A Review of the Best News of the Week on Identity Management & Web Fraud
How the NSA Says You Can Limit Location Data Exposure (VICE, Aug 04 2020)
The mitigations are designed for government officials, but the advice itself can be useful for many more people.
Data isn’t just being collected from your phone. It’s being used to score you. (Washington Post, Aug 01 2020)
It’s called surveillance scoring. And everybody’s doing it.
Facial Recognition’s Next Big Play: the Sports Stadium (WSJ, Aug 02 2020)
Los Angeles Football Club wants to “move everything to face,” while the New York Mets are testing the system on players and staff.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Citizens Are Increasingly Worried About How Companies Use Their Data (Dark Reading, Jul 30 2020)
With data privacy important to almost every American, more than two-thirds of those surveyed say they don’t trust companies to ethically sell their data.
How privacy can decrease safety (Help Net Security, Aug 03 2020)
Bark Technologies, which monitors over 5M teens text, email, school, and social media accounts, says that “texting is the new first base” for this generation. Pediatricians also confirmed that this behavior spans all socioeconomic, religious, and ethnicity lines and is incredibly common behavior. Unfortunately, they also report that parental denial, and unwillingness to play a gatekeeper role in the digital lives of their children is also prevalent.
Incognito Mode May Not Work the Way You Think It Does (Wired, Aug 02 2020)
Every browser has a private mode—but the privacy it offers has a limit.
FBI Warns on New E-Commerce Fraud (Dark Reading, Aug 03 2020)
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.
Robocall Legal Advocate Leaks Customer Data (Krebs on Security, Aug 03 2020)
“A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.”
Dirty Dozen part 2: Thieves are constantly coming up with ways to scam taxpayers (IRS, Aug 06 2020)
This is the second of two tips exploring the IRS Dirty Dozen tax scam list. Tax scams tend to rise during tax season or during times of crisis. Scam artists are using the COVID-19 pandemic to try to steal money and information from taxpayers.
How a Vigilante Fights Cheating In The World’s Biggest Video Games (VICE, Aug 06 2020)
A 24-year-old from London leads a small but dedicated army of volunteer vigilantes that fights cheaters in ‘Overwatch’ and ‘Valorant.’
Granting employees admin status is convenient but risky (Help Net Security, Aug 03 2020)
One of your employees needs access to part of your customer database so he can fulfill an urgent reporting request. You’re busy and this employee is trustworthy, so you grant him administrative status. Simple solution, right? You’ll revoke it later when you’re done with the other 600 critical things you’re working on right now. Right? Not so fast.
Malware Author Admits Role in $568m Cyber-Fraud (Infosecurity Magazine, Aug 03 2020)
Malware creator pleads guilty to role in transnational cybercrime organization that stole $568m
Firefox to block redirect tracking (Help Net Security, Aug 05 2020)
Mozilla has announced a new Firefox protection feature to stymie a new user tracking technique lately employed by online advertisers: redirect tracking. How does redirect tracking work? Online advertisers, web analytics companies and browser makers are locked in a perennial arms race when it comes to methods for tracking users’ online behavior.
iOS 14’s Best Privacy Feature? Catching Data-Grabbing Apps (Wired, Aug 05 2020)
Apple’s new operating system hasn’t been released to the public yet, but its new permission notifications are already shaming developers into cleaning up their acts.
Decades-Old Email Flaws Could Let Attackers Mask Their Identities (Wired, Aug 04 2020)
Researchers found 18 exploits that take advantage of inconsistencies in the email plumbing most people never think about.
Ex-Googler Levandowski gets 18 months in prison for trade-secret theft (Ars Technica, Aug 05 2020)
Judge rejects request to avoid prison, but delays sentence until after pandemic.
#BHUSA: How Public Standards Help to Enable Financial Fraud (Infosecurity Magazine, Aug 06 2020)
Financial malware used by North Korea has to rely on the same transaction standards that banks do
Silverfort Raises $30 Million to Expand Agentless Authentication Platform (SecurityWeek, Aug 06 2020)
Silverfort, a provider of an agentless, proxyless authentication platform, announced this week that it has raised $30 million in a Series B funding round led by Aspect Ventures.