Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• Stephen Orfei steps down as PCI Security Standards Council's General Manager (nothing official on the PCI web site yet)  https://www.brandenwilliams.com/blog/2017/06/14/orfei-steps-down/

Breaches / Leaks

• Voter data on 198M Americans exposed in unsecured RNC AWS S3 cloud breach https://www.darkreading.com/threat-intelligence/rnc-voter-data-on-198-million-americans-exposed-in-the-cloud/d/d-id/1329172
• IBM / Ponemon Cost of Breach Study 2017 is out https://www.ibm.com/security/data-breach/
• Trustwave Survey finds US leads in POS breaches https://www.theregister.co.uk/2017/06/20/posdatathefts_surge/
• Wikileaks Valut-7 dumps documents on CIA air-gap attack tools https://www.theregister.co.uk/2017/06/22/wikileaksciabrutal_kangaroo/

Lawful Access / Back-doors / Regulations

• Mexico targeting journalists https://deibert.citizenlab.org/2017/06/mexico-nso/
• EU proposal to ban backdoors https://www.theguardian.com/technology/2017/jun/19/eu-outlaw-backdoors-new-data-privacy-proposals-uk-government-encrypted-communications-whatsapp
• A peek into Section 702 FISC opinions https://www.schneier.com/blog/archives/2017/06/thedangersof_.html
• Canada's mandate to go on the CyberOffensive http://www.cbc.ca/news/technology/bill-c59-cse-act-spies-canada-hacking-foreign-cyber-ops-1.4169689
• The SEC feels it is above warrants https://www.eff.org/deeplinks/2017/06/eff-sec-get-warrant

Bugs

• SMBv1 set to be retired https://threatpost.com/say-goodbye-to-smbv1-in-windows-fall-creators-update/126387/
• Debate on continued patching of XP https://www.schneier.com/blog/archives/2017/06/iscontinuingt.html

Privacy

• Feds want to track your cars with detailed plain text beacons https://freedom-to-tinker.com/2017/06/21/killing-car-privacy-by-federal-mandate/
• 1M record Washington State University breach from purloined safe http://www.csoonline.com/article/3202071/security/pii-of-1-million-compromised-in-washington-state-university-safe-heist.html

Hacking / Malware / Cybercrime

• South Korean hosting company to pay $1M to unlock ransomed outdated Linux servers recovery expected to take 2 weeks http://www.databreachtoday.com/south-korean-hosting-firm-pays-1-million-ransom-a-10025
• Bypassing MS Advanced Threat Analysis at Blackhat https://www.darkreading.com/attacks-breaches/hacker-bypasses-microsoft-ata-for-admin-access/d/d-id/1329163
• Another wave of WannaCry[pt] hits Honda plants http://www.databreachtoday.com/honda-hit-by-wannacry-a-10027
• Russians selling high value credentials of UK politicians, diplomats, police, and more https://www.theregister.co.uk/2017/06/23/russianhackerstradelogincredentials/

Other Security / Risk

• 2017 NICE conference this November in Dayton https://www.fbcinc.com/e/nice/overview.aspx
• 2016 security review of NSA found basic controls lacking https://www.theregister.co.uk/2017/06/20/nsadraggedfeetonsecuringitssystemsauditfoundin2016/
• New York reviewing election security http://www.databreachtoday.com/new-york-governor-orders-election-system-risk-assessment-a-10026
• Trump CyberSecurity Executive Order seeds chaos and isn't pragmatic enough https://threatpost.com/trumps-cybersecurity-executive-order-under-fire/126435/
• Why Windows 10 sometimes disables AV https://www.theregister.co.uk/2017/06/20/microsoftdisablingthirdparty_antivirus/
• Aviva to insure SMEs against Cyber http://www.pymnts.com/news/b2b-payments/2017/aviva-cybersecurity-insurance-small-business/
• More social media hijacking https://www.schneier.com/blog/archives/2017/06/newtechniquet.html
• Lessons from the 2016 Election https://freedom-to-tinker.com/2017/06/19/lessons-of-2016-for-u-s-election-security/
• Social Media manipulation and propaganda https://www.theguardian.com/technology/2017/jun/19/social-media-proganda-manipulating-public-opinion-bots-accounts-facebook-twitter
• Health Care needs infosec http://blog.isc2.org/isc2_blog/2017/06/looking-for-cybersecurity-job-healthcare-is-hiring-.html
• Is this an overlooked Y2K bug?  http://www.bbc.co.uk/news/technology-40366816

Off-Topic

• New Toonie glows in the dark http://www.bbc.co.uk/news/world-us-canada-40332009
• Mars in Space-X's sights https://www.universetoday.com/136060/elon-musk-details-vision-human-civilization-mars/
• Very cool and clever sundial https://apod.nasa.gov/apod/image/1706/solsticedialmari5616.jpg