controlgap.com

Posts by:

CG Blogger

COVID-19, IoT, NIST, [in]security, Bill S-210, Bill C11

This Week's [in]Security - Issue 212 | insecurity | Control Gap

Welcome to This Week’s [in]Security. P2PE Solution Aid. More on 8-digit BINs. Supply-Chain Backdoors: CodeCov, Passwordstate, Solarwinds. New breaches: Facebook, Apple(?), ClearVoice. New Ransomware: Follow-ups & Fall-out: Privacy. Normalizing breaches. Floc Adverse. Laws & Regs: Canada: Bills C-10 & 11, regulating apps. US. UK, EU, HK. NIST iOT & ICS. CISv8. Defense: More Nation-State Patching, Moxie vs Cellebrite, Death to IoT, Passwordless, Mario and DevSecOps!? Vulnerabilities: Pulse, Chrome, SonicWall ZeroDays, Supply-chains, CyberGames, Clubhouse, Air-Drop, Docker Images, QNAP, Tesla. Updatable Encryption. Breaking Enigma. Cybercrime: Trends: TLS, QR, Sextortion, Ads, 7-Zip, ToxicEye, Pink, Fake DirectX12. Nation States. Crypto-skimming. Crime. Other Risks: Unethical patching, Social Media, Chips, Deepfake geography, Bounties, Resets, No bars! Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Covid Ugly. Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, [in]security, BYOD, cryptography

This Week's [in]Security - Issue 211 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI 3DS Updates. New breaches: ParkMobile, Codecov, Upstox, ClubHouse. New Ransomware: Follow-ups & Fall-out: Facebook. Breach spin and Greed. Privacy. Laws & Regs: Class Actions, Breach Notification, LEA requests. BYOD. IOT. Defense: Anti-Caller ID Spoofing, Rockets, Code, Coders, Free Course, Cyber Careers, Power Grid, FLoC off, OSCAL. Vulnerabilities: Browser ZeroDays, Faster Bug Disclosure, DNS, NAME:WRECKIoT, Un-awareness, Dependencies, Pwn2Own, Kubernetes, Juniper, Zoom, Crypto. Cybercrime: FBI Patching. Trends. Nation States. Crime. Other Risks. Child Abuse Images. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More
COVID-19, Ransomware, NIST, [in]security, Skimmers, zeroday

This Week's [in]Security - Issue 210 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI 3DS, New e-skimmers, Card breaches. EU's SCA. Big-Hacks: Facebook, Linkedin. New breaches: Clubhouse, Q Link Wireless. New Ransomware. Follow-ups & Fall-out. Privacy: Big Brother? Xcinex Venue. Laws & Regs: Bans, Breach law, Facial recognition, NIST & Hippa. Defense: Tools, Simplification, Resilience. Vulnerabilities: Cisco zeroday, Pwn2Own, SAP, Zoom, Carbon Black, Domain Time II, Moodle, medical devices, 802.11bf sensing. Cybercrime: Trends. Gigaset, Nation States. Cyber-war? Other Risks. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 209 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Big-Hacks: Exchange, SolarWinds, Ubiquiti. New breaches: Facebook, MobiKwik. New Ransomware: Molson Coors, Home Hardware. Follow-ups & Fall-out: 1000 Year Breach, Refunds? Privacy. Laws & Regs: web analytics, autodialers, backdooring Facebook. NIST Hospitality. Defense: Webinars. Girls and STEM. SSL and old TLS. CoinHive. Application Security. Vulnerabilities: QNAP ZeroDay, Firmware, WordPress, ICS, PHP/GitHub, Containers, Spectre. Cryptography: Homomorphic, Lightweight, and Post-Quantum. Cybercrime Trends: Bypassing Facial, Nation States. Crime: Utility Hack, Tatoos,. Lego? Other Risks: Facial Bias, Domains, Amber Alerts, Nuke Tweet, Shipping. Health, Safety & Environment: mRNA & saRNA. The problems with NFTs. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, Solarwinds

This Week's [in]Security - Issue 208 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI Updates: PTS FAQ, PIN 3.1, QSA Program. Big-Hacks: Exchange, SolarWinds, F5, Accellion. New breaches: New Ransomware: Follow-ups & Fall-out: Amazon sued. Privacy: Facial Recognition. Laws & Regs: Facebook sued, Section 230, Breach Disclosures, Location Tracking Guidelines, NIST. Defense: Isolate IoT, Tools, Browsers. Vulnerabilities: Android, iOS ZeroDay, Apple iOS. ColdFusion, NetMask code, Android, Wordpress. Arresting the messenger? Cybercrime: Trends. Account Takeovers. Other Risks: Disinformation, IoT Weapons, PII a Risk, Autopilot, Grid, Shipping, More NFTs, Win95, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Immunity, Vaccines, and Vaccination. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More
COVID-19, [in]security, FPE, Magecart, Solarwinds

This Week's [in]Security - Issue 207 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Magecart exfiltration. More FPE Weakness. Big-Hacks: Exchange Hack. F5 Attacks. SolarWinds. New breaches: WeLeakInfo. New Ransomware. Acer. Ransomware cost. Big Brother UK. Find My Device. Privacy Theatre. Background Checking Your Date. Internet Blocking. Apple & Russia. Interrupts. Ransomware protection. DevSECops. SMS Hijacking. Power Grid. Pickle Files. File Nesting. Spectre POC. Fiserv. ZeroDays. Trends. Worms. Nation States. Hacking Spree. Telcos. Crime. FBI Crime Report. Camera Arrest. DarkWeb. Smart Doorbell Risk. H2O. Voting Machines. Insider Risk. Infrastructure and Platform Risk. Illegal Blockchain. Big Microsoft Outage. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. Impact. Immunity, Vaccines, and Vaccination. And more.

CG Blogger
Read More
COVID-19, [in]security, pin, Solarwinds

This Week's [in]Security - Issue 206 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI Updates. PIN v3.1. PIN Block Format 4 Deprecated. Exchange server mass-exploitation. Big F5 has big CVE's. SolarWinds & Accellion. New breaches: More CRA account problems. Walmart. Massive Security Camera Breach. GitHub. Bad Blockchain. Healthcare. New Ransomware. Followups & Fall-out. No Undo! DarkNetWorth. Crypto-wars. Fuzzing. Zero-days. ZeroDays. GitGate!? Redaction Failure. IoT: Smartmeters. SAP. Research. New CSS tracking side- channel attack. Trends. SolarWinds. Nation States. Crime. AI. The EFF Follies. LastPass. Non-fungible tokens. Hackers. Disinformation. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 205 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Big-Hacks. Microsoft-Exchange, SolarWinds, Accellion, CyberCriminal Forums. New breaches: New Ransomware. CNAME Trackers. Contact Tracing. Apple. FLoC. FACTA and Canada. Supply-chain due diligence. Skills Audits. Brave Search. Secure Coding. Chrome. GenuGate. Android RCE. Intel. Saltstack. More Spectre. Wordpress. Voting Machines. Research. RSA. Quantum and Hashing. letterlocking. Trends. Nation States. Crime. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. The Red & Grey Zones. Impact. Immunity, Vaccines, and Vaccination. Disinformation. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 204 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI Updates: DSSv4. SLC. FAQ. Visa 8-Digit BIN Mandate. Skimmers. New breaches: VPNs. Zee5. T-Mobile. Bombardier. Gab. New Ransomware. Contact Tracing. Surveillance Capitalism. Clubhouse. LastPass Trackers. SolarWinds. Facebook. NIST. Crackpot Crypto. ETERNALBLUE. Alexa. Dependency Confusion. GPS. Trends. VMWare. Nation States. Crime. Foreign Platforms. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. And more.

CG Blogger
Read More
COVID-19, NIST, [in]security, Skimmers, pin, Solarwinds

This Week's [in]Security - Issue 203 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Texas Disaster. News/Link Taxing. More SolarWinds. SLC Update. PINs vs. Passwords. Skimmers. New breaches: CRA lockout. New Ransomware. Location. Tracker Pixels. NIST. Zero-Day. Routers. OpenSSL. Big Mac Attack. Trends. Buy-to-infect. Scams & Fraud. Nation States. Arrests, etc. AI. Misinformation. CRISPR. Quantum Fail. Serial Killers. Health, Safety & Environment. H5N8. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. Disinformation. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More