A Review of the Best News of the Week on Identity Management & Web Fraud
Home Depot Settles with US States Over 2014 Data Breach (Infosecurity Magazine, Nov 25 2020)
‘Fraud’ Is a Banned Word in U.S. Aid Program Overwhelmed by It (Bloomberg, Nov 20 2020)
A U.S. agency facing mounting scrutiny over how it doled out checks from a $212 billion pandemic relief program has privately directed employees not to use the word “fraud” in writing if they spot suspicious applications.
Apple’s Head of Global Security Facing Bribery Charges (Infosecurity Magazine, Nov 24 2020)
Thomas Moyer is accused of offering $70,000 worth of iPads to police officers
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Apple security chief maintains innocence after bribery charges (Ars Technica, Nov 24 2020)
Sheriff’s office allegedly sought 200 iPads in trade for concealed carry permits.
Convicted SIM Swapper Gets 3 Years in Jail (Krebs on Security, Nov 20 2020)
“A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping…”
Secret Service Investigates 700 Cases of Covid Relief Fraud (Wired, Nov 21 2020)
Ransomware as a service, exposed SMS photos, and more of the week’s top security news.
Up to 350,000 Spotify Users Targeted by Credential Stuffers (Infosecurity Magazine, Nov 24 2020)
Unsecured Elasticsearch database reveals all
IRS Could Search Warrantless Location Database Over 10,000 Times (VICE, Nov 24 2020)
Motherboard obtained IRS documents describing the sale of a database of smartphone movements.
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach (Dark Reading, Nov 19 2020)
The data breach began with a compromised employee email account.
In an unusual move, Mozilla asks for public comment about browser privacy (SC Media, Nov 19 2020)
DNS over HTTPS prevents third parties from eavesdropping on addresses of the websites a person visits. It is a leap forward for privacy, but it faced criticism from various groups that depend on access to those URLs.
E-Commerce Fraud Prevention Firm Forter Raises $125M at $1.3B Valuation (SecurityWeek, Nov 19 2020)
E-commerce fraud prevention company Forter announced on Thursday that it has achieved “unicorn” status after raising $125 million in a Series E funding round.
A Fifth of Consumers Affected by Identity Fraud in 2020 (Infosecurity Magazine, Nov 23 2020)
A third of consumers are more concerned about fraud due to COVID-19
US Police Make Arrest in $1m Airplane Scam (Infosecurity Magazine, Nov 23 2020)
Houston man arrested over BEC scam exploiting sale of airplane down under
Louisiana Hospitals Report Data Breach (Infosecurity Magazine, Nov 23 2020)
Cyber-attack exposes data of thousands of hospital patients of LSU Medical Centers
CISA Warns of Holiday Online Shopping Scams (Dark Reading, Nov 24 2020)
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
E-Commerce Biz and CEO Charged with Investor Fraud (Infosecurity Magazine, Nov 25 2020)
SEC alleges firm lied about its customer base
New – Attribute-Based Access Control with AWS Single Sign-On (AWS News Blog, Nov 24 2020)
Starting today, you can pass user attributes in the AWS session when your workforce sign-in into the cloud using AWS Single Sign-On. This gives you the centralized account access management of AWS Single Sign-On and ABAC, with the flexibility to use AWS SSO, Active Directory, or an external identity provider as your identity source.
New – Multi-Factor Authentication with WebAuthn for AWS SSO (AWS News Blog, Nov 23 2020)
Starting today, you can add WebAuthn as a new multi-factor authentication (MFA) to AWS Single Sign-On, in addition to currently supported one-time password (OTP) and Radius authenticators. By adding support for WebAuthn, a W3C specification developed in coordination with FIDO Alliance, you can now authenticate with a wide variety of interoperable authenticators provisioned by your…
AWS and the New Zealand notifiable privacy breach scheme (AWS Security Blog, Nov 18 2020)
The updated New Zealand Privacy Act 2020 (Privacy Act) will come into force on December 1, 2020. Importantly, it establishes a new notifiable privacy breach scheme (NZ scheme). The NZ scheme gives affected individuals the opportunity to take steps to protect their personal information following a privacy breach that has caused, or is likely to…