Welcome to This Week’s [in]Security. Credit Card skimming & fraud surge: Magento, Linkedin Smartlinks, Google Tags, smartphone 2fa bypass, fake subscriptions, triangulation. MFA fatigue! Hurricane Fiona. New breaches: American Airlines, PHI exposed via AI, Optus, Oracle, Revolut, Redis. New Ransomware: Lockbit, decryptor. Downs: Malwarebytes v Google, DDoS. Follow-ups: Uber, TAP, LastPass. Privacy: Border Services, Europol, Telegram, PHI apps, Data sharing research. Laws & Regs - Canada: Online News Act, ArriveCAN. US: AI & copyright. World: India & VPNs, gag orders. Standards: NIST HMAC, PQC sigs, & IoT, NSA OT/ICS. Defense - Resources. Tools & Techniques, Cross-Layer Security. Vulnerabilities - Patching fatigue. Significant: Roundup, Old Python, ManageEngine, Sophos, NPM packages, Slack & Teams. Domain Shadowing, Firing InfoSec. Research: AI prompt injection, Reflected screens, Starlink, Cryptography. Escheresque MD5 image. Crime & Enforcement. Nation States and mercenaries. Other Risks - AI, Disinformation, Health. Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
Articles about privacy related news, risks, and trends.
News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.
Covering developments and opportunities that may help improve security.
Articles about newly discovered vulnerabilities and research.
News covering active trends, alerts, events.
Articles covering other types of risks.
News and announcements relating to Russia's invasion of Ukraine.
A variety of scientific, technical, historical, and more light-hearted news.