controlgap.com

Welcome to This Week’s [in]Security. PCI SIGS, Union Pay, Interchange fees in Canada. New breaches: DoD. Aussies, New Ransomware: States, Lloyds. Outages, Follow-ups: Banking's bad response, disclosure notices suck. Privacy. Laws & Regs - Canada: Copyright, C-11. US: AI Bill of rights, US-EU privacy, web replay lawsuit, & covering up. World, Standards. Defense: Deepfake audio detection, Cloud, MS/LSASS. Vulnerabilities - advisories, zerodays, & patching. Significant: Microsoft's driver problem, ProxyNotShell, Browser App Mode, & in the wild. Crypto-research. Cybercrime - Trends, Crime, Nation States and mercenaries. Other Risks - Moody’s, insiders, Linkedin fakes. Health, Safety, Environment, & Economy. Russia v. Ukraine. Innovation, fat bears, and more.

Welcome to This Week’s [in]Security. PCI SAQ updates, PA-DSS retirement, Debit, Virtual cards! New breaches: CBSA, Fast Company, CIA. Ransomware, Outages, & Follow-ups. Privacy. Laws & Regs - Canada: C-11, Quebec. US: Incident reporting, CA, NY, Patent Trolls, World: Australia, DORA, Standards: TLP2.0. Events, Defensive tools & techniques. Vulnerabilities - Zerodays, Patching, Significant: App security and geography, Roundup, Exchange, WhatsApp, Sophos, BitBucket, IoT, supply chain, Research: Trojan Source Analysis. Exploitation time, Cryptography. Cybercrime - Trends: BEC, MFA fatigue, Open Source, Jobs, Domains, Hyperjacking. Crime & Enforcement, Nation States and mercenaries. Other Risks - AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation: DART. 6-qubits, and more. 

Welcome to This Week’s [in]Security. Credit Card skimming & fraud surge: Magento, Linkedin Smartlinks, Google Tags, smartphone 2fa bypass, fake subscriptions, triangulation. MFA fatigue! Hurricane Fiona. New breaches: American Airlines, PHI exposed via AI, Optus, Oracle, Revolut, Redis. New Ransomware: Lockbit, decryptor. Downs: Malwarebytes v Google, DDoS. Follow-ups: Uber, TAP, LastPass. Privacy: Border Services, Europol, Telegram, PHI apps, Data sharing research. Laws & Regs - Canada: Online News Act, ArriveCAN. US: AI & copyright. World: India & VPNs, gag orders. Standards: NIST HMAC, PQC sigs, & IoT, NSA OT/ICS. Defense - Resources. Tools & Techniques, Cross-Layer Security. Vulnerabilities - Patching fatigue. Significant: Roundup, Old Python, ManageEngine, Sophos, NPM packages, Slack & Teams. Domain Shadowing, Firing InfoSec. Research: AI prompt injection, Reflected screens, Starlink, Cryptography. Escheresque MD5 image. Crime & Enforcement. Nation States and mercenaries. Other Risks - AI, Disinformation, Health. Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. The PCI Community meeting, mobile app, training, collaboration, and updates. Uber breached again and this time its huge. FishPig/WordPress backdoor magecart skimmer. Significant vulnerabilities: Spell-Jacking, Tesla relay, and Teams. Twitter Whistleblower. Bell Canada ransomwared. Downs, Breach follow-ups. Privacy: US Customs data collection, eSIMs, Police DNA. Laws & Regs - Canada: Bill C-11 again, PIPEDA. US: China tech ban, vendor guarantees, liability. World: Tech fines. Standards. Defense - Training & events. Tools & Techniques. Zerodays, patching cloud, less open source. Crypto-research. Cybercrime - Trends, Crime & Enforcement, Nation States and mercenaries. Other Risks - Internet voting, great resignation data theft, AI, disinformation, health, safety, environment, economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI updates. New breaches: TikTok, Holiday Inn, NATO. New Ransomware, Outages, Follow-ups: HIBP. Privacy: Advertisers and searches, Where's Facebooks data? Laws & Regs - Canada: Cellular emergencies. US: Whistleblowers, FTC lawsuit, Uber. World: Germany, IoT. Standards: RNGs. Defense - Training & events. Tools & Techniques, context, fuzzing, passwords. Vulnerabilities - Advisories: Zerodays, EOL Cisco, Chrome, BackupBuddy. Patching: QNAP, Zyxel. Roundup, Shikitega, HP firmware, GIFshell, PlexTrac. Crypto-research. Cybercrime - Trends: Phishing-as-a-service, intermittent encryption. Crime & Enforcement: Nation States and mercenaries. Other Risks - data tracking and national security, transaction safety, cyber-insurance, disinformation, health, safety, environment, economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI updates: Customized Approach, PCI & IoT, PTS RFC, FAQs. Privacy: Fog Data Science location broker, drones. New breaches: Samsung, Chinese facial & license db, IRS, Vodafone, KeyBank. New Ransomware: Vmware, Montenegro. Outages: Cloudflare in Austria, Starlink. Follow-ups. Laws & Regs - Canada, US: Chip Exports, FTC Databroker lawsuit, Proctoring, online safety. World. PQC roadmap. Defense - Supply chains. Tools & Techniques. Vulnerabilities - Advisories, Zerodays: Chrome, iOS. Patching: WordPress. Significant: Roundup, Google & Apache, Krebs on Okta, TikTok. Crypto-research. Cybercrime - Active malware & scams. Crime & Enforcement: Violence as a Service. Nation States and mercenaries. Other Risks - Blockchain Domains, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI updates: Prioritized Approach. Twitter vs Mudge a whistleblower with cred. Cheap Complexity. New breaches: LastPass's codebase, Novant - Facebook trackers & PHI, Plex, Twilio fallout. New Ransomware. Follow-ups: Facebook/Cambridge, SolarWinds, DDoS payback? Privacy: Facebook, Scanning photos, in-app-browsers. Laws & Regs - Canada: ArriveCAN, US: Block, Oracle, mRNA. World: SEC & China. Defense - Training & events: DevSecOps, Hiring. Tools & Techniques. Vulnerabilities - Advisories: Palo-Alto. Significant: roundup, permanent state of cyber-war(?),Linux kernel, Atlassian, GitLab, IoT certs, RTLS, BlackHat summary, airgaps. PQC readiness. Quantum hype(?). Hyundai’s text book failure. Cybercrime - Trends: MitM/AiTM, PyPI phishing, Residential proxies. Crime & Enforcement. Nation States and mercenaries. Overbilling! Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. Updated FAQs for v4, In-app browsers, improved Rubber Duck USB attack tool! New breaches: response backfires, healthcare, Microsoft. New Ransomware: preparedness, wrong victim, dog-pile. Outages. Follow-ups. Privacy: data brokers, health apps. Laws & Regs - Canada: AI & Data Act, spyware, ArriveCan. US: ransom bans. World: Trans-Atlantic, EU ID. NIST Key Derivation, AI bias. Defense - Cybersecurity Career Awareness, OpenSSF, harder kernels, searches, exploitability, SSDs. Vulnerabilities - advisories, zerodays, patching; Significant: roundup, bootloaders, zoom, CPUs, resonance; disclosure timelines, iOS VPNs, bitlocker. Research & Crypto-research: block ciphers, more PQC. Cybercrime - SMS & Signal, cookies & MFA, browser extensions, NPM & PyPi. Crime & Enforcement. Nation States and mercenaries. Other Risks - cyber-insurance, medical photos, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI FAQs. Crypto-research: the PQC demo derby, more SIDH attacks. New breaches: Twillo, Cisco, Shanghai, ipay88, not AT&T(?), VNC, Zimbra, party poopers. New Ransomware: Finland, Bombardier. Outages: Google, MS365. Follow-ups: Twitter. Privacy: Facebook, GitHub, RCMP. Laws & Regs - Canada: Internet, ArriveCAN. US: Cyberattack reporting, AI patents. World: Big tech. NIST standards. Defense - Training & events: PQC Migration workshop, DEFCON & Blackhat. Tools & Techniques, better incident investigation, defending supply chains, Kali. Vulnerabilities - Advisories: UNRAR, broken advisories. Patching: errors, Windows data corruption, UEFI bypass. Significant: Round-up, dev pipelines. NPM and PyPl. Research: SQUIP, SGX, Starlink. Cybercrime - Trends: deepfakes, Scam-as-a-Service. Crime & Enforcement. Nation States and mercenaries. Other Risks - Cyber-insurance, critical-infrastructure, stolen algorithms. AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. NIST 4th round PQC candidate broken! GPU array achieves quantum supremacy!? PCI updates, Payment terminal portal breach, and Chargebacks. New breaches: Twitter PII & API keys, Cellebrite, Slack, QuestionPro. New Ransomware, Taiwan DDoS. Follow-ups: Capital One. Privacy: Car-surveillance, Ring, Duck-duck. Laws & Regs - US: Breach disclosure, Robocalls, Robinhood, Meta. World: India. Defense - Chess & CyberSecurity, Tools & Techniques, Attack Surfaces, Win11. Vulnerabilities - Patching: VMware, Android. Significant: Roundup, Chrome, DrayTeck. Emergency Alert System. Crypto-research. Cybercrime - Trends: GitHub & PyPi poisoning. Crime & Enforcement: Nuke sabatoge? Nation States and mercenaries. Other Risks - Cheap-Complexity, WFH, AI, Disinformation, Health, Safety, Environment, Economy. SaaS control? Russia v. Ukraine. Innovation and more.