Welcome to This Week’s [in]Security. Big-Hacks. Microsoft-Exchange, SolarWinds, Accellion, CyberCriminal Forums. New breaches: New Ransomware. CNAME Trackers. Contact Tracing. Apple. FLoC. FACTA and Canada. Supply-chain due diligence. Skills Audits. Brave Search. Secure Coding. Chrome. GenuGate. Android RCE. Intel. Saltstack. More Spectre. Wordpress. Voting Machines. Research. RSA. Quantum and Hashing. letterlocking. Trends. Nation States. Crime. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. The Red & Grey Zones. Impact. Immunity, Vaccines, and Vaccination. Disinformation. The Good, Bad, and Ugly (Behaviour). And more.
PCI Compliance and Payments
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.
Breaches / Ransomware / Leaks
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
Articles about privacy related news, risks, and trends.
Laws, Regulations, Platforms, Standards, and Public Policy
News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.
Defense / Techniques / Solutions
Covering developments and opportunities that may help improve security.
Bugs / Design Flaws / Vulnerabilities / Research
Articles about newly discovered vulnerabilities and research.
- Flaws Fixed Incorrectly, As Secure Coding Education Lags https://www.scmagazine.com/home/patch-management/flaws-fixed-incorrectly-as-secure-coding-education-lags/
- New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP! https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html
- Firewall Vendor Patches Critical Auth Bypass Flaw https://threatpost.com/firewall-critical-security-flaw/164347/
- Google Patches Critical Remote Code Execution Vulnerability in Android https://www.securityweek.com/google-patches-critical-remote-code-execution-vulnerability-android
- Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds https://www.theregister.com/2021/03/08/intel_ring_flaw/
- Proof of concept code published for latest Saltstack CVE: Don't be an update laggard https://www.theregister.com/2021/03/03/saltstack_cve_poc_exploit_code/
- Should You Be Concerned About the Recently Leaked Spectre Exploits? https://www.securityweek.com/should-you-be-concerned-about-recently-leaked-spectre-exploits
- Vulnerability Spotlight: Remote code execution vulnerability in WebKit WebAudio API https://blog.talosintelligence.com/2021/03/vuln-spotlight-webkit-audio-api.html
- WordPress Injection Anchors Widespread Malware Campaign https://threatpost.com/wordpress-injection-malware-campaign/164555/
- U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures https://threatpost.com/dod-weapons-programs-lack-cybersecurity/164545/
- THE HEALTHCARE INTERNET OF THINGS – FOR BETTER OR WORSE https://blog.isc2.org/isc2_blog/2021/03/the-healthcare-internet-of-things-for-better-or-worse.html
- Voting Machine Hashcode Testing: Unsurprisingly insecure, and surprisingly insecure https://freedom-to-tinker.com/2021/03/05/voting-machine-hashcode-testing-unsurprisingly-insecure-and-surprisingly-insecure/
- Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory http://www.fireeye.com/blog/threat-research/2021/03/fuzzing-image-parsing-in-windows-uninitialized-memory.html
- No, RSA Is Not Broken https://www.schneier.com/blog/archives/2021/03/no-rsa-is-not-broken.html
- New Public-Key Crypto-System EHT, by Alessandro Budroni and Igor Semaev https://eprint.iacr.org/2021/234
- Post-quantum Security of OAEP Transform, by Ehsan Ebrahimi https://eprint.iacr.org/2021/237
- Quantum Collision Attacks on Reduced SHA-256 and SHA-512, by Akinori Hosoyamada and Yu Sasaki https://eprint.iacr.org/2021/292
- Reactive Key-Loss Protection in Blockchains, by Sam Blackshear and Konstantinos Chalkias and Panagiotis Chatzigiannis and Riyaz Faizullabhoy and Irakliy Khaburzaniya and Eleftherios Kokoris Kogias and Joshua Lind and David Wong and Tim Zakian https://eprint.iacr.org/2021/289
- Sampling methods for cryptographic tests , by George Marinakis https://eprint.iacr.org/2021/209
- A Deeper Look at Machine Learning-Based Cryptanalysis, by Adrien Benamira and David Gerault and Thomas Peyrin and Quan Quan Tan https://eprint.iacr.org/2021/287
- LL-ORAM: A Forward and Backward Private Oblivious RAM, by Zhiqiang Wu and Xiaoyong Tang and Jin Wang and Tan Deng https://eprint.iacr.org/2021/231
- Fun with DNS over TLS (DoT), (Mon, Mar 1st) https://isc.sans.edu/diary/rss/27150
- 17th century tamper detection method 'letterlocking' bypassed with dental X-rays and virtual unfolding https://phys.org/news/2021-03-secrets-17th-century-letters-revealed.html
Hacking / Malware / Cybercrime / Exploitation
News covering active trends, alerts, events.
Other Security / Risk
Articles covering other types of risks.
COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.
The spread, curves, spikes, waves, and reinfection:
Guidance, Response, and Recovery:
Treatments, Testing, Triage, Trials, and things we Learned:
Immunity, Vaccines, and Vaccination:
More of the good, the bad, and the ugly:
Masks, anti-maskers, distancing, compliance, and repercussions:
Off-Topic / Science & Tech / Lighter Side
A variety of scientific, technical, historical, and more light-hearted news.