A Review of the Best News of the Week on Identity Management & Web Fraud

Hackers Fool Facial Recognition Into Thinking I’m Mark Zuckerberg (VICE, Jun 24 2021)
Using a new technique, researchers say they can make AI systems misidentify people by adding small bits of data to the images.

Hospitals are selling treasure troves of medical data — what could go wrong? (The Verge, Jun 28 2021)
It could help with research, but also comes with risks.

Twitter Enables Use of Security Keys as Sole Two-Factor Authentication Method (SecurityWeek, Jul 01 2021)
Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication (2FA) to secure their accounts.


Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Google delays FLoC rollout until 2023 (Ars Technica, Jun 24 2021)
With regulators, privacy advocates, and major websites condemning FLoC, Google relents.

A closer look at Google Workspace privacy and data security (Help Net Security, Jun 28 2021)
Google recently unveiled the next evolution of Google Workspace, including new security and privacy capabilities to help users take advantage of trusted, cloud-native collaboration. In this interview with Help Net Security, Karthik Lakshminarayanan, Sr. Director, Google Workspace Security, talks about the new features as well as Google’s aim to help teams securely navigate the challenges and opportunities of the hybrid workplace.

Federal Judge Rules Baltimore’s Secret Spy Planes Violated The Constitution (VICE, Jun 28 2021)
The court decision sets a new precedent for whether law enforcement can use aerial surveillance technology to monitor entire cities in real-time.

Judge Temporarily Stops the FBI From Seizing the Contents of Private Vaults (VICE, Jun 23 2021)
A federal judge has issued a temporary restraining order against the FBI using civil asset forfeiture to collect $85 million it seized from a private vault company in Beverly Hills.

Mercedes Benz Data Leak Includes Card and Social Security Details (Infosecurity Magazine, Jun 28 2021)
Customer data was exposed via an insecure cloud storage service

Reported HMRC-Branded Phishing Scams Grew by 87% During COVID-19 (Infosecurity Magazine, Jun 28 2021)
Phishing scams impersonating the UK’s tax, payments and customs authority surge

Kentucky Healthcare System Exposes Patients’ PHI (Infosecurity Magazine, Jun 28 2021)
UofL Health sends PHI of 42,000 patients to incorrect email addresses

3 Ways Cybercriminals Are Undermining MFA (Dark Reading, Jun 29 2021)
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.

How to conquer synthetic identity fraud (Help Net Security, Jun 29 2021)
“No single organization can stop synthetic identity fraud on its own,” reports The Federal Reserve. “Fraudster tactics continually evolve to stay a step ahead of detection—and the most sophisticated fraudsters can operate at scale in organized crime rings, generating significant losses for the payments industry. It is imperative that payments industry stakeholders work together, share information and keep up with the threat.”

Mozilla Launches Privacy-Focused Browsing Data Sharing Platform (SecurityWeek, Jun 28 2021)
Mozilla has a new privacy-focused data sharing platform that provides users with increased control of their data and also allows them to contribute to a better Internet.

Police Bust $15 Million European Fraud Ring (Infosecurity Magazine, Jun 30 2021)
Scammers impersonated legitimate companies to obtain goods

Police warn of WhatsApp scams in time for Social Media Day (Naked Security – Sophos, Jun 30 2021)
Happy Social Media Day! Make it a day to review whether your social media security really is up to scratch.

Pandemic hasn’t stemmed the rise of privacy salaries, but there is still some work to do (SC Media, Jun 29 2021)
A new report from the IAPP notes the average salary for a privacy pro in 2021 is $140,529 – a jump of more than $6,000 since 2019. That said, a gender gap persists.

Authentication Bypass in Adobe Experience Manager Impacts Large Organizations (SecurityWeek, Jun 29 2021)
Multiple large organizations were found to be impacted by an authentication bypass in Adobe Experience Manager CRX Package Manager, according to a warning from security vendor Detectify.

Six Federal Agencies Used Facial Recognition On George Floyd Protestors (VICE, Jun 30 2021)
The FBI, U.S. Park Police, and other agencies used the technology during the height of 2020’s protests, according to a new government watchdog report.

This Startup Wants to Scan Your Eyes With a Silver Orb for Cryptocurrency (VICE, Jun 29 2021)
Worldcoin is co-founded by OpenAI CEO Sam Altman, funded by VC money, and is possibly connected to rapper Azealia Banks.

We Infiltrated a Counterfeit Check Ring! Now What? (Krebs on Security, Jun 30 2021)
Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it. How frustrated would you be?