Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• Visa uses Token Services to go after IoT payments http://www.businesswire.com/news/home/20170607005451/en/Visa-Expands-Global-Network-Providers-Drive-Acceleration
• MasterCard gets into B2B payments http://www.pymnts.com/mastercard/2017/e-payments-news-mastercard-b2b-hub-debuts-as-new-online-payment-solution-for-smb-accountants/
• Interac lunches debit on Android Pay http://www.newswire.ca/news-releases/interac-debit-on-android-pay-launches-in-canada-625514964.html
• Apple Pay lawsuit (older) https://www.nytimes.com/2017/05/21/technology/apple-pay-patent-lawsuit.html

Breaches / Leaks

• Lithuanian Cosmetic Surgery Clinic breached for patient data and photos https://www.darkreading.com/threat-intelligence/cosmetic-surgery-clinics-photos-released-in-cyber-blackmail-attack/d/d-id/1329039
• Article on leaked report of election hacking https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
• Insider analyst charged over leaked report https://www.theregister.co.uk/2017/06/06/contractorleakedrussianshackingelection_systems/ and http://www.databreachtoday.com/us-contractor-arrested-in-leak-nsa-top-secret-file-a-9972 and pleads not guilty and is denied bail https://www.washingtonpost.com/news/morning-mix/wp/2017/06/09/judges-denies-bail-for-accused-nsa-leaker-reality-winner-after-not-guilty-plea/
• Printer tracking dots may have helped catch leaker https://www.eff.org/deeplinks/2017/06/printer-tracking-dots-back-news and https://www.washingtonpost.com/news/morning-mix/wp/2017/06/09/how-tech-sleuths-cracked-the-mysterious-code-that-turns-your-printer-into-a-spying-tool/ and how the dots are decoded http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.htm
• Brooks Brother payment card breach (older) http://www.cnbc.com/2017/05/12/brooks-brothers-warns-of-payment-card-security-incident.html
• GameStop customers receive breach notifications https://threatpost.com/gamestop-online-shoppers-officially-warned-of-breach/126172/ (breach originally reported in April)

Lawful Access / Back-doors / Regulations

• Cell phone tracking issues go to Supreme Court https://www.eff.org/deeplinks/2017/06/supreme-court-will-hear-significant-cell-phone-tracking-case
• Password sharing under CFAA may be a crime https://www.eff.org/press/releases/eff-asks-supreme-court-review-dangerous-interpretation-computer-crime-statute
• Apple's Privacy focus expected to lead to more lawful access conflicts http://www.telegraph.co.uk/technology/2017/06/06/apples-focus-privacy-benefits-users-could-lead-fresh-battle/

Bugs

• Intel AMT exploited in the wild using Serial Over LAN (SOL) https://www.theregister.co.uk/2017/06/08/vxersexploitintelsamtfor_malwareoverlan/
• Subarus IoT http://www.databreachtoday.com/exclusive-vulnerabilities-could-unlock-brand-new-subarus-a-9970
• EternalBlue ported to Windows 10 and insight into how it affects different branches of Windows https://threatpost.com/windows-10-mitigations-make-future-eternalblue-attacks-difficult/126132/

Privacy

• Report on Surveillance Capitalism and how individuals are losing the privacy war https://www.theregister.co.uk/2017/06/09/crackedlabssurveillance_capitalism/
• Canada behind on DNA privacy (last month) http://vancouver.24hrs.ca/2017/05/25/maddeaux-dna-to-discrimination
• Metrolinx reviewing privacy policy after police requests  https://www.thestar.com/news/gta/2017/06/05/metrolinx-to-review-presto-privacy-policy.html and http://www.cbc.ca/news/canada/toronto/metrolinx-presto-data-police-1.4145132

Hacking / Malware / Cybercrime

• UK 2nd Annual Cyber Crime Conference, July 13 https://www.lightbluetouchpaper.org/2017/06/08/second-annual-cybercrime-conference/
• Senator claims NSA leak is tip of the iceberg on Russian hacking https://www.theregister.co.uk/2017/06/07/nsaleakerbustgetsweirdersenatorclaimshackingiswiderthanleakrevealed/
• Russia's rogue hackers https://www.theregister.co.uk/2017/06/06/russiacybermilitia_analysis/
• Wikileaks releases documentation on CIA "Pandemic" persistent implant https://www.schneier.com/blog/archives/2017/06/ciaspandemict.html
• The financial take down of criminal DDoS services https://krebsonsecurity.com/2017/06/following-the-money-hobbled-vdos-attack-for-hire-service/

Other Security / Risk

• Google Capture the flag 2017 starts this month https://security.googleblog.com/2017/06/announcing-google-capture-flag-2017.html
• A look at Spear Phishing victim behavior https://www.schneier.com/blog/archives/2017/06/spearphishing\.html
• Kaspersky files anti-trust action against Microsoft https://www.theregister.co.uk/2017/06/06/windowsdefendercompetition_complaint/
• CyberSecurity worker shortage to grow to 3.5M http://www.csoonline.com/article/3200024/security/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html
• Patent Troll looses and has to pay defendant's legal fees https://www.eff.org/deeplinks/2017/06/federal-circuit-hits-stupid-patent-owner-fee-award
• Detailed article about limits on password cracking https://www.notsosecure.com/maximum-password-length-reached/

Off-Topic

• Impressive ultra high speed solo climb of El Capitan in 4 hours without ropes https://www.thestar.com/news/world/2017/06/04/historic-free-solo-climb-of-el-capitan-takes-under-four-hours.html
• US Spy satellite close pass to ISS https://www.theregister.co.uk/2017/06/08/nationalreconnaissanceofficesatelliteflewpastiss/
• Natural phenomena trumps aliens - the WOW signal explained https://astroengine.com/2017/06/07/seti-wow-signal-wasnt-chatty-aliens-after-all-it-was-a-fizzing-comet/
• Museum of Failure Innovation (video) http://www.bbc.co.uk/news/av/world-europe-40192100/welcome-to-the-museum-of-failure and official site http://museumoffailure.se/