A Review of the Best News of the Week on Identity Management & Web Fraud
When you find the Australian Prime Minister’s passport number (Alex, Sep 17 2020)
This is one of my favorite reads. Aside from lots of really funny lines, it highlights the curiosity that’s needed in the infosec world. “You know how they say to commit a crime (which once again I insist did not happen in my case) you need means, motive, and opportunity? Means is the ability to use right click > Inspect Element, motive is hubris, and opportunity is the dumb luck of having my friend message me the Instagram post.”
Zoom Brings Two-Factor Authentication to All Users (Dark Reading, Sep 10 2020)
This marks the latest step Zoom has taken to improve user security as more employees work from home.
Safari 14: New privacy and security features (Help Net Security, Sep 17 2020)
Apple has released Safari 14, which features many functional improvements, a Privacy Report that shows all the trackers the browser has neutralized, and and does not support Adobe Flash anymore. New features Safari 14 sports a redesign of the tab bar, which now displays site favicons by default and previews of the contents of some pages (when the user hovers over a tab), and a customizable start page.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
The IRS Wants to Buy Tools to Trace Privacy-Focused Cryptocurrency Monero (VICE, Sep 11 2020)
The agency is offering up to $1 million dollars for developers who can create technologies to track Monero and Bitcoin Lightning Network transactions.
#GartnerSEC: Phased Passwordless Authentication Can Enhance Productivity and Security (Infosecurity Magazine, Sep 15 2020)
Gartner outlines how and why organizations should be moving to a passwordless future
Personal Information of 46,000 U.S. Veterans Exposed in Data Breach (SecurityWeek, Sep 15 2020)
The personal information of roughly 46,000 veterans was affected in a recent security incident, the U.S. Department of Veterans Affairs (VA) Office of Management said in a Monday statement.
One Data Scientist’s Quest to Quash Misinformation (Wired, Sep 15 2020)
Sara-Jayne Terp uses the tools of cybersecurity to track false claims like they’re malware. Her goal: Stop dangerous lies from hacking our beliefs.
Accidental Airbnb account takeover linked to recycled phone numbers (SC Media, Sep 16 2020)
As it turns out, websites and apps have experienced this commonplace problem for years, and companies could find themselves in violation of data security standards if users’ information were to be exposed.
Feds Charge Chinese Hackers With Ripping Off Video Game Loot From 9 Companies (Wired, Sep 16 2020)
A group known as Barium allegedly attacked hundreds of targets around the globe—and manipulated in-game goods and currency.
Two Russians Charged in $17M Cryptocurrency Phishing Spree (Krebs on Security, Sep 16 2020)
U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.
Fraud Prevention During the Pandemic (Dark Reading, Sep 11 2020)
When the economy is disrupted, fraud goes up, so let’s not ignore the lessons we can learn from previous downturns.
Political Disruptor Charged with Wire Fraud Conspiracy (Infosecurity Magazine, Sep 11 2020)
Project Lakhta member accused of stealing US IDs to open fraudulent bank accounts
The Best Privacy-Friendly Alternatives to Google Maps (Wired, Sep 11 2020)
Google Maps is arguably the easiest mapping service to use, but that doesn’t mean it’s the most secure.
Simplify Your Privacy Approach to Overcome CCPA Challenges (Dark Reading, Sep 15 2020)
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
Privacy Analysis of Ambient Light Sensors (Schneier on Security, Sep 15 2020)
Interesting privacy analysis of the Ambient Light Sensor API. And a blog post. Especially note the “Lessons Learned” section.
Do Californians use CCPA to protect their privacy? (Help Net Security, Sep 16 2020)
Californians regularly opt-out of companies selling their personal information, with “Do-not-sell” being the most common CCPA right exercised, happening nearly 50% of the time over access and deletion requests, DataGrail’s Mid-Year CCPA Trends Report shows.
Man Pleads Guilty to Role in $600K Malware Protection Scam (SecurityWeek, Sep 16 2020)
A man from India has pleaded guilty to his role in a scheme that tried to embezzle about $600,000 from seven people over the age of 65 in the U.S., federal prosecutors say.
Role-based access control using Amazon Cognito and an external identity provider (AWS Security Blog, Sep 15 2020)
Amazon Cognito simplifies the development process by helping you manage identities for your customer-facing applications. As your application grows, some of your enterprise customers may ask you to integrate with their own Identity Provider (IdP) so that their users can sign-on to your app using their company’s identity, and have role-based access-control (RBAC) based on […]
More Than Half of Americans Willing to Participate in Contact Tracing, but Have Major Privacy Concerns (DevOps, Sep 16 2020)
Virtru-Commissioned Study Found Strong Technology Trust Among Young Americans, Damaged Trust in Older Americans, but Unity Toward the Greater Good WASHINGTON, September 16, 2020 – As the COVID-19 pandemic continues to surge and resist control, Virtru, the new standard in data protection, today announced the results of a U.S. study conducted online by The Harris Poll..
Mobile messengers expose billions of users to privacy attacks (Help Net Security, Sep 17 2020)
Popular mobile messengers expose personal data via discovery services that allow users to find contacts based on phone numbers from their address book, according to researchers. When installing a mobile messenger like WhatsApp, new users can instantly start texting existing contacts based on the phone numbers stored on their device.