A Review of the Best News of the Week on Identity Management & Web Fraud

Barclays: 2020 the Highest Year on Record for Scams (Infosecurity Magazine, Feb 02 2021)
Over half of Brits are too embarrassed to report falling victim to scams

U.K. Arrest in ‘SMS Bandits’ Phishing Service (Krebs on Security, Feb 01 2021)
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

China Steals Personal Data of 80% of US Adults (Infosecurity Magazine, Feb 01 2021)
CBS report warns PRC government may have stolen personal info of 80% of adult Americans

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Every crazy thing that happened in Apple and Facebook’s privacy feud today (Ars Technica, Jan 28 2021)
Apple CEO Tim Cook claims Facebook’s model leads to polarization and violence.

Out of band authentication market to reach $846.80 million by 2025 (Help Net Security, Jan 28 2021)
The global out of band authentication market was valued at $443.81 million in 2019, and it is expected to reach a value of $846.80 million by 2025, registering a CAGR of 11.37% over the forecast period 2020 – 2025, according to ResearchAndMarkets. Digitalization and advancement of technology have increased the number of connected devices that have fueled the frequency of cyber-attacks and boosted the adoption of authentication solutions and services by governments and enterprises.

66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home (Infosecurity Magazine, Jan 29 2021)
20% of home workers admit to printing confidential employee info including payroll, addresses and medical information

Unemployment Fraud – Preying on Those Most in Need (SecurityWeek, Jan 29 2021)
The Covid-19 pandemic has been raging for nearly a year now.  With the pandemic has come a tremendous amount of uncertainty.  Many of us wonder when we will be able to return to normal life, when we will be able to see family and friends, and when we might resume those everyday activities we used to take for granted.

Facial Recognition Ethical Framework Launched by BSIA (Infosecurity Magazine, Feb 01 2021)
Guide encompasses useful terms, abbreviations and ethical issues

Over Three Million US Drivers Exposed in Data Breach (Infosecurity Magazine, Feb 03 2021)
Dealership service provider appears to have been targeted

How Normal People Deployed Facial Recognition on Capitol Hill Protesters (VICE, Feb 02 2021)
Facial recognition is now freely accessible to random people on Twitter using a Polish website called Pimeyes.

Canada Probe Concludes Clearview AI Breached Privacy Laws (SecurityWeek, Feb 04 2021)
US facial recognition technology firm Clearview AI illegally conducted mass surveillance in breach of Canadians’ privacy rights, Canada’s privacy commissioner said Wednesday following an investigation.

Greek Police to Introduce Live Facial Recognition (Infosecurity Magazine, Feb 01 2021)
Live facial recognition and fingerprint ID tech to be issued to Greek police this summer

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered (Krebs on Security, Feb 02 2021)
ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.

Why Insider ‘Zoom Bombs’ Are So Hard to Stop (Wired, Feb 03 2021)
Researchers have found that most calls to disrupt videoconferences originate with the participants, especially in high schools and colleges.

Delivery Biz Exposes 400 Million Records in Privacy Snafu (Infosecurity Magazine, Jan 29 2021)
Bykea leaked customer, employee and driver docs after misconfiguration

Data on 1.4 Million Washington State Residents Breached (Dark Reading, Feb 01 2021)
Unemployment data exposed via third-party software attack.

Man Charged in $11m Crypto Scheme that Featured Steven Seagal (Infosecurity Magazine, Feb 02 2021)
Actor drawn in to promote scam ICO

Medical Researcher Jailed for Selling Secrets to China (Infosecurity Magazine, Feb 02 2021)
Ohio resident who conspired with husband to steal hospital’s secrets is imprisoned

Weak ACLs in Adobe ColdFusion Allow Privilege Escalation (SecurityWeek, Feb 03 2021)
A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. The popular commercial web-application development platform uses the CFML scripting language and is mainly used for the creation of data-driven websites.

Most are concerned about data privacy, but few are willing to change habits (Help Net Security, Feb 04 2021)
Today’s consumers are willing to trade their personal data for personalization, but also have fast-growing concerns about data privacy, according to a survey by Entrust. In fact, 64% of consumers are at least somewhat willing to share personal information with an app in exchange for more relevant, personalized and/or convenient services. And 83% of consumers are at least somewhat comfortable with using or storing biometric data with apps and services.