A Review of the Best News of the Week on Identity Management & Web Fraud
Attackers bypass fingerprint auth with an ~80% success (Ars Technica, Apr 08 2020)
Fingerprint-based authentication is fine for most people, but it’s hardly foolproof.
Easy-to-pick “smart” locks gush personal data, FTC finds (Ars Technica, Apr 07 2020)
Fancy anti-pry technology? Sure, maybe. Secure in any other way? Not so much.
Washington State Legalizes Restricted Use of Facial Recognition Technology (Infosecurity Magazine, Apr 03 2020)
Washington becomes first state to pass law on restricted use of facial recognition technology
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Share today’s post on Twitter Facebook LinkedIn
IRS: Phishers Using #COVID19 Stimulus Payments as Lure (Infosecurity Magazine, Apr 03 2020)
Tax office warns of email, text, phone, social and in person scams
Google knows if everyone in your county is actually staying home or not (Ars Technica, Apr 03 2020)
Google knows where billions of phones are—and more importantly right now, aren’t.
How to balance privacy concerns around facial recognition technology (Help Net Security, Apr 03 2020)
There has been global uproar regarding facial recognition technology and whether and when it’s ethically sound to use it. Its use without citizens’ consent could have potential safety benefits but is undoubtedly a violation of privacy.
Rights groups appeal to governments over COVID-19 surveillance (Naked Security – Sophos, Apr 06 2020)
Digital and human rights groups have joined in a rare worldwide appeal to governments to respect privacy when handling the COVID-19 crisis.
FBI Warns of BEC Dangers (Dark Reading, Apr 06 2020)
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
Two schoolkids sue Google for collecting biometrics (Naked Security – Sophos, Apr 07 2020)
The suit is about biometrics and children’s privacy in Google’s education apps, which are suddenly, wildly popular now due to COVID-19.
Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits (Dark Reading, Apr 07 2020)
Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.
Zoom’s Security and Privacy Woes Violated GDPR, Expert Says (SecurityWeek, Apr 02 2020)
Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant?
Zoom Blow as Thousands of User Videos Are Found Online (Infosecurity Magazine, Apr 06 2020)
Default naming convention blamed for privacy snafu
Zoom takes action after meeting IDs leak in careless screenshots (Graham Cluley, Apr 09 2020)
The video-conferencing app Zoom has been updated to remove the display of meeting IDs from its title bar, after a series of high profile privacy blunders by those sharing screenshots of their online meetings.
London Hit by Quarantine Text Scam (Infosecurity Magazine, Apr 02 2020)
Richmond residents warned over fraudulent quarantine fine notification texts
Australians Arrested Over $2.6m Email Scam (Infosecurity Magazine, Apr 06 2020)
Australians charged with altering invoices to steal millions in a BEC scam
WhatsApp Tightens Sharing Limits to Curb Virus Misinformation (SecurityWeek, Apr 07 2020)
WhatsApp on Tuesday placed new limits on message forwarding as part of an effort to curb the spread of misinformation about the coronavirus pandemic.
EU Privacy Tsar Calls for Europe-Wide #COVID19 Tracking App (Infosecurity Magazine, Apr 08 2020)
Coordinated response needed to ensure GDPR compliance
Clever Cryptography Could Protect Privacy in Covid-19 Contact-Tracing Apps (Wired, Apr 08 2020)
Researchers are racing to achieve the benefits of location-tracking without the surveillance.
Achieving identity and access governance on Google Cloud (Google Cloud Blog, Apr 01 2020)
“In this post, we’ll discuss these tasks to show how you can achieve effective identity and access governance when using Google Cloud.”
Pandemic driving global e-commerce growth, but fraud is on the increase too (Help Net Security, Apr 08 2020)
The COVID-19 crisis is driving the global growth of e-commerce sales, with millions of consumers worldwide in quarantine shopping for goods, services and entertainment online. Transaction volumes in most retail sectors have seen a 74 percent rise in March compared to the same period last year, while online gaming has seen a staggering increase of 97 percent, according to analysis by ACI Worldwide of hundreds of millions of transactions from global online retailers.