A Review of the Best News of the Week on Identity Management & Web Fraud

Am I a Jerk for Refusing to Use a Coronavirus Contact Tracing App? (VICE, May 13 2020)
Is privacy more important the hypothetical chance to save lives or protect yourself from contagion? We asked an expert.

Meant to Combat ID Theft, Unemployment Benefits Letter Prompts ID Theft Worries (Krebs on Security, May 08 2020)
Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank, a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent identity theft, but many people are mistaking these vague missives for a notification that someone has hijacked their identity.

Easily control the naming of individual IAM role sessions (AWS Security Blog, May 12 2020)
AWS Identity and Access Management (IAM) now has a new sts:RoleSessionName condition element for the AWS Security Token Service (AWS STS), that makes it easy for AWS account administrators to control the naming of individual IAM role sessions.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Microsoft Identity VP Shares How and Why to Ditch Passwords (Dark Reading, May 07 2020)
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.

Is the stress of card fraud worth the digital convenience? (Help Net Security, May 07 2020)
With a growing portion of consumers having now fallen victim to card fraud, anxiety about the security of our digital accounts is spiking, according to a survey by Marqeta. The survey talked to 4,000 consumers across the United States and the United Kingdom about consumer attitudes toward card fraud in an increasingly digital economy. According to the survey, card fraud has had a pervasive, repeat impact on a large number of American and UK consumers…

Opportunists Are Preying on Instacart Shoppers as Bots Ramp Up on the Platform (VICE, May 08 2020)
A middleman is dubiously offering Instartcart shoppers the chance of more reliable work in exchange for thousands of dollars.

Hackers Turned Virginia Government Websites Into Elaborate eBooks Scam Pages (VICE, May 08 2020)
Two subdomains of an official Virginia government website were hijacked and enrolled into a eBooks scam.

5 common password mistakes you should avoid (WeLiveSecurity, May 07 2020)
Password recycling or using easy-to-guess passwords are just two common mistakes you may be making when protecting your digital accounts

You won’t believe who’s heading up the UK’s Coronavirus tracing app… (Graham Cluley, May 08 2020)
So, who does the UK government appoint to head up the NHS COVID-19 tracing app? None other than Baroness Harding of Winscombe. Perhaps better known to you and me as Dido Harding, the former CEO of TalkTalk.

Used Tesla Components Contain Personal Information (Schneier on Security, May 08 2020)
Used Tesla components, sold on eBay, still contain personal information, even after a factory reset. This is a decades-old problem. It’s a problem with used hard drives. It’s a problem with used photocopiers and printers. It will be a problem with IoT devices.

DocuSign Phishing Campaign Uses COVID-19 as Bait (Dark Reading, May 08 2020)
The newly discovered campaign lures victims with a supposed file concerning the coronavirus pandemic.

Biometric device shipments revenue to drop by $2 billion (Help Net Security, May 10 2020)
The pandemic is expected to cause a significant pushback on biometric device shipments, creating a major revenue drop of $2 billion over the course of 2020, according to ABI Research.

This Script Sends Junk Data to Ohio’s Website for Snitching on Workers (VICE, May 08 2020)
An anonymous hacker wrote a script to sabotage Ohio’s ‘COVID-19 Fraud’ website, which allows companies to report employees and prevent them from collecting unemployment insurance.

Home workplaces introduce new risks, poor password hygiene (Help Net Security, May 11 2020)
Entrust Datacard released the findings of its survey which highlights the critical need to address data security challenges for employees working from home as a result of the pandemic based on responses from 1,000 US full-time professionals.

Attackers Pose as Zoom to Steal Microsoft Credentials (Infosecurity Magazine, May 11 2020)
Fake Zoom notification email contains malicious link to Microsoft login

Investigation into “Significant Privacy Breach” at Ontario Care Home (Infosecurity Magazine, May 12 2020)
An Ontario care home where 66 have died from COVID-19 is being investigated over potential privacy breach

Enterprise Identity Protection Firm Semperis Raises $40 Million (SecurityWeek, May 13 2020)
Enterprise identity protection company Semperis on Wednesday announced that it raised $40 million in a Series B funding round, which brings the total raised to date to $54 million.

CyberArk Acquires Identity as a Service Provider Idaptive for $70 Million (SecurityWeek, May 13 2020)
CyberArk on Wednesday announced that it has acquired Idaptive, an Identity as a Service (IDaaS) provider based in Santa Clara, California, for $70 million in cash.

It’s Time to Embrace Self-Service Password Resets (IT Pro, May 11 2020)
With the number of people working from home in recent months, it’s fair to say your IT help desk is likely a bit frazzled – especially if your password change process is manual and dependent on your employees being at the office.