A Review of the Best News of the Week on Identity Management & Web Fraud
$1 billion piracy ruling could force ISPs to disconnect users (Ars Technica, Jun 07 2021)
Increased account terminations would punish “innocent” users, groups tell court.
NYPD’s Sprawling Facial Recognition System Now Has More Than 15,000 Cameras (VICE, Jun 03 2021)
The massive camera network is concentrated in predominantly Black and brown neighborhoods, according to a new crowdsourced report.
Mystery malware steals 26M passwords from millions of PCs. Are you affected? (Ars Technica, Jun 09 2021)
Massive trove can be used for ransomware, espionage, and more.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Google makes small Android advertising concession in wake of iOS 14.5 (Ars Technica, Jun 04 2021)
Android ad tracking still isn’t opt-in, though, so not much will change.
Apple privacy protections in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8 (Help Net Security, Jun 08 2021)
Apple previewed new privacy protections in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8, which help users better control and manage access to their data. “Privacy has been central to our work at Apple from the very beginning,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Every year, we push ourselves to develop new technology to help users take more control of their data and make informed decisions about whom they share … More →
The post Apple privacy protec
Google’s FLoC: Privacy Gone Amok? (Infosecurity Magazine, Jun 08 2021)
Google’s cookie replacement, FLoC, is coming under heavy criticism from privacy experts.
The Perfect Storm for PAM to Grow In (Dark Reading, Jun 04 2021)
With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.
How to hack into 5500 accounts… just using “credential stuffing” (Naked Security – Sophos, Jun 04 2021)
Passwords – don’t just pay them lip service.
Can your MFA implementations stymie MFA bypass attacks? (Help Net Security, Jun 09 2021)
Shay Nahari, Head of Red-Team services at CyberArk, says that they’ve been increasingly asked by customers to probe their multi-factor authentication (MFA) defenses, which lead them to pinpoint four main attack vectors used by threat actors to circumvent MFA controls, by exploiting: architectural and design flaws, insecure channels, side channel attacks and insufficient attack surface coverage.
Required MFA Is Not Sufficient for Strong Security: Report (Dark Reading, Jun 09 2021)
Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required.
RSA Spins Off Fraud & Risk Intelligence Unit (Dark Reading, Jun 09 2021)
The new company, called Outseer, will continue to focus on payment authentication and fraud detection and analysis.