controlgap.com

Welcome to This Week’s [in]Security. This week: PCI DSS 4 Comment Period. New PCI Contactless on COTS standard. EMVco and 3D Secure. A PCI Horror Story. Magecart. Carders. Breaches at top domain registrars, UniCredit (3rd times a charm), Bed Bath& Beyond, Desjardins breach numbers grow. Hall of shame - bank asking for other bank passwords. FB agrees to fine. Several articles on the ups and downs of facial recognition. Textalyzers?! ISPs called out for encrypted DNS lies. Bye, bye Flash!, Small quantum key distribution chip. Experimenting with post-quantum TLS. Delegated TLS credentials. ECC crypto timing attack. General attack on fingerprint readers.Random fail. SMS and Whatsapp hacking. FB sues NSO group. BlueKeep in the wild. Brain hacks. Amazon account fraud using non-Amazon devices. And more.

Welcome to This Week’s [in]Security. This week: Evolving PCI. PCI SSF transition. Online EMV SRC. Windows 7 EOS. EOL OS's getting worse. Magecart. Penny wise-pound foolish. VPN and AV breaches. US Military PII breach. Social media portability. The CASE Act. Robot voyeurs. Alex and Google Home privacy again. SQL magic password malware. Cyber Insurance fail. AES benefits. Quantum shade. Problem visibility and executives. Attribution and nested APTs. The end is near for Windows 7. Facebook probed by most states. Facebook and elections. Is minimal security too expensive? Green tech. Women setting records. Iot again. TikTok and National Security. Data over sound. Halloween! Carbon Capture. And more.

Welcome to This Week’s [in]Security. This week: PCI more flexibility and staying ahead of threats. PCI and AWS. More Magecart. Carders take down carders. Mining social media. Canada Post resetting compromised passwords. ISO Privacy. China requiring facial scans for Internet access. Hiring Catch-22. Canada considering digital currency. MS Advanced Tamper Protection. Expanded bug bounties. Lots of patches. Biometric fails. More ransomware. IoT commodes - really. Bugs in cross platform code cause havoc. Playing with Trolls. Amazon says bye bye Larry. New Math. First all female spacewalk. And More.

Welcome to This Week’s [in]Security. This week: Millions of Magecart skimmers. Payments and disabilities. Anti-fraud scanner. Breaches and leaks: Russian ISP, New Zealand, Alberta Health, TransUnion. Face recognition, the war on encryption, FBI abused access to NSA data, high res selfies and stalkers. CA Deep-fake law, NY SHIELD Act, US-UK CLOUD Act, DMCA challenges. NIST key management and lightweight crypto updates. NIST and FIPS-140-3 (not a typo). SIN/SSN Alternatives. Ignorance of the Law. Ransomeware keys. Prioritizing patching. Copy and paste coding fails. More on bypassing 2FA. VoIP espionage. Sowing division. Quantum update. Sketchy SSD encryption. Free cryptography CPEs. Breaking encryption via the RNG. Canadian banks and 2FA. Vaping and cancer. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: Big changes coming in PCI updates to DSS, P2PE PA-DSS/SSF. First PCI SPoC solutions. New Control Gap service offerings. New Magecart tactics. Breaches: 400M medical records, DoorDash. Breach updates on Dunkin, CafePress. 69K Facebook apps suspended. NIST privacy and zero trust. GDPR and Blockchain. California's privacy law. Right to be forgotten. Forensic transparency. Cost of fraud. Malicious RDP. Blocking malicious attachments. Ransomware tools. Pen-testers redirected to FBI site. Vaccines. Quantum milestone. Trade tools. Youtube 2FA bypassed. Visualizing an APT. New widespread SIM card attack. Fighting deep-fakes. And more.

Welcome to This Week’s [in]Security. This week: Big updates from the PCI Community meeting including DSS 4.0, P2PE 3.0, and Software Security. Lots of breaches. 8 cities via Click2Gov, Magecart revival and hotel booking sites. Equador (yes the country). Facebook suspends thousands of apps. FBI National Security letters and back-doors. New Mitre CWE top 25. Faster Wi-fi. Elections. AI fighting card fraud. Microsoft breaks defender. More bad Android apps. Fitbit catches up murder. Sentencing and sanctions. Russian's read FBI encrypted comms. Gene manipulation gone wrong. Crown Sterling demo flops. The climate , carbon footprints, and nukes. And more.

Welcome to This Week’s [in]Security. This week: PCI SSF & SSLC Reporting Templates. PIN Technical (mandatory) FAQ update. Photographic memory breach. 200M+ in DealerLeads, Verizon, and Monster (jobs) breaches. Hospital pager PHI leak. Facebook and sex. Widening the encryption debate. Canada Cyber Safe? Copyright take-down backfires. Every state is investigating Google. Web scraping legality. Cyber skills gap. SD-WAN security. Encrypted DNS. Cyber insurance. Snake-oil indicators. BlueKeep is out there. Flashlight apps really? NetCat side channel attack. SIMjacker. Monetizing IoT attacks. RDP , passwords, and ransomware. Damaging the power grid. Spies. ATM EMV cash-out. Vanishing payroll. Interesting Crypto conference take-aways. Pentesting gone wrong. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.