controlgap.com

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Compensating Controls vs Customized Approach. Skimmers, Scammers & Magecart. Payments: Cash. New breaches: Entrust, Twitter users, Okta, Alibaba. New Ransomware, Major outages: Rogers fallout. Follow-ups & Fall-out: $1.2B Didi fine, $350M T-Mobile fine, Zuckerberg. Privacy: tracking war, DHS. Laws & Regs - Canada: Copyright. US: Ransom bans, Anti-trust. Standards: NIST wearables, DevSecOps, HIPPA. Defense - Training & events: Cybersecurity Framework. Tools & Techniques: macro blocking, adversarial patches, microcode decryptor. Vulnerabilities: Roundup! GPS, Confluence, Cisco, supply chains. Patching. Other: ICS, Spectre, IoT, Other: Air-gap. Crypto-research. Cybercrime - Trends: Residential Proxies, WordPress, "Pig Butchering", Phished-in. Crime & Enforcement. Nation States and mercenaries. Other Risks - General: Google oops, Space-canucks. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: PAN Truncation, PIN Key Blocks. Skimmers: Hilton Garden. Payments: $20T. New breaches: Experian? New Ransomware: trends, decryptor. Major outages: Twitter, NJ Internet, Rogers (cont) Follow-ups & Fall-out: Alibaba, Robinhood. Privacy: WhatsApp, Ring, Tor. Laws & Regs - Canada, US, Push payments, World: UK safety & ransomware. Russian breaches. Standards: SP 800-53. Defense - Training & events. CISSP, teaching. Tools & Techniques, Vulnerabilities - Advisories, Zerodays, Patching, EOL, Sage300, macros, WordPress, Browser deanonymization, Crypto-research. Cybercrime - Trends: awareness, not your security firm, fakes. Crime & Enforcement: Politician charged, Vault 7. Nation States and mercenaries. Other Risks - General: Open source, OT. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI and payments: Payments: Liability shift. New in breaches: China 1B PII, Airports, Marriott, 2022 so far. New in Ransomware: AstraLocker, Hive, Hospitals, Major outages: Canada Rogers Internet & phones. Follow-ups & Fall-out. Privacy: Police spyware & surveillance, ICE. Laws & Regs - Canada: ArriveCan, CBSA, employee misconduct. US: TikTok, Facebook, archive.org. World: abuse images, data transfers, cyber-insurance. Standards: Post-quantum cryptography (PQC), PSD3 APIs. Defense - Training & events: Linkedin. Tools & Techniques, Securing Usernames, Apple Lockdown mode, Vulnerabilities - Advisories: IP Theft, Zerodays, Fixes and ZD, Chrome. Patching: OpenSSL, Cisco & Fortinet, NTLM Relay. Other: Warshipping, IDEs, macro non-blocking, Routers, Drones. Crypto-research. Cybercrime - Trends: NPM libraries, Follina. Web3, Twitter spam. Crime & Enforcement: WireCard, $620M crypto heist. Nation States and mercenaries. Other Risks - General: 5g, EVs, COBOL, Acronyms, AI Bias, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI updates: website, ASV, HSM, Card Production. Skimmers. New breaches: ethical hacker gone bad, AMD, guns, not me. New Ransomware: Unemployment, Kubernetes, Norway, Steel. Follow-ups. Privacy: SuperCookies, Google. Laws & Regs - Canada: C-27, C-18, ArriveCAN. US: Cyber-training, open shares. World: when AI kills, crypto AML. Standards: NIST PNT. Defense - Training & events: FISSEA. Tools & Techniques, HaveIbeenPwned. Vulnerabilities - Advisories, Zerodays, Patching, Other: MITRE, Win2012 EOL, MS-AD-oops, UnRar. Crypto-research. Cybercrime - Trends: the unpatched, APIs, Deepfake hires. Crime & Enforcement: wanted, cheating, Nation States and mercenaries. Other Risks: General: locked out of everything, shadow IT, e-voting, PINs. Ai. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI and payments: HSM FAQs. DSSv4 DESV, Payment pages. Skimmers. New breaches: City of PII, Flagstar, credentials. New Ransomware: pretenses, Greens, Automotive. Major outages: Cloudflare. Follow-ups & Fall-out: 25B for sale. Privacy: T-mobile, Brave, Health data. Laws & Regs - Canada: more C-11, Vaccine lawsuits. US: cyber, war-on-crypto, trackers, crypto & AML, DCMA, platform liability, trademarks. World: Clearview. Standards: NSA & NIST. Defense - Training & events: WEIS, RSA & ToB. MFA, Tools & Techniques, Supply chains, Netsec search, IoT, Powershell, Device verification. Vulnerabilities - Advisories: ICS. Patching: Chrome, Oracle. Other: Passwords, Acrobat, Azure, Hertzbleed, NTLM, Mega, Safari, IoT, Daycare apps. Other: Crypto-research: Cybercrime - Trends & Enforcement. Nation States and mercenaries. Other Risks: No-Code, 5G v Starlink, Ai. Microsoft. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields & Yuma Healthcare, Telegram, Palermo. Major outages. Privacy: Twitter, Bluetooth & Wi-Fi, Student spyware. Laws & Regs - Canada: CBSA phone searches, C-11, Crypto regs, Right to disconnect, cigarettes. US: right-to-repair, breach reporting. World: hacking-back, platform liability, message scanning. NSO in court, USB-C. Standards: HTTP RFCs, 5 NIST drafts. Defense - Cyber-skills, Tools & Techniques. Vulnerabilities - Zerodays, Follina, Apple CPUs, Dogwalk, DiagCab. Patching: Chrome, Gitlab. Other: Cloud middleware, U-Boot, Tesla, PyPl/keep. Crypto-research: SSH, Boomerang. Cybercrime - Trends: Follina, Conti, Symbiote, Cracked Ccleaner. Crime & Enforcement: Crypto-thefts, SSNDOB shutdown, 41 phishes. Nation States and mercenaries. Other Risks - General: AI, CitizenLab, Car insurance, Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI and payments: Payments: New breaches: Pegasus Airlines, ACY Securities, Elasticsearch Buckets. New Ransomware, Follow-ups & Fall-out: largest breaches. Privacy: Consumer Trust, Tim Hortons. Laws & Regs - Canada: C-18, C-11. US: ethical hacking, privacy bill, right to repair. World: Crypto-AML. Defense - Tools & Techniques, Vulnerabilities, Advisories: CISA & FDA. Zerodays, dangerous Follina/MSDT, Confluence, Horde, ICS Doh! Patching. Other: Bulletproof TLS, MySQL, web-scraping. Vulnerability research: remote touchscreen control. Crypto-research: Quantum, AES. Cybercrime: Trends: WordPress Plugins, scams. Crime & Enforcement: Disrupting DDoS. Nation States and mercenaries. Other. Other Risks: General: bias, scammers. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Brazil. Skimmers. Payments: New breaches: Nuclear documents, Brexit, GM, Colleges, Toronto. Follow-ups & Fall-out: MGM Resorts, GitHub, NPM. Privacy: DuckDuck, Facial tech, data safety. Laws & Regs - Canada: C-11. US: Disclosure, Twitter, Content moderation, Zuckerberg, Trolls. World: Clearview AI, Privacy Shield, Borderless data, Platform liability. Defense - Tools & Techniques, Vulnerabilities, Advisories: CISA. Zerodays, Patching: Vmware, Zoom. Other: AWS key theft or research? Containers, Forging Australian digital IDs, Phishing infosec. Vulnerability research: Controlling touchscreens remotely, Pre-hijacking accounts, manipulating ML. Crypto-research: RSA, AES. Cybercrime: Trends: Crime & Enforcement: Nation States and mercenaries. Other. Other Risks: General: Health, Safety, Environment, Disinformation, Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI and payments: e-com skimmers. New breaches: Malaysia. Kubernetes, TrustStamp. New Ransomware: Countries, Nikkei. Major outages. Follow-ups & Fall-out. Privacy: You for sale, ID.me. Laws & Regs - Canada: Huawei ban, C-11. US: CFAA abuse, AML settlement. World: cybersecurity reporting, platform liability, Standards: NIST 800-140C/D. Defense - Training & events: Tools: Supply chain framework, Browser password vaults. Vulnerabilities - Advisories: Initial access, CISA Vmware & A/D. Zerodays: what APTs know, Mac, iOS. Patching: partial protection, NVIDIA. Other: Spies in the workforce, e-voting, OAuth, SQL persistence, WordPress, Russian CA? Vulnerability research: Bluetooth relay attack, Tesla. Crypto-research: Post-quantum, Telegram. Cybercrime: MSP attacks. FaceStealer, MSSQL brute force, chatbots, exotic languages. Crime & Enforcement, Nation States & mercenaries. Other Risks: Cyber-insurance, Facebook e-com, CitizenLab on Bing. Health, Safety, & Environment. Disinformation, Economy. Russia v. Ukraine. Innovation and more.