controlgap.com

Posts about:

Log4J

NIST, [in]security, Skimmers, Log4J, Zabbix, SCADA

This Week's [in]Security - Issue 256 | insecurity | Control Gap

Feb 27, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: FAQs, Skimmers, Payments, Training & events. New breaches, New Ransomware: NVIDIA, Major outages: Follow-ups & Fall-out. Missouri surprise, Broward, Log4j. Privacy: browsing, facial recognition, boarder patrol, medical tests, AirTags. Laws & Regs - Canada: Financial surveillance, The Emergencies Act. US: Cyber-social contract, US data and consumer privacy, Board liability, Turbotax mass-arbitration. World: Crypto, UK misuse, EncroChat & NSO lawsuits. Standards: NIST, Federal ZeroTrust. Defense: Passwordless, GitHub SecDB, NY-SOC, Chips. Vulnerabilities, Other Vulnerabilities: NPM JS libraries, Cisco, SCADA, WordPress, Samsung, Horde, Zabbix, Zenly, Bugged. Crypto-research: HPKE & Post-quantum. Cybercrime: Trends: Trojan evolution, Docusign, MFA-bypass, Nation States and mercenaries: NSA backdoor, Firewall Botnet. Crime & Enforcement. Other Risks: AI bias, Open Source, Reset-failed, Untrained. Health, Safety & Environment. War: Russia vs Ukraine - hot war, sanctions, banking, investment & partnerships, products, ships, planes, and spacecraft, big tech, disinformation, alerts, actions, APTs & mercenaries. Innovation and more.

Update: 2022-03-03 This week we have a special edition covering the war in the Ukraine, international response, and other related risks https://controlgap.com/blog/this-weeks-insecurity-issue-256-Ukraine

CG Blogger

COVID-19, MFA, TLS, [in]security, MD5, Log4J, SHA, Alexa

This Week's [in]Security - Issue 248 | insecurity | Control Gap

Jan 3, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. Big-Hacks: Log4J, new RCE, the long road. New breaches: T-Mobile, Redline Stealer, Lastpass. New Ransomware: Saskatchewan, Norway, Shutterfly, Law Enforcement. Major outages: Backup Failure. Privacy: Spying toys, EFF's 2021. Laws & Regs - US: Missouri, Morgan Stanley. World: India. Defense: Krebs, TLS deprecates SHA1 & MD5. Vulnerabilities, Netgear, MS Exchange Y2K22 bug. Cybercrime: Trends: 2fa interception, Galaxy store, SSDs, Online courses. Nation States: Hackers-4-hire, Poland. Crime & Enforcement: Butter? Other Risks: Science, Cyber-due-diligence, ANOM, Blackberry EOL, Double Fake NFTs. Health, Safety & Environment: Alexa lethal challenge. Fireworks, winter driving, recall, 5G, Satellites. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Impact; Covid Compliance. And more.

CG Blogger

Cybersecurity, Log4J, Log4shell

Addressing Log4Shell | Control Gap

Dec 16, 2021 12:00:00 AM

The Log4Jshell vulnerability has sparked an Internet firestorm and may potentially be one of the most devastating bugs in years. But why? Log4shell is a zero-day, supply chain, remote code execution vulnerability that is amongst the most widely used components in use today. Vulnerable components are difficult to trace as Log4j2 has seen industry wide adoption across the entire technology stack. And many threat actors are actively exploiting it.

CG Blogger

COVID-19, [in]security, Log4J, Log4shell, Magecart, Smishing, SSF

This Week's [in]Security - Issue 245 | insecurity | Control Gap

Dec 12, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. Log4J/Log4shell! PCI and payments: PCI updates: PIN, SSF. Non-Compliance Lesson No.3. Magecart, Supply-Chain Backdoors: New breaches: Kafka. Volvo. New Ransomware: Follow-the-money, Cybercommand, Utilities, Healthcare, SPAR stores. Major outages: Amazon. Follow-ups & Fall-out. Privacy: Tor, surveillance capitalism, facial recognition. Alexa can you keep a secret? Laws & Regs - Canada: website blocking, JusTech. US: Copyright takedowns. World: Espionage tools, Botnet lawsuit, Assange. Cybercriminal Court? Standards: Cyber-resilience. testing. IPv6 transition. Defense: Cyber & the board, AI, Smishing, pirates. Vulnerabilities, Zerodays. Other Vulnerabilities: HTTP-no- S, Home grown, Chrome, Win/URI, WD SanDisk, SonicWall, MikroTik, Bluetooth, factoring. Cybercrime: Trends, Phising. WordPress, npm. Moobot. Nation States. Crime & Enforcement. Other Risks: AWS, Quantum, BurnOut, Tor, Kids, Cryptominers, AirTag abuse. Health, Safety & Environment. CO2 capture, batteries, nukes. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Compliance. And more.

CG Blogger