Friday Five 5/6
Read up on how passwords may soon be a thing of the past, how your mental health data may be at risk, how business email compromise cost organizations billions in the past five years, and much more—all in this week’s Friday Five!
1. Apple, Google, and Microsoft Team Up on Passwordless Logins by Carly Page
In a rare showing of teamwork, the three tech giants came together this past Thursday to announce that they are expanding support for a password-free sign-in standard from the FIDO Alliance and the World Wide Web Consortium. The end goal of this expansion is to create a new standard for sign-in technology that is more convenient and secure for end-users. Such technology will require access to a physical device, making remote hacking more difficult, and will likely employ biometrics that are already used to unlock personal devices.
2. Mozilla Finds Mental Health Apps Fail ‘Spectacularly’ at User Security, Data Policies by Charlie Osborne
A recent Mozilla investigation into mental health and prayer apps revealed that they "routinely share data, allow weak passwords, target vulnerable users with personalized ads, and feature vague and poorly written privacy policies," according to their most recent press release. The findings, which were published in Mozilla’s most recent *Privacy Not Included Guide, included several other troubling facts, including that 25 out of 32 studied apps did not meet Mozilla’s Minimum Security Standards, that the majority of companies are largely unresponsive, and that teens may be the most vulnerable.
3. Security Turbulence in the Cloud: Survey Says… by Lisa Vaas
Read this piece to get a sneak peek into Threatpost’s most recent research on cloud security. In their report, which surveyed over 400 readers, Threatpost found that nearly a quarter of respondents had little to no confidence in their organization’s cloud security and that the largest number of respondents (27%) are most concerned about misconfigurations and data exposure. They also found that—despite organizations using a host of different technologies to protect their cloud environments—a lack of skilled staff, data visibility, and insufficient identity and access management remained the biggest challenges in securing their cloud.
4. A Security Researcher Easily Found My Passwords and More: How My Digital Footprints Left Me Surprisingly Over-exposed by Danny Palmer
In an experiment to find how much of one’s personal information is available online, author Danny Palmer had Jack Chapman, Vice President of Threat Intelligence at Egress, dig around in his digital footprint to find information that could potentially be abused. Using information tied to several past data breaches, Chapman was able to gain access to a wealth of Palmer’s personal information including his personal email address, date of birth, city, old passwords, IP address, and internet service provider. "By having more information, it allows an attacker two key advantages – first, it allows them a better understanding of your life and work. This allows them to tailor their attacks to improve their credibility and likelihood of success," says Chapman.
5. The $43 Billion Business Email Compromise Threat by Christopher Boyd
The FBI recently released a public service announcement to bring attention to the ever-present danger of business email compromise attacks. The announcement shared several concerning statistics on the matter, including:
- $43 billion vanished between June 2016 and December 2021. There were 241,206 domestic and international incidents between those two dates.
- The FBI observed a 65% increase in losses suffered between July 2019 and December 2021, which feels like a significant ramp-up.
- The overwhelming number of organizations filing victim complaints to the IC3 between October 2013 and December 2021 were based in the US.
Read the full article at Malwarebytes Labs to gain a better understanding of what business email compromise is, learn how cryptocurrency is exacerbating the threat, and find some tips to avoid these scams.