A Review of the Best News of the Week on Identity Management & Web Fraud
California’s CCPA Gets Teeth Today (Infosecurity Magazine, Jul 01 2020)
California is enforcing its consumer privacy protection law after a six-month grace period
Man Convicted of Stealing High Tech Trade Secrets for China (SecurityWeek, Jun 28 2020)
A federal judge has convicted a Chinese national of economic espionage, stealing trade secrets and engaging in a conspiracy for the benefit of his country’s government.
Unemployment Insurance Fraud and Identity Theft: Up Close and Personal (Lenny Zeltser, Jul 01 2020)
How the Scam Works. “In the scheme that I encountered, the scammer impersonates the victim to file an unemployment claim with the state to receive money as the unemployment benefit. To achieve this, the scammer:”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Beware “secure DNS” scam targeting website owners and bloggers (Naked Security – Sophos, Jun 29 2020)
This scam pretended to come from WordPress itself, and claimed that DNS security features would soon be added for our domain
Facial recognition technology banned in another US city (WeLiveSecurity, Jun 25 2020)
In a move lauded by privacy advocates, Boston joins the ranks of cities that have voted down the municipal use of the technology
Cryptocurrency Pump and Dump Scams (Schneier on Security, Jun 24 2020)
The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an unregulated environment has expanded the scope for abuse.
Detroit Police Chief: Facial Recognition Software Misidentifies 96% of the Time (VICE, Jun 29 2020)
Detroit regulated facial recognition software. It’s still used only on Black people.
Facebook Privacy Snafu Exposes User Data to Thousands of Apps (Infosecurity Magazine, Jul 02 2020)
Glitch meant 5000 developers continued to receive user information
Your iPhone has a map that shows everywhere you’ve got in the past few months (The US Sun, Jun 26 2020)
Your iPhone keeps track of your real-world movements – which you can view on a map. The little-known feature is buried deep within your iPhone settings, and shows your exact movements over the past few months.
1Password launches domain breach report to address credential stuffing (Help Net Security, Jun 29 2020)
1Password is launching a first-of-its-kind domain breach report. Now, companies using 1Password’s enterprise password manager can swiftly identify compromised accounts and take action to protect the enterprise by alerting users to create new secure passwords generated via 1Password.
Does analyzing employee emails run afoul of the GDPR? (Help Net Security, Jun 29 2020)
A desire to remain compliant with the European Union’s General Data Protection Regulation (GDPR) and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. This is understandable, as GDPR non-compliance pay lead to stiff penalties.
80% of consumers trust a review platform more if it displays fake reviews (Help Net Security, Jun 28 2020)
Many people are using COVID-19 quarantine to get projects done at home, meaning plenty of online shopping for tools and supplies. But do you buy blind? Research shows 97% of consumers consult product reviews before making a purchase.
Busting the Top Myths About Privileged Access Management (Infosecurity Magazine, Jun 26 2020)
Myth One: As Privileged Access Exists Everywhere, it’s Impossible to Secure
Fraudster Jailed for Stealing Millions from US Seniors (Infosecurity Magazine, Jun 26 2020)
Through his work, the 41-year-old had access to the personal and financial information of hundreds of thousands of consumers whose accounts he was trusted to debit. After he stopped acting as a third-party payment processor in January 2013, Long used the data he had acquired over the previous five years to charge purchases to his victims’ accounts.
How to Get Safari’s New Privacy Features in Chrome and Firefox (Wired, Jun 28 2020)
Apple’s browser is getting serious about security protections. If you can’t or won’t switch, don’t worry: you don’t have to fall behind.
Google Will Delete Your Data by Default—in 18 Months (Wired, Jun 24 2020)
Starting today, the search giant will make a previously opt-in auto-delete feature the norm.
New privacy-preserving SSO algorithm hides user info from third parties (Help Net Security, Jun 30 2020)
Dr Iriyama states: “We aimed to develop an SSO algorithm that does not disclose the user’s identity and sensitive personal information to the service provider. In this way, our SSO algorithm uses personal information only for authentication of the user, as originally intended when SSO systems were introduced.”
#COVID19 HMRC Phishing Scams Persist, Begin Targeting Passport Details (Infosecurity Magazine, Jun 30 2020)
Fraudsters adapt phishing scams and now seek passport info of self-employed
macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix (SecurityWeek, Jul 01 2020)
Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix.
Two Musts for Managing a Remote Workforce: Identity Governance and Lifecycle (SecurityWeek, Jul 01 2020)
Let’s look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges.