This Week's [in]Security - Issue 271
Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...
Welcome to This Week’s [in]Security. PCI: SLC v1.1, Sunsetting P2PE v2 and PA-DSS. MasterCard resources. Control Gap SSA & SSLC. Magecart mobile, Carders. New breaches: Japanese Dating & government, Canada Post, Nukes, Dominos India, Hospitals, Compound redaction leak, New Ransomware: RCMP, Defensive shutdown. Privacy: Facial Recognition, Hiding controls. Laws & Regs - Canada: C-10 impact. US: Breach law. The world: Mass Surveillance, Data residency. Standards: NIST: Cloud, IoT/MuD. USB-C upgrade. Defense: Webinars, Webinars. Pipeline response, Cyber budgets, Unknown-unknowns, FBI supporting HIBP. Vulnerabilities: HPE, Certified PDFs, Bluetooth, Chrome & Edge, VMware, Siemens PLC, SonicWall, Trend Micro, New Rowhammer research. Feistel Randomness. Cybercrime - Trends: Low-tech, Solarwinds APT, Fake reviews, Spam, Nation States. RSA 2011 Hack, Turnabout? Crime. Skimmer, Drugs, Cops lift palm-print from social media, Bitcoin, Other Risks: Aircraft interceptions, Supply chain, Cloud risk/incentive, Non-replicable science, Orwell, Proctored Exam Pilot, Get cracking? Disinformation. Health, Safety & Environment: Food poisoning, Longevity, Flu, Space debris, Solar flares. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Impact. Covid Ugly. Covid Compliance. And more.
This week's cover image from the Unity Portal Project - credit VILNIUS TECH LinkMenų fabrikas (see Science and Tech).
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.
MasterCard ran a QSA webinar last week and highlighted some of their PCI360 resources https://www.mastercard.com/globalrisk/en/resources/pci360.html:
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
New Breaches:
New Ransomware and "Incidents":
Articles about privacy related news, risks, and trends.
News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.
Canada:
US:
World:
Standards News:
Covering developments and opportunities that may help improve security.
Articles about newly discovered vulnerabilities and research.
News covering active trends, alerts, events.
Trends, Alerts, and Events (other than major breaches):
Nation State Actors:
Crime & Arrests, etc.:
Articles covering other types of risks.
The Belarus airline interception:
Health, Safety & Environment:
COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.
The spread, curves, spikes, waves, reinfection, and variant strains:
Guidance, Response, and Recovery:
Immunity and Vaccinations:
Impact:
More of the good, the bad, and the ugly:
Masks, anti-maskers, distancing, compliance, and repercussions:
A variety of scientific, technical, historical, and more light-hearted news.
Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...
PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.
Over the past holiday weekend, a tweet from Tokyo-based security researcher “nao_sec” first identified an interesting upload to antivirus...