A Review of the Best News of the Week on Identity Management & Web Fraud

Brussels Okays EU-UK Personal Data Flows (SecurityWeek, Feb 19 2021)
The European Commission lifted the threat of crucial data flows between Europe and Britain being blocked in a move that would have crippled business activity as it said Friday that privacy safeguards in the UK met European standards.

Apple details major security, privacy enhancements in its devices (Help Net Security, Feb 19 2021)
Security and privacy are a big selling point for Apple. The company has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of.

Think Tank Warns of “Silent Stealing” Fraud (Infosecurity Magazine, Feb 23 2021)
Scammers may be going downmarket to target consumers

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

California DMV Halts Data Transfers After Vendor Breach (Infosecurity Magazine, Feb 18 2021)
California drivers warned of data breach after Seattle verification company suffers ransomware attack

Software Firm Owner Admits Fraud and CSAM Possession (Infosecurity Magazine, Feb 18 2021)
Agents find indecent images of children while investigating Virginia businessman for fraud

Training Employees on Best Practices in Data Privacy (eWEEK, Feb 19 2021)
By 2025, it’s estimated that 463 exabytes of data will be created daily; that’s the equivalent of 212,765,957 DVDs per day! Where is all this data going to be stored and who is responsible for keeping this information safe? This amount of data creates a large cyber-surface area and leads to its potential exposure. Based […]

The post Training Employees on Best Practices in Data Privacy appeared first on eWEEK.

US Arrests Six Alleged Cyber-Scam Money Launderers (Infosecurity Magazine, Feb 19 2021)
Charges brought against alleged members of $50m fraud and money-laundering ring

Privacy Faces Risks in Tech-Infused Post-Covid Workplace (SecurityWeek, Feb 22 2021)
People returning to work following the long pandemic will find an array of tech-infused gadgetry to improve workplace safety but which could pose risks for long-term personal and medical privacy.

10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express (Dark Reading, Feb 23 2021)
The two campaigns aimed to steal victims’ business email account credentials by posing as the shipping companies.

Researchers propose more secure and private mobile contact tracing (Help Net Security, Feb 23 2021)
For public health officials, contact tracing remains critical to managing the spread of the coronavirus — particularly as it appears that variants of the virus could be more transmissible. The need for widespread contact tracing at the start of the pandemic led tech giants Apple and Google to announce a plan to turn iOS and Android phones into mobile “beacons” that alert users who opt in of potential exposure to COVID-19.

Analyze and understand IAM role usage with Amazon Detective (AWS Security Blog, Feb 23 2021)
“In this blog post, we’ll demonstrate how you can use Amazon Detective’s new role session analysis feature to investigate security findings that are tied to the usage of an AWS Identity and Access Management (IAM) role. You’ll learn about how you can use this new role session analysis feature to determine which Amazon Web Services (AWS) resource assumed the role that triggered a finding, and to understand the context of the activities that the resource performed when the finding was triggered. As a result of this walkthrough, you’ll gain an understanding of how to quickly ascertain anomalous identity and access behaviors. While this demonstration utilizes an Amazon GuardDuty finding as a starting point, the techniques demonstrated within this post highlight how Detective can be utilized to investigate any access behaviors that are tied to using IAM roles.”

Users largely unaware of the privacy implications of location tracking (Help Net Security, Feb 24 2021)
Through the app employed in the study researchers were able to identify which kind of personal information the app extracted and its privacy sensitivity according to users.

“Users are largely unaware of the privacy implications of some permissions they grant to apps and services, in particular when it comes to location tracking information”, explains Musolesi.