A Review of the Best News of the Week on Identity Management & Web Fraud
Researchers Find Powerful Cellphone Location Surveillance SS7 (VICE, Dec 01 2020)
Security researchers claim to have identified deployments of SS7 tracking technology in 25 countries, including Belgium, Denmark, Mexico, Thailand, and Australia. The deployments are linked to surveillance vendor Circles, which works with NSO Group.
Personal Info Available on Dark Web for as Little as 50 Cents (Infosecurity Magazine, Dec 01 2020)
Personal data is readily available for bad actors to purchase
Face recognition software making progress at recognizing masked faces (Help Net Security, Dec 03 2020)
A study of face recognition technology created after the onset of the COVID-19 pandemic shows that some software developers have made demonstrable progress at recognizing masked faces. The findings, produced by NIST, measure the performance of face recognition algorithms developed following the arrival of the pandemic.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
GoDaddy scam shows how voice phishing can be more deceptive than email schemes (SC Media, Nov 25 2020)
Unlike with an email-based phish where an employee might be observant enough spot a telltale red flag, such as multiple typos or the wrong sender address, there’s little time to key in on suspicious circumstances in the midst of a dialogue.
Only 14% of Online Users Frequently Use Biometric Authentication (Infosecurity Magazine, Dec 01 2020)
Biometric data falling into the wrong hands is the biggest concern of consumers
Facial Recognition Company Lied to School District About its Racist Tech (VICE, Dec 01 2020)
Documents reveal Lockport Schools’ facial recognition system misidentifies Black students at much higher rates, and mistakes broom handles for guns.
Spain’s Biggest Union Is Suing Amazon for Spying on Striking Workers (VICE, Dec 02 2020)
The union alleges that Amazon hired the Pinkertons, which subcontracted with a local firm, to surveil workers planning an October strike in Barcelona.
A Bad Day for Privacy – Legitimate Interest under GDPR? (Gartner Blog Network, Nov 27 2020)
The Dutch Data Protection Authority, the AP, started an investigation into a specific case of online broadcasted amateur sports games. The investigation led to a sanction of EUR 575,000, but this has now been nullified in a Dutch court (in Dutch, you may need a translator service).
Europol and partners thwart massive credit card fraud scheme (WeLiveSecurity, Nov 28 2020)
The operation was carried out against fraudsters trying to monetize stolen credit card data on the internet’s seedy underbelly
Carrefour Handed $3.7m GDPR Fine (Infosecurity Magazine, Dec 01 2020)
French regulator lists multiple infractions
Call Fraud Operator Ordered to Pay $9M to Victims (Dark Reading, Dec 01 2020)
Indian national will serve 20 years in prison for running a large call center fraud operation.
2020: A Unique Year for Data Privacy Issues (Infosecurity Magazine, Dec 02 2020)
The shift to home working and Brexit has significantly impacted the data privacy landscape in Europe
Cyber-Attack Exposes Data of 295,000 Colorado Springs Patients (Infosecurity Magazine, Dec 01 2020)
AspenPointe notifies patients of security incident that exposed patients’ PHI
FBI: BEC Scammers Could Abuse Email Auto-Forwarding (Dark Reading, Dec 02 2020)
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
Security Slipup Exposes Health Records & Lab Results (Dark Reading, Dec 02 2020)
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
Is Chasing Malware Really Helping You Reduce Fraud? (SecurityWeek, Dec 02 2020)
Like many markets in technology, the fraud detection and prevention category is a crowded one. With different types of solutions approaching the fraud problem space from different angles, it’s worth asking the question: What problem or problems are we actually trying to solve with this class of solutions? To my knowledge, enterprises are most often interested in reducing fraud losses.