A Review of the Best News of the Week on Identity Management & Web Fraud

Europe Makes the Case to Ban Biometric Surveillance (Wired, Jul 09 2021)
Companies are racing to track everything about you. It could be a convenient way to reduce fraud—or seriously creepy and discriminatory.

New Framework Aims to Describe & Address Complex Social Engineering Attacks (Dark Reading, Jul 09 2021)
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.

Colorado Passes Consumer Privacy Law (Schneier on Security, Jul 15 2021)
First California. Then Virginia. Now Colorado.

Here’s a good comparison of the three states’ laws.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Colorado’s new law ups need for privacy awareness training (SC Media, Jul 12 2021)
We often hear about security awareness training’s role in maintaining proper cyber hygiene, but what about privacy awareness programs? Experts largely agree that such training is integral to ensuring employees don’t run afoul of a growing array of legislations.

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems (SC Media, Jul 13 2021)
The attack pairs a new vulnerability with older flaws that can be leveraged in new ways to attack a popular controller used across critical infrastructure sectors.

Fraudulent content has a direct impact on consumer loyalty (Help Net Security, Jul 09 2021)
Scams accounted for 59% of blocked user-generated malicious content during the first quarter of the year, according to a Sift report. The report examines how weaponized content is moving the fraud economy forward, as well as consumer perception of content fraud based on a survey of more than 1,200 U.S consumers. Content scams on the rise Scams – defined as any content created and used to perpetrate fraud, such as listings for products that are…

PACS vulnerabilities, data breach spur lawsuit against radiology specialists (SC Media, Jul 12 2021)
A lawsuit against Northeast Radiology and Alliance HealthCare alleges negligence and inadequate security, following a nine-month data breach caused by PACS flaws.

Where do all those cybercrime payments go? (Naked Security – Sophos, Jul 09 2021)
Yes, the headline is a rhetorical question. But sometimes we get literal answers, and they’re well worth remembering.

Data of 1.2M patients stolen prior to third-party vendor ransomware attack (SC Media, Jul 09 2021)
This week’s health care data breach roundup includes attacks on Practicefirst, University Medical Center of Southern Nevada and Coastal Family Health Center.

It takes more than MFA to beat human hacking (Help Net Security, Jul 13 2021)
While multi-factor authentication (MFA) is a much-needed addition to an effective cyber defense strategy, it is by no means foolproof. In fact, no single security effort can ever be considered entirely effective when facing off against threat actors that use automation to evade detection and identify an enterprise’s weak points. Instead, organizations must view MFA as another layer of security that helps mitigate against the risk of potential compromise.

Recently Patched ForgeRock AM Vulnerability Exploited in Attacks (SecurityWeek, Jul 13 2021)
Government agencies in the United States and Australia warn organizations that a recently patched vulnerability affecting ForgeRock Access Management has been exploited in the wild.

Websites repeatedly stalked by fraudulent copycats, say researchers (SC Media, Jul 13 2021)
Digital Shadows researchers found that over a four-month span, its clients on average had 90 fraudulent domains impersonating their websites and brands.

Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says (VICE, Jul 14 2021)
A new report by Google researchers details a hacking campaign by “likely Russian government-backed” hackers targeting European government officials.

Coinbase Users Face Ongoing Phishing Attacks (SecurityWeek, Jul 15 2021)
The rise in the value of cryptocurrencies has inevitably drawn the eye of criminals, and the concentration of crypto in the cryptocurrency exchanges has focused that attention. Coinbase is the largest exchange in the U.S., and researchers have detected numerous phishing campaigns against Coinbase users.