A Review of the Best News of the Week on Identity Management & Web Fraud
DHS Admits Facial Recognition Photos Were Hacked, Released (VICE, Sep 24 2020)
Traveler’s faces, license plates, and care information were hacked from a subcontractor called Perceptics and released on the dark web.
Twitter Shutters 130 Iranian Accounts Trying to Disrupt Presidential Debate (Infosecurity Magazine, Oct 01 2020)
Social network says it was tipped off by FBI
MFA-Minded Attackers Continue to Figure Out Workarounds (Dark Reading, Sep 28 2020)
While MFA can improve overall security posture, it’s not a “silver bullet”– and hacks continue.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Who is Tech Investor John Bernard? (Krebs on Security, Sep 25 2020)
John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.
Privacy data management innovations reduce risk, create new revenue channels (TechCrunch, Sep 25 2020)
Investments in privacy tools and management practices now are almost certain to deliver major business dividends in the future.
Cloudflare announces free, privacy-focused website analytics (SC Media, Sep 29 2020)
A free website analytics platform unveiled today by Cloudflare will offer services similar to Google and other analytics platform, but without tracking users. “The big ad-supported platforms were hoovering off more and more data on what was going on online and it had sort of crossed the creepiness threshold level,” Matthew Prince…
Facebook Takes Down More Beijing-Backed Fake Accounts (Infosecurity Magazine, Sep 25 2020)
Social network spots another attempt at influencing opinion online
#COVID19 Pushes More Fraud Online (Infosecurity Magazine, Sep 25 2020)
UK banks say social engineering is on the rise
SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it! (Naked Security – Sophos, Sep 24 2020)
If you got someone else’s “free” in what looked like a misdirected message, would you take a peek?
How a University Stole a Twitter Account It Didn’t Like (VICE, Oct 01 2020)
A state university in New York likely violated the First Amendment by tricking Twitter into helping it seize a parody account set up by a student.
Former Amazon Employee Charged with $1.4m Insider Trading Scheme (Infosecurity Magazine, Sep 30 2020)
SEC says she shared information with family members for profit
Bitcoin Exchange Owner Laundered Millions of Dollars (Infosecurity Magazine, Sep 29 2020)
US convicts RG Coins owner for role in international multi-million-dollar cyber-fraud scheme
Phishers are targeting employees with fake GDPR compliance reminders (Help Net Security, Sep 24 2020)
Phishers are using a bogus GDPR compliance reminder to trick recipients – employees of businesses across several industry verticals – into handing over their email login credentials. The lure “The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action.
A Fifth of Privileged Users Don’t Need Elevated Access (Infosecurity Magazine, Sep 28 2020)
Forcepoint warns of growing insider risk
When your every keystroke, mouse click, and website visit is monitored by your boss… (Graham Cluley, Sep 29 2020)
Shibu Philip has done a great service. Now everyone knows to steer well clear of working for him or his company Transcend.
Three Reasons Why Password Self-Service Enrollment Fails, and What to Do About it! (Infosecurity Magazine, Sep 30 2020)
Password self-service enrollment needs to be a process that is intuitive, simple and non-invasive
US Judge Dismisses New Mexico Privacy Claims Against Google (SecurityWeek, Sep 30 2020)
A U.S. district judge has dismissed New Mexico’s privacy claims against Google over privacy concerns, but New Mexico’s top prosecutor vowed Monday to continue the legal fight to protect child privacy rights.
Employees increasingly masking online activities (Help Net Security, Oct 01 2020)
This year’s shift to a near 100% WFH workforce by the Global 5000 has significantly changed the behaviors of trusted insiders, a DTEX Systems report reveals. Key findings include a 450% increase in employees circumventing security controls to intentionally mask online activities and 230% increase in behaviors that indicate intent to steal data.
Technical and Cost Concerns of Passwordless Authentication Bother Security Leaders (Infosecurity Magazine, Oct 01 2020)
Cost, storage, user behavior and migration time cited as reasons to not do passwordless authentication
Kylie Jenner’s Makeup Company Warns of Data Breach (Infosecurity Magazine, Sep 30 2020)
Kylie Cosmetics warns customers their information was impacted by Shopify data theft