Welcome to This Week’s [in]Security. T'was the night before Christmas, this week: Facebook tops the naughty list again, vulnerable MPOS readers, a look back at two notable payment card breaches, more e-commerce breaches, the Drones of Gatwick, US Senate releases two reports on Russian social media interference, security and good system/software inventories, CSO & CISOs still lacking corporate visibility, possible Twitter breach, creepy gifts, fake faces move beyond the uncanny valley, video conferencing vulnerabilities, planet tipping, really really far out, and revenge with side of glitter.
Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.
News and announcements relating to Payment Security, Payments, PCI, and Card Brands.
Covering breaches, leaks, data exposures, and their fallout.
Click2Gov payment application for municipalities involved in 47 breaches of 300K payment cards http://www.digitaltransactions.net/click2gov-payment-application-for-municipalities-cited-in-48-data-breaches/ and https://geminiadvisory.io/hacked-click2gov-exposed-payment-data/
Reflections on two notable breaches in payment card history
Articles about privacy related news, risks, and trends.
Facebook caught with everyone's hands massively in the cookie jar - AGAIN - over 150 companies with access to data from hundreds of millions of users a month, and the ability to read, write & delete user's private messages - without consent - some going back to 2010 - citing Yahoo, Sony, Apple, Amazon, Netflix, Spotify, Bing, Pandora (music, not jewelry), Rotten Tomatoes, the Royal Bank of Canada, the NY Times (wait - they called themselves out), and Russia's Yandex with alleged ties to the Kremlin https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html
News about laws, regulations, and standards affecting security, privacy, technology, and public interest.
Covering developments and opportunities that may help improve security.
Articles about newly discovered vulnerabilities and research.
Google's project zero has a series on video conferencing vulnerabilities
News covering active trends and events.
China hacked at least 9 managed service providers including HPE, IBM and then attacked their clients in an operation known as "Cloudhopper" https://www.reuters.com/article/us-china-cyber-hpe-ibm-exclusive/exclusive-china-hacked-hpe-ibm-and-then-attacked-clients-sources-idUSKCN1OJ2OY and https://www.zdnet.com/article/at-least-nine-global-msps-hit-in-apt10-attacks-acsc/
Articles covering other types of risks.
The evolving story of the Drones of Gatwick
The Senate releases two reports on Russian social media interference. Article https://www.nytimes.com/2018/12/17/us/politics/russia-2016-influence-campaign.html (report links follow):
A variety of scientific, technical, historical, and more light-hearted news.