A Review of the Best News of the Week on Identity Management & Web Fraud
How a 5G coronavirus conspiracy spread across Europe (Ars Technica, Apr 16 2020)
Spate of arson attacks on cell towers fueled by disinformation over pandemic origins.
California Needlessly Reduces Privacy During COVID-19 Pandemic (Schneier on Security, Apr 16 2020)
“This one isn’t even related to contact tracing:On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth mediums.”
New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments (Krebs on Security, Apr 10 2020)
“The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return. The question is, will those non-filers have a chance to claim their payments before fraudsters do?”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
San Francisco airport websites hacked to swipe personal device credentials (SC Media, Apr 10 2020)
Two websites affiliated with San Francisco International Airport (SFO) were compromised with code last March, allowing attackers to steal device login credentials from users who visited these sites, airport officials have disclosed. The breach affected the websites SFOConnect.com, which appears to deliver informational content to the SFO workforce, and SFOConstruction.com, which includes details on airport…
Web Pioneers Launch Identity Startup That Ditches Passwords (Dark Reading, Apr 14 2020)
Legendary founders of Netscape and @Home Network roll out a new cloud-based identity management firm that makes the user his or her own certificate authority.
Microsoft and Google delay online authentication change (Naked Security – Sophos, Apr 14 2020)
Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication.
10 Ways to Spot a Security Fraud (Dark Reading, Apr 10 2020)
There is no shortage of people presenting themselves as security experts. Some of them truly are. The others…
Cybercriminals capitalize on COVID-19 fears, push shady websites, pharmaceuticals (Help Net Security, Apr 09 2020)
Shadowy sellers want to capitalize on interest in pharmaceuticals promising a potential treatment to COVID-19. NormShield researchers looked for websites using the names of 10 commonly discussed drugs over the last several months.
“Misguided” #COVID19 Facebook Post Lands American in Handcuffs (Infosecurity Magazine, Apr 09 2020)
San Antonian arrested over what he claims was a well-meant coronavirus Facebook post
Zoom Credentials Database Available on Dark Web (SecurityWeek, Apr 10 2020)
Researchers have found a database of Zoom video conferencing credentials ranging from just an email and password to also include meeting IDs, names and host keys. Full credentials could be used a range of activities from zoombombing to BEC attacks.
Data Privacy Firm Privitar Raises $80 Million in Series C Funding Round (SecurityWeek, Apr 09 2020)
London-based data privacy company Privitar this week announced that it has raised $80 million in a Series C funding round, which brings the total amount raised to date to more than $143 million.
Security Cameras Are Keeping Track of Social Distancing in Public Spaces (VICE, Apr 13 2020)
Using live cameras in several cities, a computer vision algorithm calculates how well people are keeping their distance.
GDPR, CCPA and beyond: How synthetic data can reduce the scope of stringent regulations (Help Net Security, Apr 14 2020)
As many organizations are still discovering, compliance is complicated. Stringent regulations, like the GDPR and the CCPA, require multiple steps from numerous departments within an enterprise in order to achieve and maintain compliance.
ICANN asks registrars to crack down on scam coronavirus websites (Naked Security – Sophos, Apr 14 2020)
It doesn’t have regulatory authority, so it can’t do much, but the hundreds of registrars it authorizes can and should.
Will Gentler HIPAA Rules on Telehealth Now Protect Us From Breach Litigation Later? (Dark Reading, Apr 14 2020)
To enable medical care while encouraging social distancing during the COVID-19 pandemic, the Department of Health and Human Services temporarily loosened up on some of its HIPAA noncompliance enforcement on telehealth. But what happens if there’s a PHI slip-up?
278% Rise in Leaked Government Records During Q1 of 2020 (Infosecurity Magazine, Apr 15 2020)
There were 17 million leaked government records in Q1 of 2020
Zoom passwords for sale on the Dark Web – “ten-a-penny” by all accounts (Naked Security – Sophos, Apr 15 2020)
Thousands, perhaps hundreds of thousands, of new adopters of Zoom are apparently as good as letting the crooks in for free by using passwords that have already been hacked or cracked elsewhere.
Canadian government, university targeted with COVID-19-themed phishing emails (SC Media, Apr 14 2020)
A Canadian government healthcare organization and a university medical research group are being targeted with COVID-19 phishing attacks with the emails being loaded with malware Palto Alto Networks Unit 42 found…
Identity Verification Provider Onfido Raises $100 Million (SecurityWeek, Apr 15 2020)
Identity verification and authentication provider Onfido today announced the closing of a $100 million funding round that brings the total raised by the company to date to $180 million.
US victims lose $13 million from COVID-19-related scams (Help Net Security, Apr 15 2020)
Successful COVID-19-themed fraud attempts perpetrated in the US, since the beginning of the year resulted in a little over $13 million losses, the Federal Trade Commission has shared. The real amount must be higher, though, as these losses are just the ones associated with the 17,425 COVID-19 complaints the FTC received in the last three months and a half.