A Review of the Best News of the Week on Identity Management & Web Fraud

Buyers Abused DMV Data, California DMV Says (VICE, Oct 29 2020)
On the whole, driver’s license data ends up in too many hands which increases the risk of personal information being abused.

CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant (VICE, Oct 23 2020)
The CBP is buying location data harvested from ordinary apps installed on peoples’ phones.

Hackers breach psychotherapy center, use stolen health data to blackmail patients (Help Net Security, Oct 26 2020)
News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

A Pause to Address ‘Ethical Debt’ of Facial Recognition (Dark Reading, Oct 23 2020)
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.

78% of Microsoft 365 admins don’t activate MFA (Help Net Security, Oct 27 2020)
On average, 50% of users at enterprises running Microsoft 365 are not managed by default security policies within the platform, according to CoreView. Microsoft 365 administrators fail to implement basic security like MFA The survey research shows that approximately 78% of Microsoft 365 administrators do not have multi-factor authentication (MFA) activated.

Microsoft Introduces New Password Spray Detection for Azure (SecurityWeek, Oct 27 2020)
Microsoft this week announced the availability of a new password spray detection for Azure AD Identity Protection customers.

Fraudsters crave loyalty points amid COVID‑19 (WeLiveSecurity, Oct 23 2020)
Scammers even run their own dark-web “travel agencies”, misusing stolen loyalty points and credit card numbers

Facebook Promises Privacy Reform. Critics Aren’t Convinced (Wired, Oct 22 2020)
In an interview with WIRED, Facebook’s chief privacy officers argue that the company has turned a corner. Again.

Dubai Introduces Facial Recognition On Public Transport (Barron’s, Oct 25 2020)
Dubai is introducing a facial recognition system on public transport to beef up security, officials said Sunday, as the emirate prepares to host the global Expo exhibition.

Nando’s Customers Hit by Credential Stuffing Attacks (Infosecurity Magazine, Oct 26 2020)
Account hijackers run up large bills with in-store orders

Amazon Fired Employee for Leaking Customer Emails (VICE, Oct 26 2020)
The employee leaked customer email addresses to an unnamed third party, according to disclosure emails obtained by Motherboard.

Neural Networks Help Users Pick More-Secure Passwords (Dark Reading, Oct 26 2020)
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.

Harvest Finance Places Bounty on Hacker (Infosecurity Magazine, Oct 26 2020)
Harvest Finance offers $100k to the first person to contact alleged hacker and help retrieve stolen funds

How science selects a password policy (SC Media, Oct 26 2020)
CyLab researcher Lujo Bauer, director Lorrie Cranor and colleagues developed a system merging machine learning and 20 heuristics to check password strength.

Do smart cities come at the cost of data privacy? (SC Media, Oct 26 2020)
The smart city movement has grown in the last 10 years as a direct result of the world’s increasing urbanization. Indeed, by 2050 more than two-thirds of the population globally are projected to live in urban areas.

Law Firm Says Google Employee Information Compromised in Data Breach (SecurityWeek, Oct 27 2020)
Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach.

Tracking Down the Web Trackers (Dark Reading, Oct 28 2020)
Third-party Web trackers might be following your website visitors’ every step. How can new tools like Blacklight help you stop them in their tracks?

Joint Network Established to Combat E-Commerce Fraud (Infosecurity Magazine, Oct 28 2020)
Forter partners with FreedomPay to tackle online fraud more effectively

Furniture Giant Steelcase Hit by Suspected Ransomware Attack (Infosecurity Magazine, Oct 28 2020)
Firm claims no data stolen and systems are being restored

Experian Threatened With Massive GDPR Fine After Acting Unlawfully (Infosecurity Magazine, Oct 28 2020)
ICO slams credit agency for “invisible” data processing