The Art of Reading a PCI Attestation of Compliance (AoC)
PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...
Welcome to This Week’s [in]Security. PCI and payments: Remote Assessment, PA-DSS/SSF transition. CPE Maintenance, P2PE v3.1, PIN Program, Technical FAQ, DSS FAQ, Neiman Marcus card breach, ApplePay/Visa Express Travel vulnerability. New breaches: Meet the Pandora Papers (Remember the Panama Papers?) , Linkedin Scrape (126M), Barclays, Portpass & Sask QR vaccine apps, GrupoGSS. Mult-party breach impact, New Ransomware: Human-operated ransomware. Follow-ups & Fall-out: Fatal ransomware, Clubhouse, Facebook data collection (3.8B), Dallas Police, Epik. Privacy: android location tracking, pandemic privacy. Laws & Regs: Canada: vaccine passports. US: 4th amendment. World: Russia. Standards: NIST updates, drafts, papers, news. Defense: Webinars, Webinars. CISA. Tools, email, DMARC, TLS 1.3, Tokenization vs. Encryption, Tracking crypto, scambaiting. Vulnerabilities, Zerodays: Other Vulnerabilities: 5G apps, after patching, OWASP 2021, AirTags, Azure, MS MFA, Elastic Stack API, Autodiscover, vCenter. University Wi-Fi, Bitcoin ATMs, Cybercrime: Trends: OTP bots, Fake Pegasus defense, GriftHorse SMS fraud, FinSpy, FoggyWeb. Nation States. Crime: Other Risks: Domain Names, Outsourced, Misinformation, Lying AI, Bulletproof TLS, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Ugly; And more.
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.
New/Updated Standards:
New/Updated FAQs:
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
New Breaches:
Portpass app may have exposed hundreds of thousands of users' personal data https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749
New Ransomware and "Incidents":
Follow-ups and fall-out:
Articles about privacy related news, risks, and trends.
News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.
Canada:
US:
World:
Standards News:
Covering developments and opportunities that may help improve security.
Upcoming Webinars, Virtual Events, and other training related:
Articles about newly discovered vulnerabilities and research.
Zero-day news:
Other Vulnerabilities:
News covering active trends, alerts, events.
Trends, Alerts, and Events (other than major breaches):
Nation State Actors:
Crime & Arrests, etc.:
Articles covering other types of risks.
Health, Safety & Environment:
COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.
The spread, curves, spikes, waves, reinfection, and variant strains:
Guidance, Response, and Recovery:
Treatments, Testing, Triage, Trials, and things we Learned:
Immunity and Vaccinations:
Impact:
More of the good, the bad, and the ugly:
A variety of scientific, technical, historical, and more light-hearted news.
PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...
This week saw the publication of 493 new CVE IDs. Of those, 58 have not yet been assigned official CVSS scores, however, of the ones that were,...
This week saw the publication of 442 new CVE IDs. Of those, 258 have not yet been assigned official CVSS scores, however, of the ones that were,...