controlgap.com

Posts about:

[in]security (7)

GDPR, COVID-19, MFA, Ransomware, Revil, [in]security, Crypto

This Week's [in]Security - Issue 238 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: PCI & Ransomware, 3DS RFCs, PCI Halloween, AI shoulder surfing, Rapid Dispute, V-cards, UP Express. New breaches: Argentina!, CoinMarketCap, Durham police. New Ransomware: New Ransomware, Challenges, Revil (Strikeback), BlackMatter. Follow-ups & Fall-out. Privacy: ISPs, Alexa, Lunch Money. Laws & Regs - Canada, Online Harms. US: Export restrictions, Sanctions & Crypto, Notifications, Supplychains, Missouri, Facebook, World: GDPR bypass. Standards: NIST KDF, HTTPA. Defense: Detection, Blackhat, L0PHTcrack, Win11. Vulnerabilities, Zerodays: Apple. Other Vulnerabilities: Chrome, CVEs, MFA, Chinese hacking contest, Kerberos, DCOM, Gummy Browser attack, Tesla, Health Apps. Cybercrime: Trends: Fake pentest contracts, more fakes, Discord, Microsoft, Buggy malware, Obfuscation, NPM JavaScript, Youtube. Nation States. Crime: $35M deepfake heist, no honor among thieves, jail. Other Risks: IoT, third-parties, economic supply-chains, bias, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, [in]security, Skimmers, ATM, WordPress

This Week's [in]Security - Issue 237 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Global Community Forum, Technical FAQs, ATM skimmers. New breaches: Brazil's Hariexpress, Missouri Teachers, Verizon/Visible, Student SSNs from 1957, Acer, Thingiverse & 3D Printers, Playbook, Accenture. New Ransomware: Payouts surge, Water plants, Olympus, Banks. Analysis. Major outages: MS DDoS, Snapchat. Follow-ups & Fall-out: Privacy: Client-side scanning backdoors, Facebook AI, Android, Gaggle, 7-11, Real faces. Laws & Regs - Canada, US: Border warrants, TSA cyber regs, Whistleblowers, Fake reviews, Responsible disclosure, lawsuits, World: privacy, anti-ransomware, domain registration, biometrics, DDoS. Standards: IETF & Cloudflare. Defense: credentials revoked, tools, techniques, products, zero-trust. Vulnerabilities, Zerodays: iOS, Windows. Other Vulnerabilities: infrastructure, certificates, WordPress, Open/Libre Office, IPTV Rickroll, NFT, password research. Cybercrime: Trends: Stealing OTP, Aircraft maintenance, HTTP probes, Ad injector, Nation States. Crime. Other Risks: critical thinking, plain speech, complexity. more FB AI failure, great resignation, crypto. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Compliance. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 236 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: PTSv6.1, Interac & SecureKey, Non-compliance! Supply-Chain Backdoors: Big-Hacks: Syniverse (text messages), Everything Twitch, Pandora. New breaches: The Telegraph, BrewDog, Fantasy Football. New Ransomware: Confluence. Major outages: Facebook, Instagram, WhatsApp. Follow-ups & Fall-out. Privacy. Laws & Regs: Canada, US, World. Defense. Vulnerabilities, Zerodays: Apache. Other Vulnerabilities: Surveillance, Android, macOS, Reading CVE's. Air Gaps, Yamale, Honeywell, cams. Cybercrime. Trends: UEFI Bootkit2012, Spam, German stats. Nation States. Other Risks: Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, NIST, TLS, [in]security, P2PE, Bitcoin ATM, SSF

This Week's [in]Security - Issue 235 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Remote Assessment, PA-DSS/SSF transition. CPE Maintenance, P2PE v3.1, PIN Program, Technical FAQ, DSS FAQ, Neiman Marcus card breach, ApplePay/Visa Express Travel vulnerability. New breaches: Meet the Pandora Papers (Remember the Panama Papers?) , Linkedin Scrape (126M), Barclays, Portpass & Sask QR vaccine apps, GrupoGSS. Mult-party breach impact, New Ransomware: Human-operated ransomware. Follow-ups & Fall-out: Fatal ransomware, Clubhouse, Facebook data collection (3.8B), Dallas Police, Epik. Privacy: android location tracking, pandemic privacy. Laws & Regs: Canada: vaccine passports. US: 4th amendment. World: Russia. Standards: NIST updates, drafts, papers, news. Defense: Webinars, Webinars. CISA. Tools, email, DMARC, TLS 1.3, Tokenization vs. Encryption, Tracking crypto, scambaiting. Vulnerabilities, Zerodays: Other Vulnerabilities: 5G apps, after patching, OWASP 2021, AirTags, Azure, MS MFA, Elastic Stack API, Autodiscover, vCenter. University Wi-Fi, Bitcoin ATMs, Cybercrime: Trends: OTP bots, Fake Pegasus defense, GriftHorse SMS fraud, FinSpy, FoggyWeb. Nation States. Crime: Other Risks: Domain Names, Outsourced, Misinformation, Lying AI, Bulletproof TLS, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Ugly; And more.

CG Blogger
Read More
COVID-19, IoT, NIST, Revil, [in]security, Cybercrime, Crypto, Magecart, OWASP, VoIP, zeroday

This Week's [in]Security - Issue 234 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Remote assessments, magecart. New breaches: Thai visitors, Event Builder, Exchange. New Ransomware: Alert, Exabyte. Major outages: voip.ms, Trello. Follow-ups & Fall-out: Revil FBI Sting & backdoor cheat, Epik. Privacy: Amazon, Ant, creepy? QR, ewwww! Laws & Regs: Canada: US: Infrastructure, Facebook, Warrants. World: China bans crypto, Huawei, USB-C. Standards: CISA IPv6, NIST drafts. Defense: SSNs, AppSec, Quad, Ransomware action, Medical IoT, passwordless, tools, Cyber-insurance, Autodiscover, Bug bounties. Vulnerabilities, Zerodays: record zerodays, IoT, IoS, MacOS. Chrome. Other Vulnerabilities: OWASP update, API credentials, Ryzen, hack a mainframe demo, OpenOffice, Cisco, smartphones, Nagios, VMware. SonicWall, Routers, ROT13-NG. Cybercrime: Trends: Nation States. Crime: Mafia, DeFi, undone. Other Risks: Quantum Risk, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 233 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Crypto-agility. New breaches: Wearable aggregator megabreach, Epik, Walgreens, Indonesian Intelligence Agency, multiple healthcare. New Ransomware: Threats. Follow-ups & Fall-out. Privacy: Re-identification, FTC privacy bureau. Laws & Regs: Canada: Copyright. US: Crypto-exchanges, Facebook, location warrants. World: GDPR, Assistance requests. Standards: NIST Machine Learning. Defense: Passwordless, OpenSSLv3, Android. Zoom, Design, Trolls, Kali. Vulnerabilities, Zerodays: Apple, Windows, Chrome, Azure OMIGOD, IBM. Databases, Citrix, Windows EOL, WSL, Laserfiche Ad Porn, WordPress, Drupal, WooCommerce, Travis CI, SSID stripping, Apple Cloudkit, SpookJS, RSA variant. Cybercrime: What's exploited, Multiple zerodays, Open redirects. Crime: Other Risks: Ethics, DNS, moderation, WFH, facial fakes. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Ugly; And more.

CG Blogger
Read More
NIST, [in]security, OWASP, McDonalds, Pegasus

This Week's [in]Security - Issue 232 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: Back-to-Basics. Dotty's & NRS. New breaches: Fortinet, UN, Tesla, Israel, Morocco, Singapore, McDonalds. New Ransomware: ReVil, Afghanistan, Russia, Follow-ups & Fall-out. Espionage vs. breach? Privacy: WhatsApp, smart-dumb-glasses, Ear-buds. Laws & Regs: Canada: US: Epic v. Apple, Ransomware disclosure. World: Crypto-wars. Standards: NIST. Defense: Webinars, Webinars. Cooperation, quantum RNG. Vulnerabilities: MSHTML zero day, OWASP #1 in 2021, Node JS, Netgear. Cybercrime: Trends: Canada, Pegasus. Nation States. Crime: Other Risks: Connected-to Service Providers, Facebook, Cables, Proton Mail controversy, Elections, IPv6, Health, Safety & Environment: CO2 capture, Batteries, Fusion, Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 231 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI: 8-digit BINS, Back-to-basics, Controlling Scope, POS breach. New breaches, New Ransomware: food, agriculture, hospitals, holidays, bandwidth, partial encryption. Follow-ups & Fall-out: Bangkok Air, solarwinds, Dallas Police, Juniper. Privacy: Apple photo-scanning, DNA Collection, Tattleware, Browsers. Bluetooth headphones. Laws & Regs: Canada: Covid class actions. US: Software Copyright, AI Inventors, Clearview. CMA Reform, WhatsApp fine, Apple Store, China's kids. Standards: NIST Telehealth, integrity. Defense: People, VPN audit, Downloads, APK Downloader. Vulnerabilities: CISA warns of 1FA, BrakTooth, AS-REP Roasting, Cisco, OpenSSL, STARTTLS, Trains, GitHub Copilot, NPM pac-resolver, WordPress, QNAP, WhatsApp photos. Fortress Home Security, Linphone, Vaccine Passports, Quantum Crypto & Key generation. Canonicalization Attacks. Cybercrime: Trends: Nation States. Crime: Off-boarding? Gift-cards, Banksy, Other Risks: Gut Instinct, digital advocate, Cryptographic voting, Windows 11, War-surplus. Misinformation, Health, Safety & Environment: Ida, Virgin Galactic, PHAs. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, OpenSSL, SSF, VPN

This Week's [in]Security - Issue 230 | insecurity | Control Gap

Welcome to This Week’s [in]Security. SSF faqs, firewalls, Storing CVV. New breaches: Microsoft Power Apps: IndiaMart, Imavex. New Ransomware: Ragnarok shutdown, FBI alerts. Major outages: Record DDoS, TSYS, OneDrive. Follow-ups & Fall-out: T-Mobile, Poly, SubaGames, Eatigo. Privacy: WFH surveillance. Laws & Regs: Canada: Online harms. US: non-competes. CSP troll, Chinese Tech. Standards: NIST. Defense: Webinars, Webinars. Supply-chain. Vulnerabilities: Unitrends zero-day, Medical IoT, Windows 10, F5 BIG-IP, SSL VPNs, OpenSSL, SNI, Cosmos DB, Confluence, Glowworm. Cybercrime: Trends: Nation States. Crime. Other Risks: Tech-hype, Voting Systems, Fooling AI. Health, Safety & Environment: Zoom fatigue. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, Cybercrime

This Week's [in]Security - Issue 229 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Big-Hacks: T-Mobile. New breaches: Terrorist Watchlist, US census, Baby monitors and cams, Chase, HVAC as a vector, New Ransomware: State Department, Brazil. Major outages: Pakistan. Follow-ups & Fall-out: Colonial, Blackbaud, Pearson. Privacy: FB. Laws & Regs: Canada: Copyright. US: LEA data loss, Tesla. Standards: NIST CMVP. Defense: Hiring, ZeroTrust,, Tools. Vulnerabilities: more PrintNightmare, Apple photos, STARTTLS, Chrome, Cisco, Fortinet, LinkedIn Jobs, Wordpress, Realtek IoT Wi-Fi, Blackberry, DDoS. Cybercrime: Irony, Trends: HolesWarm. Phishing costs, QR malware, Nation States. Crime. Other Risks: Edge, IoT, Trolley problem, Windows 11, facial recognition. China, stunting. Health, Safety & Environment: Zombies, Haiti, EV fires, space junk, Whalesafe, Batteries. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Ugly; And more.

CG Blogger
Read More