controlgap.com

Posts about:

[in]security (9)

[in]security

This Week's [in]Security - Issue 218 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI & Mobile, Fraud. New breaches: Pizza, Deleted Buckets, Olympics. New Ransomware: Food Supply Chain, Transportation, Obstructing Justice. Follow-ups & Fall-out: Policy, Pipeline, Azusa, Accellion. Privacy: Sidewalk Mesh, WhatsApp caves, TikTok & biometrics. Laws & Regs - Canada: C-10. US: Breach liability, Ransomware. The world: EU filters, India. Standards: Post-quantum, Biometrics. Defense: Cyber & the Board, Computing Reserve. Webinars, Browser, Teams. Vulnerabilities: Home grown, Git & POCs, CodeSys, OpenPGP. Cybercrime - Trends: vCenter, WordPress. Nation States. Crime. Other Risks: Residential School Deaths. Health, Safety & Environment: Flu, Ordinance, Bears, Zombie Fires. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Learned. Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, SSLC, P2PE, Bitcoin ATM, Magecart

This Week's [in]Security - Issue 217 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI: SLC v1.1, Sunsetting P2PE v2 and PA-DSS. MasterCard resources. Control Gap SSA & SSLC. Magecart mobile, Carders. New breaches: Japanese Dating & government, Canada Post, Nukes, Dominos India, Hospitals, Compound redaction leak, New Ransomware: RCMP, Defensive shutdown. Privacy: Facial Recognition, Hiding controls. Laws & Regs - Canada: C-10 impact. US: Breach law. The world: Mass Surveillance, Data residency. Standards: NIST: Cloud, IoT/MuD. USB-C upgrade. Defense: Webinars, Webinars. Pipeline response, Cyber budgets, Unknown-unknowns, FBI supporting HIBP.

CG Blogger
Read More
COVID-19, Ransomware, [in]security, Cybercrime, Crypto

This Week's [in]Security - Issue 216 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI WFH FAQs, Standard updates, Mercari breach, Hashes Unsafe. New breaches: 23 Android Apps, Air India, Daily Quiz. New Ransomware: Banning payouts, Double Encryption. Follow-ups & Fall-out: SolarWinds, Codecov, Water Plant. Privacy: Apple, Cams, Health tools. Laws & Regs - Canada: C-10, Vaccine Patents. US: Pipeline Bills, IRS Crypto, Lawsuit backfires, Snapchat suit, Tesla review. UK, EU, HK: Facebook probe, WhatsApp, Sanctions, Crypto wars, USK MSP regs. Standards: Data Classification. Defense: ZeroDays, Phone numbers, Passwords, Simuland, Russian Keyboards, Explorer RIP. Vulnerabilities: Android, Windows RCE, Tool Abuse, Planes, (no trains), Automobiles. Cybercrime - Trends: Apple, Stuffing, Bizarro, Lazy Ransomware? Nation States. Crime. The2011 RSA Hack. Other Risks: Stress, Critical Infrastructure, Gig risgs, Busted for weak Wi-Fi? Just daft. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Learned. Covid Ugly. Covid Compliance. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 215 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Magecart and more. Card Breaches. New breaches: Veterans, Durham, Chicago, New Ransomware: Colonial Pipeline, Darkside Shuttered, Insurance Irony, Ugliness & Triple Extortion, Bans, Deterrents. Follow-ups & Fall-out: Rapid-7, SolarWinds, HIBP. Privacy: Laws & Regs - Canada: C-10. US: Cyber EO, Forensic Transparency, Stupid Patent. UK, EU, HK: Facebook vs. EU, VPNs. Standards: NIST Crypto Update, IoT Confidence. Defense: Webinars, Webinars. Demystify Cyber, killing CAPTCHA, Passwordless GIT. Vulnerabilities: Acrobat, Wi-Fi's old flaws, e-Voting, Browser Scheme Flooding, Declassified Crypto. Cybercrime - Trends: Tor, Backdoored tools, Canada. Crime. Other Risks: DNA, Chips, Huawei. Health, Safety & Environment: Ventilation, Killer Asteroids, Chernobyl, Bitcoin impact, Batteries, Resignation backlog, Credit Confusion. Covid-19: Response. Immunity. Learned. Scientific Dogma. Impact. Covid Compliance. And more.

CG Blogger
Read More
COVID-19, [in]security, breaches, Bitcoin ATM

This Week's [in]Security - Issue 214 | insecurity | Control Gap

Welcome to This Week’s [in]Security. DSS v4.0 Summary, and Secure Payment Terminal Software. New breaches: Cookies, FermiLab, Glovo, Telestra, Twillo, Peleton, … New Ransomware: Pipeline Hack, Scripps, SmileDirect, Pirate, DDoS. Follow-ups & Fall-out: Apple, Ostriches, Lawyers, Therapy, and Disputes. Privacy: Facebook, Google, and EU Cloud. Laws & Regs - Canada: C-10. US: Scraping, CryptoEx, CFAA and the Cloud, Deplatforming, Astroturfing the FTC, Fines. Standards: Healthcare, Space-cyber. Defense: Kids, Buffs, Bounty, Containers, Tools, Doxing. Vulnerabilities: DNS, Spectre. Drone v. Telsla. Cybercrime - Trends: Nation States. Crime: Defogging BitCoin. Other Risks: Password Day, Missiles, TLDs. Exploit Ban, Tabs. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Impact. Covid Compliance. And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 213 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI Secure Software Update, Community meeting. e_Skimmer. Supply-Chain Backdoors: New breaches: New Ransomware: Follow-ups & Fall-out: Privacy: less FLoC, US poll, Windows. Laws & Regs - Canada: C-10. US: Breaches. UK, EU, HK: Apple, Google. Standards: IoT, 4 NIST, PQ-crypto. Defense: Webinars, Webinars. Cyber-kids, Ransomware taskforce, Defender uploads, HIBP & Emotet. Vulnerabilities: macOS, Unethical patching, BigF5, NTLM, Cellebrite, Cisco, Medical & Industrial IoT, AD, AI Hackers. Cybercrime - Trends: Malvertising notifications, OpenBullet, Linux backdoor, Passwordstate, Sharepoint. Citizenlab & NSO Group. Nation States. Crime: Bitcoin laundering. Other Risks: Supply chain, Schneier, Smishing. eVoting, Health, Safety & Environment. bees, Quakes, Death from above, EV blues, cars. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Learned. Impact. Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, NIST, [in]security, Bill S-210, Bill C11

This Week's [in]Security - Issue 212 | insecurity | Control Gap

Welcome to This Week’s [in]Security. P2PE Solution Aid. More on 8-digit BINs. Supply-Chain Backdoors: CodeCov, Passwordstate, Solarwinds. New breaches: Facebook, Apple(?), ClearVoice. New Ransomware: Follow-ups & Fall-out: Privacy. Normalizing breaches. Floc Adverse. Laws & Regs: Canada: Bills C-10 & 11, regulating apps. US. UK, EU, HK. NIST iOT & ICS. CISv8. Defense: More Nation-State Patching, Moxie vs Cellebrite, Death to IoT, Passwordless, Mario and DevSecOps!? Vulnerabilities: Pulse, Chrome, SonicWall ZeroDays, Supply-chains, CyberGames, Clubhouse, Air-Drop, Docker Images, QNAP, Tesla. Updatable Encryption. Breaking Enigma. Cybercrime: Trends: TLS, QR, Sextortion, Ads, 7-Zip, ToxicEye, Pink, Fake DirectX12. Nation States. Crypto-skimming. Crime. Other Risks: Unethical patching, Social Media, Chips, Deepfake geography, Bounties, Resets, No bars! Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Covid Ugly. Covid Compliance. And more.

CG Blogger
Read More
COVID-19, IoT, [in]security, BYOD, cryptography

This Week's [in]Security - Issue 211 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI 3DS Updates. New breaches: ParkMobile, Codecov, Upstox, ClubHouse. New Ransomware: Follow-ups & Fall-out: Facebook. Breach spin and Greed. Privacy. Laws & Regs: Class Actions, Breach Notification, LEA requests. BYOD. IOT. Defense: Anti-Caller ID Spoofing, Rockets, Code, Coders, Free Course, Cyber Careers, Power Grid, FLoC off, OSCAL. Vulnerabilities: Browser ZeroDays, Faster Bug Disclosure, DNS, NAME:WRECKIoT, Un-awareness, Dependencies, Pwn2Own, Kubernetes, Juniper, Zoom, Crypto. Cybercrime: FBI Patching. Trends. Nation States. Crime. Other Risks. Child Abuse Images. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More
COVID-19, Ransomware, NIST, [in]security, Skimmers, zeroday

This Week's [in]Security - Issue 210 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI 3DS, New e-skimmers, Card breaches. EU's SCA. Big-Hacks: Facebook, Linkedin. New breaches: Clubhouse, Q Link Wireless. New Ransomware. Follow-ups & Fall-out. Privacy: Big Brother? Xcinex Venue. Laws & Regs: Bans, Breach law, Facial recognition, NIST & Hippa. Defense: Tools, Simplification, Resilience. Vulnerabilities: Cisco zeroday, Pwn2Own, SAP, Zoom, Carbon Black, Domain Time II, Moodle, medical devices, 802.11bf sensing. Cybercrime: Trends. Gigaset, Nation States. Cyber-war? Other Risks. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More
[in]security

This Week's [in]Security - Issue 209 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Big-Hacks: Exchange, SolarWinds, Ubiquiti. New breaches: Facebook, MobiKwik. New Ransomware: Molson Coors, Home Hardware. Follow-ups & Fall-out: 1000 Year Breach, Refunds? Privacy. Laws & Regs: web analytics, autodialers, backdooring Facebook. NIST Hospitality. Defense: Webinars. Girls and STEM. SSL and old TLS. CoinHive. Application Security. Vulnerabilities: QNAP ZeroDay, Firmware, WordPress, ICS, PHP/GitHub, Containers, Spectre. Cryptography: Homomorphic, Lightweight, and Post-Quantum. Cybercrime Trends: Bypassing Facial, Nation States. Crime: Utility Hack, Tatoos,. Lego? Other Risks: Facial Bias, Domains, Amber Alerts, Nuke Tweet, Shipping. Health, Safety & Environment: mRNA & saRNA. The problems with NFTs. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

CG Blogger
Read More