A Review of the Best News of the Week on Identity Management & Web Fraud

Avast shutters data-selling subsidiary amid user outrage (Ars Technica, Jan 30 2020)
Avast CEO Ondrej Vlcek announced late Thursday the end of the data-selling subsidiary, known as Jumpshot. Writing in an open letter, he said that he and the company’s board “have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.”…Jumpshot took in $36 million in revenues last year.

Apple proposes simple security upgrade for SMS 2FA codes (Naked Security – Sophos, Feb 03 2020)
agree on a common text format so their use can be automated without the need for risky user interaction.

Google Says It Sent Some People’s Private Videos to Strangers (VICE, Feb 04 2020)
A bug in Google’s Takeout tool sent some users’ content to other accounts.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

The fractured future of browser privacy (Ars Technica, Feb 01 2020)
Browser makers increase privacy protection but disagree on how exactly it should work.

93% of attempted mobile transactions in 2019 were fraudulent (Help Net Security, Jan 31 2020)
The number of malicious apps discovered in 2019 rose to 98,000, up from 63K in 2018. These 98,000 malicious apps had infected 43 million Android devices

Fake Exec Tricks New York City Medical Center into Sharing Patient Info (Infosecurity Magazine, Jan 30 2020)
Phishing impersonation scam succeeds at non-profit medical center in New York

US Arrests Prominent Harvard Academic for China Ties (Infosecurity Magazine, Jan 30 2020)
It is alleged that, since 2011, Lieber has been a “strategic scientist” at Wuhan University of Technology (WUT), and that from 2012-17 he was a “contractual participant” in Beijing’s Thousand Talents Plan, which Washington claims is designed to recruit foreign science experts to steal research secrets.

Dashlane’s Super Bowl Ad Proves Password Managers Have Arrived (Wired, Feb 02 2020)
A company you’ve never heard of is spending millions of dollars to let you know it can make your online life easier.

Google’s Chrome 80 clamps down on cookies and notification spam (Naked Security – Sophos, Feb 06 2020)
Version 80 of the Chrome browser is out with some new features designed to save your security and your sanity.

FBI Director Warns of Ongoing Russian ‘Information Warfare’ (SecurityWeek, Feb 06 2020)
FBI Director Chris Wray said Wednesday that Russia is engaged in “information warfare” heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America’s election infrastructure.

George’ the Most Popular Password That’s a Name (Dark Reading, Jan 31 2020)
A new study of stolen passwords reflects the consequences of password overload.

Privacy ROI: Benefits from data privacy averaging 2.7 times the investment (Help Net Security, Jan 30 2020)
Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorized and authorized users, and preparation for the GDPR and similar laws around the globe spurred many organizations to make considerable privacy investments – which are now delivering strong returns, Cisco reveals.

Breach at Indian Airline Affects 1.2 Million Passengers (Infosecurity Magazine, Jan 31 2020)
Privately-owned Indian airline SpiceJet suffers large-scale data breach

Fraudsters posed as art dealer, bilked museum for millions (Naked Security – Sophos, Feb 03 2020)
Scammers got away with a $3.1m BEC heist, art dealer and museum blame each other, and ownership of a valuable landscape is up in the air.

Facebook to pay $550m to settle face-tagging suit (Naked Security – Sophos, Jan 31 2020)
A class-action lawsuit against Facebook for the use of its tag suggestions feature looks like it’s finally done churning through the courts.

Twitter Removes GOP-Run Account That Impersonated Democrat (WSJ, Feb 03 2020)
The social-media platform took down an account run by the state Republican Party that was named after Democratic gubernatorial candidate Dan Feltes and posted content attacking him.

British Charity Loses Over $1m in Domain Spoofing Scam (Infosecurity Magazine, Feb 03 2020)
Cyber-criminals con UK charity Red Kite Community Housing out of £932K

New Research on the Adtech Industry (Schneier on Security, Feb 04 2020)
“The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space.”

LexisNexis Risk Solutions enhances its fraud and identity offering with the acquisition of Emailage (Help Net Security, Feb 04 2020)
Founded in 2012 and based in the Phoenix metro area with offices across the globe, Emailage helps organizations reduce online fraud by building multi-dimensional profiles associated with customer email addresses to render predictive risk scores.

Iranian Phishers Use Journalist’s Identity to Steal Info (Infosecurity Magazine, Feb 06 2020)
State hackers impersonate New York Times journalist