A Review of the Best News of the Week on Identity Management & Web Fraud
The Company That Might End Privacy as We Know It (The New York Times, Jan 18 2020)
A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.
NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance (Help Net Security, Jan 20 2020)
The agency has just released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. Developed from a draft version in collaboration with a range of stakeholders, the framework provides a useful set of privacy protection strategies for organizations that wish to improve their approach to using and protecting personal data.
Chinese City Uses Facial Recognition to Shame Pajama Wearers (The New York Times, Jan 22 2020)
Local officials apologized, but the crackdown on a common — and comfortable — practice has raised a rare outcry over privacy in a country accustomed to surveillance.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Managing Customer Identity in the Era of CCPA (Infosecurity Magazine, Jan 15 2020)
It has most been a confusing and often stressful process for privacy, legal, and risk teams to track.
Now Stores Must Tell You How They’re Tracking Your Every Move (Wired, Jan 15 2020)
California’s new privacy law has spurred a torrent of online notices. But the law is also forcing changes offline, in traditional stores.
Hong Kong Looks to GDPR as it Strengthens Privacy Laws (Infosecurity Magazine, Jan 21 2020)
China SAR looks for inspiration following Cathay Pacific breach
ADP Users Hit with Phishing Scam Ahead of Tax Season (Dark Reading, Jan 17 2020)
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Facebook users will be notified when their credentials are used for third-party app logins (Help Net Security, Jan 16 2020)
Facebook will (finally!) explicitly tell users who use Facebook Login to log into third-party apps what information those apps are harvesting from their FB account. At the same time, users will be able to react quickly if someone managed to compromise their Facebook accounts and is using their credentials to access other apps and websites.
Password Shaming Isn’t Productive – Passwords Are Scary Business (Infosec Island, Jan 15 2020)
With the complexity of consumer devices only increasing, contextual security should be a priority for all – a situation which would avoid password shaming.
Trusona Raises $20 Million in Series C Funding Round (SecurityWeek, Jan 15 2020)
Passwordless multi-factor authentication technology provider Trusona this week announced it has raised $20 million as part of a Series C funding round led by Georgian Partners.
Lawmakers Say Financial Giant Envestnet Has Been Selling User Data Without Telling Them (VICE, Jan 17 2020)
Oregon Senator Ron Wyden say the FTC needs to do more to stop corporations from selling your private data, then burying notifications in fine print.
UK Gov Database Leak Exposes 28 Million Children (Infosecurity Magazine, Jan 21 2020)
Betting firms were reportedly allowed access to trove
China and US top user data requests in Apple transparency report (Naked Security – Sophos, Jan 21 2020)
Most of the US and China’s requests had to do with investigations into fraud, suspected account access and phishing.
Internet-enabled dash cams that allow anyone to track your GPS location in real-time (Graham Cluley, Jan 21 2020)
Watch out car drivers. If you have have installed a BlackVue dash cam into your vehicle you might have unwittingly made available your real-time GPS location.
Avoid That Billion-Dollar Fine: Blurring the Lines Between Security and Privacy (Dark Reading, Jan 21 2020)
While doing good for the user is the theoretical ideal, the threat of fiscal repercussions should drive organizations to take privacy seriously. That means security and data privacy teams must work more closely.
Microsoft Exposes 250 Million Call Center Records in Privacy Snafu (Infosecurity Magazine, Jan 22 2020)
Data leak was the result of misconfigured Elasticsearch databases
Regus spills data of 900 staff on Trello board set to ‘public’ (Naked Security – Sophos, Jan 22 2020)
Another company has ended up accidentally spilling sensitive data from business collaboration tool Trello.