A Review of the Best News of the Week on Identity Management & Web Fraud
Chinese hackers stole “hundreds of millions of dollars” of secrets (Ars, Jul 21 2020)
DOJ alleges the hackers started work in 2009, hit military contractors.
Inside America’s Secretive $2 Billion Research Hub Collecting Fingerprints From Facebook, Hacking Smartwatches And Fighting Covid-19 (Forbes, Jul 23 2020)
Mitre Corp runs some of the U.S. government’s most hush-hush science and tech labs. The cloak-and-dagger R&D shop might just be the most important organization you’ve never heard of.
Twitter Breach Highlights Privileged Account Security Issue (Dark Reading, Jul 20 2020)
Security incident that allowed attackers to hijack high-profile accounts suggests social media giant’s controls for spotting insider abuse were not strong enough, security experts say.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Coinbase stopped scammers from stealing an extra $280,000 during Twitter hack (Graham Cluley, Jul 22 2020)
Maybe Coinbase should send Twitter an invoice, because it certainly sounds like their quick thinking helped prevent last week’s hack from leaving a lot more Twitter users with empty wallets.
This bank is worried scammers may be cruelly paying off people’s credit cards (Los Angeles Times, Jul 21 2020)
Capital One froze a SoCal customer’s credit card because it was concerned a bank transfer to pay off $14,000 in debt may have been made by a scammer.
US-EU Privacy Shield data sharing agreement struck down by court (Ars Technica, Jul 16 2020)
Much as in 2015, US surveillance practices and EU privacy law don’t mesh well.
EU Court Ruling Means New Global Protections for EU Customer Data (Dark Reading, Jul 16 2020)
The ruling in a case involving Facebook means that international companies must provide EU-level privacy controls for EU-generated data no matter where it’s stored or transferred.
DPOs Encouraged to Act Now on Invalid Privacy Shield (Infosecurity Magazine, Jul 17 2020)
Data Protection Officers and businesses should take action immediately in light of the end of Privacy Shield
Tech Giants Sued Over Biometric Privacy (Infosecurity Magazine, Jul 16 2020)
Illinois residents sue Google, Amazon, and Microsoft over faceprints’ acquisition
Customs and Border Protection Bought Access to Nationwide Car Tracking System (VICE, Jul 17 2020)
The move by CBP continues the trend of law enforcement buying access to data rather than gathering it themselves.
UK Government Fails to Meet GDPR Requirement in Test and Trace Program (Infosecurity Magazine, Jul 20 2020)
The UK government admits to not carrying out a DPIA
Uber Drivers in GDPR Fight to Unmask Algorithms (Infosecurity Magazine, Jul 20 2020)
Greater transparency will help uncover discrimination and aid collective bargaining
401(k) Cyber Fraud Is Growing. Everyone Could Be Liable (The Security Ledger, Jul 21 2020)
Hacking attacks on 401(k) plans and retirement savings accounts are growing and court rulings could have a far-reaching impact on who is liable.
FTC Details #COVID19 Scams and Fraud Cases to Senate (Infosecurity Magazine, Jul 22 2020)
FTC details COVID-19 related scams and asks for power to obtain refunds for victims
Why we must arm police with facial recognition systems (SC Media, Jul 22 2020)
It’s now evident in the Unites States that there are pockets within police departments that have demonstrated racial bias. This has resulted in a justified reaction from the public against them. And unlike most other western countries, in the U.S., both the police and many in the public are armed with guns, which tends to…
Counterpoint: The hidden threat of facial recognition (SC Media, Jul 22 2020)
Civil rights advocates have long warned that facial recognition technology was open to abuse by government efforts to identify and track protesters. Those fears were borne out several years ago when records revealed that law enforcement deployed the technology on people protesting the Freddie Gray incident in Baltimore. Civil rights advocates have also warned for…
Fawkes: Digital Image Cloaking (Schneier on Security, Jul 22 2020)
“Fawkes is a system for manipulating digital images so that they aren’t recognized by facial recognition systems.
At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these “cloaked” photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo.”
He Might Have Been Able to Fake His Death, if Only He’d Spell-Checked (The New York Times, Jul 23 2020)
Officials said they determined that a Long Island man had forged his death certificate after noticing that he misspelled “regsitry.”
Hackers obtained Twitter DMs for 36 high-profile account holders (Ars Technica, Jul 22 2020)
Hack also exposed phone numbers, email addresses, and other PI for 130 users.
Facebook Unveils New Privacy, Security Features for Messenger (SecurityWeek, Jul 23 2020)
Facebook on Wednesday unveiled new privacy and security features for its Messenger application.