A Review of the Best News of the Week on Identity Management & Web Fraud

SolarWinds attackers suspected in Microsoft authN compromise (SC Media, Jan 12 2021)
Mimecast issued a new certificate and is urging affected customers to delete the old one after Microsoft warned of a compromise.

The FBI Is Using Baked Alaska’s Livestream to Track Down Capitol Hill Rioters (VICE, Jan 13 2021)
Baked Alaska was once an alt-right darling, now the FBI is using his live streamed video to track down capitol hill rioters. The riots at Capitol Hill were streamed live across the internet. Far-right personality Tim Gionet, known as Baked Alaska, was there and streamed the riot for an hour, starting outside of the capitol before moving inside the building and interviewing participants. “Happy, happy day,” Gionet said at the beginning of his stream while police sirens wailed in the background. Now, the FBI is using footage from his livestream to track down Capitol Hill rioters in a self-own for the ages.

The facial-recognition app Clearview sees a spike in use after Capitol attack. (The New York Times, Jan 13 2021)
After the Capitol riot, Clearview AI, a facial-recognition app used by law enforcement, has seen a spike in use, said the company’s chief executive, Hoan Ton-That.


Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Over 100,000 UN Employee Records Accessed by Researchers (Infosecurity Magazine, Jan 11 2021)
Vulnerabilities allowed team to exfiltrate Git credentials

Tech Giants Hope for US Data Privacy Law (SecurityWeek, Jan 13 2021)
Google, Twitter and Amazon are hopeful that Joe Biden’s incoming administration in the United States will enact a federal digital data law, senior company officials said at CES, the annual electronics and technology show.

Finding the Location of Telegram Users (Schneier on Security, Jan 14 2021)
“Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users:

Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location.”

The case for making all accounts privileged (SC Media, Jan 08 2021)
About 10 years ago, I thought a separate privileged identity and access management system was overkill. The idea of separate controls for super users as opposed to the rest of the workforce seemed an unnecessary use of resources.

Equifax Buys Fraud Prevention Firm Kount in $640 Million Deal (SecurityWeek, Jan 08 2021)
Equifax on Friday announced plans to shell out $640 million to acquire Kount, a company that sells e-commerce retail fraud protection.

Five emerging fraud threats facing businesses in 2021 (Help Net Security, Jan 11 2021)
With the growing threat of fraud fueled by the digital acceleration that took place in 2020, Experian revealed five emerging fraud threats facing businesses in 2021. The rapid increase in digital use created a perfect storm for fraudsters to quickly find new ways to steal funds, capitalizing on consumers’ lack of familiarity with digital platforms and the resource constraints faced by many businesses.

Chinese Startup Leaks Social Profiles of 214 Million Users (Infosecurity Magazine, Jan 12 2021)
Cloud configuration snafu exposes scraped data

Bringing Zero Trust to Secure Remote Access (Dark Reading, Jan 12 2021)
Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.

#CES2021: Raising the Bar on Privacy and Trust Online in 2021 (Infosecurity Magazine, Jan 13 2021)
Improving privacy controls and transparency is becoming increasingly critical

WhatsApp Stresses Privacy as Users Flock to Rivals (SecurityWeek, Jan 13 2021)
WhatsApp on Tuesday reassured users about privacy at the Facebook-owned messaging service as people flocked to rivals Telegram and Signal following a tweak to its terms.

EU Court Opinion Leaves Facebook More Exposed Over Privacy (SecurityWeek, Jan 14 2021)
Any EU country can take legal action against companies like Facebook over cross-border violations of data privacy rules, not just the main regulator in charge of the company, a top court adviser said Wednesday.