The Art of Reading a PCI Attestation of Compliance (AoC)
PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...
Welcome to This Week’s [in]Security. This week: a £120K USB stick, Google+ shuts down after breach, a very rare public admission of non-compliance with PCI, Facebook's troubles continue, outlawing weak passwords, controversial and conflicting stories about Chinese spy chips, shaming bad IoT, distrusting AIs, and creepy elevators.
Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.
A very rare public admission of organizations failing PCI DSS https://www.cbc.ca/news/politics/security-data-shared-services-it-1.4848688
Facebook updates:
World's largest CCTV maker leaves at least 9 million cameras open to public viewing https://www.theregister.co.uk/2018/10/09/xiongmaicctvfail/
Magecart ecommerce skimmer injected into the “Shopper Approved” plugin https://www.theregister.co.uk/2018/10/09/magecartpaymentcard_malware/
Last week’s story about Chinese hardware implants story has generated a lot of follow-on and controversy
PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...
This week saw the publication of 493 new CVE IDs. Of those, 58 have not yet been assigned official CVSS scores, however, of the ones that were,...
This week saw the publication of 442 new CVE IDs. Of those, 258 have not yet been assigned official CVSS scores, however, of the ones that were,...