controlgap.com

Welcome to This Week’s [in]Security. This week: PCI: more case studies and key blocks pt-3. More Magecart and click-jacking. Breaches: Imperva, Foxit, and MasterCard Germany. Privacy: bananas and credit cards, warrant-less GPS trackers, Ring doorbells and the police. More on the crypto-war debates. Denied entry to US based on other people’s social media. Facebook wins a ruling. Crime & jurisdiction in outer space. NIST updates: TLS and Supply chains. TDE key rotation. MFA 99% effective. Deep dive into iOS exploit chains. Lost Facebook private key signing apps in the wild. Ad malware infects Cam Scanner. Open wide and say ransomware. Back to school with ransomware. iPhone and Android watering hole attack going on for years. Twitter CEO's account compromised. Malfunctioning voting machine flips votes. Controversial encryption. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI releases new PIN technical FAQ document. Payment Security opinion. Breaches at PokerTracker, MoviePass, Hostinger, an adult website, MasterCard's Priceless Specials loyalty program, US and Canadian healthcare providers. Forced password resets don't always mean your provider was breached. Hy-Vee breach cards up for sale. No privacy left. Telegram cracked. Privacy placebo. Backdoor legislation. Courts rule on border searches, patent trolls. Broken privacy shield. NSA firmware protection. Foiling BEC. Cyber-insurance. Vulnerability monopolies. Nest cam leaks. Disabling cars. Lenovo insecurity. Webmin hole. Worsening supply chain attacks. Ransoming Texas. Vulnerable and fake VPNs. Kubernetes DDoS. Astronaut hacker. A world without the Internet. Vaping death. Banned from US for CBD oil. Age appropriate cyber-security education. And more.

Welcome to This Week’s [in]Security. This week: PCI more on Key Blocks and some case studies. Breeches: Hy-Vee, Choice Hotels, State Farm, dating apps. Followups on Capital One, Equifax, AMCA, and First America. What may be the first mega breach of biometric data. Privacy commissioner on what to do if breached. Regaining trust. Facebook had people listening in on messenger calls too. NIST and cyberbudgets for small companies. Facebook biometric lawsuit. DEFCON is done and there are lots of new vulnerabilities and defensive techniques. Cybersecurity as practiced by experts and regular people. Google phasing out android passwords. Protecting 100M Lines of code. Escape room recruiting. Instagram 'fake' buttons. A skimmer detector. Ancient and horrible Windows CTF vulnerability. Browsers dropping XSS protections. EV certs. No honor among thieves. Sonic-Attack. Vanity plate risks. Brexit shortages. Stopping mass shooters and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI - the first listed SPoC solution, DSS v4 development. PCI, Visa, and Retail & Hospitality ISAC coordinate Magecart security alerts. Bypassing Visa contact-less limits. Capital One - 106M record cloud breach, arrest, analysis, investigations, and lawsuits. Breaches - CafePress, Mexican bookstore, POS supply chain, Amazon cloud backups, Honda, FormGet, ambulance and police services. Equifax short cash for payouts. GDPR used to breach GDPR. GDPR revenue impact. PSD2 and e-commerce. EU companies on hook for FB likes. The "going Dark" debate rages. Encryption in space is hard. Abusing the Blockchain. Vulnerabilities - small planes, DSLRs, more Spectre, SCADA, WPA3, Qualcomm-Android, 40+ Windows drivers, 200M IoT devices. No open instant message malware. Mobile carrier insecurity. Selling and buying insecure kit. War-Shipping. Pseudoscience social media risks. The TSA finds a missile launcher in checked luggage. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI: SSF FAQ document, Contactless COTS comment period, CPEs. Breaches: QuickBit, Robinhood. Breach followups: Citrix, Facebook, Equifax, AMCA. 2019 Breach Cost Study. Netflix film on Cambridge Analytica. Anonymization fails, changing the the encryption backdoor debate, fooling an anti-malware 'AI', weak AES keys, election security, Observatory for Internet Abuse, detecting fake images, the Cybersecurity Visuals Challenge, payroll phishing, a new look a the climate change problem, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: what's the minimum for PCI, PCI-NIST mapping, more Magecart, payment card fraud on ApplePay and Interac, lifetime breach protection, changing SINs, breached: Amadeus airline services, AavGo hotel services, Bulgaria, Sprint/Samsung, Lenovo storage, 62 US colleges, Desjardins followup, 220M+ more compromised credentials, Equifax nears $700M settlement, mass Slack reset, Kazakhstan intercepting HTTPS, more motherborad vulnerabilities, NIST on TLS certificates, Master keys for GrandCrab ransomware, Russia's FSB exposed through 3rd party, Face morphing app controversy, literally a killer app, $45B lost to cyber attacks, LinkedIn phishing, mass shooting common factors, safer programming languages, cyberlaws in conflict, AirDropped terrorism, swarming Area 51, the Moon landing, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI on key blocks and new password management, massive Magecart AWS infection, FTC to fine Facebook $5B. Breaches at Fieldwork Software (cards), GE aviation, and Maryland Department of Labor, and a mega mongo 3rd party breach. Creepy Google Home. Election security. What does password-less mean? CPEs, More IoT nonsense. Hijacking USB dongles, security problems in Android libraries, multiple ransomware attacks and responses, Spotify appears to have a fraud problem with debit cards, espionage, trade secrets, copyright and stock photos, cyber incident impacts, CEO's and board level security, widespread outages, space risks, economic risks, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI is quite, ATM and payment app crime, record £183M GDPR fine for BA, massive smart home vendor records leak, de-anonymizing data, online fingerprinting , ISPs dislike DoH, secure power grid initiative, NIST VPN and TDEA/TDES updates, space tech risk, D-Link FTC settlement audits, Zipato’s smart hub IoT door lock failure, China puts secret app on tourist phones, Ubuntu hacked, Facebook account purge, push back and risk of Facebook's Libra Coin, Crypto-currency manipulation, courts and forensic firm hit by ransomware, ransomware firing, the strange case of Cisco gear with Huawei certificates, Blockchain hype, more evidence Blockchain is not eco-friendly, more Boeing pain, mushrooms and sleeping pill risks, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: Major update on PCI SSF and SLC standards, Magecart, POS malware, ATM shimmers, 300M EA Games breach, Attunity AWS breach, Desjardins insider breach, cloud breaches at PCM, Fujitsu, Tata, NTT Data, Dimension Data, CSC and DXC, 10 years breached Equifax CIO jailed, everyone's spying: NSA, MySpace, and Spanish Scoer League, ballot security, NIST IoT, NTS (Secure Time), DoH, Huawei full of holes, NASA Pi hack, 10 years vulnerable, multiple nation-state hacks, more ransomware, multiple crypto-currency frauds and hacks, USB-sniffing dogs, Perception gaps, Boeing's terrible week, logic puzzles, the world's largest human Maple Leaf, and more.

Welcome to This Week’s [in]Security. This week: PCI PINv3 key blocks, PFI program updates, payment terminal inspections, Desjardin insider theft, DHS breach, prosecutors expose underage victims, pre-owned Nest Cam's pwned, AMCA breach leads to bankruptcy, a web hosting company has been charged along with the operators of a massive child-porn operation, Knowledge-Based-Authentication (KBA) is now officially dead, $1.5T lost in a decade of US breaches, a batch of NIST drafts for comment over the last few weeks, Big Data, surveillance, and drone privacy, US and APTs hacking the grids, Facebook-coin, quantum safe crypto, Mongo encrypts, Google goes with commutative encryption, TV-AV, the impending worm, QuadrigaCX crypto-fraud, do we really need digital license plates, C programmers being bitten by undefined behavior, a real life Iron-Man suit, and more.