A Review of the Best News of the Week on Identity Management & Web Fraud

Apple rejected 215k iOS apps due to privacy last year (Graham Cluley, May 18 2021)
Apple is talking up the efforts it makes to police the iOS App Store, revealing that during 2020 it rejected more than 215,000 iPhone apps for violating its privacy policies.

Facial recognition, fake identities and digital surveillance tools: Inside the post office’s covert internet operations program (Yahoo, May 19 2021)
The post office’s law enforcement arm has faced intense scrutiny in recent weeks over its Internet Covert Operations Program, which tracks social media posts of Americans and shares that information with other law enforcement agencies.

This facial recognition website can turn anyone into a cop — or a stalker (Washington Post, May 14 2021)
While most facial recognition tools are reserved for police or government use, PimEyes is open to the masses, whether they’re hunting down U.S. Capitol riot suspects or stalking women around the Web.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

WhatsApp’s New Privacy Policy Just Kicked In (Wired, May 15 2021)
Instead of a hard cutoff, the messaging app will gradually degrade and eventually cease to function if you don’t accept the changes.

Researchers Abuse Apple’s Find My Network for Data Upload (SecurityWeek, May 13 2021)
Security researchers have discovered a way to leverage Apple’s Find My’s Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection.

European police bust major online investment fraud ring (WeLiveSecurity, May 13 2021)
The operation was carried out against an organized group that used online trading platforms to swindle victims out of US$36 million

Privacy regulations making cloud migration complex (Help Net Security, May 16 2021)
Digital transformation is driving multi-cloud migrations, as 85 percent of organizations use at least two cloud providers for data storage and analytics, while 40 percent use five or more. GDPR, CCPA, and other privacy regulations are making cloud migration and analytics difficult, as 7 out of 10 said the effort has become more complex, a Privacera and Lead to Market survey reveals.

How to Mitigate Against Domain Credential Theft (Dark Reading, May 18 2021)
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.

Do consumers now feel more exposed than ever to the risk of fraud? (Help Net Security, May 17 2021)
As the pandemic drove consumers online en masse to make purchases, consumer anxiety around fraud saw a considerable spike, according to a survey by Marqeta. The company surveyed 2,000 consumers across the United States and United Kingdom about their experiences and attitudes toward payment fraud and how they felt about the threat of fraud in the aftermath of COVID-19.

Oregonian Indicted Over International Streaming Fraud (Infosecurity Magazine, May 18 2021)
AccountBot suspect allegedly stole and resold millions of customers’ login credentials

Consumers Warned About Surge in Meal Kit Delivery Scams (Infosecurity Magazine, May 18 2021)
Fraudsters are increasingly impersonating meal kit delivery companies like Gousto

Only One NYC Mayor Candidate Is Promising to Ban Facial Recognition (VICE, May 18 2021)
Here’s where all the candidates stand on the controversial technology, which is known to falsely identify and discriminate against people of color.

Credential Stuffing Reaches 193 Billion Login Attempts Annually (Dark Reading, May 19 2021)
More attacks does not necessarily mean more threats, but all attacks types have increased, according to Akamai’s new “State of the Internet” report.

I’m Not a Robot! So Why Won’t Captchas Believe Me? (Wired, May 19 2021)
If clicking crosswalks makes your blood boil, you’re not alone. Fortunately, there are some tips that make solving those challenges way less frustrating.