A Review of the Best News of the Week on Identity Management & Web Fraud
Colorado Passes New Privacy Act (Infosecurity Magazine, Jun 18 2021)
Comprehensive data privacy law awaits signature of state governor
Identity Eclipses Malware Detection at RSAC Startup Competition (Dark Reading, Jun 22 2021)
All 10 finalists in the Innovation Sandbox were focused on identity, rather than security’s mainstay for the last 20 years: Malware detection.
A Billion CVS Records Exposed (Infosecurity Magazine, Jun 17 2021)
Misconfiguration error leaves CVS database without password protection
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Scammers are impersonating the DarkSide ransomware gang (Help Net Security, Jun 21 2021)
Someone out there is impersonating the infamous DarkSide ransomware gang and trying to trick companies in the energy and food industry to part with 100 Bitcoins, Trend Micro warns. But the campaign is not producing the desired results, because the Bitcoin wallet to which the ransom should be directed has yet to receive or send any payment.
What is plaguing digital identities? (Help Net Security, Jun 21 2021)
Auth0 launched a report which highlights key areas of concern for security professionals responsible for managing digital identities, including the exponential rise of credential stuffing attacks (automated attempts to compromise a large number of user accounts with stolen credentials), fraudulent registrations, and the widespread use of breached credentials.
The brave new world of distributed identity (SC Media, Jun 18 2021)
IBM has been a leading proponent of the hybrid cloud. Today’s columnist, Eric Olden of Strata Identity, offers insights for how security teams can effective manage identifies in hybrid and multi-cloud environments.
HHS unveils patient matching standards, guidance to boost patient privacy (SC Media, Jun 17 2021)
HHS developed patient matching standards in coordination with industry stakeholders and standards development entities, including HL7.
Facial Recognition Failures Are Locking People Out of Unemployment Systems (VICE, Jun 18 2021)
ID.me’s CEO says unemployment fraud is costing taxpayers $400 billion, but his own company is denying claims because of problems with its tech, users say.
Congress Introduces a Bill That Would Ban Facial Recognition Indefinitely (VICE, Jun 16 2021)
The technology has been proven to discriminate against Black people, and has already been banned in 20 US cities and the state of Vermont.
Even creepier COVID tracking: Google silently pushed app to users’ phones [Updated] (Ars Technica, Jun 21 2021)
Massachusetts launched a COVID tracking app, and uh, it was automatically installed?!
Finger Scanning Costs Six Flags $36m (Infosecurity Magazine, Jun 21 2021)
American amusement park agrees to $36m settlement over use of finger-scan entry gates
Ohio Medicaid Provider Suffers Data Breach (Infosecurity Magazine, Jun 21 2021)
Personal data could have been stolen in unauthorized access incident at Maximus
Passwordless Authentication Firm Transmit Security Raises $543 Million (SecurityWeek, Jun 22 2021)
Identity solutions provider Transmit Security on Tuesday announced raising $543 million in a Series A funding round.
All the Ways Amazon Tracks You—and How to Stop It (Wired, Jun 22 2021)
The retail empire is obsessed with your data. But is the convenience worth your personal information?
Apple Will Offer Onion Routing for iCloud/Safari Users (Schneier on Security, Jun 22 2021)
At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing, which is what Tor does.
UK Banks Drive £77 Million Reduction in European Fraud Losses (Infosecurity Magazine, Jun 23 2021)
British lenders helped continent despite rises in many countries
Iowa Eye Clinic: 500,000 Patient Files May Have Been Stolen (SecurityWeek, Jun 23 2021)
The records of roughly 500,000 patients of an eye clinic with locations throughout Iowa may have been stolen as part of a ransomware attack on the business earlier this year.