A Review of the Best News of the Week on Identity Management & Web Fraud
Facebook Demanded User Email Passwords (SecurityWeek, Apr 04 2019)
Facebook has been found asking users for their email passwords. A screen form told users that their email address needed to be confirmed in order to update their contact information, and suggested that it could be done via gmx.net. All the user needed do was enter their email account password into the Facebook form.
Password checkup: from 0 to 650, 000 users in 20 days (Elie Bursztein with Kurt Thomas, Mar 31 2019)
On February 5th, for Safer Internet Day, our team launched its first public-facing system, called Password Checkup. Password checkup allows users to check, in a privacy-preserving manner, whether their username and password matches one of the more than 4B+ credentials exposed by third-party data breaches of which Google is aware.
Okta unveils $50M in-house venture capital fund (TechCrunch, Apr 03 2019)
Okta Ventures wants to fund the next generation of identity, security and privacy startups.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.
Office Depot rigged PC malware scans to sell unneeded $300 tech support (Ars Technica, Mar 28 2019)
Office Depot and its software supplier have to pay $35 million toward refunds.
FTC slams the phone down on quartet of robocallers (Naked Security – Sophos, Mar 29 2019)
Wrist slaps and paltry fines may not be what most of us were hoping for in retribution for billions of robocalls and countless scams.
Hacking Instagram to Get Free Meals in Exchange for Positive Reviews (Schneier on Security, Apr 02 2019)
“This is a fascinating hack: In today’s digital age, a large Instagram audience is considered a valuable currency. I had also heard through the grapevine that I could monetize a large following — or in my desired case — use it to have my meals paid for. So I did just that.”
Google rolls out expanded 2FA for G-Suite users (SC Magazine, Mar 29 2019)
In an effort to help organizations and end users boost their security level Google is expanding its two-step verification process for G-Suite users. The changes include new two-step verification interfaces, different screens on different browsers and expanded Bluetooth security key support.
The US Military Is Creating the Future of Employee Monitoring (Defense One, Apr 01 2019)
A new AI-enabled pilot project aims to sense “micro changes” in the behavior of people with top-secret clearances. If it works, it could be the future of corporate HR.
Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers (Dark Reading, Mar 28 2019)
Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.
IT Security Pros Slam State-Backed Encryption Backdoors (Infosecurity Magazine, Mar 29 2019)
Moves will expose countries to nation state attacks and make them less competitive
Russia demands access to VPN providers’ servers (Network World Security, Mar 29 2019)
The Russian censorship agency Roskomnadzor has ordered 10 VPN service providers to link their servers in Russia to its network in order to stop users within the country from reaching banned sites. If they fail to comply, their services will be blocked, according to a machine translation of the order.
Facebook Pulls Spam and Fraud from India, Pakistan (Infosecurity Magazine, Apr 01 2019)
More than 1,000 accounts linked to India and Pakistan were removed from Facebook and Instagram.
Head of Money Mule Operation Extradited to the United States (SecurityWeek, Apr 01 2019)
A Ukrainian man accused of being the head of a money laundering and fraud operation was extradited to the United States after being arrested in South Korea, the U.S. Department of Justice announced.
Sentence Handed Down in $4.2 Million BEC Scheme (Dark Reading, Apr 02 2019)
Maryland man conspired in a business email compromise scheme that stole from at least 13 separate victims over the course of a year.
WhatsApp Launches a Tip Line for Misinformation in India Ahead of Elections (Motherboard, Apr 02 2019)
WhatsApp has been struggling to address misinformation and rumors on its app without compromising security. “Checkpoint Tipline” gives users in India an opt-in option to submit rumors for fact-checking.
Israeli Watchdog Finds Online Manipulation Ahead of Vote (SecurityWeek, Apr 02 2019)
An Israeli cyber watchdog said Monday it has uncovered a network of fake online accounts backing Prime Minister Benjamin Netanyahu and slandering opponents ahead of next week’s general election.
PwC Tests Blockchain for Validating Job Candidates’ Credentials (WSJ, Apr 04 2019)
PricewaterhouseCoopers is experimenting with using blockchain technology to validate a job candidate’s credentials, with the goal of speeding up the vetting process.
Kaspersky Lab Will Now Alert Users to ‘Stalkerware’ Used In Domestic Abuse (Motherboard, Apr 03 2019)
Antivirus company Kaspersky Lab announced that its Android security product will now mark all stalkerware apps as malware, prompting users to delete them.
Georgia Tech stung with 1.3 million-person data breach (SC Magazine, Apr 03 2019)
Georgia Tech is reporting that it suffered a data breach when a Georgia Institute of Technology web app exposed the information on 1.3 million current and former students, student applicants along with staff members.