Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• 31 arrested in EU ATM skimming gang http://www.databreachtoday.com/euro-cops-cuff-suspected-payment-card-fraudsters-a-9994

Breaches / Leaks

• Off-shore Dev's spill Canadian bank project files and code https://www.theregister.co.uk/2017/06/12/tatabankcode_github/
• Buckles clothier suffers 5+ months payments breach from POS malware  https://krebsonsecurity.com/2017/06/credit-card-breach-at-buckle-stores/

Lawful Access / Back-doors / Regulations

• DOJ requests $21M to counter encryption https://epic.org/2017/06/doj-requests-216-million-to-ta.html
• Germany jumps on the anti-encryption bandwagon https://www.theregister.co.uk/2017/06/15/germanyjoinsantiencryption_posse/
• German court orders Google not to link to the Lumen  (aka Chilling Effects) database at https://www.lumendatabase.org/of takedown notices http://ipkitten.blogspot.ca/2017/06/german-court-orders-google-to-stop.html

Bugs

• More XP patches for leaked NSA exploits https://threatpost.com/rare-xp-patches-fix-three-remaining-leaked-nsa-exploits/126256/
• Rooting a printer with CVE 2017-2741 http://www.tenable.com/blog/rooting-a-printer-from-security-bulletin-to-remote-code-execution
• Wikileaks publishes documents for CIA's CherryBlossom Wi-Fi attack tool https://www.theregister.co.uk/2017/06/15/wikileaksdumpsciawifipwnagetooldocs_online/ and https://wikileaks.org/vault7/#Cherry%20Blossom

Privacy

• FTC investigating Uber after Epic compliant https://epic.org/2017/06/news-report-ftc-to-act-on-epic.html
• Understanding Facebook's different group privacy options https://www.eff.org/deeplinks/2017/06/understanding-public-closed-and-secret-facebook-groups

Hacking / Malware / Cybercrime

• Canadian Businesses targeted by a new threat attacker FIN10 https://www.darkreading.com/threat-intelligence/fin10-threat-actors-hack-and-extort-canadian-mining-casino-industries-/d/d-id/1329160
• Problems with CERT and DHS Indicators of Compromise (IOC) http://blog.erratasec.com/2017/06/more-notes-on-us-certs-iocs.html
• More sophisticated file-less malware targeting restaurants https://threatpost.com/fin7-hitting-restaurants-with-fileless-malware/126213/
• Lessons from inside the hacking of France's TV5Monde http://www.databreachtoday.com/french-officials-detail-fancy-bear-hack-tv5monde-a-9983
• Modular SCADA malware targeting powergrids linked to Kiev blackouts https://www.theregister.co.uk/2017/06/12/industroyer_malware/
• Risks of a poorly educated AI in malware detection https://www.darkreading.com/threat-intelligence/how-bad-data-alters-machine-learning-results/d/d-id/1329127
• Hacking of US election larger than previously thought http://www.databreachtoday.com/report-election-systems-hacks-far-greater-than-first-realized-a-9992
• North Korea is at it again https://threatpost.com/dhs-fbi-warn-of-north-korea-hidden-cobra-strikes-against-us-assets/126263/
• Krebs is asking for help to further research into a porn spam botnet https://krebsonsecurity.com/2017/06/inside-a-porn-pimping-spam-botnet/
• Metadata analysis of WannaCry[pt] https://threatpost.com/metadata-analysis-draws-its-own-conclusions-on-wannacry-authors/126287/

Other Security / Risk

• We're all being misled about risk https://www.lightbluetouchpaper.org/2017/06/14/camouflage-or-scary-monsters-deceiving-others-about-risk/
• Analysis of the fake news economy, it's not just politics http://blog.trendmicro.com/trendlabs-security-intelligence/online-economy-fake-news/
• Microsoft's annoying pop-up window and how to track things like this down http://blog.erratasec.com/2017/06/how-to-track-that-annoying-pop-up.html
• On trying to foil voice verification trickery https://www.theregister.co.uk/2017/06/12/smartphonecompassfraud_detection/
• UK Counter-terrorism lacks analysts not data https://www.schneier.com/blog/archives/2017/06/datavsanalysi.html
• Foreshadowing self-drive vs. cyclists https://www.theguardian.com/cities/2017/jun/14/street-wars-2035-cyclists-driverless-cars-autonomous-vehicles
• Tenable offering free trial of their solution for the container security space http://www.tenable.com/blog/are-your-containers-at-risk
• Why open sourcing "abandoned" code is a bad idea http://blog.erratasec.com/2017/06/notes-on-open-sourcing-abandoned-code.html
• Google News referrals are being redirected to spam https://www.schneier.com/blog/archives/2017/06/gaminggooglen.html

Off-Topic

• This Martian SUV (Science Utility Vehicle) looks a lot like the Batmobile https://www.universetoday.com/136009/wed-like-one-earth-nasas-new-mobile-mars/
• Separated at birth? Our sun has a long lost twin https://www.universetoday.com/136044/sun-probably-lost-binary-twin-billions-years-ago/