controlgap.com | CG Blogger (5)

Posts by:

CG Blogger

[in]security

This Week's [in]Security - Issue 268

May 22, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: e-com skimmers. New breaches: Malaysia. Kubernetes, TrustStamp. New Ransomware: Countries, Nikkei. Major outages. Follow-ups & Fall-out. Privacy: You for sale, ID.me. Laws & Regs - Canada: Huawei ban, C-11. US: CFAA abuse, AML settlement. World: cybersecurity reporting, platform liability, Standards: NIST 800-140C/D. Defense - Training & events: Tools: Supply chain framework, Browser password vaults. Vulnerabilities - Advisories: Initial access, CISA Vmware & A/D. Zerodays: what APTs know, Mac, iOS. Patching: partial protection, NVIDIA. Other: Spies in the workforce, e-voting, OAuth, SQL persistence, WordPress, Russian CA? Vulnerability research: Bluetooth relay attack, Tesla. Crypto-research: Post-quantum, Telegram. Cybercrime: MSP attacks. FaceStealer, MSSQL brute force, chatbots, exotic languages. Crime & Enforcement, Nation States & mercenaries. Other Risks: Cyber-insurance, Facebook e-com, CitizenLab on Bing. Health, Safety, & Environment. Disinformation, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

[in]security

This Week's [in]Security - Issue 267

May 15, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI SSF related errata, SSF & NIST. virtual cards on android. New breaches: US Law enforcement, VPNs, Yik Yak. New Ransomware: Conti & REvil, Oregon, AGRO, pay and pay again. Follow-ups: Capital One, Colonial Pipeline, HIBP updates. Privacy: web-key-loggers, ICE. Laws & Regs - Canada: C-11. US: breach reporting, warrants, cybercrime bill. World: crypto-wars, suing cybercriminals. Defense - Cybergames, software recalls, critical open source, MFA adoption, partnerships. Vulnerabilities - Advisories: F5 Big-IP. Patching: Intel, Firewalls, multiple Windows, printers, Other: NPM hijack, supply chains, Log4ever, medical devices. Vulnerability research: Word & PDF scripts, Intel & AMD, SQL WAF bypass. Crypto-research. Cybercrime - Active: NPM, WordPress, Linux, SMS, Exchanage, Discord; Crime & Enforcement: wanted, disgruntled. Nation States and mercenaries. Other Risks, Health, Safety, Environment, Economy. AI. Russia v. Ukraine. Innovation and more.

CG Blogger

MFA, Ransomware, NIST, payments, [in]security, Cybercrime, Crypto, Ukraine, Russia, Laws and regulations

This Week's [in]Security - Issue 266

May 8, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Skimmers. Payments: New breaches: Anonymous, DeFi, Ikea. New Ransomware, Major outages, Follow-ups & Fall-out. Privacy: Health Canada, Facial recognition. Laws & Regs - Canada: Copyright. US: ISPs, Insurance. World: India. Standards: NIST, definitions. Defense - Training & events: space-cybersecurity. Password day. Kill-switch. Tools: MFA. Vulnerabilities, Advisories: Patching: F5, Cisco. Other: mental health apps, AV bugs, uClibc IoT, DNS poisoning, No MFA? Vulnerability research: Zero-Knowledge. Crypto-research: Quantum crypto. Cybercrime: Trends: Event log malware, Doh! Crime & Enforcement: BEC impact. Nation States and mercenaries. false-flags, sanctions, Spain & Pegasus, China. espionage, Other. Other Risks: General: Airtags, deepfakes, web3. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. NATO. Quantum computing, Innovation and more.

CG Blogger

pci, Credit cards

Control Gap Blog - 12 Tips To Avoid Credit Card Data Breaches

May 6, 2022 12:00:00 AM

PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data

Traditionally, ill-intentioned criminals have targeted banking institutions to reap financial gain....

CG Blogger

NIST, TLS, [in]security, FAFSA, SAQ V4.0, Coca-Cola

This Week's [in]Security - Issue 265 | insecurity | Control Gap

May 1, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: SAQV4. Skimmers. Payments: New breaches: More GitHub, Coca-Cola. New Ransomware: trends, costs, BlackCat, Black Basta. Major outages: Record DDoS, fiber cable attacks. Follow-ups & Fall-out: 300K dbs, Smile, Aimware, fines, Blackbaud. Privacy: doxxing & right to be forgotten, warrantless searches, FAFSA (student aid) & Facebook. Laws & Regs - Canada: copyright, online harms, border rules. US: Fake EDRs, Patents, FOSTA, Drones. World: Open Internet, EU/India tech pact, EFF to the EU. Standards: security.txt, NIST OT & 5G. Defense - APIs, Google Docs. Tools: OpenSSF & malware packages. Vulnerabilities, Advisories: CISA. Zerodays: on the rise. Patching: Azure PostgreSQL. Other: CVE-like scores for Cloud, NPM, Nimbuspwn, NAS, Netatalk. Vulnerability research: Bug bounties, VirusTotal as vector. Crypto-research: PQC & agility. Cybercrime: Trends: Smishing, Malicious Tor, Onyx wiper, Bumblebee, Magniber. Crime & Enforcement: Child ID theft, Interpol. Sandworm, NFT theft, Nation States and mercenaries. China vs Russia, Journalists. Other. Playstore. Other Risks: General: Cloud, Bulletproof TLS, AI weirdness, Free speech, decoupling China. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

[in]security, Crypto, privacy, HSM, DMCA

This Week's [in]Security - Issue 264 | insecurity | Control Gap

Apr 24, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: PTS POIv6.1, HSMv2 sunset, DSSv4 related: e-commerce, customizable. Skimmers. Payments: breach penalties. New breaches: Okta update, T-mobile, Russia. New Ransomware: Farms, decryptors, Emotet, Conti, Blackcat, Revil, Costa Rica, Kansas City. Follow-ups & Fall-out. Privacy: Reject All Cookies, AMP, iOS apps, Clearview. Laws & Regs - Canada: Harms, Lobbying. US: Scraping, Arbitration, DMCA abuse. World: EU tech, Turkey. Standards: Cloud, Containers, 3 drafts. Defense - Training & events: PCI Symposium, Forensics. CyberDefense, SMBv1. Routing, Tools: testing, pw spraying, twitter, bots. Vulnerabilities, Advisories: Zerodays: Record exploitation, RainLoop. Patching: Oracle. Cisco, Lenovo, Jira, Drupal. Other: Critical Infrastructure, ICS, Hack DHS, Snort, Android, WordPress, Low-Code, Vulnerability research: ML backdoors, intimidation? Crypto-research: Java crypto implementation flaw, PQC, GDPR. Cybercrime: Trends: exploits & supply chains, HR. Crime & Enforcement: crypto heist. Nation States and mercenaries. DoD, NSO/Pegasus, Korea. Other. Other Risks: General: DoH, Open Source, Call recorders, NetFlix. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

[in]security, breaches, McDonalds, github, Zenga, NFT

This Week's [in]Security - Issue 263 | insecurity | Control Gap

Apr 17, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI related: New breaches: disclosures, source code, Queen's University, McDonalds. New Ransomware: persistence, Zenga, Snap-On Tools, Nordex. Follow-ups & Fall-out: GitHub oauth, T-Mobile, Rideau Hall, hospital lawsuits. Privacy: Webex, De-anonymizing Bitcoin, Data brokers. Laws & Regs - Canada: Harms, Online News. US: Facial Recognition. Defense - Training & events: PCI, IEEE, NICE. FSP, Certs. Tools: SLSA, Autopatch, Purple. Vulnerabilities, Advisories: CISA. Zerodays: Microsoft, Nginx. Patching: Chrome, Vmware, Cisco, Windows, Struts. Other: 80%, ICS, Cloud, NFT. Vulnerability research: FrozenHeart/Zero Knowledge, Hospital bots. Crypto-research: QIST & quantum attacks. Cybercrime: Trends: payment apps, customer support, fake jobs, botnets, text scams. Crime & Enforcement: Ottawa, RaidForums, unethical. Nation States and mercenaries. Other. Other Risks: General: Trusting AI, Governance, Self-drive & cops, Snake -oil. Health, Safety, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

[in]security, Magecart, Microsoft, Mailchimp, Whatsapp, Hydra, Lambda, Spring4Shell

This Week's [in]Security - Issue 262 | insecurity | Control Gap

Apr 10, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI related: PCI vs Magecart, Skimmers. Payments, Visa. New breaches: Yandex, MailChimp, Block, Parker-Hannifin, CashMama, Sask: SLGA, Medical. New Ransomware: Finland, The Works. Major outages, Atlassian. Follow-ups & Fall-out: Shopify, FIN7, Travelio. Privacy: Google, EU facial, NFTs. Laws & Regs - Canada: Cross-border CLOUD, Online News Act, Copyright. US: Anti-trust, Cyberpolicy, Indiana. World: UK, Palestine, Singapore, China. Standards: Blockchain, Patching. Defense: Training & events, Pre-emption, Medical devices, End-to-end, GitHub secrets & supply chain, fuzzing, Chrome, Microsoft, Pi. Vulnerabilities, Advisories. Zerodays. Patching: Vmware, GitLab, Zyxel, Android, Apple unpatched. Other: Linux, Spring4Shell, Wyze, WatchGuard. Vulnerability research: ICS. Crypto-research: GPRS, PQC. Cybercrime: Trends: Groups, WhatsApp, Lambda, Self-Spam. Crime & Enforcement: Hydra, Cyclops, gift cards, spies. Nation States and mercenaries: China, Hamas. Other: Wordpress, QR, Adobe. Other Risks: General: Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

[in]security, Crypto, Bill C11, Ronin, NPM Poisioning, Solarwinds

This Week's [in]Security - Issue 261 | insecurity | Control Gap

Apr 3, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI DSSv4 is live, Payments, New breaches: Ronin crypto, Globant, Lapsu$, Forged warrants, New Ransomware: Newfoundland, Conti. Major outages, DDoS. Follow-ups & Fall-out: Solarwinds, Royal Enfield. Atento, Privacy: Mystery Tracker, Never review patients! Laws & Regs - Canada: Online harms, Bill C-11. US: Facial recognition, Pro Codes Act, California. World: EU vs. Apple, crypto and. the other crypto. Standards: Hijacking standards. Defense: Chrome, Privid, IP reputation? Vulnerabilities, Zerodays: Chrome, Java Spring. Other: alerts, Pear PHP, 2FA bypass, GitLab, Defender IoT, Zlib, PLCs, Sandbox escape, Honda. Patching: CISA, Chrome, Edge, Sophos. Crypto-research: Proof-of-Stake. Cybercrime: Trends: Canada, NPM poisoning, Exchange. Nation States and mercenaries: FinFisher, Russia, China. Crime & Enforcement: identities, FBI, call centers. Other Risks: facebook, life-cycles, splinernet, spamming thyself. Disinformation, Health, Safety & Environment. 1 man 90 Jabs! Russia v. Ukraine. Quantum hype. Innovation and more.

CG Blogger

payments, [in]security, Cybercrime, pci, breaches, github, DCMA, deadbolt

This Week's [in]Security - Issue 260 | insecurity | Control Gap

Mar 27, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: DSSv4 update, Training & events: Quantum Cybersecurity. New breaches: Okta & Microsoft, Hubspot, Morgan Stanley, Argentina's Senate, Nestle? New Ransomware: Conti decryptor & source, performance cook-off, Bridgestone & Toyota, NRC, Deadbolt, No honour … Major outages: GitHub. Privacy: Data brokers, Ads, stalking, proctoring, Amazon, oops. Laws & Regs - Canada: Oversight, M&A. US: Kaspersky & Chinese Telcos. Digital licenses, DCMA abuse. World: US/EU Data, app store. Standards: NIST ciphers. Defense: Tech alone isn't the answer, software pipelines, RNG, social media, AI bias, Finland. Vulnerabilities, Zerodays: Chrome. Other: CISA alerts. Sophos, printers, Delta Energy Mgmt, libsox, Honda Civics. Patching: Firmware, Carbon Black, MyCloud NAS, MS Bluetooth. Crypto-research: e-voting. Cybercrime: Trends: Browser-in-browser, Azure/NPM, Protestware. Nation States and mercenaries: Russia, China. Crime & Enforcement: theft & fraud, charges, arrests, sentencing, DNA. Other Risks: The un-apped, National Security, photo-radar, Disinformation, Health, Safety & Environment. Russia v. Ukraine. Innovation and more. Qubits.

CG Blogger