controlgap.com | Magecart

Posts about:

Magecart

[in]security, Magecart, Microsoft, Mailchimp, Whatsapp, Hydra, Lambda, Spring4Shell

This Week's [in]Security - Issue 262 | insecurity | Control Gap

Apr 10, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI related: PCI vs Magecart, Skimmers. Payments, Visa. New breaches: Yandex, MailChimp, Block, Parker-Hannifin, CashMama, Sask: SLGA, Medical. New Ransomware: Finland, The Works. Major outages, Atlassian. Follow-ups & Fall-out: Shopify, FIN7, Travelio. Privacy: Google, EU facial, NFTs. Laws & Regs - Canada: Cross-border CLOUD, Online News Act, Copyright. US: Anti-trust, Cyberpolicy, Indiana. World: UK, Palestine, Singapore, China. Standards: Blockchain, Patching. Defense: Training & events, Pre-emption, Medical devices, End-to-end, GitHub secrets & supply chain, fuzzing, Chrome, Microsoft, Pi. Vulnerabilities, Advisories. Zerodays. Patching: Vmware, GitLab, Zyxel, Android, Apple unpatched. Other: Linux, Spring4Shell, Wyze, WatchGuard. Vulnerability research: ICS. Crypto-research: GPRS, PQC. Cybercrime: Trends: Groups, WhatsApp, Lambda, Self-Spam. Crime & Enforcement: Hydra, Cyclops, gift cards, spies. Nation States and mercenaries: China, Hamas. Other: Wordpress, QR, Adobe. Other Risks: General: Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

CG Blogger

COVID-19, NIST, [in]security, Crypto, Desjardins, Magecart

This Week's [in]Security - Issue 246 | insecurity | Control Gap

Dec 19, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: FAQ, HSM. Magecart, Sportsgear, ATMs, PAX. Supply-Chain Backdoors: Log4J/Log4shell continues! Underfunding! New breaches: Scraping, Finite Recruitment, ProTemps, GumTree. New Ransomware: Kronos, Virginia, logistics, medical. Major outages: AWS. Follow-ups & Fall-out: schools, delays, Desjardins settles. Privacy: Staying signed in. Laws & Regs - Canada: Repair, Harms. US: Data Protection, National Security, Chinese Tech, Takedowns. World: trade disputes, Japan, UK, EU. Standards: NIST drafts. Defense: Webinars, bans, Bug bounties, Internet Hall-of-Fame. Vulnerabilities, Zerodays. Other Vulnerabilities: chips, Ubuntu, Dell, Firefox, Adobe, Apple, Chrome, and MS. ECDSA keys. Cybercrime: Trends, log-ins, Contact Forms, Anubis, Seedworm. Nation States. NSO, Huawei, Nobelium. Crime & Enforcement. Obit pirates, Arrests, Assassins. Other Risks: Data life cycles, AI diagnosis, Shadows, Printers, virtual assault, crypto currency. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Impact; Covid Ugly; And more.

CG Blogger

COVID-19, [in]security, Log4J, Log4shell, Magecart, Smishing, SSF

This Week's [in]Security - Issue 245 | insecurity | Control Gap

Dec 12, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. Log4J/Log4shell! PCI and payments: PCI updates: PIN, SSF. Non-Compliance Lesson No.3. Magecart, Supply-Chain Backdoors: New breaches: Kafka. Volvo. New Ransomware: Follow-the-money, Cybercommand, Utilities, Healthcare, SPAR stores. Major outages: Amazon. Follow-ups & Fall-out. Privacy: Tor, surveillance capitalism, facial recognition. Alexa can you keep a secret? Laws & Regs - Canada: website blocking, JusTech. US: Copyright takedowns. World: Espionage tools, Botnet lawsuit, Assange. Cybercriminal Court? Standards: Cyber-resilience. testing. IPv6 transition. Defense: Cyber & the board, AI, Smishing, pirates. Vulnerabilities, Zerodays. Other Vulnerabilities: HTTP-no- S, Home grown, Chrome, Win/URI, WD SanDisk, SonicWall, MikroTik, Bluetooth, factoring. Cybercrime: Trends, Phising. WordPress, npm. Moobot. Nation States. Crime & Enforcement. Other Risks: AWS, Quantum, BurnOut, Tor, Kids, Cryptominers, AirTag abuse. Health, Safety & Environment. CO2 capture, batteries, nukes. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Compliance. And more.

CG Blogger

COVID-19, Revil, [in]security, Cybercrime, Bill C-10, Magecart

This Week's [in]Security - Issue 242 | insecurity | Control Gap

Nov 21, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Magecart, Jackpot. New breaches: IAB's, Indian Securities Depository, Stripchat, RobinHood, RedDoorz, IDC, Ducks Unlimited, GitHub/Firefox-Linux. New Ransomware, holidays, trends, analysis, response. Major outages: Google, Tesla. Follow-ups & Fall-out: FBI emails. Privacy: CitzenLab reports, Amazon, phones, Microsoft(?) Camera detectors. Laws & Regs - Canada: C-10. digital IDs. US: attack reporting, hack-back, NSO, Right to repair, Ohio v. FaceBook. World: No-Hack pact, UK Cloud providers, lawsuits. Standards: Patch Management, password rules. Defense: Cell-spam, smartphones, Duck-Duck, SugarCoat, Deepfakes, rookies, misconfigurations. Vulnerabilities, Zerodays: FatPipe, Windows. Mac. Other Vulnerabilities: Canadian passwords, Chips & firmware, ICS, IoT, GitHub/NPM, Azure AD, Chrome, Windows, Apple patch lag, LibreCAD, Blacksmith/Rowhammer, ETW attack, TOR fingerprints. Cybercrime: Trends, Nation States: Belarus, Iran, North Korea. Crime: crypto-klepto, mixers, Revil, election hacking. Other Risks: Quantum update, supply chains, dystopia & harassment, insiders, Chatbots, NFTs. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; Covid Ugly; And more.

CG Blogger

COVID-19, [in]security, Magecart, SANS, github

This Week's [in]Security - Issue 240 | insecurity | Control Gap

Nov 7, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Non-Compliance Lesson #2, Big FAQ update, PAX/WorldPay/FBI update, magecart. New breaches: Waiting for QC, Shooting the messenger, Surveillance, VPN users. New Ransomware: Evolving tricks, NL Health. Follow-ups & Fall-out: Missouri. Privacy: Phone metadata, tappigraphy, Data Privacy Protocol, 1B deleted facial images. Laws & Regs - Canada: Bill C-10, Ontario utility data, Citizen Lab. US: FISA, LEA requests, Spyware sanctions, Bounties. World: Threatening open source, Toothless fines? Standards: EU-US. Cyber labelling, Critical Infrastructure. Defense: Pwn2Own & SANS CTF, Simulation Game. Cloud VA, Security MVP, Bloom Filter Searching, ZeroTrust. Vulnerabilities, Zerodays: Other Vulnerabilities: CISA 300 patch list, APIs, More on Trojan Source, Web Assembly, Github & NPM supply-chain - coa, rc, Cisco SSH key, non-enterprise IoT. Cybercrime: Trends: Rootkits, password spraying, GitLab, Office & Exchange. Nation States. Crime: Anti-ransomware actions, SIM & BEC arrests, Squid-scam, fraud. Other Risks: Trolls, Ethical AI, Skynet? buzzwords, meta-FOMO, Open Source Risks, Cert meltdowns, Yahoo leaves China, economy. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Compliance. And more.

CG Blogger

COVID-19, IoT, NIST, Revil, [in]security, Cybercrime, Crypto, Magecart, OWASP, VoIP, zeroday

This Week's [in]Security - Issue 234 | insecurity | Control Gap

Sep 26, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. PCI and payments: Remote assessments, magecart. New breaches: Thai visitors, Event Builder, Exchange. New Ransomware: Alert, Exabyte. Major outages: voip.ms, Trello. Follow-ups & Fall-out: Revil FBI Sting & backdoor cheat, Epik. Privacy: Amazon, Ant, creepy? QR, ewwww! Laws & Regs: Canada: US: Infrastructure, Facebook, Warrants. World: China bans crypto, Huawei, USB-C. Standards: CISA IPv6, NIST drafts. Defense: SSNs, AppSec, Quad, Ransomware action, Medical IoT, passwordless, tools, Cyber-insurance, Autodiscover, Bug bounties. Vulnerabilities, Zerodays: record zerodays, IoT, IoS, MacOS. Chrome. Other Vulnerabilities: OWASP update, API credentials, Ryzen, hack a mainframe demo, OpenOffice, Cisco, smartphones, Nagios, VMware. SonicWall, Routers, ROT13-NG. Cybercrime: Trends: Nation States. Crime: Mafia, DeFi, undone. Other Risks: Quantum Risk, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; And more.

CG Blogger

COVID-19, [in]security, Magecart

This Week's [in]Security - Issue 228 | insecurity | Control Gap

Aug 15, 2021 12:00:00 AM

Welcome to This Week’s [in]Security. PCI SSF vs PA-DSS, Scoping Cloud, Cooperation, PCI Back to Basics Series, MageCart, Free Card Dump, No stripes. Big-Hacks: T-Mobile. New breaches: Accenture, Salesforce customers, Ford. New Ransomware. Follow-ups & Fall-out. Privacy: PGPP, Uber Surveillance, Politicians. Laws & Regs. Defense: Webinars, HTTPS first, Wiping Data, Passwordless Git, Fuzzing. Vulnerabilities: Windows, MS-ECC-spoofing, IoT non-randomness, Magento, 5G, Voting Machines, DNS. Cybercrime: Trends, Losses, Anti-AML, Office, Exchange, Flytrap, WordPress, Crypto heist? Nation States. Other Risks: Apple's Photo Scanning, Insiders, Disinformation, Bias, English to Code. Health, Safety & Environment: Covid election, Recalls, Wildfires, Heat, EV's. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly. And more.

CG Blogger

pci, Magecart, DOM

The DSS, MageCart, and the DOM – Part 3 e-Commerce Skimming | Control Gap

Aug 5, 2021 12:00:00 AM

Cyberattacks and data breaches have risen dramatically in recent years and no industry or organization is immune to these attacks. Merchants, governments, healthcare,...

David Gamey

ecommerce, pci, Magecart, DOM

The DSS, MageCart, and the DOM – Part 1: The PCI DSS e-Commerce Rules | blog,pci | Control Gap

Aug 5, 2021 12:00:00 AM

It turns out that how you implement e-commerce can have a huge impact on your compliance footprint (i.e., the number of PCI security controls assessed depend on your...

David Gamey

pci, Magecart, Javascript, DOM

The DSS, MageCart, and the DOM – Part 2 Browsers, the DOM, and 3rd Party JavaScript | blog,pci | Control Gap

Aug 5, 2021 12:00:00 AM

In part two of our series, we take a deeper dive into how JavaScript works and its implications to web and e-commerce security and compliance. This demonstration will...

David Gamey