A Review of the Best News of the Week on Identity Management & Web Fraud

Twitter Updates 2FA Use of Multiple Security Keys (Infosecurity Magazine, Mar 16 2021)
Users will soon be able to use security keys as sole authentication method

Netflix’s Password-Sharing Crackdown Has a Silver Lining (Wired, Mar 12 2021)
The streaming service is making account owners enter two-factor codes in a limited test. That’s… actually not so bad.

Judge Upholds Privacy Lawsuit Against Google (Infosecurity Magazine, Mar 15 2021)
Google will face allegations that it collected data of private browsing mode users

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

The Army Is Teaching Facial Recognition to See in the Dark (VICE, Mar 12 2021)
Researchers have built the first facial recognition database for thermal night vision images. But the technology itself is already prone to misuse.

A strategic approach to identity verification helps combat financial crime (Help Net Security, Mar 15 2021)
70% of financial services organizations are taking a strategic approach to identity verification to combat financial crime and stay one step ahead of fraudsters according to Trulioo. The research was conducted in the UK and the U.S. to explore how organizations are approaching identity verification during the COVID-19 crisis.

Apple Sues Employee for Stealing Trade Secrets (Infosecurity Magazine, Mar 12 2021)
Former Apple materials lead sued after allegedly leaking trade secrets to media

Password reuse defeats the purpose of passwords (Help Net Security, Mar 15 2021)
When a person reuses the same password across multiple accounts, one account’s exposure puts all the others at risk. To prevent this, cybersecurity awareness programs must emphasize the importance of passwords: how to create them, use them, and how to use a password manager.

Why data privacy will be the catalyst for digital identity adoption (Help Net Security, Mar 15 2021)
Most of us probably don’t think of buying a bottle of wine as a security risk. However, we inadvertently give away our address, surname, nationality and signature – unnecessarily – every time we buy alcohol. In proving our age, which only requires our date of birth and photograph, we give away lots more personal information than we need to. Digital identity adoption In the online world, we see the same pattern.

Alarming number of consumers impacted by identity theft, application fraud and account takeover (Help Net Security, Mar 15 2021)
A new report, developed by Aite Group, and underwritten by GIACT, uncovers the striking pervasiveness of identity theft perpetrated against U.S. consumers and tracks shifts in banking behaviors adopted as a result of the pandemic. According to the report, from 2019 to 2020, 47% of U.S. consumers surveyed experienced identity theft; 37% experienced application fraud (i.e., the unauthorized use of one’s identity to apply for an account)., and 38% of consumers experienced account takeover over…

Settlement Reached Over Data Breach Impacting 24 Million Americans (Infosecurity Magazine, Mar 12 2021)
Retrieval-Masters Creditors Bureau reaches multi-state settlement over AMCA data breach

Utah Company Stored Passport Scans on Unsecured Server (Infosecurity Magazine, Mar 12 2021)
Premier Diagnostics data breach exposes personal information of over 50k customers

The UK Is Secretly Testing a Controversial Web Snooping Tool (Wired, Mar 15 2021)
The country passed its Investigatory Powers Act in 2016. Now, its building what could be the most powerful data collection system used by any democratic nation.

A Bird-Feed Seller Beat a Chess Master. Then It Got Ugly (Wired, Mar 12 2021)
Twitch and YouTube chess star Levy Rozman has faced over a week of sustained harassment after calling out an alleged cheater.

WeLeakInfo Leaked Customer Payment Info (Krebs on Security, Mar 15 2021)
A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data for 23,000 people who paid to access the service with a credit card.

PayPal fraud: What merchants should know (WeLiveSecurity, Mar 15 2021)
From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for?

Combating Call Center Fraud in the Age of COVID (Dark Reading, Mar 16 2021)
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.

US Teen ‘Mastermind’ in Epic Twitter Hack Sentenced to Prison (SecurityWeek, Mar 17 2021)
A Florida teenager accused of masterminding a Twitter hack of celebrity accounts in a crypto currency scheme has been sentenced to three years in juvenile prison in a plea agreement, officials said.

Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military (VICE, Mar 17 2021)
15 billion car locations. Nearly any country on Earth. ‘The Ulysses Group’ is pitching a powerful surveillance technology to the U.S. government.

IAM Access Analyzer Update – Policy Validation (AWS News Blog, Mar 16 2021)
“AWS Identity and Access Management (IAM) is an important and fundamental part of AWS. You can create IAM policies and service control policies (SCPs) that define the desired level of access to specific AWS services and resources, and then attach the policies to IAM principals (users and roles), groups of users, or to AWS resources. With the fine-grained control that you get with IAM comes the responsibility to use it properly, almost always seeking to establish least privilege access. The IAM tutorials will help you to learn more, and the IAM Access Analyzer will help you to identify resources that are shared with an external entity. We recently launched an update to IAM Access Analyzer that allows you to Validate Access to Your S3 Buckets Before Deploying Permissions Changes.”