Identity Mgt & Web Fraud

Identity Mgt & Web Fraud – The Week’s Best News – 2020.01.16

2020-01-16 by Lucas Samaras

A Review of the Best News of the Week on Identity Management & Web Fraud

Google: Chrome Will Remove Third-Party Cookies and Tracking (Dark Reading, Jan 14 2020)
It’s “not about blocking” but removing them altogether, the company said.

Apple’s new privacy features have further rattled the location-based ad market (Digiday, Jan 15 2020)
People aren’t sharing data with apps thanks to Apple, and that’s left ad tech vendors with less location data to sell. Now, they’re trying to plug the gap with data from IP addresses or a mobile carrier.

Google voice Assistant gets new privacy ‘undo’ commands (Naked Security – Sophos, Jan 09 2020)
Google’s controversial voice Assistant is getting a series of new commands designed to work like privacy-centric ‘undo’ buttons.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Amazon’s Ring fired at least four employees for snooping on user videos (Ars Technica, Jan 09 2020)
Police, hackers, rogue employees… who can’t access Ring?

St Louis Man Jailed for $12m Tax Refund Scam (Infosecurity Magazine, Jan 13 2020)
Over 2000 fraudulent returns filed on behalf of victims

Google tests biometric authentication for Android autofill (Naked Security – Sophos, Jan 14 2020)
Google is testing out a feature to make Android’s built-in password manager safer.

Fake-review purge: Facebook boots 188 groups, eBay bans 140 shills (Naked Security – Sophos, Jan 10 2020)
After a poke from the UK’s watchdog, the companies promised to beef up filters to strain out those who write, buy and sell fluffy nonsense.

Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam (Dark Reading, Jan 10 2020)
The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016.

Lawmakers look to spread COPPA out to cover kids up to 16 (Naked Security – Sophos, Jan 13 2020)
If that bill passes, you can say bye-bye to YouTube, says one content creator.

Verizon offers no-tracking search engine, promises to protect your privacy (Ars Technica, Jan 14 2020)
With “OneSearch,” Verizon promises no cookie tracking or personal profiling.

Advocates ask colleges to avoid facial recognition as surveillance grows (Ars Technica, Jan 14 2020)
Facial recognition: one of the few ways college kids aren’t always tracked. Yet.

Fraud prevents a third of businesses from expanding digital capabilities (Help Net Security, Jan 14 2020)
40% of businesses say fraud impedes their expansion into new digital channels and services.

LastPass releases its 3rd Annual Global Password Security report (Graham Cluley, Jan 14 2020)
Many businesses are making significant strides in some areas of password and access security – but there is still a lot of work to be done. Use of important security measures like multifactor authentication is up, but the continued reality of poor password hygiene still hampers many business’ ability to achieve high standards of security.

Apple Privacy Executive Defends Encryption After FBI Request (IT Pro, Jan 08 2020)
Tech companies and governments have clashed for years over balancing law enforcement access and user privacy, most famously when the U.S. sought access to an iPhone from a terrorist who carried out a deadly shooting spree in San Bernardino, California.

Azure is now certified for the ISO/IEC 27701 privacy standard (Microsoft Azure Blog, Jan 13 2020)
Azure is the first major US cloud provider to achieve certification as a data processor for the new international standard ISO/IEC 27701 Privacy Information Management System (PIMS).

Identity Mgt & Web Fraud – The Week’s Best News – 2020.01.09

2020-01-09 by Lucas Samaras

A Review of the Best News of the Week on Identity Management & Web Fraud

Why a Steak in California Comes With a Privacy Notice (VICE, Jan 07 2020)
Under California’s new privacy law, even brick and mortar companies have to make it clear you can opt out of having your personal data sold.

Facebook Revamps Its Privacy Checkup Feature in Time for CES (Wired, Jan 07 2020)
Forget Portal. This year, Facebook is marketing itself as a privacy crusader.

China facial-recognition case puts Big Brother on trial (Yahoo News, Jan 08 2020)
Facial-recognition technology has become embedded in China, from airports to hotels, e-commerce sites and even public toilets, but a law professor had enough when asked to scan his face at a safari park. Guo Bing took the wildlife park to court, raising the temperature in a growing debate about privacy

Share today’s post on Twitter Facebook LinkedIn

CCPA Kickoff: What Businesses Need to Know (Dark Reading, Jan 02 2020)
The California Consumer Privacy Act is in full effect, prompting organizations to think about how they’ll remain compliant.

What California’s New Privacy Law Means for You (VICE, Jan 02 2020)
The CCPA is America’s first big internet privacy law, designed to give power back to consumers.

CES 2020: Ring will add privacy and security Control Center to mobile app this month, adds new hardware to its lineup (ZDNet, Jan 07 2020)
Ring adds new smart lighting products, promises more privacy features in its mobile app.

Facial recognition hardware to reach over 800 million devices by 2024 (Help Net Security, Jan 07 2020)
A new report from Juniper Research found that facial recognition hardware, such as Face ID on recent iPhones, will be the fastest growing form of smartphone biometric hardware. This means it will reach over 800 million in 2024, compared to an estimated 96 million in 2019.

Apple Is Scanning Your Photos (Infosecurity Magazine, Jan 08 2020)
Apple is scanning photos uploaded to the iCloud for evidence of illegal activities

Client-Side JavaScript Risks & the CCPA (Dark Reading, Jan 06 2020)
How California’s new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.

Simple steps to protect yourself against identity theft (WeLiveSecurity, Jan 02 2020)
As we enter the New Year, be sure to keep up, or adopt, these good data security habits to avoid identity theft

Tech Ops Exec Pleads Guilty in $6m Fraud Case (Infosecurity Magazine, Jan 07 2020)
Kabbaj was defrauding his employer by issuing invoices in the name of a shell company he created, Interactive Systems, for fictitious products and services such as firewalls and servers, according to the Department of Justice.

Richard Branson Gets Animated Over Online Scams (Infosecurity Magazine, Jan 07 2020)
Virgin founder releases animated guide to spotting scams

Identity Mgt & Web Fraud – The Week’s Best News – 2020.01.02

2020-01-02 by Lucas Samaras

A Review of the Best News of the Week on Identity Management & Web Fraud

Say Hello to SASE (Secure Access Service Edge) (Gartner Blog Network, Dec 23 2019)
So by now, most networking folks know about SDWAN. And of course, just when everyone is aware and comfortable with a technology, and it is (relatively) stable with over 25,000 paying customers, and we can start to absorb it…then Boom. Things change. And we are absolutely seeing the market evolve. And the new “thing” is SASE – Secure Access Service Edge, pronounced “sassy”.

Identity access management – An auditor’s view (SC Magazine, Dec 26 2019)
12 Best Practices from an Auditor’s view…

The 2019 State of the Auth Report: Has 2FA Hit Mainstream Yet? (The Duo Blog, Dec 09 2019)
The Study Results Show That 2FA Is Catching On
Awareness in 2FA shot up from 44% of respondents in 2017 to 77% in 2019. That’s a 33% gain over a two year period.

More Users Are Adopting 2FA Security for Protection
In 2017, a mere 28% of respondents were using 2FA compared to 53% in 2019. That is a solid 25% gain in user security.

Share today’s post on Twitter Facebook LinkedIn

Airbnb Takes Halting Steps to Protect Its Users (WSJ, Dec 30 2019)
The company faces a question likely to consume the tech industry: How much responsibility should it assume for safety problems on its site? It has taken some recent steps, but former employees say more stringent measures were overruled.

Honoring’ CCPA’s Binding Principles Nationally Won’t Be Easy (Dark Reading, Dec 26 2019)
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California’s new consumer privacy law.

The Decade We Learned There’s No Such Thing as Privacy Online (VICE, Dec 31 2019)
And a corrupt U.S. government seems incapable and unwilling to do anything about it.

123456 still a popular password (SC Magazine, Dec 24 2019)
Among the banes of existence for any human living in the 21st century is the need to periodically choose, change and remember numerous passwords, which partly explains why nearly 3 percent of computer users chose 123456 in 2019.

California Consumer Privacy Act: Challenge and Opportunity (SC Magazine, Dec 24 2019)
The California Consumer Privacy Act goes into effect Jan. 1. The act, considered the most comprehensive of any state privacy law, provides consumers with new rights, including a right to transparency about data collection, a right to be forgotten and a right to opt out of having their data sold. Companies impacted include those in the state with more than $25 million in an-nual revenue, those that derive at least half of their revenue from selling customers’ personal information, or those that buy, sell or share data from at least 50,000 consumers, households or devices.

Nepal Arrests 122 Chinese Over Suspected Cyber Scam (SecurityWeek, Dec 27 2019)
More than 100 Chinese nationals in Nepal on tourist visas have been detained over a suspected cyber scam, police said Wednesday, in the country’s largest ever crackdown involving foreigners.

The Decade Big-Money Email Scams Took Over (Wired, Dec 26 2019)
Some email scams feel like they’ve been around almost as long as email itself. But the grifts have evolved significantly over the last decade, as scammers have learned that they can extract much bigger payouts from big businesses than lone victims. They’ve tallied billions of dollars in the last few years alone. In the 2020s, it’s only going to get worse.

Fraud in the New Decade (Dark Reading, Dec 30 2019)
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth

4 authentication use cases: Which protocol to use? (CSO Online, Dec 05 2019)
Choosing the wrong authentication protocol could undermine security and limit future expansion. These are the recommended protocols for common use cases.

Identity Mgt & Web Fraud – The Week’s Best News – 2019.12.26

2019-12-26 by Lucas Samaras

A Review of the Best News of the Week on Identity Management & Web Fraud

What does your car know about you? We hacked a Chevy… (Washington Post, Dec 24 2019)
Our privacy experiment found hundreds of sensors and an always-on Internet connection. Driving surveillance is becoming very hard to avoid.

Ambiguity Around CCPA Will Lead to a Slow Start in 2020 (Dark Reading, Dec 20 2019)
But longer term, compliance to California’s new privacy law represents an opportunity for companies to increase customer trust and market share.

Google Cloud: Supporting our customers with the California Consumer Privacy Act (CCPA) (Google Cloud Blog, Dec 20 2019)
Businesses that collect California residents’ personal information and meet certain thresholds (for example, revenue) will need to comply with these obligations.

Share today’s post on Twitter Facebook LinkedIn

Massive Errors Found in Facial Recognition Tech: US Study (SecurityWeek, Dec 20 2019)
Facial recognition systems can produce wildly inaccurate results, especially for non-whites, according to a US government study released Thursday that is likely to raise fresh doubts on deployment of the artificial intelligence technology.

Even The Government Admits Facial Recognition Is Racially Biased (VICE, Dec 20 2019)
A new federal study confirms the widely-adopted tech is fundamentally biased. It’s time to ban it.

Data Leak Exposes 267 Million Facebook Users (Infosecurity Magazine, Dec 20 2019)
Suspected data scrapers left Elasticsearch cluster wide open

Court’s Opinion Good News for EU-US Data Flows (Infosecurity Magazine, Dec 20 2019)
Standard Contractual Clauses are legal, says advocate general

Man jailed for $122 million scam that fooled Google and Facebook (Naked Security – Sophos, Dec 23 2019)
Lithuanian Evaldas Rimasauskas has been sentenced to five years in jail for successfully defrauding two US companies out of $122 million.

Former NY Hospital Employee Admits to Stealing Colleagues’ Data (Dark Reading, Dec 23 2019)
Richard Liriano pleads guilty to compromising hospital computers and co-workers’ email accounts, as well as stealing personal files and photos.

Phishing operation picking on Canadian banks since at least 2017 (SC Magazine, Dec 23 2019)
Researchers recently discovered a large-scale phishing email operation that has been targeting primarily customers of Canadian banking chains since at least 2017. The emails generally attempt to trick recipients into revealing their credentials on a phishing page that utilizes a lookalike domain and impersonates a log-in screen.

PayPal scam goes after account info, payment card data (SC Magazine, Dec 23 2019)
PayPal customers are being hit with a phishing scam designed to steal their login credentials and other PII through a series of well-crafted emails and fraudulent websites. An incident begins with an email stating that there has been some unusual activity on the person’s PayPal account that requires immediate attention in order to properly secure…

Identity Mgt & Web Fraud – The Week’s Best News – 2019.12.19

2019-12-19 by Lucas Samaras

A Review of the Best News of the Week on Identity Management & Web Fraud

2020 Predictions: Privacy (SC Magazine, Dec 16 2019)
Predictions from executives at identity companies

Insights about the first five years of Right to Be Forgotten requests at Google (Elie Bursztein, Dec 13 2019)
The “Right to be Forgotten” (RTBF) is a landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information uncovered by queries containing the name of the requester. What makes this ruling unique and challenging is that it requires search engines, when contemplating the requested delisting of URLs, to decide whether an individual’s right to privacy outweighs the public’s right to access lawful information.

Amazon Conference Badges Tracked Attendees’ Movements (VICE, Dec 19 2019)
AWS said the data was anonymous and to help understand attendance at certain events.

Share today’s post on Twitter Facebook LinkedIn

Trump administration scooping up Americans’ data in effort to track undocumented immigrants, ACLU says (Washington Post, Dec 12 2019)
Immigration and border agents may be scooping up cellphone information from thousands of innocent U.S. citizens in their effort to track a few people who’ve crossed the border illegally — using invasive surveillance tools that were originally developed to protect military operations.

Weak account checks earn company $10.5 million privacy fine (Naked Security – Sophos, Dec 13 2019)
The telecomms company violates the EU’s GDPR by allegedly failing to fully authenticate people phoning up to access their accounts.

Airport Facial Recognition System Fooled (Infosecurity Magazine, Dec 13 2019)
Payment and airport facial recognition systems tricked by photos and masks

Get in line! 38,000 students and staff forced to queue for new passwords (Naked Security – Sophos, Dec 19 2019)
It’s not a bread line, and it’s not a line to see Santa – it’s an analog response to a nasty cyber attack.

SEC Charges Man With $42 Million Crypto Fraud Scheme (Infosecurity Magazine, Dec 13 2019)
Shopin raised millions in alleged fake ICO

New account fraud has more than doubled since 2014 (Help Net Security, Dec 16 2019)
New account fraud increased 27.8% worldwide YTD in 2019, compared to full-year 2018 results, and more than 100% compared to 2014 levels, Jumio reveals.

Mastercard tests new digital identity service (Help Net Security, Dec 15 2019)
Mastercard marked the first tests of a new digital service that has the potential to verify a person’s identity immediately, safely and securely in both the digital and the physical world. The initial in-market pilot will take place in Australia through two separate efforts with Australia Post and Deakin University.

Fake Payment Page Tricks Rooster Teeth Customers (Infosecurity Magazine, Dec 16 2019)
Another e-com site is hit by digital skimming/phishing raid

Data Leak Exposes One Million Web Browsing Records (Infosecurity Magazine, Dec 17 2019)
South African web filtering product is the culprit

Hackers steal data for 15 million patients, then sell it back to lab that lost it (Ars Technica, Dec 18 2019)
LifeLabs said it negotiated with hackers after they demanded a ransom.

Privacy Requirements & Penalties Grow, Causing Firms to Struggle (Dark Reading, Dec 19 2019)
Between Europe’s and California’s privacy laws, companies have a complex landscape to navigate in 2020. Even data-mature industries, such as financial services, see problems ahead.

5 Pieces of GDPR Advice for Teams Without Privacy Compliance Staff (Dark Reading, Dec 18 2019)
Are you an army of one tasked with compliance and data privacy? Try these tips to get you and your organization in alignment with regulators.

Siemens Contractor Jailed for Planting Logic Bombs (Infosecurity Magazine, Dec 18 2019)
Contractor who sabotaged computer programs to get himself re-hired to fix them is jailed

Doxed credit card data has two hours max before it’s nabbed (Naked Security – Sophos, Dec 18 2019)
That’s pretty slow for thieves’ bots & scripts to grab it and test it, said a researcher who posted his card online.

Consumer data privacy regulation at the federal level: An opportunity for MSPs? (SC Magazine, Dec 19 2019)
Lobbyists at the Information Technology Industry Council, a Google-backed think tank, quickly went to work drafting proposals for a federal law that would supersede the stringent California bill.