Welcome to This Week’s [in]Security. This week: breaches at FIFA, AMEX, Bankers Life, Ontario Cannabis Store/Canada Post, and HSBC, warning about un-certified payment terminals, SEC has a new set of teeth, Stat's Canada data grab update, Consumer's Reports looks at IoT security, new laws in New Hampshire and Ohio, jailing CEOs, SSD encryption failure, more Magecart and other supply side scripting attacks, election security, and Remembrance Day.
Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.
Survey on rising card fraud perpetuates the mistake that EMV should fix all card fraud. Notable points include fallback stripes are still a problem, card-not-present fraud on the rise. Notable mistake equating EMV and end-to-end encryption. https://geminiadvisory.io/card-fraud-on-the-rise/
PII for 4500 Ontario Cannabis Store customers breached via Canada Post order tracking system discovered November 1. This occurred 2 weeks after OCS's go-live and the same day as new Canadian Breach Notification goes into effect. Implications to other Canada Post customers are unclear. https://globalnews.ca/news/4639742/ocs-canada-post-hacked/