A Review of the Best News of the Week on Identity Management & Web Fraud
Facebook warns privacy rules could force exit European market (Ars Technica, Sep 22 2020)
Facebook official charges Irish regulators haven’t treated Facebook fairly.
Companies Can Track Your Phone’s Movements to Target Ads (Wired, Sep 18 2020)
Brands are seeking new ways to customize messages. A startup that gathers data on when you pick up your phone, or when you go out on a run, can help.
$100,000 in bribes helped fraudulent Amazon sellers earn $100 million, DOJ says (Ars Technica, Sep 18 2020)
DOJ: Bribes to Amazon workers also helped sellers get rivals’ accounts suspended.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Facebook Testing Implications of Privacy-Invading Tech By Invading People’s Privacy (VICE, Sep 18 2020)
Project Aria will send scores of Facebook workers into the world to record everything around them.
Twitter Boosts Account Security for US Election Hopefuls (Infosecurity Magazine, Sep 21 2020)
Log-in protections designed to combat foul play
Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere (Wired, Sep 21 2020)
So-called single sign-on options offer a lot of convenience. But they have downsides that a good old fashioned password manager doesn’t.
FinCEN Leak Exposes $2tn of Money Laundering Activity (Infosecurity Magazine, Sep 22 2020)
Banks under pressure after documents reveal widespread financial crime
Amazon Delivery Drivers Hacking Scheduling System (Schneier on Security, Sep 22 2020)
Amazon drivers — all gig workers who don’t work for the company — are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are:
The phones in trees seem to serve as master devices that dispatch routes to multiple nearby drivers in on the plot, according to drivers who have observed the process. They believe an unidentified person or entity is acting as an intermediary between Amazon and the drivers…
Shopify Insiders Attempted to Steal Customer Transactional Records (Infosecurity Magazine, Sep 23 2020)
E-commerce merchant Shopify detects ongoing insider threat
Improving privacy of a global genomic data sharing network (Help Net Security, Sep 18 2020)
A Case Western Reserve University computer and data sciences researcher is working to shore up privacy protections for people whose genomic information is stored in a vast global collection of vital, personal data. Erman Ayday pursued novel methods for identifying and analyzing privacy vulnerabilities in the genomic data sharing network known commonly as “the Beacons.”
Cyber-fraud Prevention Company CEO Charged with Fraud (Infosecurity Magazine, Sep 18 2020)
NS8 founder and CEO charged with pocketing millions in securities fraud scheme
#GartnerSEC: Combine Security and Customer Experience Online to Tackle Fraud (Infosecurity Magazine, Sep 18 2020)
An over-focus on fraud prevention can have a negative impact on e-businesses
Business Owners Targeted by HMRC #COVID19 Tax Relief Scam (Infosecurity Magazine, Sep 18 2020)
Latest scam linked to COVID-19 financial relief measures
Minnesota Suffers Second-Largest Data Breach (Infosecurity Magazine, Sep 21 2020)
Ransomware attack causes second-largest healthcare data breach in Minnesota state history
Global Police Sting Nets 179 Dark Web Sellers (SecurityWeek, Sep 22 2020)
A global police sting has netted 179 vendors selling illegal goods online and seized millions in currency, drugs and guns, heralding an end to the "golden age" of dark web markets, Europol said Tuesday.
The fight over the fight for California’s privacy future (Ars Technica, Sep 23 2020)
Many privacy advocates oppose Prop 24, which would buttress consumer privacy.
Credential Stuffing: the Culprit of Recent Attacks (Infosecurity Magazine, Sep 23 2020)
Credential stuffing attacks use stolen usernames and password combinations
Why the $26 billion in BEC scams are worse than you think (SC Media, Sep 23 2020)
Business email compromise (BEC) scams are one of the biggest money makers for cyber criminals. BEC attacks are also unique in that they rely on human behavior rather than sophisticated technology.
Facebook Says Fake Accounts From China Aimed at US Politics (SecurityWeek, Sep 23 2020)
Facebook said Tuesday it derailed a network of fakes accounts out of China that had recently taken aim at the US presidential race.