Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...
Welcome to This Week’s [in]Security. Fallout from US Unrest. Covid-19: Spread & Curve. Lockdown, Reopening, & The New Normal. More of the Good, Bad, and Ugly. PCI SPOC v1.1. POS ransomware. Smile and say Magecart. e-Skimmers and IFRAMES. Breaches: BlueLeaks, Twitter, e-learning, Brazil, Preen.me, Contact tracing app problems. Tim's Privacy Violation. New nosier Edge. Tech Fines. More crypto-wars. Taxing Links? One year certificates. Crims lock in with MFA. Insecurity included. PDF Safety. Banking backdoor. All your
base printer are belong to us? Denial. AI is gullible, biased, misunderstood, and misapplied. Unintended Cyber-consequences. And more.
The COVID related articles here fit together. Other COVID articles will appear under our normal section headings like regulations, privacy, breaches, and other risks. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.
Fallout from US Unrest:
The spread and the curve:
Lockdown, reopening, and The New Normal:
Treatments, Testing, Triage, and Trials, and things we learned:
Guidance, Response and Recovery:
Behaviour - the good, the bad, and the ugly:
Masks, anti-maskers, and distancing:
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.
PCI Updates SPoC (Software-based PIN on COTS) standard with v1.1
Crooks abuse Google Analytics to conceal theft of payment card data https://arstechnica.com/information-technology/2020/06/google-analytics-trick-allows-crooks-to-hide-card-skimming/
Some articles from earlier this year on Magecart and advances in attacks against IFRAME based payment pages:
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
Articles about privacy related news, risks, and trends.
COVID-19 Contact tracing and surveillance:
News about laws, regulations, and standards affecting security, privacy, technology, and public interest.
Covering developments and opportunities that may help improve security.
Articles about newly discovered vulnerabilities and research.
News covering active trends and events.
Articles covering other types of risks.
COVID-19 Other risks and impact:
AI is gullible, biased, misunderstood, and misapplied:
A variety of scientific, technical, historical, and more light-hearted news.
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.