NIST, TLS, [in]security, FAFSA, SAQ V4.0, Coca-Cola This Week's [in]Security - Issue 265 | insecurity | Control Gap May 1, 2022 12:00:00 AM Welcome to This Week’s [in]Security. PCI and payments: PCI updates: SAQV4. Skimmers. Payments: New breaches: More GitHub, Coca-Cola. New Ransomware: trends, costs, BlackCat, Black Basta. Major outages: Record DDoS, fiber cable attacks. Follow-ups & Fall-out: 300K dbs, Smile, Aimware, fines, Blackbaud. Privacy: doxxing & right to be forgotten, warrantless searches, FAFSA (student aid) & Facebook. Laws & Regs - Canada: copyright, online harms, border rules. US: Fake EDRs, Patents, FOSTA, Drones. World: Open Internet, EU/India tech pact, EFF to the EU. Standards: security.txt, NIST OT & 5G. Defense - APIs, Google Docs. Tools: OpenSSF & malware packages. Vulnerabilities, Advisories: CISA. Zerodays: on the rise. Patching: Azure PostgreSQL. Other: CVE-like scores for Cloud, NPM, Nimbuspwn, NAS, Netatalk. Vulnerability research: Bug bounties, VirusTotal as vector. Crypto-research: PQC & agility. Cybercrime: Trends: Smishing, Malicious Tor, Onyx wiper, Bumblebee, Magniber. Crime & Enforcement: Child ID theft, Interpol. Sandworm, NFT theft, Nation States and mercenaries. China vs Russia, Journalists. Other. Playstore. Other Risks: General: Cloud, Bulletproof TLS, AI weirdness, Free speech, decoupling China. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more. CG Blogger Read More
