2020. Even data-mature industries, such as financial services, see problems ahead.
5 Pieces of GDPR Advice for Teams Without Privacy Compliance Staff (Dark Reading, Dec 18 2019)
Are you an army of one tasked with compliance and data privacy? Try these tips to get you and your organization in alignment with regulators.
Siemens Contractor Jailed for Planting Logic Bombs (Infosecurity Magazine, Dec 18 2019)
Contractor who sabotaged computer programs to get himself re-hired to fix them is jailed
Doxed credit card data has two hours max before it’s nabbed (Naked Security – Sophos, Dec 18 2019)
That’s pretty slow for thieves’ bots & scripts to grab it and test it, said a researcher who posted his card online.
Consumer data privacy regulation at the federal level: An opportunity for MSPs? (SC Magazine, Dec 19 2019)
Lobbyists at the Information Technology Industry Council, a Google-backed think tank, quickly went to work drafting proposals for a federal law that would supersede the stringent California bill.