Welcome to This Week’s [in]Security. Magecart, SHA-1, bad compliance culture. Visa Contactless on Android. Breached: PlanetDrugsDirect, P&N Bank, Formations House, Peekaboo Moments, 500K IoT devices, More ransomware. WeLeakInfo seized. Breach lawsuits. Equifax settlement. Dating sites violate GDPR. Facial surveillance. DNA privacy. No-tracking search. CCPA disclosure. Limiting CFAA.NIST conference and drafts. Free source analyzer. Exploit Proof of Concepts. Windows bad week. Oracle. Wordpress. Beware the patching hacker. Conversation hijacking. New Malware. Disruption for profit. Geo-fence warrants. Snowmageddon Newfoundland, 5G Security. Artificial Personas. AI liability? And more.
Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.
PCI Compliance and Payments
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.
Breaches / Leaks
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
- PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed https://www.tripwire.com/state-of-security/featured/planetdrugsdirect-reveals-security-breach-warns-customers-their-data-may-have-been-exposed/
- P&N Bank discloses data breach, customer account information, balances exposed https://www.zdnet.com/article/p-n-bank-discloses-data-breach-customer-pii-account-information-stolen/
- New data leak exposes owners of 400,000 anonymous companies https://fcpablog.com/2020/01/13/london-new-data-leak-exposes-owners-of-400000-anonymous-companies/
- Baby's First Data Breach: App Elasticsearch db Exposes Baby Photos, Videos https://www.bankinfosecurity.com/babys-first-breach-app-exposes-baby-photos-videos-a-13603
- Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/
- europa.jobs - 226,095 breached accounts added to HIBP https://haveibeenpwned.com/PwnedWebsites#EuropaJobs
- Ransomware attack on eHealth forces 31 cancer patients to re-schedule radiation treatment https://www.cbc.ca/news/canada/saskatoon/ransomware-attack-ehealth-cancer-patients-1.5428346
- Sask. NDP asks for government security review following ransomware attack https://www.cbc.ca/news/canada/saskatchewan/sask-ndp-security-ransomware-1.5420895
- Hackers attack City of Dawson Creek's computer systems https://www.cbc.ca/news/canada/british-columbia/dawson-creek-hacking-malware-1.5423118
- Albany Airport Pays Off Sodinokibi Ransomware Gang https://www.bankinfosecurity.com/albany-airport-pays-off-sodinokibi-ransomware-gang-report-a-13602
- FBI seizes WeLeakInfo, a website that sold access breached data https://www.zdnet.com/article/fbi-seizes-weleakinfo-a-website-that-sold-access-breached-data/
- Class Action Breach Lawsuits: The Impact of Data for Sale https://www.databreachtoday.com/interviews/class-action-breach-lawsuits-impact-data-for-sale-i-4572
- Equifax Breach Settlement Could Cost Firm Billions https://www.infosecurity-magazine.com/news/equifax-breach-settlement-could/
- Equifax Settles Class-Action Breach Lawsuit for $380.5M https://threatpost.com/equifax-settles-class-action-lawsuit/151873/
- Equifax Settles Mega-Breach Lawsuit for $1.38 Billion https://www.bankinfosecurity.com/equifaxs-class-action-done-dusted-a-13608
- 650 days after leak, province says Nova Scotians will be able to file FOI requests online again https://globalnews.ca/news/6415343/nova-scotia-foi-requests-back-online/
Privacy
Articles about privacy related news, risks, and trends.
Laws & Regulations / Standards
News about laws, regulations, and standards affecting security, privacy, technology, and public interest.
Defense / Techniques / Solutions
Covering developments and opportunities that may help improve security.
Bugs / Design Flaws / Vulnerabilities / Research
Articles about newly discovered vulnerabilities and research.
Hacking / Malware / Cybercrime / Exploitation
News covering active trends and events.
Other Security / Risk
Articles covering other types of risks.
Off-Topic / Science & Tech / Lighter Side
A variety of scientific, technical, historical, and more light-hearted news.