Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news, opinions, and research. Quickly skim these annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

• NIST starts retirement of TDEA (3DES) in light of Sweet32 attack on 3DES and Blowfish, expect PCI changes to follow https://controlgap.com/blog/nist-moves-on-sweet32/
• PCI updates P2PE focused FAQ for PTS 2.0 expiry https://pcissc.secure.force.com/faq/articles/FrequentlyAskedQuestion/How-do-PCI-PTS-approved-POI-device-expiry-dates-affect-a-PCI-listed-P2PE-solution
• Carder University? https://www.theregister.co.uk/2017/07/19/russiancardingcourses/

Breaches / Leaks

• Rite-Aid e-commerce breach https://www.privacyrights.org/data-breaches?title=Rite%20Aid
• Ashley Madison settlement offer http://www.pymnts.com/news/security-and-risk/2017/ashley-madison-data-breach-victims-to-receive-eleven-million-dollars/
• Another major AWS S3 leak, this time Dow Jones https://www.darkreading.com/cloud/dow-jones-data-leak-results-from-amazon-aws-configuration-error/d/d-id/1329382
• University of Iowa medical data AWS S3 leaked for 2-years http://www.csoonline.com/article/3208849/data-protection/developer-hangs-patient-data-out-in-a-cloudfor-two-years.html
• Kreb's on the 3 almost continuous breaches at Trump Hotels (with timeline and a rare Krebs rant) https://krebsonsecurity.com/2017/07/trump-hotels-hit-by-3rd-card-breach-in-2-years/

Lawful Access / Back-doors / Laws & Regulations

• Australia considering law to weaken encryption https://www.schneier.com/blog/archives/2017/07/australia_consi.html
• EFF calls out NAFTA revamp objectives for DRM and IP https://www.eff.org/deeplinks/2017/07/with-release-nafta-negotiating-objectives-our-new-infographic-makes-sense-it-all
• Proposed law to require DMARC to protect US government emails https://threatpost.com/senator-calls-for-use-of-dmarc-to-curb-phishing/126931/

Bugs

• Facebook 2-factor-authentication weaknesses https://www.theregister.co.uk/2017/07/17/facebookloginsecurity/
• Myspace's account recovery is even worse https://www.theregister.co.uk/2017/07/17/myspaceaccountrecovery/
• IoT vulnerabilities in iSmartAlarm https://www.theregister.co.uk/2017/07/17/burglaryinmindeasyjustpwnthehomealarm/
• Vulnerability, called "Devil's Ivy" in popular open source library gSoap used in IoT https://krebsonsecurity.com/2017/07/experts-in-lather-over-gsoap-security-flaw/, https://threatpost.com/bad-code-library-triggers-devils-ivy-vulnerability-in-millions-of-iot-devices/126913/, and http://www.tenable.com/blog/is-the-devil-s-ivy-in-your-network
• Hacking the new mini-Segway http://www.csoonline.com/article/3209153/security/hackers-can-remotely-control-hijack-a-segway-hoverboard.html

Privacy

• Privacy framework discussion and Linkedin disclosing primary email addresses to contacts https://freedom-to-tinker.com/2017/07/20/linkedin-reveals-your-personal-email-to-your-connections/

Hacking / Malware / Cybercrime

• Porn-spam twitter botnet https://krebsonsecurity.com/2017/07/porn-spam-botnet-has-evil-twitter-twin/ and is shut down https://threatpost.com/botnet-tweeting-spamming-porn-shut-down/126884/
• $7M Ether theft via link hack https://www.digitaltrends.com/computing/seven-million-digital-currency-stolen/
• $32M Ether theft from parity wallet hack https://www.schneier.com/blog/archives/2017/07/ethereum_hacks.html
• Cloud to cloud brute force attack on Office 365 https://www.darkreading.com/attacks-breaches/microsoft-office-365-users-targeted-in-brute-force-attacks-/d/d-id/1329413

Other Security / Risk

• SecTor2017 talk on cloud security https://sector.ca/avoiding-cloud-developer-security-mistakes/
• Darkweb crackdown shutters AlphaBay and Hansa markets http://www.databreachtoday.com/police-seize-worlds-two-largest-darknet-marketplaces-a-10128
• Elon Musk calls out AI risks https://www.cnet.com/news/elon-musk-ai-is-greatest-risk-we-face-as-a-civilization/
• Risks with Crypto-Currencies http://www.businessinsider.com/ethereum-ico-hacked-for-7-million-2017-7
• New IBM z-series encrypts everything https://www.darkreading.com/vulnerabilities--- threats/new-ibm-mainframe-encrypts-all-the-things/d/d-id/1329372
• Aggregated web-site reputation checker http://www.urlvoid.com/

Off-Topic

• Lightning and an Eclipse photo https://apod.nasa.gov/apod/ap170716.html
• More orbital data analysis points to a ninth planet https://www.universetoday.com/136450/evidence-mounts-existence-planet-nine/