Contact
Contact

21 min read

This Week's [in]Security - Issue 212

Featured Image

Welcome to This Week’s [in]Security. P2PE Solution Aid. More on 8-digit BINs. Supply-Chain Backdoors: CodeCov, Passwordstate, Solarwinds. New breaches: Facebook, Apple(?), ClearVoice. New Ransomware: Follow-ups & Fall-out: Privacy. Normalizing breaches. Floc Adverse. Laws & Regs: Canada: Bills C-10 & 11, regulating apps. US. UK, EU, HK. NIST iOT & ICS. CISv8. Defense: More Nation-State Patching, Moxie vs Cellebrite, Death to IoT, Passwordless, Mario and DevSecOps!? Vulnerabilities: Pulse, Chrome, SonicWall ZeroDays, Supply-chains, CyberGames, Clubhouse, Air-Drop, Docker Images, QNAP, Tesla. Updatable Encryption. Breaking Enigma. Cybercrime: Trends: TLS, QR, Sextortion, Ads, 7-Zip, ToxicEye, Pink, Fake DirectX12. Nation States. Crypto-skimming. Crime. Other Risks: Unethical patching, Social Media, Chips, Deepfake geography, Bounties, Resets, No bars! Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Covid Ugly. Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

Privacy

Articles about privacy related news, risks, and trends.

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Other Security / Risk

Articles covering other types of risks.

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

This Week's [in]Security - Issue 271

Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...

Read More

Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

Read More

“Follina” – Critical Zero-Day Exploit for Microsoft Products

Background

Over the past holiday weekend, a tweet from Tokyo-based security researcher “nao_sec” first identified an interesting upload to antivirus...

Read More