controlgap.com

Posts about:

Cybercrime

[in]security, Cybercrime, PCI 4.0, Bill C11

This Week's [in]Security - Issue 273

Welcome to This Week’s [in]Security. PCI and payments: HSM FAQs. DSSv4 DESV, Payment pages. Skimmers. New breaches: City of PII, Flagstar, credentials. New Ransomware: pretenses, Greens, Automotive. Major outages: Cloudflare. Follow-ups & Fall-out: 25B for sale. Privacy: T-mobile, Brave, Health data. Laws & Regs - Canada: more C-11, Vaccine lawsuits. US: cyber, war-on-crypto, trackers, crypto & AML, DCMA, platform liability, trademarks. World: Clearview. Standards: NSA & NIST. Defense - Training & events: WEIS, RSA & ToB. MFA, Tools & Techniques, Supply chains, Netsec search, IoT, Powershell, Device verification. Vulnerabilities - Advisories: ICS. Patching: Chrome, Oracle. Other: Passwords, Acrobat, Azure, Hertzbleed, NTLM, Mega, Safari, IoT, Daycare apps. Other: Crypto-research: Cybercrime - Trends & Enforcement. Nation States and mercenaries. Other Risks: No-Code, 5G v Starlink, Ai. Microsoft. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger
Read More
Ransomware, NIST, [in]security, Cybercrime, PCI 4.0

This Week's [in]Security - Issue 272

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: MPoC RFC. Payments: chargebacks and friendly fraud. New breaches: credentials, Elasticsearch. Follow-ups & Fall-out: Desjardins. Privacy: TikTok, Location data, tracking tech. Laws & Regs - Canada: cybersecurity law, C-11. US: privacy, copyright, World: cookies, deepfakes, Assange. Standards: NIST. Defense - Training & events: PCI SSC CM, NICE. global initiatives. Tools & Techniques, Vulnerabilities - Advisories: Zerodays, Patching: Splunk, WordPress, Other: Citrix, CPUs, Hertzbleed. Azure, Sharepoint/OneDrive, Drupal, FastJSON, Siemens, Zimbra. Vulnerability research: AI/ML, Crypto-research: Cybercrime - Trends: Crime & Enforcement: Nation States and mercenaries. Other Risks: Googles Chatbot, Self-drive crashes. Disinformation, Health, Safety, Environment, Crypto-crash. Russia v. Ukraine. Innovation and more.

CG Blogger
Read More
MFA, Ransomware, NIST, payments, [in]security, Cybercrime, Crypto, Ukraine, Russia, Laws and regulations

This Week's [in]Security - Issue 266

Welcome to This Week’s [in]Security. PCI and payments: Skimmers. Payments: New breaches: Anonymous, DeFi, Ikea. New Ransomware, Major outages, Follow-ups & Fall-out. Privacy: Health Canada, Facial recognition. Laws & Regs - Canada: Copyright. US: ISPs, Insurance. World: India. Standards: NIST, definitions. Defense - Training & events: space-cybersecurity. Password day. Kill-switch. Tools: MFA. Vulnerabilities, Advisories: Patching: F5, Cisco. Other: mental health apps, AV bugs, uClibc IoT, DNS poisoning, No MFA? Vulnerability research: Zero-Knowledge. Crypto-research: Quantum crypto. Cybercrime: Trends: Event log malware, Doh! Crime & Enforcement: BEC impact. Nation States and mercenaries. false-flags, sanctions, Spain & Pegasus, China. espionage, Other. Other Risks: General: Airtags, deepfakes, web3. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. NATO. Quantum computing, Innovation and more.

CG Blogger
Read More
payments, [in]security, Cybercrime, pci, breaches, github, DCMA, deadbolt

This Week's [in]Security - Issue 260 | insecurity | Control Gap

CG Blogger
Read More
IoT, NIST, [in]security, Magento, Skimmers, Cybercrime, Crypto

This Week's [in]Security - Issue 244 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Participating brands FAQ, and 8 updates. Magecart/skimmers, Brazil, Square. New breaches: Panasonic, Planned Parenthood. New Ransomware: Critical Infrastructure, Rideau Hall. Major outages, Follow-ups & Fall-out: Gravatar HIPB. Privacy: De-anonymization. Laws & Regs - Canada: health data, Huawei. US: FBI access, TSA, SEC, Biometrics. World: Product Security, Algorithm Transparency. Standards: NIST IoT, CISA mobile. Defense: Spam calls, AI understanding, Facial fuzz, attack maps, DRP, Old tech, Faraday cages. Vulnerabilities, Zerodays: Windows. Other Vulnerabilities: Printers, Routers, NSS Crypto, XS-Leaks, Passwords, zoom, Azure Sphere, Cloud Honeypot, CISA Hitachi & Zoho, Verizon. Cryptography HKDFs, PQC signatures & performance, Quantum Computing. Cybercrime: Trends, NABs, Trojans, AT&T, WRITE, Excel Addins. Nation States: diplomats, air-gaps, fake recruiters. Crime & Enforcement. Other Risks: Cyber-insurance exclusions, long game, China, misinformation, Meta/FB, amplification, shopping bots, Edge, Food, Hype? Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; And more.

CG Blogger
Read More
COVID-19, Revil, [in]security, Cybercrime, Bill C-10, Magecart

This Week's [in]Security - Issue 242 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Magecart, Jackpot. New breaches: IAB's, Indian Securities Depository, Stripchat, RobinHood, RedDoorz, IDC, Ducks Unlimited, GitHub/Firefox-Linux. New Ransomware, holidays, trends, analysis, response. Major outages: Google, Tesla. Follow-ups & Fall-out: FBI emails. Privacy: CitzenLab reports, Amazon, phones, Microsoft(?) Camera detectors. Laws & Regs - Canada: C-10. digital IDs. US: attack reporting, hack-back, NSO, Right to repair, Ohio v. FaceBook. World: No-Hack pact, UK Cloud providers, lawsuits. Standards: Patch Management, password rules. Defense: Cell-spam, smartphones, Duck-Duck, SugarCoat, Deepfakes, rookies, misconfigurations. Vulnerabilities, Zerodays: FatPipe, Windows. Mac. Other Vulnerabilities: Canadian passwords, Chips & firmware, ICS, IoT, GitHub/NPM, Azure AD, Chrome, Windows, Apple patch lag, LibreCAD, Blacksmith/Rowhammer, ETW attack, TOR fingerprints. Cybercrime: Trends, Nation States: Belarus, Iran, North Korea. Crime: crypto-klepto, mixers, Revil, election hacking. Other Risks: Quantum update, supply chains, dystopia & harassment, insiders, Chatbots, NFTs. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; Covid Ugly; And more.

CG Blogger
Read More
COVID-19, IoT, NIST, Revil, [in]security, Cybercrime, Crypto, Magecart, OWASP, VoIP, zeroday

This Week's [in]Security - Issue 234 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Remote assessments, magecart. New breaches: Thai visitors, Event Builder, Exchange. New Ransomware: Alert, Exabyte. Major outages: voip.ms, Trello. Follow-ups & Fall-out: Revil FBI Sting & backdoor cheat, Epik. Privacy: Amazon, Ant, creepy? QR, ewwww! Laws & Regs: Canada: US: Infrastructure, Facebook, Warrants. World: China bans crypto, Huawei, USB-C. Standards: CISA IPv6, NIST drafts. Defense: SSNs, AppSec, Quad, Ransomware action, Medical IoT, passwordless, tools, Cyber-insurance, Autodiscover, Bug bounties. Vulnerabilities, Zerodays: record zerodays, IoT, IoS, MacOS. Chrome. Other Vulnerabilities: OWASP update, API credentials, Ryzen, hack a mainframe demo, OpenOffice, Cisco, smartphones, Nagios, VMware. SonicWall, Routers, ROT13-NG. Cybercrime: Trends: Nation States. Crime: Mafia, DeFi, undone. Other Risks: Quantum Risk, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, Cybercrime

This Week's [in]Security - Issue 229 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Big-Hacks: T-Mobile. New breaches: Terrorist Watchlist, US census, Baby monitors and cams, Chase, HVAC as a vector, New Ransomware: State Department, Brazil. Major outages: Pakistan. Follow-ups & Fall-out: Colonial, Blackbaud, Pearson. Privacy: FB. Laws & Regs: Canada: Copyright. US: LEA data loss, Tesla. Standards: NIST CMVP. Defense: Hiring, ZeroTrust,, Tools. Vulnerabilities: more PrintNightmare, Apple photos, STARTTLS, Chrome, Cisco, Fortinet, LinkedIn Jobs, Wordpress, Realtek IoT Wi-Fi, Blackberry, DDoS. Cybercrime: Irony, Trends: HolesWarm. Phishing costs, QR malware, Nation States. Crime. Other Risks: Edge, IoT, Trolley problem, Windows 11, facial recognition. China, stunting. Health, Safety & Environment: Zombies, Haiti, EV fires, space junk, Whalesafe, Batteries. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Ugly; And more.

CG Blogger
Read More
COVID-19, Ransomware, [in]security, Cybercrime, Crypto

This Week's [in]Security - Issue 216 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI WFH FAQs, Standard updates, Mercari breach, Hashes Unsafe. New breaches: 23 Android Apps, Air India, Daily Quiz. New Ransomware: Banning payouts, Double Encryption. Follow-ups & Fall-out: SolarWinds, Codecov, Water Plant. Privacy: Apple, Cams, Health tools. Laws & Regs - Canada: C-10, Vaccine Patents. US: Pipeline Bills, IRS Crypto, Lawsuit backfires, Snapchat suit, Tesla review. UK, EU, HK: Facebook probe, WhatsApp, Sanctions, Crypto wars, USK MSP regs. Standards: Data Classification. Defense: ZeroDays, Phone numbers, Passwords, Simuland, Russian Keyboards, Explorer RIP. Vulnerabilities: Android, Windows RCE, Tool Abuse, Planes, (no trains), Automobiles. Cybercrime - Trends: Apple, Stuffing, Bizarro, Lazy Ransomware? Nation States. Crime. The2011 RSA Hack. Other Risks: Stress, Critical Infrastructure, Gig risgs, Busted for weak Wi-Fi? Just daft. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Learned. Covid Ugly. Covid Compliance. And more.

CG Blogger
Read More