A Review of the Best News of the Week on Identity Management & Web Fraud
Firefox Cracks Down on Supercookies to Improve User Privacy (SecurityWeek, Jan 26 2021)
Mozilla this week announced further improvements to user privacy in Firefox, through the isolation of network connections and caches, thus essentially cracking down on supercookies.
Military intelligence buys location data instead of getting warrants, memo shows (Ars Technica, Jan 22 2021)
A long and growing list of agencies are using money to bypass Carpenter ruling.
Google’s BeyondCorp Enterprise security platform is now generally available (TechCrunch, Jan 26 2021)
…modeled after how Google itself keeps its network safe without relying on a VPN, is now generally available. BeyondCorp Enterprise builds out Google’s existing BeyondCorp Remote Access offering with additional enterprise features. Google describes it as “a zero trust solution that enables secure access with integrated threat and data protection.”
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
This site posted every face from Parler’s Capitol Hill insurrection videos (Ars Technica, Jan 23 2021)
Faces of the Riot used open source software to detect, extract, and deduplicate every face.
Massive Brazilian Data Breach (Schneier on Security, Jan 26 2021)
“I think this is the largest data breach of all time: 220 million people. (Lots more stories are in Portuguese.)”
#RSAC365: Organizations Must Prepare for New #COVID19 Data Privacy Challenges (Infosecurity Magazine, Jan 28 2021)
Returning to work post-COVID brings about a number of data protection issues
UK Spies Called on to Help in Fraud Fight (Infosecurity Magazine, Jan 27 2021)
RUSI report warns of government “responsibility vacuum”
Norway to Fine Dating App Grindr $11.7M Over Privacy Breach (SecurityWeek, Jan 26 2021)
Gay dating app Grindr faces a fine of more than $10 million from Norwegian regulators for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.
Fleeing WhatsApp for Privacy? Don’t Turn to Telegram (Wired, Jan 27 2021)
Because the chat app doesn’t encrypt conversations by default—or at all for group chats—security professionals often warn against it.
Chrome and Edge want to help with that password problem of yours (Ars Technica, Jan 22 2021)
The line between browsers and password managers is blurring.
Managing identities has become the first line of defense (SC Media, Jan 22 2021)
Food banks have been a common site around the country as a result of the economic difficulties caused by the pandemic. Today’s columnist, Johanna Baum of S3 Consulting, says as we face continued economic uncertainty and a work-from-home culture, managing identities has become the first line of defense.
2021 to bring ‘phase two’ of remote access investment for enterprises (SC Media, Jan 22 2021)
As work from home extends into 2021, remote access performance and security will continue to dominate enterprise budgets and priorities. Accommodating remote users “long-term will lead to phase two of remote access investment,” according to a report from Cato Networks that surveyed 2,376 IT leaders
Illinois Court Exposes More Than 323,000 Sensitive Records (SecurityWeek, Jan 25 2021)
Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court
Digital Identity Is the New Security Control Plane (Dark Reading, Jan 28 2021)
Simplifying the management of security systems helps provide consistent protection for the new normal.
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules (Dark Reading, Jan 28 2021)
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
Privacy Teams Helped Navigate the Pivot to Work-from-Home (Dark Reading, Jan 26 2021)
Annual Cisco privacy study also reports that 90% of organizations say their customers won’t buy from them if they are not clear about data policy practices.
BEC Scammers Find New Ways to Navigate Microsoft 365 (Dark Reading, Jan 26 2021)
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
Everyone’s talking about Data Privacy Day, but who’s listening? (Help Net Security, Jan 28 2021)
It’s January 28th 2021, which means Data Privacy Day is upon us once again. A lot has happened in the past year, including a global pandemic that resulted in many of us becoming more dependent on our devices than ever before. For several years now, the lines between technology, privacy and convenience have become blurred.
Privacy is not a one-time, check the box activity (Help Net Security, Jan 27 2021)
New research from ISACA reveals critical skills gaps and insufficient training. The survey report also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams.