controlgap.com

Posts about:

NIST

Ransomware, NIST, [in]security, Cybercrime, PCI 4.0

This Week's [in]Security - Issue 272

Jun 19, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: MPoC RFC. Payments: chargebacks and friendly fraud. New breaches: credentials, Elasticsearch. Follow-ups & Fall-out: Desjardins. Privacy: TikTok, Location data, tracking tech. Laws & Regs - Canada: cybersecurity law, C-11. US: privacy, copyright, World: cookies, deepfakes, Assange. Standards: NIST. Defense - Training & events: PCI SSC CM, NICE. global initiatives. Tools & Techniques, Vulnerabilities - Advisories: Zerodays, Patching: Splunk, WordPress, Other: Citrix, CPUs, Hertzbleed. Azure, Sharepoint/OneDrive, Drupal, FastJSON, Siemens, Zimbra. Vulnerability research: AI/ML, Crypto-research: Cybercrime - Trends: Crime & Enforcement: Nation States and mercenaries. Other Risks: Googles Chatbot, Self-drive crashes. Disinformation, Health, Safety, Environment, Crypto-crash. Russia v. Ukraine. Innovation and more.

CG Blogger

MFA, Ransomware, NIST, payments, [in]security, Cybercrime, Crypto, Ukraine, Russia, Laws and regulations

This Week's [in]Security - Issue 266

May 8, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Skimmers. Payments: New breaches: Anonymous, DeFi, Ikea. New Ransomware, Major outages, Follow-ups & Fall-out. Privacy: Health Canada, Facial recognition. Laws & Regs - Canada: Copyright. US: ISPs, Insurance. World: India. Standards: NIST, definitions. Defense - Training & events: space-cybersecurity. Password day. Kill-switch. Tools: MFA. Vulnerabilities, Advisories: Patching: F5, Cisco. Other: mental health apps, AV bugs, uClibc IoT, DNS poisoning, No MFA? Vulnerability research: Zero-Knowledge. Crypto-research: Quantum crypto. Cybercrime: Trends: Event log malware, Doh! Crime & Enforcement: BEC impact. Nation States and mercenaries. false-flags, sanctions, Spain & Pegasus, China. espionage, Other. Other Risks: General: Airtags, deepfakes, web3. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. NATO. Quantum computing, Innovation and more.

CG Blogger

NIST, TLS, [in]security, FAFSA, SAQ V4.0, Coca-Cola

This Week's [in]Security - Issue 265 | insecurity | Control Gap

May 1, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: SAQV4. Skimmers. Payments: New breaches: More GitHub, Coca-Cola. New Ransomware: trends, costs, BlackCat, Black Basta. Major outages: Record DDoS, fiber cable attacks. Follow-ups & Fall-out: 300K dbs, Smile, Aimware, fines, Blackbaud. Privacy: doxxing & right to be forgotten, warrantless searches, FAFSA (student aid) & Facebook. Laws & Regs - Canada: copyright, online harms, border rules. US: Fake EDRs, Patents, FOSTA, Drones. World: Open Internet, EU/India tech pact, EFF to the EU. Standards: security.txt, NIST OT & 5G. Defense - APIs, Google Docs. Tools: OpenSSF & malware packages. Vulnerabilities, Advisories: CISA. Zerodays: on the rise. Patching: Azure PostgreSQL. Other: CVE-like scores for Cloud, NPM, Nimbuspwn, NAS, Netatalk. Vulnerability research: Bug bounties, VirusTotal as vector. Crypto-research: PQC & agility. Cybercrime: Trends: Smishing, Malicious Tor, Onyx wiper, Bumblebee, Magniber. Crime & Enforcement: Child ID theft, Interpol. Sandworm, NFT theft, Nation States and mercenaries. China vs Russia, Journalists. Other. Playstore. Other Risks: General: Cloud, Bulletproof TLS, AI weirdness, Free speech, decoupling China. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

NIST, TLS, [in]security, Bitcoin ATM, qubits, OpenSSL, Gh0stCringe, passwordless

This Week's [in]Security - Issue 259 | insecurity | Control Gap

Mar 20, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI SSF Web, ATM rootkit, Bitcoin ATMs. Training & events. New breaches: more Samsung, TransUnion, Bridgestone, Texas. New Ransomware: avoslocker, decryptor, more Conti. Major outages: Israel. Follow-ups & Fall-out. Privacy: Laws & Regs - Canada: Privacy and Mobility. US: New reporting, DHS, FTC, exam cheats. World: Cyber convention, crypto wars, ICO sued. Standards: new NIST. Defense. passwordless, deepfakes, red/purple teams, dev tools. Vulnerabilities, Other Vulnerabilities: SATCOM, Human factors, Bandaids, BIND, Dirty Pipe. HTMLtoPDF, TLS rollback. Patching: Spectre, OpenSSL. Crypto-research: RSA keys. Cybercrime: Trends: Captchas, Blink, DirtyMoe, B1txor20, Gh0stCringe. Nation States and mercenaries: Alerts. China, Russia. Crime & Enforcement: theft, scams, convictions. Other Risks: Street signs, Splinternet, forgery, Disinformation, Brazil. Health, Safety & Environment. Permanent DST? Russia v. Ukraine. Innovation and more. New qubits.

CG Blogger

NIST, [in]security, Bill C11, NVIDIA, Whatsapp, Spotify

This Week's [in]Security - Issue 258 | insecurity | Control Gap

Mar 13, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Call for Speakers, P2PE, 3DS, Card Production. Payments, Training & events. New breaches: Samsung, Mercado Libre, VirusTotal. New Ransomware: more Conti, Critical Infrastructure, Bridgestone, Ubisoft. Major outages: Fiji, Spotify & Discord. Follow-ups & Fall-out. Privacy: Trusting your phone, COVID passports, Radar & body language. Laws & Regs - Canada: Bill C-11, Competition Law. US: Incident reporting, Whistleblowers, ICE, Amazon, Weight Watchers, Utah, Location data. World: Clearview AI, cybercrime treaty, Spyware probe, Right to be Forgotten, Crypto regulations, cyber-flashing. Standards: NIST DevSecOps. Defense. CISA Exploit catalog, Defense in depth, Polls, Kali. Vulnerabilities, Zerodays: APC UPS, 0-clicks, Chrome, DDoS, Other Vulnerabilities: BGP crypto-heist, Ostriches, IoT & ATMs, More Specter, Azure, Linux. Defender, HP, Wordpress, Riverbed, password rules, Blockchain privacy, Proof-of-stake attacks. Patching: Microsoft, Firefox, Adobe, Siemens. Cybercrime: Trends: surging attacks, NVIDIA. Telegram, WhatsApp. Nation States and mercenaries: China, Iran. Crime & Enforcement: Zelle, Extraditions, Fresno, DoH! Other Risks: Alexa, Pluton, AI, Employment, Manufacturing, Gas, NFT myths. Health, Safety & Environment. Missiles, GPS, Meteors & asteroids. Russia v. Ukraine. Innovation and more.

CG Blogger

NIST, [in]security, PCI 4.0, NSA, Crypto-Taxes, CRTC, NICE

This Week's [in]Security - Issue 257 | insecurity | Control Gap

Mar 6, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: DSSv4 timelines. Training & events. New breaches: Conti Malware Group, Samsung, Nvidia, Robinhood, Lawyers. New Ransomware: Hive Decryption, Toyota, AON. Major outages: Semiconductors. Follow-ups & Fall-out. Privacy: DNA testing, AirTags. Laws & Regs - Canada: Lawful Access, Privacy Reform, CRTC. US: Cybersecurity law, SEC, Web-Scraping. World: Telcos, Crypto-Taxes. Standards: NSA, NIST. Defense. Vulnerabilities, Zerodays: Firefox, Other Vulnerabilities: Password Cracking, Credentials in Code, Linux, Samsung, Stalkerware, Medical IoT, Echo, Patching: CISA. Crypto-research: PQC-Hybrid. Cybercrime: Trends: APIs, DDoS, NVIDIA certs, Sharkbot, SockDetour, Teabot. Nation States and mercenaries: Europe, China, Iran. Crime & Enforcement. Other Risks: Bulletproof TLS, Shadow IT. Democracy. Health, Safety & Environment. The Russia v. Ukraine war. Innovation and more.

Note: the volume and variety of Ukraine related articles makes it difficult to report these under specific sections, we will be reporting these in a dedicated section below.

CG Blogger

NIST, [in]security, Skimmers, Log4J, Zabbix, SCADA

This Week's [in]Security - Issue 256 | insecurity | Control Gap

Feb 27, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: FAQs, Skimmers, Payments, Training & events. New breaches, New Ransomware: NVIDIA, Major outages: Follow-ups & Fall-out. Missouri surprise, Broward, Log4j. Privacy: browsing, facial recognition, boarder patrol, medical tests, AirTags. Laws & Regs - Canada: Financial surveillance, The Emergencies Act. US: Cyber-social contract, US data and consumer privacy, Board liability, Turbotax mass-arbitration. World: Crypto, UK misuse, EncroChat & NSO lawsuits. Standards: NIST, Federal ZeroTrust. Defense: Passwordless, GitHub SecDB, NY-SOC, Chips. Vulnerabilities, Other Vulnerabilities: NPM JS libraries, Cisco, SCADA, WordPress, Samsung, Horde, Zabbix, Zenly, Bugged. Crypto-research: HPKE & Post-quantum. Cybercrime: Trends: Trojan evolution, Docusign, MFA-bypass, Nation States and mercenaries: NSA backdoor, Firewall Botnet. Crime & Enforcement. Other Risks: AI bias, Open Source, Reset-failed, Untrained. Health, Safety & Environment. War: Russia vs Ukraine - hot war, sanctions, banking, investment & partnerships, products, ships, planes, and spacecraft, big tech, disinformation, alerts, actions, APTs & mercenaries. Innovation and more.

Update: 2022-03-03 This week we have a special edition covering the war in the Ukraine, international response, and other related risks https://controlgap.com/blog/this-weeks-insecurity-issue-256-Ukraine

CG Blogger

COVID-19, Ransomware, NIST, [in]security, Magento, Skimmers, IRS

This Week's [in]Security - Issue 255 | insecurity | Control Gap

Feb 20, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Skimmers, Training & events. New breaches: credit freezes, insiders, Red Cross, GiveSendGo. New Ransomware: decryptor, access brokers. Major outages: Canadian banks, Coinbase, Doh! Privacy: IRS and dating apps, Otter.ai, Google Sandbox & Enhanced Safety. Laws & Regs - Canada: Crypto, Web3. US: SEC cyber, Trolls, Copyright, Missouri, Texas vs. Meta, Clearview lawsuits. World: Police access, Australia. Standards: NIST, Random Number Feedback. Defense: Free tools, Github Scanner, Cisco passwords, Remote work. Vulnerabilities, Other Vulnerabilities: More Magento, email appliances, Snap PM, Cassandra, Ice phishing. Unredacter, Patching: Forced patching, Intel Firmware, Magento. Crypto-research, SHA3. Cybercrime: Trends: BEC, Teams. Nation States and mercenaries. Crime & Enforcement; Cyber-policing, OpenSea NFTs. Other Risks: Cloud? Facebook, AI, DRM protected paper. Disinformation, follow the money, Canada. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Innovation and more.

CG Blogger

COVID-19, IoT, Ransomware, NIST, [in]security, Bill C11, spyware

This Week's [in]Security - Issue 253 | insecurity | Control Gap

Feb 6, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Target's anti-skimmer Merry Maker, Segway. Payments, Training & events. New breaches: Securitas (S3), News Corp, Whisper. New Ransomware: Changing tactics, Oiltanking, Kronos. Follow-ups & Fall-out: Equifax. Privacy: GPU-fingerprinting, Ungoogling yourself. Laws & Regs - Canada: C-11/streaming, Online harms, Digital Taxes. US: EARN IT, Cyber Review board, EFF. World: EU vs. US. Standards: NIST Software, IoT, &, Security Labeling. NVD API. Defense: volunteers, browsers. Vulnerabilities, Zerodays: Zimbra. Other Vulnerabilities: CISA alerts, Log4shell lives on, Firmware, Cisco, ESET, Supply chains, MSIX, Finding Open Source vulns, Walmart analyzes new ransomware. Patching: CISA must patch, Samba. Crypto-research. Cybercrime: Trends: Reverse proxy attacks, Nation States: taking down North Korea, China, more spyware, Ukraine. Crime & Enforcement; fraud & blackmail, big heists, drones, Other Risks: Automation. Banning ideas. App monopolies, too many secrets, Internet next, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Learned; Covid Ugly; Innovation and more.

CG Blogger

NIST, Revil, [in]security, Pegasus, FIPS, blackcat

This Week's [in]Security - Issue 252 | insecurity | Control Gap

Jan 30, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI updates: MPoC. Skimmers, Payments. New breaches, New Ransomware: insiders, Canada FA. Major outages: Record DDoS, Andorra, Tonga. Privacy: tracking censorship, FloC & Topics. Laws & Regs - Canada: CitizenLab on LawBytes. US: China Unicom ban, zero trust, too many laws, Google lawsuit, Cyber-insurance and ransomware, Metaverse-law. World: GDPR, autonomous car liability, China's Internet. Standards: FIPS, NIST, NICE. Defense: EU incident framework, source backup, test people too. Vulnerabilities, Zerodays: Centos 8 (EOL), Apple. Other Vulnerabilities: Disclosure, Polkit/PwnKit, Datacenter remote management, Cameras, mobile protocols. Patching: Windows, QNAP & the forced patch. The Quantum Apocalypse? Cybercrime: Trends: alerts, Revil, BlackCat, Oauth and MFA, BRATA, Dark Herring, BotenaGo/IoT exploit source, DazzleSpy, new tricks. Nation States: Pegasus, APTs. Crime & Enforcement; QR fraud, ID Theft, Rug-Pulls, Swatting. Other Risks: 2M certificates revoked, copywrongs, air tags, gaslighting, unrealestate, cloud costs, following the disinformation money. Russia-Ukraine, Belarus Rail, Health, Safety & Environment: snow, Bitcoin, Winter Olympics, nuclear. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Innovation and more.

CG Blogger