A Review of the Best News of the Week on Identity Management & Web Fraud
Virginia is about to get a major CA-style data privacy law (Ars Technica, Feb 11 2021)
Virginia’s the first on deck since California’s CCPA in 2018, but more are coming.
U.S. Indicts North Korean Hackers in Theft of $200 Million (Krebs on Security, Feb 17 2021)
“The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide.”
How to Solve Security Problems of Identity Verification Systems (eWEEK, Feb 12 2021)
There are many different perspectives on how identity verification systems should work to provide confidence, trust and interoperability between different sectors, both local and international. At the same time, these solutions should ensure a decent level of privacy. Comprehensive security instruments are required to address threats such as the abuse of power by some privileged players in the ID verification ecosystem.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
UK Post Office Announces New Digital ID Solutions (Infosecurity Magazine, Feb 15 2021)
The Post Office in the UK has announced it will expand the use of digital identity technology in partnership with software company Yoti.
Zuckerberg responds to Apple’s privacy policies: “We need to inflict pain” (Ars Technica, Feb 15 2021)
For example, Cook publicly responded to Facebook’s 2018 Cambridge Analytica scandal by saying such a scandal would never happen to Apple because Apple does not treat its customers like products. When asked what he would do in Zuckerberg’s position, he said, “I wouldn’t be in this situation,” calling Facebook’s approach “an invasion of privacy.” This was one of the comments that has led Zuckerberg to see Apple as an opponent.
Virginia Takes Different Tack Than California With Data Privacy Law (Dark Reading, Feb 18 2021)
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme (Infosecurity Magazine, Feb 15 2021)
Two men from Texas alleged to have sold fake Adderall online
Diners Devour Made-to-Order Fraud (Infosecurity Magazine, Feb 12 2021)
Cyber-criminals use Telegram to sell food bought with stolen credit cards to hungry users
Consumers not protecting data online despite having privacy concerns (Help Net Security, Feb 15 2021)
Startpage announced results of its survey exploring the attitudes of Americans towards protecting their own privacy online. The results found a gap between the high levels of online privacy awareness and concern respondents report, and the low levels of action they take to combat increasingly egregious assaults on their privacy.
IRS Warns of EFIN Scam (Infosecurity Magazine, Feb 15 2021)
Scammers spoof IRS to steal Electronic Filing Identification Numbers from tax pros
Compromised Credentials Show That Abuse Happens in Multiple Phases (Dark Reading, Feb 16 2021)
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
Sign of the Times: Bots Earning More Credibility Than People (eWEEK, Feb 17 2021)
Remember 2019? That may have been the last time anyone wondered about the dangers of artificial intelligence. There’s no point restating the many ways the COVID-19 pandemic hammered people and organizations over the intervening year.
Neighbor Revealed as Cyber-Stalker (Infosecurity Magazine, Feb 16 2021)
Durban man admits targeting neighbors in cyber-stalking campaign
Which? Flags Fake Amazon Reviews (Infosecurity Magazine, Feb 16 2021)
Consumer group finds Amazon retailers can buy positive reviews by the bundle
Phishers tricking users via fake LinkedIn Private Shared Document (Help Net Security, Feb 18 2021)
Phishers are trying to trick users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. The phishing attack The phishing message is delivered via LinkedIn’s internal messaging system and looks like it has been sent by one of the victim’s contacts.
Avoid source code leaks on third-party repositories (SC Media, Feb 18 2021)
Nissan North America reported a significant source code leak in January because of misconfigured Git servers. Today’s columnist, Landon Winkelvoss of Nisos, offers some advice on how security teams can safeguard source code.