controlgap.com

Posts by:

CG Blogger

ecommerce, payments, PCI 4.0, SAQ V4.0

PCI Compliance V4.0: Is your Business Ready?

Control Gap's Robert Spivak had a follow up session with David Goodale from www.merchant-accounts.ca to talk about some of the major impacts that PCI 4.0 will have on ecommerce merchants. David posed many good questions during the open discussion, that his viewers and merchants are curious about when they need to not only be PCI compliant, but how to achieve compliance with PCI DSS 4.0. 

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 297

Welcome to This Week’s [in]Security. PCI: PTSv4 extension, DSSv4, Secure Software v1.2. Surcharge backlash. Gift card fraud. Fake products. New breaches, New Ransomware, Downs. Privacy: Policy implications, Apple photos, DHS & Tech. Laws & Regs - Canada, US, World. Fines, Enforcements & Lawsuits. Standards: NIST hashes & IoT. Emerging - AI: ChatGPT & NSFW Images, Cryptography. Defense - Resources, Tools & Techniques, memory-safe languages. Vulnerabilities - Advisories, Significant: Roundup, Cisco, Fortinet. WAFs. Eufy Cams, Botnet karma. Research: abusing AV & EDR, decoupling privacy, air-gaps, Pwn2Own. Cybercrime - active campaigns, Power grid, Android app signing keys, crimes & enforcement. Bad-Actors. Risks, bad software, passwords, disinformation, health, safety, environment, economy, FTX. Russia v. Ukraine. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 296

Welcome to This Week’s [in]Security. Payment fraud. New breaches: Multiple Android Vendor Code Signing Keys, Amazon RDS, GoTo, more on WhatsApp, Twitter, & LastPass. New Ransomware: Wipers, Paying out. Downs. Privacy: border surveillance, repairs. Laws & Regs - Canada, US, World, Fines, Enforcements & Lawsuits: MD5 fine. UK & Mastercard, Standards. BYOD. Emerging: AI, Cryptography, Quantum. Defense - Tools & Techniques. Vulnerabilities - Advisories: Hive hit by irresponsible disclosure, Research: Cybercrime - active campaigns, crimes & enforcement, Bad-Actors: Heliconia. Other Risks, Bring Your Own Key, Consumer behaviour, Spreadsheets, Complexity, Twitter alternatives. Disinformation, Health, Safety, Environment, Economy, More FTX/Crypto. Russia v. Ukraine. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 295

Welcome to This Week’s [in]Security. PCI related: FAQs. New breaches: What'sApp (500M), Twitter (5M), AirAsia (5M), Sask (SLGA). New Ransomware: OSSTF. Privacy: Repair snooping, Tax sites, iCloud, Redaction? Laws & Regs - Canada, US: FTC, DoJ. World: UK, India. Fines, Enforcements & Lawsuits. Standards. AI. Cryptography. Defense - Decryptors, Domains, Due diligence, Tools & Techniques. Vulnerabilities - Roundup, Chrome, Windows, AWS, Cybercrime - active campaigns, crimes & enforcement. Bad-Actors. Other Risks, Health, Safety, Environment, Economy, FTX/Crypto. Russia v. Ukraine. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 294

Welcome to This Week’s [in]Security. PCI Mobile Payments, FAQs, Training, Magecart & fraud. More on the FTX and Twitter metldowns. New breaches: Woosh, Thales. New Ransomware: Vanuatu, Ontario EMS. Downs, Privacy: Spyware, Surveillance, Siri. Laws & Regs - Canada: C-11&18, Blocking online news. US: KOSA, Google, Autopilot. World: Digital Red Cross, Hack-back, Crypto AML. Standards: NIST on CVSS, Networks, Trustworthy Secure Systems, and three drafts, leap second. Defense - Resources. Tools & Techniques. Vulnerabilities - Patching: Windows, BitBucket. Significant: Roundup, PunyCode, SMS 2FA, F5. Also: Bulletproof TLS, infrastructure. Cybercrime - active campaigns, MFA-fatigue, crime & enforcement, nation states and mercenaries. Other Risks, Mastodon, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation: Quantum, AI. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 293

Welcome to This Week’s [in]Security. So long PCI PA-DSS. Twitter turmoil. New breaches: TransUnion, Deutsche Bank, Thales, Medibank, Continental. New Ransomware: Sobeys, Mexico Transportation. Outages: Telus. Privacy: World Cup, COVID tracing, NSA. Laws & Regs - Canada: Online News. US: Privacy lacking, Filters, Scraping, Copyright. Standards: FIPS&NIST. Defense - Tools & Techniques: Sigstor, CIS, Passwordless. Vulnerabilities - Patching: strategy, SSVC tool, MS, Citrix, Android. Significant: Roundup, Citrix, Petro-ICS. Also: Memory-safe programming, Clear Wi-Fi, Lenovo. Research: MFA-bypass. Cryptography. Cybercrime - active campaigns, crimes & enforcement, FTX/Crypto melt-down, nation states and mercenaries. Other Risks - Elections, Root Certs, Cyber-insurance, Wi-Fi imaging, Paper, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation, and more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 292

Welcome to This Week’s [in]Security. P2PE & PIN updates. New breaches: DropBox, Amazon, AstraZeneca, MediBank, Continental. New Ransomware: Costs, Trains, Telescopes. Major outages: Sobeys, WestJet. Follow-ups. Privacy: Surveillance risk, TikTok, CCTV. Laws & Regs - Canada: Online News. US: web scraping, World: Ransomware, India. Standards: Defense - Resources. MFA fatigue & phishing-resistance, IoT labeling, supply chain. Tools & Techniques. Scanning the UK, M&A, hacking tool. Vulnerabilities - Advisories: ICS. Zeroday: trends. Patching: Cisco, Chrome, Azure Cosmos, Apple. Significant: Roundup, Splunk. GitHub, Also: OpenSSL, SmartLock picking. Research. Cybercrime - Active campaigns, mal-news, PyPI, Crimes & enforcement. Nation states and mercenaries. Other Risks - cables, Twitter. AI: Open-Source laundering, Deepfakes, Turing. Disinformation: Amplification. Health, Safety, Environment, Tech layoffs. Russia v. Ukraine. Innovations and some Remembrance Day links.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 291

Welcome to This Week’s [in]Security.PCI updates P2PE program, See Tickets 2+ year card breach. Canada - Cashless & Surcharge backlash. New breaches: Amazon, Bed Bath & Beyond, Twillo. New Ransomware: NY Post, Poland & Slovakia. DDoS, Follow-ups. Privacy: age verification, smart toys. Laws & Regs - Canada: Cyber-law, Online News. US: PA breach notifications. World: Australia, India. Defense - Newsletters. Tools & Techniques: Bucket Scanner, Microsoft, PayPal. Vulnerabilities - Advisories: CISA. Patching: Chrome, AnyConnect. Significant: Roundup, VMware, Open SSL. Research & cryptography: Randomness, RC4. Cybercrime - active campaigns, crimes & enforcement, nation states and mercenaries. Other Risks - Child ID fraud, Cloud TCO. Health, Safety, Environment, Russia v. Ukraine. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 290

Welcome to This Week’s [in]Security. PCI FAQs, skimming impact, surcharge backlash. New breaches: Microsoft, Web trackers. New Ransomware. Major outages: GPS, Telus mobile. Sabotaged cables? Follow-ups. Privacy: TikTok, Neighbours, Equifax. Laws & Regs - Canada: Cybersecurity law failures, Online news. US: CFPB and Junk Data, IoT labelling, AI & patents. World: Australia boosts breach fines. Standards: Caliptra, NIST drafts & updates. Defense - Resources, Supply chains, Tools & Techniques. Gadgets & Coconuts, A secure OS for IoT. Vulnerabilities - Advisories: Linux Kernel, ICS. Patching, Mark-of-the-web, Win-TLS, Significant: Roundup, Zimbra. Research & Cryptography: Alt GPS. Cybercrime - active campaigns, passwords matter, undetectable, Text4Shell, fake employees. Crimes & enforcement: SIM swaps, keyless cars, nation states and mercenaries. Other Risks - Museum Security, Snake Oil, Scanners. AI: Adversarial ML, Hype, Creativity. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 289

Welcome to This Week’s [in]Security. PCI FAQs, credit card surcharges. New breaches: Intel BIOS, Toyota, Woolworths, secret agents. New Ransomware: decryptors, Tata power. DDoS. Follow-ups. Privacy: Amazon's spy-house, deanonymization, Incognito Mode, Laws & Regs - Canada: workplace monitoring. US: Geofencing, Regulating DAO's. World: Data Sovereignty, Swiss AML, India. Defense - reports, tools & techniques. Vulnerabilities - Zerodays, Patching, Significant: Roundup, Fortinet, drivers. Research & cryptography: Office encryption, quantum tech & obstacles. Cybercrime - active campaigns, crimes & enforcement, nation states and mercenaries. Other Risks - Wi-Fi spy drones, digital license plates. AI: breakthroughs, bias, creativity, metaverses failing. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation, and more.

This week's Dali-esque image of a drone survielling an office building was generated by DALL-E 2.

CG Blogger
Read More