A Review of the Best News of the Week on Identity Management & Web Fraud
Technologists Use Facial Recognition on Parler Videos (VICE, Jan 20 2021)
It demonstrates the democratization of facial recognition, but comes littered with ethical issues.
Telegram-Based Automated Scam Service Helps Fraudsters Make Millions (SecurityWeek, Jan 15 2021)
More than 40 scammer groups are actively engaged in schemes leveraging a scam-as-a-service offering that provides users the tools and resources needed to conduct fraud, according to threat hunting and intelligence company Group-IB.
Amazon Sold Location Data from Controversial Broker X-Mode (VICE, Jan 19 2021)
X-Mode collected data from Muslim Pro and other apps.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
FCC fines white-supremacist robocaller $10 million for faking caller ID (Ars Technica, Jan 15 2021)
Robocaller’s fake caller ID numbers were allegedly chosen as neo-Nazi symbols.
Facebook will pay more than $300 each to 1.6M Illinois users in settlement (Ars Technica, Jan 15 2021)
It’s a far cry from the maximum $35B Facebook might have owed, but not nothing.
Following the U.S. Capitol attack, tough ethical decisions ahead on face recognition technology (SC Media, Jan 18 2021)
Today’s columnist, Rustom Kanga of iOmniscient, says Americans will have to make some tough ethical choices about face recognition technology as political tensions and divisions mount across the country.
Enforcing least privilege by bulk-applying IAM recommendations (Google Cloud Blog, Jan 19 2021)
Imagine this scenario: Your company has been using Google Cloud for a little while now. Things are going pretty well—no outages, no security breaches, and no unexpected costs. You’ve just begun to feel comfortable when an email comes in from a developer. She noticed that the project she works on has a service account with a Project Owner role, even though this service account was created solely to access the Cloud Storage API.
Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses (Dark Reading:, Jan 14 2021)
A new machine learning tool aims to mine privacy policies on behalf of users.
Fraudulent attempt purchase value decreased by $10 in 2020 compared to 2019 (Help Net Security, Jan 14 2021)
There has been a 24 percent increase in eCommerce transactions globally in December 2020 compared to December 2019, ACI Worldwide reveals. In particular, eCommerce transactions in the retail sector increased 31 percent and the gaming sector increased 90 percent, comparing December 2020 with December 2019.
Facebook Sues Devs of Alleged Data-Scraping Chrome Extensions (Infosecurity Magazine, Jan 15 2021)
Portuguese duo said to have designed code to covertly harvest user info
Convicted Hacker Allegedly Commits Fraud While Awaiting Release (Infosecurity Magazine, Jan 14 2021)
ISIS cyber-operative granted compassionate release charged with committing crimes while in federal prison
How do I select a fraud detection solution for my business? (Help Net Security, Jan 18 2021)
The rapid increase in digital use created a perfect storm for fraudsters to quickly find new ways to steal funds, capitalizing on consumers’ lack of familiarity with digital platforms and the resource constraints faced by many businesses.
GDPR Fines Surge 39% Over Past Year Despite #COVID19 (Infosecurity Magazine, Jan 19 2021)
Over $190m in financial penalties imposed across EU
EEMA Appoints Digital Identity Expert to Board of Management (Infosecurity Magazine, Jan 18 2021)
Steve Pannifer joins EEMA board
Scammers Are Sending Fake Job Offers on LinkedIn (VICE, Jan 19 2021)
Fraudsters are impersonating real HR employees in fictitious job offers sent on LinkedIn, in a dubious scheme to get targets to share banking data.
Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack (Graham Cluley, Jan 18 2021)
Members of one of England’s most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.
Excluding Words Using Active Directory Password Policy (Infosecurity Magazine, Jan 21 2021)
Why an administrator might choose to exclude words from passwords, and how they may do so
Kentucky Senior Arrested for Identity Theft (Infosecurity Magazine, Jan 20 2021)
US police arrest two women in cybercrime case involving stolen identities