controlgap.com

The Log4Jshell vulnerability has sparked an Internet firestorm and may potentially be one of the most devastating bugs in years. But why? Log4shell is a zero-day, supply chain, remote code execution vulnerability that is amongst the most widely used components in use today. Vulnerable components are difficult to trace as Log4j2 has seen industry wide adoption across the entire technology stack. And many threat actors are actively exploiting it.

Welcome to This Week’s [in]Security. e-commerce security: PCI, Magecart, & the DOM part 1. New breaches: Windows passwords, Pipeline#2, VW, EA games, Mc Donalds, Self-breached? New Ransomware: Exit plans & Lawyers. Major outages: Failing Fastly. Follow-ups & Fall-out: Infographic & analysis, Recouped Bitcoins, Humana suit, JBL meat pays out, MoviePass. Privacy: Cookie banners, Forget my face, Floc, Bitcoin Anon, Apple, WhatsApp. Laws & Regs - Canada: RCMP, More C-10. US: Tiktok, HIPPA, Disclosure, Hacking back. The world: Antitrust, Misuse. Standards: NIST OSCAL, drafts, extensions. Defense: Software Design, Supply Chain, Deepfakes, Slander, HIBP, Fellowships. Vulnerabilities: MS, IE RIP, Chrome, Intel, Adobe, Polkit, ALPACA, Bloodhound, Weapons, Quantum. Cybercrime - Trends: 5 Attacks, Nation States. The An0m sting, Crime. Misconduct, Tricky. Other Risks: Health, Safety & Environment: Alzheimer's, CO2. Covid-19: Spread, Curves, Waves, and Variants. Response, Immunity, Donating Vaccines, Learned, Impact, Covid Ugly. And more.

Welcome to This Week’s [in]Security. Twitter Hack Week 2. Fallout from US Unrest. Covid-19: Spread, Curves, Spikes & Waves. Lockdown, Reopening, & The New Normal. Vaccine Progress. More of the Good, Bad, and Ugly. Inside a Carding Forum. New ATM Jackpotting Attack. New breaches: CouchSurfing 17M. Promo.com 14M, Dave.com 3M, Universities/Blackbaud, Instacart. Family Tree Maker. GEDmatch DNA. 407 ETR. Ransomware: Garamin. Contact tracing app problems. Plaid Class Action. PACT At. Post-quantum Crypto Update. ML & the CFAA. MS TLS sunset. Ontario. Code Freezer. Quantum Internet. Cyber-skills. Anti-Facial Recognition. BadPower attack. PDF Shadow Attack. Alexa Naughtiness. Adobe patches. Inecure apps. Botnet Vigilante. Twilio and DeepSource Code Compromised. Meow DB Attack. Unexpected Packages. FBI and NSA warnings. Biases & Risk. Supply Chain Risk. AI Parody. And more.

We would like to send a invitation to all our customers and potential customers to come and have a chat at booth#1565 during the RSA CONFERENCE 2020 February 24-28,...

Welcome to This Week’s [in]Security. This week: PCI DSS 4.0 begins its journey, debates on cashless and contactless payments, 2018 data breaches up by over 4x , policy and cyber risk disclosure, breach followups, another mega breach of contact information, what's Facebook up to, more undisclosed microphones, NIST updates, NSA's reverse engineering tool opens up, Equifax fumbles again, a new class of firmware attacks, more IoT, several zero-days in the wild, bots, big data, echo chambers, behavior prediction, and more.

Payment card breaches concern customers and businesses alike. A recent epidemic of e-commerce breaches is focusing attention on what makes a website more or less secure than others. The old advice of looking for the “security lock” and the “green location bar” are simply not-adequate anymore.

In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below:

We've been following security and breaches for a long time and they have been getting unquestionably worse. While mega-credit card breaches seem to have been falling off lately, other industries like healthcare, research analytics, and financial services have quickly taken their place. Last year was a record breaker for vulnerabilities and data breaches. We thought that Equifax was about as bad as it could get short of an all-out cyber-war. In light of recent events, that opinion now looks optimistic.

Many Canadians traveling to the US have experienced the frustration of running into a form of address verification. This is a common extra check often used by gas...

In the world of data breaches, it’s not often that we see something totally new. This last week we may just have had such a thing.  Most people are familiar with easily monetized breaches such as those involving credit cards and tax information. Occasional breaches of health information and privacy are also familiar. Rarer are the some of the large breaches like the politically motivated attack linked to North Korea on Sony Pictures, the Ashley Madison shutdown extortion, and the US Intelligence disclosures by Snowden and others. Even rarer are nation state attacks like StuxNet. But the Panama Papers seem different. Breaches of Law firms aren’t unknown but  they also aren’t that notable.