Welcome to This Week’s [in]Security. This week: Beyond "locks and bars" secure e-shopping. Vote for PCI 2019 special interest groups. More fallout and huge liability from Marriott's Starwood breach. New breaches at 1-800-FLOWERS, Quora, Fallout76, and BeatStars. Facebook harvested call and text logs without permission. Republican's hacked in mid-terms. Magecart gangs go after admin credentials. Exploiting typo links in Tweets.
Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.
News and announcements relating to Payment Security, Payments, PCI, and Card Brands.
PCI updates for
Covering breaches, leaks, data exposures, and their fallout.
Credit card stealing malware on Canada’s 1-800-FLOWERS website (www.1800Flowers.ca) went undetected for four years grabbing card data and security codes https://techcrunch.com/2018/12/03/credit-card-stealing-malware-flowers-four-years/.
The potential liabilities over the Starwood breach is now nearing Marriott’s annual revenue ($23B/2017). These numbers will change after the dust settles (elimination of duplicate records, actual number of compromised cards, legal negotiations). Here's a partial list of possible liabilities:
Additional fallout from the Marriott breach
News about laws, regulations, and standards affecting security, privacy, technology, and public interest.
Articles about privacy related news, risks, and trends.
Covering developments and opportunities that may help improve security.
Articles about newly discovered vulnerabilities and research.
News covering active trends and events.
Articles covering other types of risks.
A variety of scientific, technical, historical, and more light-hearted news.