A Review of the Best News of the Week on Identity Management & Web Fraud
Less than a quarter of Americans use a password manager (Help Net Security, May 17 2020)
A large percentage of Americans currently do not take the necessary steps to protect their passwords and logins online, FICO reveals.
Google Chrome Redesign Puts Security & Privacy in Users’ Hands (Dark Reading, May 19 2020)
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs (Krebs on Security, May 16 2020)
“A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Another California Data Privacy Law (Schneier on Security, May 11 2020)
“The California Consumer Privacy Act is a lesson in missed opportunities. It was passed in haste, to stop a ballot initiative that would have been even more restrictive:”
Activists Are Trying to Stop the FBI From Snooping on Your Web History (VICE, May 18 2020)
After a prolonged fight in Congress, Nancy Pelosi could reattach a privacy-preserving amendment that failed by one vote in the Senate.
NHS Contact Tracing App Security Issues Detailed (Infosecurity Magazine, May 20 2020)
NHS contact tracing app faces further setback due to breach, privacy questions and security flaws
NSO Group Impersonated Facebook to Help Clients Hack Targets (VICE, May 20 2020)
Motherboard uncovered more evidence that NSO Group ran hacking infrastructure in the United States.
Scam’ Spyware Vendor Gets Caught, Once Again (VICE, May 19 2020)
Security researchers expose a new Android malware linked to Manish Kumar, the infamous owner of government spyware vendor Wolf Intelligence.
Criminals and the Normalization of Masks (Schneier on Security, May 20 2020)
In March, two men walked into Aqueduct Racetrack in New York wearing the same kind of surgical masks as many racing fans there and, at gunpoint, robbed three workers of a quarter-million dollars they were moving from gaming machines to a safe. Other robberies involving suspects wearing surgical masks have occurred in North Carolina, and Washington, D.C, and elsewhere in recent weeks.
COVID-19 contact tracing hits Apple devices with iOS and iPadOS 13.5 (Ars Technica, May 20 2020)
Apple also pushed out small updates for HomePods and Apple TVs.
The Problem with Automating Data Privacy Technology (Dark Reading, May 13 2020)
Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today’s regulated world of GDPR and CCPA. Here’s why.
COVID-19 online fraud trends: Industries, schemes and targets (Help Net Security, May 15 2020)
The telecommunications, retail and financial services industries have been increasingly impacted by COVID-19 online fraud, according to TransUnion.
I enrolled in a coronavirus contact tracing academy (Ars Technica, May 16 2020)
Experts say we need ~200,000 more people to track down anyone who crossed COVID-19’s path.
Text-Based COVID-19 Spam Wants Your Information, Money (Symantec, May 19 2020)
Symantec’s Email Threat Isolation stops spammers as they continue to take advantage of coronavirus pandemic.
Phishers are trying to bypass Office 365 MFA via rogue apps (Help Net Security, May 19 2020)
Phishers are trying to bypass the multi-factor authentication (MFA) protection on users’ Office 365 accounts by tricking them into granting permissions to a rogue application.
Firefox to tell you if sites are shortening your passwords (Naked Security – Sophos, May 19 2020)
Mozilla is fixing a longstanding password problem to alert users when their password exceeds the maximum length allowed.
60% of Insider Threats Involve Employees Planning to Leave (Dark Reading, May 20 2020)
Researchers shows most “flight-risk” employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Beware of phishing emails urging for a LogMeIn security update (Help Net Security, May 21 2020)
“Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user’s password manager,” Abnormal Security noted.
Home Chef Breach May Affect Millions of Customers (Infosecurity Magazine, May 21 2020)
Phishing attacks could follow after personal data is stolen
Pandemic-related Supply Chain and Money Laundering Woes in the Dark Web (SecurityWeek, May 20 2020)
Researchers have trawled the dark web to see how the underground is responding to the COVID-19 pandemic. The callous criminal effect has been obvious in the rise of corona-themed scams, phishing and malware — but individuals, shops and supplies in the underground are just as affected as their legal counterparts.