controlgap.com

Welcome to This Week’s [in]Security. This week: Thinking ahead to PCI DSS 4.0, HSM vulnerabilities, breaches at 4 universities,TechData, Symantec and Evernote breaches, what Equifax broke, Canada investigates US boarder services breach, AMCA lawsuits, Ring Doorbell surveillance network, permission for facial recognition, false compliance claims punished, incomprehensible privacy policies, NIST updates, hacking back law revisited, Return of Data, radiation hardening, finessing windows updates, RAMBleed steals 2048 bit private key, multiple IoT problems, Gmail calendar exploitation, more flawed 2FA keys, Intel NUC firmware vulnerability, a tale of two newly exploited cities, Citizenlab's stalker-ware report, the future of HaveIBeenPwned, Cyber-security and Real Estate, Zuckerberg deep fake, risks to the planet, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: a quiet week for PCI, RDP MFA bypass, make SSNs public, AMCA (Quest, LabCorp, OPKO) breach, Data Protection Authority exposure, privacy and politics in Canada, 33% of breaches caused by 6% of bugs, impersonating doctors, rescuing vulnerable crypto-currency, Baltimore and Norsk Hydro, how Apple finds offline things and more.

Welcome to This Week’s [in]Security. This week: PCI SPoC/MSR and Contactless COTS updates, more POS malware strikes, the new encryption wars, Windows update problems , Bitcoin's quantum vulnerability, wormable medical devices, dumb smart locks, multiple breaches and leaks Marriott and others, Canva, Theta360, medical info, Amazingco, a law society, Flipboard, Facebook looses lawsuits against investigations, covering up breaches, ProtonMail and Snapchat privacy, States have no privacy obligations, alternatives to passwords, fixing GPS, Baltimore, Ottawa, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week:  P2PEv3 comment period, new FAQ on alternate password controls, Magecart skewers 3 more big fish, Panama and Australia largely breached, Equifax breach cost update, Facebook again, GLBA to mandate pen-testing, more Intel flaws, XP patched again, scary WhatsApp exploit used in the wild, SHA-1 attacks improved, the value of an IPv4 address, Bluetooth risks, landing navigation can be hacked, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: a quiet week for PCI, rethinking cashless stores, large PII leak in India, Samsung projects exposed, more on what Alexa records, new laws for credit reporting agencies, the end (of passwords) is near, encrypted TVs, cookie overhaul, never claim something is unhackable, SAP vulnerabilities, Russian S-boxes, 3 AV companies breached, Evil Clippy, Exchange backdoor, bombs trump hackers, another crypto-heist, hunting supply side hackers, Windows with GPL'd Linux kernel, future relics, UBI, Helium, fixing the climate and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI expires older HSMs, unknown 80M record PII db exposed, 200 more Magecart victims, lawsuits over breaches, privacy violations, and financial services. Warrant-less border searches, legal battles over compelled unlocking, NIST and FIPS 140, faster patching, block-chain identity, no longer made in China, Firefox certificate glitch disables add-ons globally, low tech scam nets high tech victims, dark web take down, the IRS gets their hacker, security mindsets, killer asteroids, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI : Software Security Framework update, contactless hiccups, Breaches: Docker,, Pennsylvania PHI, Emcare, Atlanta Hawks , Bodybuilding.com, Wi-Fi hotspots db, $4.7M hard-drive, Facebook may now have to pay the piper, credit card updaters, creepy targeted ad tech, Qualcomm chips vulnerabilities, Internet Security Threat Report, cybersecurity “Exercise in a Box”, DoH is coming, Windows dropping password expiration, Microsoft Visual Studio malware, newer POODLE variants, analysis of CARBANAK malware, defeating facial recognition, another cryptocurrency scandal, Etherium’s blockchain bandit, spearphishng government money, Formjacking/Magecart, Algoma Public Health ransomware, risks of shadow IT, the hamburglar, Apple sued for $1B over racial recognition fraud, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI Card Production program updates, Wipro outsourcer supply chain breach,new Equifax regulatory reporting, more Facebook misbehavior, Sidewalk labs sued, Google location data warrants, muting home assistants, old school photo booths and the Internet, EU's SCA for e-commerce, NIST mobile app security and lightweight cryptography, banned payment processor, the mother of all bad password lists, Oracle patches, Kaspersky, Huawei, & Iranians (oh my), and much more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI quiet, the future of card numbers, multiple breaches including AeroGrow card data, 500M resumes, university &, government pension PII, more Facebook data, Airbnb hidden cameras, Facebook demanding passwords to emails, political campaigns and PII, money laundering, France tripped up on own fake-news law, law that could jail tech executives, Zuckerberg's troubling ideas for regulating the Internet, recovering photos from wet iPhones, bad apps, fake cancer, GPS rollover, report on mass GPS spoofing, Mexico's ATM skimmers, cyber-crime Facebook groups, arrest at Mar-a-lago, boarder harassment, when the magic AI box breaks, lock-picking, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.