controlgap.com

Welcome to This Week’s [in]Security. PCI: PTSv4 extension, DSSv4, Secure Software v1.2. Surcharge backlash. Gift card fraud. Fake products. New breaches, New Ransomware, Downs. Privacy: Policy implications, Apple photos, DHS & Tech. Laws & Regs - Canada, US, World. Fines, Enforcements & Lawsuits. Standards: NIST hashes & IoT. Emerging - AI: ChatGPT & NSFW Images, Cryptography. Defense - Resources, Tools & Techniques, memory-safe languages. Vulnerabilities - Advisories, Significant: Roundup, Cisco, Fortinet. WAFs. Eufy Cams, Botnet karma. Research: abusing AV & EDR, decoupling privacy, air-gaps, Pwn2Own. Cybercrime - active campaigns, Power grid, Android app signing keys, crimes & enforcement. Bad-Actors. Risks, bad software, passwords, disinformation, health, safety, environment, economy, FTX. Russia v. Ukraine. And more.

Welcome to This Week’s [in]Security. Payment fraud. New breaches: Multiple Android Vendor Code Signing Keys, Amazon RDS, GoTo, more on WhatsApp, Twitter, & LastPass. New Ransomware: Wipers, Paying out. Downs. Privacy: border surveillance, repairs. Laws & Regs - Canada, US, World, Fines, Enforcements & Lawsuits: MD5 fine. UK & Mastercard, Standards. BYOD. Emerging: AI, Cryptography, Quantum. Defense - Tools & Techniques. Vulnerabilities - Advisories: Hive hit by irresponsible disclosure, Research: Cybercrime - active campaigns, crimes & enforcement, Bad-Actors: Heliconia. Other Risks, Bring Your Own Key, Consumer behaviour, Spreadsheets, Complexity, Twitter alternatives. Disinformation, Health, Safety, Environment, Economy, More FTX/Crypto. Russia v. Ukraine. And more.

Welcome to This Week’s [in]Security. PCI related: FAQs. New breaches: What'sApp (500M), Twitter (5M), AirAsia (5M), Sask (SLGA). New Ransomware: OSSTF. Privacy: Repair snooping, Tax sites, iCloud, Redaction? Laws & Regs - Canada, US: FTC, DoJ. World: UK, India. Fines, Enforcements & Lawsuits. Standards. AI. Cryptography. Defense - Decryptors, Domains, Due diligence, Tools & Techniques. Vulnerabilities - Roundup, Chrome, Windows, AWS, Cybercrime - active campaigns, crimes & enforcement. Bad-Actors. Other Risks, Health, Safety, Environment, Economy, FTX/Crypto. Russia v. Ukraine. And more.

Welcome to This Week’s [in]Security. PCI Mobile Payments, FAQs, Training, Magecart & fraud. More on the FTX and Twitter metldowns. New breaches: Woosh, Thales. New Ransomware: Vanuatu, Ontario EMS. Downs, Privacy: Spyware, Surveillance, Siri. Laws & Regs - Canada: C-11&18, Blocking online news. US: KOSA, Google, Autopilot. World: Digital Red Cross, Hack-back, Crypto AML. Standards: NIST on CVSS, Networks, Trustworthy Secure Systems, and three drafts, leap second. Defense - Resources. Tools & Techniques. Vulnerabilities - Patching: Windows, BitBucket. Significant: Roundup, PunyCode, SMS 2FA, F5. Also: Bulletproof TLS, infrastructure. Cybercrime - active campaigns, MFA-fatigue, crime & enforcement, nation states and mercenaries. Other Risks, Mastodon, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation: Quantum, AI. And more.

Welcome to This Week’s [in]Security. So long PCI PA-DSS. Twitter turmoil. New breaches: TransUnion, Deutsche Bank, Thales, Medibank, Continental. New Ransomware: Sobeys, Mexico Transportation. Outages: Telus. Privacy: World Cup, COVID tracing, NSA. Laws & Regs - Canada: Online News. US: Privacy lacking, Filters, Scraping, Copyright. Standards: FIPS&NIST. Defense - Tools & Techniques: Sigstor, CIS, Passwordless. Vulnerabilities - Patching: strategy, SSVC tool, MS, Citrix, Android. Significant: Roundup, Citrix, Petro-ICS. Also: Memory-safe programming, Clear Wi-Fi, Lenovo. Research: MFA-bypass. Cryptography. Cybercrime - active campaigns, crimes & enforcement, FTX/Crypto melt-down, nation states and mercenaries. Other Risks - Elections, Root Certs, Cyber-insurance, Wi-Fi imaging, Paper, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation, and more.

Welcome to This Week’s [in]Security. P2PE & PIN updates. New breaches: DropBox, Amazon, AstraZeneca, MediBank, Continental. New Ransomware: Costs, Trains, Telescopes. Major outages: Sobeys, WestJet. Follow-ups. Privacy: Surveillance risk, TikTok, CCTV. Laws & Regs - Canada: Online News. US: web scraping, World: Ransomware, India. Standards: Defense - Resources. MFA fatigue & phishing-resistance, IoT labeling, supply chain. Tools & Techniques. Scanning the UK, M&A, hacking tool. Vulnerabilities - Advisories: ICS. Zeroday: trends. Patching: Cisco, Chrome, Azure Cosmos, Apple. Significant: Roundup, Splunk. GitHub, Also: OpenSSL, SmartLock picking. Research. Cybercrime - Active campaigns, mal-news, PyPI, Crimes & enforcement. Nation states and mercenaries. Other Risks - cables, Twitter. AI: Open-Source laundering, Deepfakes, Turing. Disinformation: Amplification. Health, Safety, Environment, Tech layoffs. Russia v. Ukraine. Innovations and some Remembrance Day links.

Welcome to This Week’s [in]Security.PCI updates P2PE program, See Tickets 2+ year card breach. Canada - Cashless & Surcharge backlash. New breaches: Amazon, Bed Bath & Beyond, Twillo. New Ransomware: NY Post, Poland & Slovakia. DDoS, Follow-ups. Privacy: age verification, smart toys. Laws & Regs - Canada: Cyber-law, Online News. US: PA breach notifications. World: Australia, India. Defense - Newsletters. Tools & Techniques: Bucket Scanner, Microsoft, PayPal. Vulnerabilities - Advisories: CISA. Patching: Chrome, AnyConnect. Significant: Roundup, VMware, Open SSL. Research & cryptography: Randomness, RC4. Cybercrime - active campaigns, crimes & enforcement, nation states and mercenaries. Other Risks - Child ID fraud, Cloud TCO. Health, Safety, Environment, Russia v. Ukraine. And more.

Welcome to This Week’s [in]Security. PCI FAQs, skimming impact, surcharge backlash. New breaches: Microsoft, Web trackers. New Ransomware. Major outages: GPS, Telus mobile. Sabotaged cables? Follow-ups. Privacy: TikTok, Neighbours, Equifax. Laws & Regs - Canada: Cybersecurity law failures, Online news. US: CFPB and Junk Data, IoT labelling, AI & patents. World: Australia boosts breach fines. Standards: Caliptra, NIST drafts & updates. Defense - Resources, Supply chains, Tools & Techniques. Gadgets & Coconuts, A secure OS for IoT. Vulnerabilities - Advisories: Linux Kernel, ICS. Patching, Mark-of-the-web, Win-TLS, Significant: Roundup, Zimbra. Research & Cryptography: Alt GPS. Cybercrime - active campaigns, passwords matter, undetectable, Text4Shell, fake employees. Crimes & enforcement: SIM swaps, keyless cars, nation states and mercenaries. Other Risks - Museum Security, Snake Oil, Scanners. AI: Adversarial ML, Hype, Creativity. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

Welcome to This Week’s [in]Security. PCI FAQs, credit card surcharges. New breaches: Intel BIOS, Toyota, Woolworths, secret agents. New Ransomware: decryptors, Tata power. DDoS. Follow-ups. Privacy: Amazon's spy-house, deanonymization, Incognito Mode, Laws & Regs - Canada: workplace monitoring. US: Geofencing, Regulating DAO's. World: Data Sovereignty, Swiss AML, India. Defense - reports, tools & techniques. Vulnerabilities - Zerodays, Patching, Significant: Roundup, Fortinet, drivers. Research & cryptography: Office encryption, quantum tech & obstacles. Cybercrime - active campaigns, crimes & enforcement, nation states and mercenaries. Other Risks - Wi-Fi spy drones, digital license plates. AI: breakthroughs, bias, creativity, metaverses failing. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation, and more.

This week's Dali-esque image of a drone survielling an office building was generated by DALL-E 2.

Welcome to This Week’s [in]Security. PCI SIGS, Union Pay, Interchange fees in Canada. New breaches: DoD. Aussies, New Ransomware: States, Lloyds. Outages, Follow-ups: Banking's bad response, disclosure notices suck. Privacy. Laws & Regs - Canada: Copyright, C-11. US: AI Bill of rights, US-EU privacy, web replay lawsuit, & covering up. World, Standards. Defense: Deepfake audio detection, Cloud, MS/LSASS. Vulnerabilities - advisories, zerodays, & patching. Significant: Microsoft's driver problem, ProxyNotShell, Browser App Mode, & in the wild. Crypto-research. Cybercrime - Trends, Crime, Nation States and mercenaries. Other Risks - Moody’s, insiders, Linkedin fakes. Health, Safety, Environment, & Economy. Russia v. Ukraine. Innovation, fat bears, and more.