controlgap.com

Welcome to This Week’s [in]Security. PCI and payments: CHD Truncation rules, Holiday warnings, Costco skimmer, Contactless. New breaches: Indian Securities, Robinhood. New Ransomware: WordPress Plugin, MediaMarkt, Ronmor, Queensland. Major outages: DDoS, Citrix, Google, Follow-ups & Fall-out: ICS & OT incident costs, NL Health, SolarWinds, Maxim Health, TTC. Privacy: Microsoft, Meta/FaceBook, PrivacyRaven, Rollercoaster. Laws & Regs - Canada: 5G. US: Crypto sanctions. Hack-back, NSO suit. World: No-hack pact. Defense: Webinars, Webinars. New certifications, Playbooks, Trojan Source, ClusterFuzzLite. Vulnerabilities, Zerodays: Other Vulnerabilities: Beg Bounties, AMD, Palo Alto, AWS, Siemens, BusyBox, Patch Tuesday, Zoho. Legacy MacOS, Web Cache Poisoning, Cybercrime: Trends: FBI email takeover, Initial Access Brokers, techniques, phones, gmail, HTML smuggling. Nation States: US accused, Iran, Korea. Crime: Big ransomware crackdown, Pegasus arrest, DNA and faces. Other Risks: Shadow IT, Azure mistakes, IT/OT, QRL-jacking, Biometrics, Pets, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; And more.

Welcome to This Week’s [in]Security. PCI and payments: Non-Compliance Lesson #2, Big FAQ update, PAX/WorldPay/FBI update, magecart. New breaches: Waiting for QC, Shooting the messenger, Surveillance, VPN users. New Ransomware: Evolving tricks, NL Health. Follow-ups & Fall-out: Missouri. Privacy: Phone metadata, tappigraphy, Data Privacy Protocol, 1B deleted facial images. Laws & Regs - Canada: Bill C-10, Ontario utility data, Citizen Lab. US: FISA, LEA requests, Spyware sanctions, Bounties. World: Threatening open source, Toothless fines? Standards: EU-US. Cyber labelling, Critical Infrastructure. Defense: Pwn2Own & SANS CTF, Simulation Game. Cloud VA, Security MVP, Bloom Filter Searching, ZeroTrust. Vulnerabilities, Zerodays: Other Vulnerabilities: CISA 300 patch list, APIs, More on Trojan Source, Web Assembly, Github & NPM supply-chain - coa, rc, Cisco SSH key, non-enterprise IoT. Cybercrime: Trends: Rootkits, password spraying, GitLab, Office & Exchange. Nation States. Crime: Anti-ransomware actions, SIM & BEC arrests, Squid-scam, fraud. Other Risks: Trolls, Ethical AI, Skynet? buzzwords, meta-FOMO, Open Source Risks, Cert meltdowns, Yahoo leaves China, economy. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Compliance. And more.

Control Gap is proud to introduce our participants for Movember 2021: Ben, Connor, Corey, and David who help us raise funds for #menshealthmonth and #movember. In the...

Welcome to This Week’s [in]Security. PCI and payments: PAX/WorldPay/FBI investigation, PCI updates, Mobile Wallets. Digital & Crypto. New breaches: Hotels, Locations, emails, Portpass, NRA. New Ransomware: Free Decryptors, key reuse, A/D, Conti, BlackMatter, SEO poisoning, REvil, TTC, Blue Shield. Major outages, Follow-ups & Fall-out. Privacy: smartglasses. Laws & Regs - Canada, US: Cell phone locations, Cybersecurity disclosures, Right to repair, Ransomware payoffs, National Security bans, Social Media hearings. World: Proton Mail, GDPR evasion, EU DSA, Online Harms. Standards: NSA/CISA 5G & Cloud. Security baseline. NVD API, NIST Supply Chains, Trusted cloud, Defense: Digital life, Attack Surface, Teams, SolarWinds, Twitter MFA, AWS. Vulnerabilities, Zerodays: Windows LPE, Chrome. Shrootless, Other Vulnerabilities: Hardware, Apache, Apple, Wordpress, XP's still around, Fuji, WinRaR, Trojan Source, War-driving. Cybercrime: Trends: NPM, Nation States. Crime. Other Risks: 2022, economy, Meta7FB, time. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; And more.

Welcome to This Week’s [in]Security. PCI and payments: PCI & Ransomware, 3DS RFCs, PCI Halloween, AI shoulder surfing, Rapid Dispute, V-cards, UP Express. New breaches: Argentina!, CoinMarketCap, Durham police. New Ransomware: New Ransomware, Challenges, Revil (Strikeback), BlackMatter. Follow-ups & Fall-out. Privacy: ISPs, Alexa, Lunch Money. Laws & Regs - Canada, Online Harms. US: Export restrictions, Sanctions & Crypto, Notifications, Supplychains, Missouri, Facebook, World: GDPR bypass. Standards: NIST KDF, HTTPA. Defense: Detection, Blackhat, L0PHTcrack, Win11. Vulnerabilities, Zerodays: Apple. Other Vulnerabilities: Chrome, CVEs, MFA, Chinese hacking contest, Kerberos, DCOM, Gummy Browser attack, Tesla, Health Apps. Cybercrime: Trends: Fake pentest contracts, more fakes, Discord, Microsoft, Buggy malware, Obfuscation, NPM JavaScript, Youtube. Nation States. Crime: $35M deepfake heist, no honor among thieves, jail. Other Risks: IoT, third-parties, economic supply-chains, bias, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

Welcome to This Week’s [in]Security. PCI and payments: Global Community Forum, Technical FAQs, ATM skimmers. New breaches: Brazil's Hariexpress, Missouri Teachers, Verizon/Visible, Student SSNs from 1957, Acer, Thingiverse & 3D Printers, Playbook, Accenture. New Ransomware: Payouts surge, Water plants, Olympus, Banks. Analysis. Major outages: MS DDoS, Snapchat. Follow-ups & Fall-out: Privacy: Client-side scanning backdoors, Facebook AI, Android, Gaggle, 7-11, Real faces. Laws & Regs - Canada, US: Border warrants, TSA cyber regs, Whistleblowers, Fake reviews, Responsible disclosure, lawsuits, World: privacy, anti-ransomware, domain registration, biometrics, DDoS. Standards: IETF & Cloudflare. Defense: credentials revoked, tools, techniques, products, zero-trust. Vulnerabilities, Zerodays: iOS, Windows. Other Vulnerabilities: infrastructure, certificates, WordPress, Open/Libre Office, IPTV Rickroll, NFT, password research. Cybercrime: Trends: Stealing OTP, Aircraft maintenance, HTTP probes, Ad injector, Nation States. Crime. Other Risks: critical thinking, plain speech, complexity. more FB AI failure, great resignation, crypto. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Compliance. And more.

Welcome to This Week’s [in]Security. PCI and payments: PTSv6.1, Interac & SecureKey, Non-compliance! Supply-Chain Backdoors: Big-Hacks: Syniverse (text messages), Everything Twitch, Pandora. New breaches: The Telegraph, BrewDog, Fantasy Football. New Ransomware: Confluence. Major outages: Facebook, Instagram, WhatsApp. Follow-ups & Fall-out. Privacy. Laws & Regs: Canada, US, World. Defense. Vulnerabilities, Zerodays: Apache. Other Vulnerabilities: Surveillance, Android, macOS, Reading CVE's. Air Gaps, Yamale, Honeywell, cams. Cybercrime. Trends: UEFI Bootkit2012, Spam, German stats. Nation States. Other Risks: Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; Covid Compliance. And more.

Welcome to This Week’s [in]Security. PCI and payments: Remote Assessment, PA-DSS/SSF transition. CPE Maintenance, P2PE v3.1, PIN Program, Technical FAQ, DSS FAQ, Neiman Marcus card breach, ApplePay/Visa Express Travel vulnerability. New breaches: Meet the Pandora Papers (Remember the Panama Papers?) , Linkedin Scrape (126M), Barclays, Portpass & Sask QR vaccine apps, GrupoGSS. Mult-party breach impact, New Ransomware: Human-operated ransomware. Follow-ups & Fall-out: Fatal ransomware, Clubhouse, Facebook data collection (3.8B), Dallas Police, Epik. Privacy: android location tracking, pandemic privacy. Laws & Regs: Canada: vaccine passports. US: 4th amendment. World: Russia. Standards: NIST updates, drafts, papers, news. Defense: Webinars, Webinars. CISA. Tools, email, DMARC, TLS 1.3, Tokenization vs. Encryption, Tracking crypto, scambaiting. Vulnerabilities, Zerodays: Other Vulnerabilities: 5G apps, after patching, OWASP 2021, AirTags, Azure, MS MFA, Elastic Stack API, Autodiscover, vCenter. University Wi-Fi, Bitcoin ATMs, Cybercrime: Trends: OTP bots, Fake Pegasus defense, GriftHorse SMS fraud, FinSpy, FoggyWeb. Nation States. Crime: Other Risks: Domain Names, Outsourced, Misinformation, Lying AI, Bulletproof TLS, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Ugly; And more.

Welcome to This Week’s [in]Security. PCI and payments: Remote assessments, magecart. New breaches: Thai visitors, Event Builder, Exchange. New Ransomware: Alert, Exabyte. Major outages: voip.ms, Trello. Follow-ups & Fall-out: Revil FBI Sting & backdoor cheat, Epik. Privacy: Amazon, Ant, creepy? QR, ewwww! Laws & Regs: Canada: US: Infrastructure, Facebook, Warrants. World: China bans crypto, Huawei, USB-C. Standards: CISA IPv6, NIST drafts. Defense: SSNs, AppSec, Quad, Ransomware action, Medical IoT, passwordless, tools, Cyber-insurance, Autodiscover, Bug bounties. Vulnerabilities, Zerodays: record zerodays, IoT, IoS, MacOS. Chrome. Other Vulnerabilities: OWASP update, API credentials, Ryzen, hack a mainframe demo, OpenOffice, Cisco, smartphones, Nagios, VMware. SonicWall, Routers, ROT13-NG. Cybercrime: Trends: Nation States. Crime: Mafia, DeFi, undone. Other Risks: Quantum Risk, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; And more.

Welcome to This Week’s [in]Security. PCI and payments: Crypto-agility. New breaches: Wearable aggregator megabreach, Epik, Walgreens, Indonesian Intelligence Agency, multiple healthcare. New Ransomware: Threats. Follow-ups & Fall-out. Privacy: Re-identification, FTC privacy bureau. Laws & Regs: Canada: Copyright. US: Crypto-exchanges, Facebook, location warrants. World: GDPR, Assistance requests. Standards: NIST Machine Learning. Defense: Passwordless, OpenSSLv3, Android. Zoom, Design, Trolls, Kali. Vulnerabilities, Zerodays: Apple, Windows, Chrome, Azure OMIGOD, IBM. Databases, Citrix, Windows EOL, WSL, Laserfiche Ad Porn, WordPress, Drupal, WooCommerce, Travis CI, SSID stripping, Apple Cloudkit, SpookJS, RSA variant. Cybercrime: What's exploited, Multiple zerodays, Open redirects. Crime: Other Risks: Ethics, DNS, moderation, WFH, facial fakes. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Ugly; And more.