controlgap.com

Welcome to This Week’s [in]Security. PCI and payments: PCI & Ransomware, 3DS RFCs, PCI Halloween, AI shoulder surfing, Rapid Dispute, V-cards, UP Express. New breaches: Argentina!, CoinMarketCap, Durham police. New Ransomware: New Ransomware, Challenges, Revil (Strikeback), BlackMatter. Follow-ups & Fall-out. Privacy: ISPs, Alexa, Lunch Money. Laws & Regs - Canada, Online Harms. US: Export restrictions, Sanctions & Crypto, Notifications, Supplychains, Missouri, Facebook, World: GDPR bypass. Standards: NIST KDF, HTTPA. Defense: Detection, Blackhat, L0PHTcrack, Win11. Vulnerabilities, Zerodays: Apple. Other Vulnerabilities: Chrome, CVEs, MFA, Chinese hacking contest, Kerberos, DCOM, Gummy Browser attack, Tesla, Health Apps. Cybercrime: Trends: Fake pentest contracts, more fakes, Discord, Microsoft, Buggy malware, Obfuscation, NPM JavaScript, Youtube. Nation States. Crime: $35M deepfake heist, no honor among thieves, jail. Other Risks: IoT, third-parties, economic supply-chains, bias, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

Welcome to This Week’s [in]Security. This week: PCI PIN and 3DS-SDK reporting templates, new RFC process, EMV still cutting fraud, breaches at Instagram and Facebook 3rd parties, breaches at CoffeeMeetsBagel, 500px, Eyeem, and more. Privacy-not-included list updated for Valentines day. More tech company scrutiny. US GDPR a step closer? Password hashes cracked much faster, massive Japanese mobile payment app fraud, suing Apple over 2FA, and more.

Welcome to This Week’s [in]Security. This week: PCI Qualified PIN Assessor (QPA) program, FAQ updates, ElasticSearch db leaks 24M mortgage records and 70K shopliffters, Google gets $57M GDPR fine, multiple GDPR investigations, phishing quiz, widespread DNS hijacking, challenges and case law about the right to be forgotten, accessibility and the law affects apps, Breach law updates, trademark fights, law enforcement tech, Russian email trove, reply-all-avalanches, and more.

Welcome to This Week’s [in]Security. This week: PCI's new Software Security Standard and PCI's new Software Security Framework, huge collection of compromised emails and passwords, using GDPR to go after tech companies, warrant needed to compel biometric access, hack a Telsa for profit, airline PNRs at risk, more IoT problems, even more Magecart, Payroll diversion BEC, $1.7M average breach cost, big game ransomware, DNA accuracy, proof AI can't solve everything, and three technologies to fight climate change.

Welcome to This Week’s [in]Security. This week: PCI compliance rates falling, DNA site breach of credentials, Jira AWS leak, IoT security regulation, problems with corporate auditing, DHS creates CISA, more Facebook fallout continues, new FACEbook security bug, ironic GPDR plugin compromised, Meltdown and Spectre-palooza, ATM hacking, a plague of  Magecart compromises,  new AWS security controls, browser add-ons and content security policies (CSP), swatter gets over 20 years, and ballot design issues.

Welcome to This Week’s [in]Security. This week:  Facebook's terrible week - 1 tiny step forward and 3 major leaps backwards, highlights from the annual PCI meeting, the 2018 Verizon Payment Security Report,  welcome to the twice breached club, GDPR and British Airways, Uber fined, California's IoT law, 762 bit number factored, and Visa's Certificate Authority is in trouble.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news, opinions, and research. Quickly skim these annotated links...