A Review of the Best News of the Week on Identity Management & Web Fraud
DNC Warns Campaign Staffers of Dating App Dangers (Dark Reading, Aug 28 2020)
The Democratic National Committee advises against sharing too much work and personal information on popular dating apps.
Confessions of an ID Theft Kingpin, Part II (Krebs on Security, Aug 27 2020)
“Yesterday’s piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good.”
UVA Researcher Charged with Computer Intrusion & Trade Secret Theft (Dark Reading, Aug 31 2020)
Chinese national Haizhou Hu was researching bio-mimics and fluid dynamics at the University of Virginia.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Phishing gangs mounting high-ticket BEC attacks, average loss now $80,000 (Help Net Security, Aug 31 2020)
Companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing, APWG reveals. High-ticket BEC attacks Agari reported average wire transfer loss from BEC attacks smashed all previous frontiers, spiking from $54,000 in the first quarter to $80,183 in Q2 2020 as spearphishing gangs reached for bigger returns.
Chinese Researcher Arrested in Illegal Tech Theft Probe (Infosecurity Magazine, Sep 01 2020)
California University’s Guan Lei alleged to have destroyed hard drive
ISO 27701 Paves the Way for a Strategic Approach to Privacy (Dark Reading, Sep 01 2020)
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.
Chinese Professor Jailed for Stealing US Trade Secrets (Infosecurity Magazine, Sep 02 2020)
Hao Zhang grabbed IP to start a new career in China
Inside Amazon’s Secret Program to Spy On Workers’ Private Facebook Groups (VICE, Sep 01 2020)
The company has a sophisticated and secret program that is surveilling dozens of private Facebook groups set up by workers, internal documents and reports show.
How to use trust policies with IAM roles (AWS Security Blog, Aug 28 2020)
“AWS Identity and Access Management (IAM) roles are a significant component in the way customers operate in Amazon Web Service (AWS). In this post, I’ll dive into the details on how Cloud security architects and account administrators can protect IAM roles from misuse by using trust policies.”
Private Intel Firm Buys Location Data to Track People to their ‘Doorstep’ (VICE, Sep 02 2020)
The data comes from hundreds of ordinary apps installed on peoples’ phones around the world.
The Joys of Owning an ‘OG’ Email Account (Krebs on Security, Sep 02 2020)
“When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive. But there is also a puzzling side to all this noise: Random people tend to use your account as if it were theirs, and…”
Fake Login Page Detections Top 50,000 in 2020 (Infosecurity Magazine, Aug 28 2020)
Ironscales research finds 50,000+ fake login pages so far in 2020
Former Employee Admits Hacking, Damaging Cisco Systems (SecurityWeek, Aug 28 2020)
A former Cisco employee has pleaded guilty to hacking charges related to him accessing the networking giant’s systems and causing damage.
Data Privacy Concerns, Lack of Trust Foil Automated Contact Tracing (Dark Reading, Aug 28 2020)
Efforts to create a technology framework for alerting people to whether they have been exposed to an infectious disease have been hindered by a number of key issues.
Cyber-Criminals Mimicking Global Brand Domain Names to Launch Scams (Infosecurity Magazine, Sep 01 2020)
Cyber-squatting is being used to launch a variety of attacks including phishing
American Payroll Association User Data Stolen in Skimmer Attack (SecurityWeek, Sep 01 2020)
The American Payroll Association (APA) says user information was stolen after attackers managed to inject a skimmer on its website.
Microsoft builds deepfakes detection tool to combat election disinformation (Help Net Security, Sep 02 2020)
Microsoft has developed a deepfakes detection tool to help news publishers and political campaigns, as well as technology to help content creators “mark” their images and videos in a way that will show if the content has been manipulated post-creation. The deepfakes problem Deepfakes – photos and videos in which a person is replaced with someone else’s likeness through the power of artificial intelligence (AI) – are already having an impact individuals’ lives, politics and …
Insider Attack on the Carnegie Library (Schneier on Security, Sep 02 2020)
Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It’s a perennial problem: trusted insiders have to be trusted….