A Review of the Best News of the Week on Identity Management & Web Fraud
The bleak picture of 2FA adoption in the wild (Elie Bursztein, Dec 21 2018)
This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption.
Privacy Law Showdown Between Congress and Tech Looms in 2019 (Wired, Dec 27 2018)
Lawmakers spend the better part of 2018 talking tough to tech companies. Now the pressure is on for Congress to act.
Dirty dealing in the $175 billion Amazon Marketplace (The Verge, Dec 27 2018)
A rival had framed Plansky for buying five-star reviews, a high crime in the world of Amazon. The funds in his account were immediately frozen, and his listings were shut down. Getting his store back would take him on a surreal weeks-long journey through Amazon’s bureaucracy, one that began with the click of a button at the bottom of his suspension message that read “appeal decision.”
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Fortnite hackers making a fortune from reselling stolen accounts (Naked Security – Sophos, Dec 21 2018)
Teenage hackers have been making thousands of pounds selling stolen accounts for popular online game Fortnite, it emerged this week.
FBI Steps Up Efforts Against ‘Money Mules’ Online Fraud (SecurityWeek, Dec 27 2018)
The email caught the executive at a small company by surprise one morning in 2016. The company’s owner, or so he thought, was requesting a money transfer to pay for supplies from a new vendor.
Privacy Futures: Fed-up Consumers Take Their Data Back (Dark Reading, Dec 19 2018)
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
IT security Predictions for 2019 – Verifying Trust (Infosec Island, Dec 19 2018)
With moves towards Hybrid IT adoption showing no signs of slowing down, 2019 will be the year when Zero Trust and Software Defined Perimeter take shape!
More phishing attacks on Yahoo and Gmail SMS 2FA (Naked Security – Sophos, Dec 21 2018)
The second report in a week has analysed phishing attacks that are attempting – and probably succeeding – in bypassing older forms of two-factor authentication (2FA).
Multiple Ways To Exploiting HTTP Authentication (Hacking Articles, Dec 21 2018)
In this article, we will learn about how to configure the password protected Apache Web Server to restrict from online visitors without validation so that we can hide some essential and critical information to the un-authenticated users and how to penetrate it’s the weak configuration to breach its security and exploit it.
Amazon Order Confirmation Phishing Scam (Infosecurity Magazine, Dec 24 2018)
Sophisticated campaign attempts to dupe Amazon shoppers with fake order confirmation email