1 min read
This Week's [in]Security - Issue 240
Welcome to This Week’s [in]Security. PCI and payments: Non-Compliance Lesson #2, Big FAQ update, PAX/WorldPay/FBI update, magecart. New breaches:...
Welcome to This Week’s [in]Security. Log4J/Log4shell! PCI and payments: PCI updates: PIN, SSF. Non-Compliance Lesson No.3. Magecart, Supply-Chain Backdoors: New breaches: Kafka. Volvo. New Ransomware: Follow-the-money, Cybercommand, Utilities, Healthcare, SPAR stores. Major outages: Amazon. Follow-ups & Fall-out. Privacy: Tor, surveillance capitalism, facial recognition. Alexa can you keep a secret? Laws & Regs - Canada: website blocking, JusTech. US: Copyright takedowns. World: Espionage tools, Botnet lawsuit, Assange. Cybercriminal Court? Standards: Cyber-resilience. testing. IPv6 transition. Defense: Cyber & the board, AI, Smishing, pirates. Vulnerabilities, Zerodays. Other Vulnerabilities: HTTP-no- S, Home grown, Chrome, Win/URI, WD SanDisk, SonicWall, MikroTik, Bluetooth, factoring. Cybercrime: Trends, Phising. WordPress, npm. Moobot. Nation States. Crime & Enforcement. Other Risks: AWS, Quantum, BurnOut, Tor, Kids, Cryptominers, AirTag abuse. Health, Safety & Environment. CO2 capture, batteries, nukes. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Compliance. And more.
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.
PCI Updates:
Non-Compliance Lesson No. 3: Don't upgrade or patch your old stuff https://controlgap.com/blog/Non-Compliance-Lesson-No-3
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
New Breaches:
New Ransomware and "Incidents":
Major outages/downs:
Follow-ups and fall-out:
Articles about privacy related news, risks, and trends.
News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.
Canada:
US:
World:
Standards News:
Covering developments and opportunities that may help improve security.
Articles about newly discovered vulnerabilities and research.
The log4J/Log4shell zeroday supplychain remote code injection vulnerability may be one of the most significant vulnerabilities of all time:
Other Zero-day news:
Other Vulnerabilities:
News covering active trends, alerts, events.
Trends, Alerts, and Events (other than major breaches):
Nation State Actors:
Crime & Arrests, etc.:
Articles covering other types of risks.
Health, Safety & Environment:
COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.
The spread, curves, spikes, waves, reinfection, and variant strains:
Guidance, Response, and Recovery:
Immunity and Vaccinations:
Impact:
Masks, anti-maskers, distancing, compliance, and repercussions:
A variety of scientific, technical, historical, and more light-hearted news.
1 min read
Welcome to This Week’s [in]Security. PCI and payments: Non-Compliance Lesson #2, Big FAQ update, PAX/WorldPay/FBI update, magecart. New breaches:...
1 min read
Welcome to This Week’s [in]Security. PCI and payments: Magecart, Jackpot. New breaches: IAB's, Indian Securities Depository, Stripchat, RobinHood,...
Welcome to This Week’s [in]Security. PCI and payments: Remote assessments, magecart. New breaches: Thai visitors, Event Builder, Exchange. New...