A Review of the Best News of the Week on Identity Management & Web Fraud
Zoom Lied about End-to-End Encryption (Schneier on Security, Aug 05 2021)
“The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.
The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a “prohibition on privacy and security misrepresentations” in a settlement with the Federal Trade Commission, but the FTC settlement didn’t include compensation for users.”
A New Approach to Securing Authentication Systems’ Core Secrets (Dark Reading, Aug 05 2021)
Researchers at Black Hat USA explain issues around defending “Golden Secrets” and present an approach to solving the problem.
Google Play gets mandatory app privacy labels in April 2022 (Ars Technica, Jul 29 2021)
After delaying its iOS privacy labels for months, Google copies the feature for Play.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Researchers Find Significant Vulnerabilities in macOS Privacy Protections (Dark Reading, Aug 05 2021)
Attacks require executing code on a system but foil Apple’s approach to protecting private data and systems files.
Most marketers support federal consumer privacy protections (Help Net Security, Jul 30 2021)
Kubient conducted a survey of marketing and advertising professionals to provide a snapshot of industry perspectives on increasing privacy regulations, including the postponement and eventual elimination of cookies and how it affects the larger marketing and advertising ecosystem. Consumer privacy protections: Top 3 insights
Tackling the insider threat to the new hybrid workplace (WeLiveSecurity, Jul 29 2021)
Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can – willingly or unwitingly – pose.
The Privacy Battle That Apple Isn’t Fighting (Wired, Jul 30 2021)
California has begun enforcing a browser-level privacy setting, but you still can’t find that option in Safari or iOS.
Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy (SecurityWeek, Aug 02 2021)
Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU’s data protection rules, the online retail giant said Friday.
Leaked Document Says Google Fired Dozens of Employees for Data Misuse (VICE, Aug 04 2021)
Some allegations potentially center around accessing Google user or employee data.
Google+ class action starts paying out $2.15 for G+ privacy violations (Ars Technica, Aug 04 2021)
Google exposed the private data of 52 million users in 2018 and got sued.
Managing Entitlements and Access in the Cloud is a Leading Security Risk: IDC Survey (eWEEK, Aug 05 2021)
The flexibility of public cloud environments enables customers to provision resources with the click of a button, spin up containers based on dynamic scaling requirements, and more. A typical public cloud deployment can quickly turn into a vast maze of interconnected machines, users, applications, services, containers and microservices.