This Week's [in]Security - Issue 242 | insecurity | Control Gap
Welcome to This Week’s [in]Security. PCI and payments: Magecart, Jackpot. New breaches: IAB's, Indian Securities Depository, Stripchat, RobinHood, RedDoorz, IDC, Ducks Unlimited, GitHub/Firefox-Linux. New Ransomware, holidays, trends, analysis, response. Major outages: Google, Tesla. Follow-ups & Fall-out: FBI emails. Privacy: CitzenLab reports, Amazon, phones, Microsoft(?) Camera detectors. Laws & Regs - Canada: C-10. digital IDs. US: attack reporting, hack-back, NSO, Right to repair, Ohio v. FaceBook. World: No-Hack pact, UK Cloud providers, lawsuits. Standards: Patch Management, password rules. Defense: Cell-spam, smartphones, Duck-Duck, SugarCoat, Deepfakes, rookies, misconfigurations. Vulnerabilities, Zerodays: FatPipe, Windows. Mac. Other Vulnerabilities: Canadian passwords, Chips & firmware, ICS, IoT, GitHub/NPM, Azure AD, Chrome, Windows, Apple patch lag, LibreCAD, Blacksmith/Rowhammer, ETW attack, TOR fingerprints. Cybercrime: Trends, Nation States: Belarus, Iran, North Korea. Crime: crypto-klepto, mixers, Revil, election hacking. Other Risks: Quantum update, supply chains, dystopia & harassment, insiders, Chatbots, NFTs. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; Covid Ugly; And more.