controlgap.com

Welcome to This Week’s [in]Security. SSF faqs, firewalls, Storing CVV. New breaches: Microsoft Power Apps: IndiaMart, Imavex. New Ransomware: Ragnarok shutdown, FBI alerts. Major outages: Record DDoS, TSYS, OneDrive. Follow-ups & Fall-out: T-Mobile, Poly, SubaGames, Eatigo. Privacy: WFH surveillance. Laws & Regs: Canada: Online harms. US: non-competes. CSP troll, Chinese Tech. Standards: NIST. Defense: Webinars, Webinars. Supply-chain. Vulnerabilities: Unitrends zero-day, Medical IoT, Windows 10, F5 BIG-IP, SSL VPNs, OpenSSL, SNI, Cosmos DB, Confluence, Glowworm. Cybercrime: Trends: Nation States. Crime. Other Risks: Tech-hype, Voting Systems, Fooling AI. Health, Safety & Environment: Zoom fatigue. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Compliance. And more.

If you’ve been struggling with keeping up with various SSL vulnerabilities and planning an orderly cutover to TLS then the recent announcement by the PCI Council has extending the sunset date for the transition from SSL to TLS 1.1 and 1.2 should come as welcome relief.