A Review of the Best News of the Week on Identity Management & Web Fraud

How Hackers Blend Attack Methods to Bypass MFA (Dark Reading, Nov 10 2020)
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.

Ex-Microsoft Engineer Gets Nine Years for $10m Digital Theft (Infosecurity Magazine, Nov 10 2020)
Renton resident stole digital gift cards and sold them online

The Security Failures of Online Exam Proctoring (Schneier on Security, Nov 11 2020)
“Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but they’re uniformly mediocre…”


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Hotel Booking Firm Leaks Data on Millions of Guests (Infosecurity Magazine, Nov 09 2020)
Card details for hundreds of thousands exposed in cloud config snafu

Body Found in Canada Identified as Neo-Nazi Spam King (Krebs on Security, Nov 09 2020)
The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports.

What is ad fraud and how can advertisers fight against it? (Help Net Security, Nov 06 2020)
According to HP Enterprise’s Business of Hacking report, ad fraud is the easiest and most lucrative form of cybercrime, above activities such as credit card fraud, payment fraud and bank fraud. Luke Taylor, COO and Founder of TrafficGuard, explains why businesses should do what they can to detect and prevent it.

Brazil Seizes Sites Pirating US TV Shows (Infosecurity Magazine, Nov 06 2020)
America assists Brazil to take down sites and apps offering pirated US movies and TV shows

Rights Activists Slam EU Plan for Access to Encrypted Chats (SecurityWeek, Nov 09 2020)
Digital rights campaigners on Monday criticized a proposal by European Union governments that calls for communications companies to provide authorities with access to encrypted messages.

Data Privacy Gets Solid Upgrade With Early Adopters (Dark Reading, Nov 09 2020)
The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data.

Cadbury Social Media Scammers Take Chocoholics for a Ride (Infosecurity Magazine, Nov 10 2020)
There’s no such thing as a free chocolate hamper, experts warn

Flaws in Privileged Management Apps Expose Machines to Attack (Dark Reading, Nov 10 2020)
The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links.

Are Rogue Insiders an Excuse, Symptom or Root Cause? (Infosecurity Magazine, Nov 11 2020)
We need to look at the security controls that should identify and defeat rogue insiders

Holiday gifts getting smarter, but creepier when it comes to privacy and security (Help Net Security, Nov 11 2020)
A Hamilton Beach Smart Coffee Maker that could eavesdrop, an Amazon Halo fitness tracker that measures the tone of your voice, and a robot-building kit that puts your kid’s privacy at risk are among the 37 creepiest holiday gifts of 2020 according to Mozilla.