controlgap.com | Bill C11

Posts about:

Bill C11

[in]security, Cybercrime, PCI 4.0, Bill C11

This Week's [in]Security - Issue 273

Jun 26, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: HSM FAQs. DSSv4 DESV, Payment pages. Skimmers. New breaches: City of PII, Flagstar, credentials. New Ransomware: pretenses, Greens, Automotive. Major outages: Cloudflare. Follow-ups & Fall-out: 25B for sale. Privacy: T-mobile, Brave, Health data. Laws & Regs - Canada: more C-11, Vaccine lawsuits. US: cyber, war-on-crypto, trackers, crypto & AML, DCMA, platform liability, trademarks. World: Clearview. Standards: NSA & NIST. Defense - Training & events: WEIS, RSA & ToB. MFA, Tools & Techniques, Supply chains, Netsec search, IoT, Powershell, Device verification. Vulnerabilities - Advisories: ICS. Patching: Chrome, Oracle. Other: Passwords, Acrobat, Azure, Hertzbleed, NTLM, Mega, Safari, IoT, Daycare apps. Other: Crypto-research: Cybercrime - Trends & Enforcement. Nation States and mercenaries. Other Risks: No-Code, 5G v Starlink, Ai. Microsoft. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

Ransomware, [in]security, Bill C11, zeroday, AES

This Week's [in]Security - Issue 270

Jun 5, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Payments: New breaches: Pegasus Airlines, ACY Securities, Elasticsearch Buckets. New Ransomware, Follow-ups & Fall-out: largest breaches. Privacy: Consumer Trust, Tim Hortons. Laws & Regs - Canada: C-18, C-11. US: ethical hacking, privacy bill, right to repair. World: Crypto-AML. Defense - Tools & Techniques, Vulnerabilities, Advisories: CISA & FDA. Zerodays, dangerous Follina/MSDT, Confluence, Horde, ICS Doh! Patching. Other: Bulletproof TLS, MySQL, web-scraping. Vulnerability research: remote touchscreen control. Crypto-research: Quantum, AES. Cybercrime: Trends: WordPress Plugins, scams. Crime & Enforcement: Disrupting DDoS. Nation States and mercenaries. Other. Other Risks: General: bias, scammers. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

[in]security, Crypto, Bill C11, Ronin, NPM Poisioning, Solarwinds

This Week's [in]Security - Issue 261 | insecurity | Control Gap

Apr 3, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI DSSv4 is live, Payments, New breaches: Ronin crypto, Globant, Lapsu$, Forged warrants, New Ransomware: Newfoundland, Conti. Major outages, DDoS. Follow-ups & Fall-out: Solarwinds, Royal Enfield. Atento, Privacy: Mystery Tracker, Never review patients! Laws & Regs - Canada: Online harms, Bill C-11. US: Facial recognition, Pro Codes Act, California. World: EU vs. Apple, crypto and. the other crypto. Standards: Hijacking standards. Defense: Chrome, Privid, IP reputation? Vulnerabilities, Zerodays: Chrome, Java Spring. Other: alerts, Pear PHP, 2FA bypass, GitLab, Defender IoT, Zlib, PLCs, Sandbox escape, Honda. Patching: CISA, Chrome, Edge, Sophos. Crypto-research: Proof-of-Stake. Cybercrime: Trends: Canada, NPM poisoning, Exchange. Nation States and mercenaries: FinFisher, Russia, China. Crime & Enforcement: identities, FBI, call centers. Other Risks: facebook, life-cycles, splinernet, spamming thyself. Disinformation, Health, Safety & Environment. 1 man 90 Jabs! Russia v. Ukraine. Quantum hype. Innovation and more.

CG Blogger

NIST, [in]security, Bill C11, NVIDIA, Whatsapp, Spotify

This Week's [in]Security - Issue 258 | insecurity | Control Gap

Mar 13, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Call for Speakers, P2PE, 3DS, Card Production. Payments, Training & events. New breaches: Samsung, Mercado Libre, VirusTotal. New Ransomware: more Conti, Critical Infrastructure, Bridgestone, Ubisoft. Major outages: Fiji, Spotify & Discord. Follow-ups & Fall-out. Privacy: Trusting your phone, COVID passports, Radar & body language. Laws & Regs - Canada: Bill C-11, Competition Law. US: Incident reporting, Whistleblowers, ICE, Amazon, Weight Watchers, Utah, Location data. World: Clearview AI, cybercrime treaty, Spyware probe, Right to be Forgotten, Crypto regulations, cyber-flashing. Standards: NIST DevSecOps. Defense. CISA Exploit catalog, Defense in depth, Polls, Kali. Vulnerabilities, Zerodays: APC UPS, 0-clicks, Chrome, DDoS, Other Vulnerabilities: BGP crypto-heist, Ostriches, IoT & ATMs, More Specter, Azure, Linux. Defender, HP, Wordpress, Riverbed, password rules, Blockchain privacy, Proof-of-stake attacks. Patching: Microsoft, Firefox, Adobe, Siemens. Cybercrime: Trends: surging attacks, NVIDIA. Telegram, WhatsApp. Nation States and mercenaries: China, Iran. Crime & Enforcement: Zelle, Extraditions, Fresno, DoH! Other Risks: Alexa, Pluton, AI, Employment, Manufacturing, Gas, NFT myths. Health, Safety & Environment. Missiles, GPS, Meteors & asteroids. Russia v. Ukraine. Innovation and more.

CG Blogger

[in]security, Bill S-210, Bill C11, CIA

This Week's [in]Security - Issue 254 | insecurity | Control Gap

Feb 13, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates, Skimmers, Carders, Payments, Training & events. New breaches, New Ransomware: insurance, decryptor, 49ers, Swissport. Major outages: Vodaphone. Follow-ups & Fall-out: IHS, Inmediata. Privacy: CIA, Canada, health sites, ID.me, AirTags. Laws & Regs - Canada: Bills C-11 & S-210. US: EARN IT, Facebook, Ohio. World: Cambridge, EU data sharing, Google Analytics, Consent spam, QWACs, Israel, Hacking Jamaica. Standards: NIST. Defense: 2FA, data retention liability, Shift-Left, trust, IoT audit, AI, Multiple Microsoft, deniable data! Vulnerabilities, Zerodays: Project Zero, Apple, Other Vulnerabilities: metrics, supply chains, Mozilla, PHP/Wordpress, Mazda, Bounties. Patching: 3 CISA alerts, android, Windows, SAP. Adobe, ECC vs quantum crypto. Cybercrime: Trends: IOCs, Modified Elephant, old tactics, Nation States and mercenaries. Crime & Enforcement; $4.5B, SIMs. romance, Other Risks: Spycraft, Chip errors, Chinese tech, Blockchain myths, Disinformation, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Covid Compliance. Innovation and more.

CG Blogger

COVID-19, IoT, Ransomware, NIST, [in]security, Bill C11, spyware

This Week's [in]Security - Issue 253 | insecurity | Control Gap

Feb 6, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Target's anti-skimmer Merry Maker, Segway. Payments, Training & events. New breaches: Securitas (S3), News Corp, Whisper. New Ransomware: Changing tactics, Oiltanking, Kronos. Follow-ups & Fall-out: Equifax. Privacy: GPU-fingerprinting, Ungoogling yourself. Laws & Regs - Canada: C-11/streaming, Online harms, Digital Taxes. US: EARN IT, Cyber Review board, EFF. World: EU vs. US. Standards: NIST Software, IoT, &, Security Labeling. NVD API. Defense: volunteers, browsers. Vulnerabilities, Zerodays: Zimbra. Other Vulnerabilities: CISA alerts, Log4shell lives on, Firmware, Cisco, ESET, Supply chains, MSIX, Finding Open Source vulns, Walmart analyzes new ransomware. Patching: CISA must patch, Samba. Crypto-research. Cybercrime: Trends: Reverse proxy attacks, Nation States: taking down North Korea, China, more spyware, Ukraine. Crime & Enforcement; fraud & blackmail, big heists, drones, Other Risks: Automation. Banning ideas. App monopolies, too many secrets, Internet next, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Learned; Covid Ugly; Innovation and more.

CG Blogger

COVID-19, IoT, NIST, [in]security, Bill S-210, Bill C11

This Week's [in]Security - Issue 212 | insecurity | Control Gap

Apr 25, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. P2PE Solution Aid. More on 8-digit BINs. Supply-Chain Backdoors: CodeCov, Passwordstate, Solarwinds. New breaches: Facebook, Apple(?), ClearVoice. New Ransomware: Follow-ups & Fall-out: Privacy. Normalizing breaches. Floc Adverse. Laws & Regs: Canada: Bills C-10 & 11, regulating apps. US. UK, EU, HK. NIST iOT & ICS. CISv8. Defense: More Nation-State Patching, Moxie vs Cellebrite, Death to IoT, Passwordless, Mario and DevSecOps!? Vulnerabilities: Pulse, Chrome, SonicWall ZeroDays, Supply-chains, CyberGames, Clubhouse, Air-Drop, Docker Images, QNAP, Tesla. Updatable Encryption. Breaking Enigma. Cybercrime: Trends: TLS, QR, Sextortion, Ads, 7-Zip, ToxicEye, Pink, Fake DirectX12. Nation States. Crypto-skimming. Crime. Other Risks: Unethical patching, Social Media, Chips, Deepfake geography, Bounties, Resets, No bars! Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Covid Ugly. Covid Compliance. And more.

CG Blogger