controlgap.com

The Log4Jshell vulnerability has sparked an Internet firestorm and may potentially be one of the most devastating bugs in years. But why? Log4shell is a zero-day, supply chain, remote code execution vulnerability that is amongst the most widely used components in use today. Vulnerable components are difficult to trace as Log4j2 has seen industry wide adoption across the entire technology stack. And many threat actors are actively exploiting it.

Welcome to This Week’s [in]Security. Log4J/Log4shell! PCI and payments: PCI updates: PIN, SSF. Non-Compliance Lesson No.3. Magecart, Supply-Chain Backdoors: New breaches: Kafka. Volvo. New Ransomware: Follow-the-money, Cybercommand, Utilities, Healthcare, SPAR stores. Major outages: Amazon. Follow-ups & Fall-out. Privacy: Tor, surveillance capitalism, facial recognition. Alexa can you keep a secret? Laws & Regs - Canada: website blocking, JusTech. US: Copyright takedowns. World: Espionage tools, Botnet lawsuit, Assange. Cybercriminal Court? Standards: Cyber-resilience. testing. IPv6 transition. Defense: Cyber & the board, AI, Smishing, pirates. Vulnerabilities, Zerodays. Other Vulnerabilities: HTTP-no- S, Home grown, Chrome, Win/URI, WD SanDisk, SonicWall, MikroTik, Bluetooth, factoring. Cybercrime: Trends, Phising. WordPress, npm. Moobot. Nation States. Crime & Enforcement. Other Risks: AWS, Quantum, BurnOut, Tor, Kids, Cryptominers, AirTag abuse. Health, Safety & Environment. CO2 capture, batteries, nukes. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Compliance. And more.

Welcome to This Week’s [in]Security. PCI and payments: Participating brands FAQ, and 8 updates. Magecart/skimmers, Brazil, Square. New breaches: Panasonic, Planned Parenthood. New Ransomware: Critical Infrastructure, Rideau Hall. Major outages, Follow-ups & Fall-out: Gravatar HIPB. Privacy: De-anonymization. Laws & Regs - Canada: health data, Huawei. US: FBI access, TSA, SEC, Biometrics. World: Product Security, Algorithm Transparency. Standards: NIST IoT, CISA mobile. Defense: Spam calls, AI understanding, Facial fuzz, attack maps, DRP, Old tech, Faraday cages. Vulnerabilities, Zerodays: Windows. Other Vulnerabilities: Printers, Routers, NSS Crypto, XS-Leaks, Passwords, zoom, Azure Sphere, Cloud Honeypot, CISA Hitachi & Zoho, Verizon. Cryptography HKDFs, PQC signatures & performance, Quantum Computing. Cybercrime: Trends, NABs, Trojans, AT&T, WRITE, Excel Addins. Nation States: diplomats, air-gaps, fake recruiters. Crime & Enforcement. Other Risks: Cyber-insurance exclusions, long game, China, misinformation, Meta/FB, amplification, shopping bots, Edge, Food, Hype? Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; And more.

Welcome to This Week’s [in]Security. PCI and payments: magecart, old school jackpot, processors, transit. Big-Hacks: 1M GoDaddy WordPress sites including SSL keys and credentials. New breaches: PNB, Millennium Bank, UHC, lessons learned. New Ransomware: Conti counterhack, IKEA, Vesta Turbines. Privacy: android settings. Laws & Regs - Canada: Misinformation vs. Freedom of Expression, Wills & social media. US: export ban, CISOs, federal privacy, Cryptocurrency, Apple vs. NSO. World: Israel Spy tech ban, UK default passwords, Aus limits anonymity. Standards: NIST Drafts, ICS/IOT defense. Defense: Webinars, Webinars. Cyber labeling, Metrics, Fake Apps, Trust Chains. Vulnerabilities, Zerodays: Windows Installer, Windows 10, Exchange. Other Vulnerabilities: Magento, BGP-IRR, Bad passwords, fingerprint bypass, medical devices, ICS Wi-Fi, passwordless Wi-Fi, open VPN, Virtual Box, Printjacking. Cybercrime: Trends, Infrastructure, Biomanufacturing, phone scams, CronRAT, email reply hijacking, JSWinRAT, Media-Tek DSP. Nation States: Crime: Interpol, Ukraine, holiday scams, and Ontario COVID arrest, flash mobs, RentAHitman? Other Risks: Facebook/Meta, unreal-estate, The Great Firewall, due diligence, quantum computing, Clearview AI, shipping, terminology, who me? Health, Safety & Environment. twindemic, plague, human error, exploding turkeys, insurance. flooding, Covid-19: Spread, Curves, Waves, and Variants; Omicron; Response; Treatments; Immunity; Learned; Impact; Covid Compliance. And more.

Welcome to This Week’s [in]Security. PCI and payments: Magecart, Jackpot. New breaches: IAB's, Indian Securities Depository, Stripchat, RobinHood, RedDoorz, IDC, Ducks Unlimited, GitHub/Firefox-Linux. New Ransomware, holidays, trends, analysis, response. Major outages: Google, Tesla. Follow-ups & Fall-out: FBI emails. Privacy: CitzenLab reports, Amazon, phones, Microsoft(?) Camera detectors. Laws & Regs - Canada: C-10. digital IDs. US: attack reporting, hack-back, NSO, Right to repair, Ohio v. FaceBook. World: No-Hack pact, UK Cloud providers, lawsuits. Standards: Patch Management, password rules. Defense: Cell-spam, smartphones, Duck-Duck, SugarCoat, Deepfakes, rookies, misconfigurations. Vulnerabilities, Zerodays: FatPipe, Windows. Mac. Other Vulnerabilities: Canadian passwords, Chips & firmware, ICS, IoT, GitHub/NPM, Azure AD, Chrome, Windows, Apple patch lag, LibreCAD, Blacksmith/Rowhammer, ETW attack, TOR fingerprints. Cybercrime: Trends, Nation States: Belarus, Iran, North Korea. Crime: crypto-klepto, mixers, Revil, election hacking. Other Risks: Quantum update, supply chains, dystopia & harassment, insiders, Chatbots, NFTs. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; Covid Ugly; And more.