controlgap.com

Welcome to This Week’s [in]Security. This week: PCI 2019 priorities, Kubernetes and PCI, card breaches at more restaurants, breaches at Toyota, medical cannabis, and 1B marketing data emails , Hospitals broadcasting PHA over insecure pager network, Toronto Stingrays, don't fall for 'birth year' or 'Florida Man' scams, the EU's PSD2 impact, NIST's usable cyber-security, Huawei's poor software practices, Asus auto-updates malware, Commando VM pentest platform, security vendor BS, data mining junked Tesla's, more crypto-currency thefts, Mexican bank heist, space junk, election tampering, outsourcer cost-cutting, and more.

Welcome to This Week’s [in]Security. This week: NIST FPE update may render some deployed solutions weak, NIST formalizes TDES sunset, Magecart breaches at MyPillow and Amerisleep, stalkerware exposes spied data, Facebook storing plain-text passwords, 100K GitHub repositories exposed API and cryptographic keys, DHS client breach, FEMA overshared PII with contractor, more credential collections, Gearbest breach, motel spycam arrests, TLS middle-boxes, Google fined, did Facebook learn anything from the CA scandal, MySpace fumbles, the immutable Blockchain vs unstoppable laws, Boeing 737 Max investigations, FUD and sales, the risks meteors, CMEs & SPEs, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: Citrix, Ixigo, and a Chinese breach, the "creepy assignment", skepticism over Facebook's privacy shift, Windows now undoes bad fixes, IoT legislation, Bitcoin double spend, a deep dive into POS malware, Internet voting, and more.

Welcome to This Week’s [in]Security. This week: PCI DSS 4.0 begins its journey, debates on cashless and contactless payments, 2018 data breaches up by over 4x , policy and cyber risk disclosure, breach followups, another mega breach of contact information, what's Facebook up to, more undisclosed microphones, NIST updates, NSA's reverse engineering tool opens up, Equifax fumbles again, a new class of firmware attacks, more IoT, several zero-days in the wild, bots, big data, echo chambers, behavior prediction, and more.

Welcome to This Week’s [in]Security. This week: detailed alert on trending e-commerce attack methods, PCI glossary for small business, PCI seeks input on SPoC MSR, large surveillance db leak, watchlists exposed, many NIST announcements, FPE update, patent on opting-in, fix-it-already project, fighting fake news with MetaFact, fighting trolls in the midterms, USB-C Thunderbolt risks, a slew of bugs, SuperMicro vulnerabilities used to pwnd IBM cloud servers, Comcast and Kanye West have nothings in common, financial group undermining TLS 1.3, Quadriga's empty cold-wallets, Marriott's GDPR liability, moderator PTSD, carbon sequestering, the solar system gets bigger, and more.

Welcome to This Week’s [in]Security. This week: PCI PIN program gets moving, POS breach, credential stuffing TurboTax breach, breach fallout, secret cameras everywhere, Facebook and the Healthcare apps, Facebook lawsuit emails, defecting politicians taking parties PII data with them, Twitter DMs live forever, Facebook's US fines could be billions, Facebook spying on competitors, MS killing SHA-1 for updates, catfishing, very old bugs in WinRar and WordPress, Spectre is here to stay, more Magecart and supply chain attacks, Splunk unexpectedly leaves Russia, and original Enigma machine, and synthetic DNA.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI PIN and 3DS-SDK reporting templates, new RFC process, EMV still cutting fraud, breaches at Instagram and Facebook 3rd parties, breaches at CoffeeMeetsBagel, 500px, Eyeem, and more. Privacy-not-included list updated for Valentines day. More tech company scrutiny. US GDPR a step closer? Password hashes cracked much faster, massive Japanese mobile payment app fraud, suing Apple over 2FA, and more.

Welcome to This Week’s [in]Security. This week: best practice for DSS assessments, crypto-currency CEO dies with only password to $190M, breaches at Houzz, Rubrik, Huddle House, and more, US carriers selling location data again, is Facebook getting serious on privacy, cryptography for slow phones, new TLS attacks, banks and anti-money laundering operations targeted, block-chain hype and trust, and more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: New PCI Information supplement, Updates on SPoC, and Secure Software Framework, PwnPOS alert, More mega-breach collections, HIV and banking breaches, Apple hid a major breach, Apple punishes Facebook over naughty research app TOS violation, In Japan all your IoT belong to us, LIFX insecure smart bulb, more IoT insecurity, just clicking a link isn't probable cause, NIST extends feedback periods, Post-quantum crypto updates, Automatic bug detection and patching at scale.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

Welcome to This Week’s [in]Security. This week: PCI Qualified PIN Assessor (QPA) program, FAQ updates, ElasticSearch db leaks 24M mortgage records and 70K shopliffters, Google gets $57M GDPR fine, multiple GDPR investigations, phishing quiz, widespread DNS hijacking, challenges and case law about the right to be forgotten, accessibility and the law affects apps, Breach law updates, trademark fights, law enforcement tech, Russian email trove, reply-all-avalanches, and more.