controlgap.com

Posts by:

CG Blogger

NIST, [in]security, OWASP, McDonalds, Pegasus

This Week's [in]Security - Issue 232 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Back-to-Basics. Dotty's & NRS. New breaches: Fortinet, UN, Tesla, Israel, Morocco, Singapore, McDonalds. New Ransomware: ReVil, Afghanistan, Russia, Follow-ups & Fall-out. Espionage vs. breach? Privacy: WhatsApp, smart-dumb-glasses, Ear-buds. Laws & Regs: Canada: US: Epic v. Apple, Ransomware disclosure. World: Crypto-wars. Standards: NIST. Defense: Webinars, Webinars. Cooperation, quantum RNG. Vulnerabilities: MSHTML zero day, OWASP #1 in 2021, Node JS, Netgear. Cybercrime: Trends: Canada, Pegasus. Nation States. Crime: Other Risks: Connected-to Service Providers, Facebook, Cables, Proton Mail controversy, Elections, IPv6, Health, Safety & Environment: CO2 capture, Batteries, Fusion, Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 231 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI: 8-digit BINS, Back-to-basics, Controlling Scope, POS breach. New breaches, New Ransomware: food, agriculture, hospitals, holidays, bandwidth, partial encryption. Follow-ups & Fall-out: Bangkok Air, solarwinds, Dallas Police, Juniper. Privacy: Apple photo-scanning, DNA Collection, Tattleware, Browsers. Bluetooth headphones. Laws & Regs: Canada: Covid class actions. US: Software Copyright, AI Inventors, Clearview. CMA Reform, WhatsApp fine, Apple Store, China's kids. Standards: NIST Telehealth, integrity. Defense: People, VPN audit, Downloads, APK Downloader. Vulnerabilities: CISA warns of 1FA, BrakTooth, AS-REP Roasting, Cisco, OpenSSL, STARTTLS, Trains, GitHub Copilot, NPM pac-resolver, WordPress, QNAP, WhatsApp photos. Fortress Home Security, Linphone, Vaccine Passports, Quantum Crypto & Key generation. Canonicalization Attacks. Cybercrime: Trends: Nation States. Crime: Off-boarding? Gift-cards, Banksy, Other Risks: Gut Instinct, digital advocate, Cryptographic voting, Windows 11, War-surplus. Misinformation, Health, Safety & Environment: Ida, Virgin Galactic, PHAs. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, OpenSSL, SSF, VPN

This Week's [in]Security - Issue 230 | insecurity | Control Gap

Welcome to This Week’s [in]Security. SSF faqs, firewalls, Storing CVV. New breaches: Microsoft Power Apps: IndiaMart, Imavex. New Ransomware: Ragnarok shutdown, FBI alerts. Major outages: Record DDoS, TSYS, OneDrive. Follow-ups & Fall-out: T-Mobile, Poly, SubaGames, Eatigo. Privacy: WFH surveillance. Laws & Regs: Canada: Online harms. US: non-competes. CSP troll, Chinese Tech. Standards: NIST. Defense: Webinars, Webinars. Supply-chain. Vulnerabilities: Unitrends zero-day, Medical IoT, Windows 10, F5 BIG-IP, SSL VPNs, OpenSSL, SNI, Cosmos DB, Confluence, Glowworm. Cybercrime: Trends: Nation States. Crime. Other Risks: Tech-hype, Voting Systems, Fooling AI. Health, Safety & Environment: Zoom fatigue. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, Cybercrime

This Week's [in]Security - Issue 229 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Big-Hacks: T-Mobile. New breaches: Terrorist Watchlist, US census, Baby monitors and cams, Chase, HVAC as a vector, New Ransomware: State Department, Brazil. Major outages: Pakistan. Follow-ups & Fall-out: Colonial, Blackbaud, Pearson. Privacy: FB. Laws & Regs: Canada: Copyright. US: LEA data loss, Tesla. Standards: NIST CMVP. Defense: Hiring, ZeroTrust,, Tools. Vulnerabilities: more PrintNightmare, Apple photos, STARTTLS, Chrome, Cisco, Fortinet, LinkedIn Jobs, Wordpress, Realtek IoT Wi-Fi, Blackberry, DDoS. Cybercrime: Irony, Trends: HolesWarm. Phishing costs, QR malware, Nation States. Crime. Other Risks: Edge, IoT, Trolley problem, Windows 11, facial recognition. China, stunting. Health, Safety & Environment: Zombies, Haiti, EV fires, space junk, Whalesafe, Batteries. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Ugly; And more.

CG Blogger
Read More
COVID-19, [in]security, Magecart

This Week's [in]Security - Issue 228 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI SSF vs PA-DSS, Scoping Cloud, Cooperation, PCI Back to Basics Series, MageCart, Free Card Dump, No stripes. Big-Hacks: T-Mobile. New breaches: Accenture, Salesforce customers, Ford. New Ransomware. Follow-ups & Fall-out. Privacy: PGPP, Uber Surveillance, Politicians. Laws & Regs. Defense: Webinars, HTTPS first, Wiping Data, Passwordless Git, Fuzzing. Vulnerabilities: Windows, MS-ECC-spoofing, IoT non-randomness, Magento, 5G, Voting Machines, DNS. Cybercrime: Trends, Losses, Anti-AML, Office, Exchange, Flytrap, WordPress, Crypto heist? Nation States. Other Risks: Apple's Photo Scanning, Insiders, Disinformation, Bias, English to Code. Health, Safety & Environment: Covid election, Recalls, Wildfires, Heat, EV's. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 227 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Community Meeting, Featured FAQs, PCI, MageCart, & JavaScript, Python PyPI library skimmer, Payment APIs. New Ransomware, Follow-ups & Fall-out. Privacy: Apple backdoor, Spotify, Facebook, Subscriptions. Laws & Regs: US: Repair, Stupid Patent, Copyright, Standards: 6 NIST announcements, Zero Trust, Cryptography, FIPS 198-1 HMAC, Retiring standards. Defense: Blackhat, Kubernetes, EU-Cybersecurity, Bitcoin monitoring, Vulnerabilities: Routers, IoT, Rust, HTTP/2, DNS, PwnedPiper, Blackhat, Hotels, VMWare. Cybercrime: Paragon, Pegasus, Word. Nation States: DeadRinger. Other Risks: Quantum simulation, Phishing AI, Handprints. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, NIST, [in]security, cryptography, Pegasus, AES

This Week's [in]Security - Issue 225 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Card Production, Data Removal, Digesting PCI, Issuers. Fingerprint cards. New breaches: Saudi Aramco, Mexican voters, S3 service provider bucket, Denials and False breaches. New Ransomware: trains, suppliers, Major outages: Akamai. Follow-ups & Fall-out: Named and Shamed, Insurance restrictions, Audi, Kaseya, Privacy: Data brokers. Laws & Regs: Right to be Forgotten. Pipelines, Right-to-repair, Web-scraping. India's platforms, EU Crypto. Cybersecurity Career Awareness, AES Review, Lightweight Crypto Final, NIST. Defense: Backups, browsers, trackers, Tools, Russia's Firewall. Vulnerabilities: Print Drivers, SeriousSAM/HiveNightmare, PetitPotam, Linux "Sequoia", Telegram. Cybercrime: Pegasus Spyware, Trends: NPM Password Thief, MosaicLoader, Discord, Nation States: China, Crime. Homoglyphs, DNA, Swatter, Twitter, flattened-miners, ID Theft Scumbags. Other Risks: AI, Disinformation for Hire, Cloud ICS, Expired Domains, MLB Sign stealing. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, Revil, [in]security, Solarwinds

This Week's [in]Security - Issue 224 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Major-events: REvil goes dark, Kaseya. New breaches: Guess. New Ransomware: EA, D-Box, Campbell Conroy & O'Neil, Revelstoke. Follow-ups & Fall-out: Spin, Interpol, Tracking, Rebuilding. Privacy: Clearview AI, Scraping. Laws & Regs: Ransomware Response, Reward, Repair, Zero Day Hoarding. Defense: Tracker blocking, HTTPS-first, RDP, Talent, Quantum error correction & supremacy. Vulnerabilities: Browsers, SolarWinds, Commercial spyware, WordPress WooCommerce, Cloudflare, More Print Spooler, Windows Hello, D-Link, SonicWall, Elevators. Cybercrime: Trends. Nation States. Crime. Other Risks. Health, Safety & Environment. Ontario Tornados, Covid-19: Spread, Curves, Waves, and Variants. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 223 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Major incidents: Kaseya/REvil! New breaches: Morgan Stanley, CAN, Marsh McLennan, Mint Mobile, The GOP. New Ransomware: Iran. Follow-ups & Fall-out: Probes, Dumps, New fines, Settlements. Privacy: Alexa, Job Applications, SPAM. Laws & Regs - Canada: C-10, cyberlaw series. US: Right-to-repair. The world: EU Surveillance, China Privacy, Twitter liability, Legal Theater? Standards: NIST, FIDO. Defense: Webinars, 2020 attack methods, Internal threats, DoH-eh, database auditing. Vulnerabilities: PrintNightmare, Kaspersky Passwords, Sage X3, Quantum KD. Trends, Nation States, Crime, Other Risks: Chime Banking App, Windows 11. Health, Safety & Environment: Surfside, Heatdome. Covid-19: Spread, Curves, Waves, and Variants, Response, Immunity, Learned, Impact, And more.

CG Blogger
Read More