A Review of the Best News of the Week on Identity Management & Web Fraud

Massive spying on users of Chrome shows new security weakness (Reuters, Jun 18 2020)
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.

The Russian Disinfo Operation You Never Heard About (Wired, Jun 16 2020)
The campaign known as Secondary Infektion appears to be a distinct effort from the meddling of the IRA and GRU—and it went undetected for years

More ad fraud apps found hiding on Google Play Store (Naked Security – Sophos, Jun 17 2020)
Fraudulent Android app developers have been discovered trying to manipulate Google’s Play Store security by removing suspicious code before adding it back in to see what trips detection systems.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Privacy Expert Slams Amazon’s Facial Recognition ‘Pause’ (Infosecurity Magazine, Jun 12 2020)
Technology’s use by police under fire after US protests

A Bill in Congress Would Limit Uses of Facial Recognition (Wired, Jun 15 2020)
Amazon, Microsoft, and IBM say they want federal rules around the technology. Critics of the proposal, sponsored by four Democrats, say it doesn’t go far enough.

Facial Recognition: IT and Police in Delicate Dance (SecurityWeek, Jun 18 2020)
Tech giants love to portray themselves as forces for good and as the United States was gripped by anti-racism protests a number of them publicly disavowed selling controversial facial recognition technology to police forces.

Twitter Removes 30,000 State-Linked Manipulation Accounts (SecurityWeek, Jun 12 2020)
Twitter on Friday announced that it took down more than 30,000 accounts pertaining to three networks associated with China, Turkey, and Russia state-linked manipulation activities.

Cryptocurrency Exchange CEO Ordered Employees to Make Fake Trades, Leaked Documents Show (VICE, Jun 12 2020)
Canadian exchange Coinsquare was practicing so-called ‘wash trading’, according to leaked emails, Slack chats, and other files. Generally, wash trading violates securities law.

15 Individuals Plead Guilty to Multimillion-Dollar Online Auction Fraud Scheme (Dark Reading, Jun 12 2020)
Members of Romanian gang used fraudulent ads for nonexistent products to extract money from US Internet users, DoJ says.

A look inside privacy enhancing technologies (Help Net Security, Jun 16 2020)
There is a growing global recognition of the value of data and the importance of prioritizing data privacy and security as critical cornerstones of business operations. While many events and developments could be viewed as contributing to this trend, it would be difficult to argue that the increased discussion generated by today’s accelerating regulatory environment has not played a significant role.

Poor Password Practices and Growing Acceptance of Biometrics in Financial Accounts (Infosecurity Magazine, Jun 15 2020)
People regularly use the same passwords across online financial accounts

How EU Authorities See GDPR Effectiveness Two Years In (eWEEK, Jun 16 2020)
“The issue we’re facing now is that the full scope of GDPR is not being used,” one expert told eWEEK. “There are still mechanisms that need to be tested. Europe really led the way on how to protect personal data—on paper—now we need to make sure this is delivered in practice.”

Survey shows rise in robocalls amid COVID‑19 fears (WeLiveSecurity, Jun 16 2020)
The unsolicited phone calls tout everything from miracle cures to financial relief – here’s how you can stay safe

Most Contact-Tracing Apps Fail Basic Security (Dark Reading, Jun 18 2020)
A survey of 17 Android applications for informing citizens if they had potential contact with a COVD-19-infected individual finds few have adopted code-hardening techniques.

Illinois Tech CEO Charged with #COVID19 Relief Fraud (Infosecurity Magazine, Jun 17 2020)
Evanston tech CEO charged with lying to obtain a $400k forgivable COVID-relief loan

Crypto founder admits $25 million ICO backed by celebrities was a scam (Naked Security – Sophos, Jun 18 2020)
Endorsed by boxer Floyd Mayweather and DJ Khaled, the Centra Tech ICO debacle has led to the guilty plea of co-founder Robert Farkas.