controlgap.com

Posts about:

github

[in]security, breaches, McDonalds, github, Zenga, NFT

This Week's [in]Security - Issue 263 | insecurity | Control Gap

Apr 17, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI related: New breaches: disclosures, source code, Queen's University, McDonalds. New Ransomware: persistence, Zenga, Snap-On Tools, Nordex. Follow-ups & Fall-out: GitHub oauth, T-Mobile, Rideau Hall, hospital lawsuits. Privacy: Webex, De-anonymizing Bitcoin, Data brokers. Laws & Regs - Canada: Harms, Online News. US: Facial Recognition. Defense - Training & events: PCI, IEEE, NICE. FSP, Certs. Tools: SLSA, Autopatch, Purple. Vulnerabilities, Advisories: CISA. Zerodays: Microsoft, Nginx. Patching: Chrome, Vmware, Cisco, Windows, Struts. Other: 80%, ICS, Cloud, NFT. Vulnerability research: FrozenHeart/Zero Knowledge, Hospital bots. Crypto-research: QIST & quantum attacks. Cybercrime: Trends: payment apps, customer support, fake jobs, botnets, text scams. Crime & Enforcement: Ottawa, RaidForums, unethical. Nation States and mercenaries. Other. Other Risks: General: Trusting AI, Governance, Self-drive & cops, Snake -oil. Health, Safety, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

payments, [in]security, Cybercrime, pci, breaches, github, DCMA, deadbolt

This Week's [in]Security - Issue 260 | insecurity | Control Gap

Mar 27, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: DSSv4 update, Training & events: Quantum Cybersecurity. New breaches: Okta & Microsoft, Hubspot, Morgan Stanley, Argentina's Senate, Nestle? New Ransomware: Conti decryptor & source, performance cook-off, Bridgestone & Toyota, NRC, Deadbolt, No honour … Major outages: GitHub. Privacy: Data brokers, Ads, stalking, proctoring, Amazon, oops. Laws & Regs - Canada: Oversight, M&A. US: Kaspersky & Chinese Telcos. Digital licenses, DCMA abuse. World: US/EU Data, app store. Standards: NIST ciphers. Defense: Tech alone isn't the answer, software pipelines, RNG, social media, AI bias, Finland. Vulnerabilities, Zerodays: Chrome. Other: CISA alerts. Sophos, printers, Delta Energy Mgmt, libsox, Honda Civics. Patching: Firmware, Carbon Black, MyCloud NAS, MS Bluetooth. Crypto-research: e-voting. Cybercrime: Trends: Browser-in-browser, Azure/NPM, Protestware. Nation States and mercenaries: Russia, China. Crime & Enforcement: theft & fraud, charges, arrests, sentencing, DNA. Other Risks: The un-apped, National Security, photo-radar, Disinformation, Health, Safety & Environment. Russia v. Ukraine. Innovation and more. Qubits.

CG Blogger

COVID-19, [in]security, Magecart, SANS, github

This Week's [in]Security - Issue 240 | insecurity | Control Gap

Nov 7, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Non-Compliance Lesson #2, Big FAQ update, PAX/WorldPay/FBI update, magecart. New breaches: Waiting for QC, Shooting the messenger, Surveillance, VPN users. New Ransomware: Evolving tricks, NL Health. Follow-ups & Fall-out: Missouri. Privacy: Phone metadata, tappigraphy, Data Privacy Protocol, 1B deleted facial images. Laws & Regs - Canada: Bill C-10, Ontario utility data, Citizen Lab. US: FISA, LEA requests, Spyware sanctions, Bounties. World: Threatening open source, Toothless fines? Standards: EU-US. Cyber labelling, Critical Infrastructure. Defense: Pwn2Own & SANS CTF, Simulation Game. Cloud VA, Security MVP, Bloom Filter Searching, ZeroTrust. Vulnerabilities, Zerodays: Other Vulnerabilities: CISA 300 patch list, APIs, More on Trojan Source, Web Assembly, Github & NPM supply-chain - coa, rc, Cisco SSH key, non-enterprise IoT. Cybercrime: Trends: Rootkits, password spraying, GitLab, Office & Exchange. Nation States. Crime: Anti-ransomware actions, SIM & BEC arrests, Squid-scam, fraud. Other Risks: Trolls, Ethical AI, Skynet? buzzwords, meta-FOMO, Open Source Risks, Cert meltdowns, Yahoo leaves China, economy. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Compliance. And more.

CG Blogger