Welcome to This Week’s [in]Security. This week: Major PCI announcements P2PEv3, CPoC reaction, SPoC update, DSS 4.0 questions, alignment. Updated web site. Holiday fraud warnings. Payment trends. Desjardins breach widens. More GDPR fines. Ransom/breach-ware is now a thing. Leaky buckets. Law enforcement and DNA-genealogy. Advertisers want to be exempt from privacy. CCPA, IoT laws, FUD and back-doors, more border risks, anti-trust. Credential protection, muting robocalls, cloud firewalls, awareness video, fraud analytics. Shadow IT. Power plants. More Intel hardware flaws. Hardware password manager FAIL. Creepy IoT- don't ring, don't blink. Telcos and scammers. Bye, bye Windows 7. Lots of ransomware. Smart-meter scams. AI's black-box problem. 737 Max fatality projections. Fluoride. Electric plane. New carbon capture. Breaking down plastic. And more.
Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.
News and announcements relating to Payment Security, Payments, PCI, and Card Brands.
PCI release P2PE v3 - major update, much more modular more types of component providers (approved 3rd parties), fully backward compatible with v2 and partially forward compatible from v2, mandatory in 18 months:
Covering breaches, leaks, data exposures, and their fallout.
Articles about privacy related news, risks, and trends.
News about laws, regulations, and standards affecting security, privacy, technology, and public interest.
Covering developments and opportunities that may help improve security.
Articles about newly discovered vulnerabilities and research.
News covering active trends and events.
Articles covering other types of risks.
A variety of scientific, technical, historical, and more light-hearted news.