A Review of the Best News of the Week on Identity Management & Web Fraud
California DMV Is Selling Drivers’ Data to Private Investigators (VICE, Aug 18 2020)
An internal document obtained by Motherboard lists the commercial requesters for California DMV data.
Canadian Citizens Lose #COVID19 Funds After Govt Account Hijacking (Infosecurity Magazine, Aug 17 2020)
Thousands of Canada Revenue Agency and GCKey accounts are compromised. A statement from the Treasury Board of Canada Secretariat on Saturday revealed that the attackers had used tried-and-tested credential stuffing techniques to hijack GCKey and Canada Revenue Agency (CRA) accounts.
Ritz London clients scammed after apparent data breach (WeLiveSecurity, Aug 19 2020)
Armed with personal data stolen from the hotel’s dining reservation system, fraudsters trick guests into handing over their credit card details
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Five ways to maximize FIDO (Help Net Security, Aug 19 2020)
FIDO stands for Fast Identity Online. It is a free and open set of standards and technologies that aims to reduce the world’s reliance on passwords. FIDO is designed to bolster authentication assurance by “protecting” and eliminating passwords.
FIDO-enabled advances in authentication are paving the way to this foundational paradigm shift. Unfortunately, authenticators are not quite there yet, because even though the capabilities are available for incredible strong authentication, implementations can vary, and it is up to implementers to determine how much of FIDO’s security will be integrated into their products.
Data Firm Exposes 235 Million Social Media Profiles (Infosecurity Magazine, Aug 19 2020)
Comparitech finds another misconfigured online database
Police and Industry Take Down $42m “Bulletproof Exchange” (Infosecurity Magazine, Aug 19 2020)
Ukrainian trio accused of money laundering via cryptocurrency
CIOs prioritizing IAM over endpoint security and security awareness training (Help Net Security, Aug 13 2020)
CIOs are prioritizing identity and access management (IAM) over endpoint security and security awareness training in 2020, according to a Hitachi ID survey. The survey, focused on changes in IT spending in the wake of the coronavirus pandemic, reveals that cybersecurity is IT leaders’ top focus for the rest of the year—and half of those surveyed are increasing their budgets to support their goals.
US Court Orders Defendant to Unlock Phones (Infosecurity Magazine, Aug 13 2020)
New Jersey’s highest court rules defendant must share his phones’ passcodes with law enforcement
Looting Causes Data Breach at Walgreens (Infosecurity Magazine, Aug 14 2020)
Pharmacy warns PHI of 72,000 Americans compromised by prescription-stealing looters
Robocall Results from a Telephony Honeypot (Schneier on Security, Aug 17 2020)
A group of researchers set up a telephony honeypot and tracked robocall behavior: NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls — even if they never made their phone numbers public via any source.
61% of Airlines Have No Published DMARC Record, Customers Susceptible to Email Fraud (Infosecurity Magazine, Aug 18 2020)
93% of global airlines have not implemented the recommended level of DMARC protection
Oracle and Salesforce to Face GDPR Lawsuit (Infosecurity Magazine, Aug 17 2020)
Privacy campaign group sues Salesforce and Oracle over alleged GDPR breach
ID theft protection for employees can boost productivity, worker loyalty (SC Media, Aug 17 2020)
Unlimited vacation, 401K-matching and… identity compromise protections? A new study finds that anti-ID theft services offered as a workplace benefit can be attractive to both employees and employers.
Password Management Company Keeper Security Raises $60 Million (SecurityWeek, Aug 18 2020)
Password management solutions provider Keeper Security on Monday announced that it has raised $60 million in growth funding from private equity company Insight Partners.
The benefits of providing employees with an identity compromise solution (Help Net Security, Aug 19 2020)
Employees find significant value in having access to an identity compromise solution, having an available remediation solution creates a better mindset for those that use it, and there are halo results that benefit others (especially employers), an Identity Theft Resource Center (ITRC) and Aura Identity Guard survey reveals.
Securing resource tags used for authorization using a service control policy in AWS Organizations (AWS Security Blog, Aug 18 2020)
“In this post, I explain how you can use attribute-based access controls (ABAC) in Amazon Web Services (AWS) to help provision simple, maintainable access controls to different projects, teams, and workloads as your organization grows. ABAC gives you access to granular permissions and employee-attribute based authorization.”
Researchers Trick Facial-Recognition Systems (IT Pro, Aug 14 2020)
Goal was to see if computer-generated images that look like one person would get classified as another person.