Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• Data on US ATM fraud https://www.theregister.co.uk/2017/03/31/usatmfraud_trends/ and http://www.fico.com/en/blogs/fraud-security/hacked-atms-lead-to-70-rise-in-debit-card-fraud/
• New ATM jackpotting technique https://www.schneier.com/blog/archives/2017/04/clever_physical.html

Breaches

• Insider threats, disgruntled admins https://www.theregister.co.uk/2017/03/31/itadminpleadsguiltytohackingbosses/
• Brazilian bank DNS hijack lets attackers fraudulently get real web certs https://www.theregister.co.uk/2017/04/05/hackerstakeoverbanksdns_system/
• ScottTrade leaks 20,000 loan applications https://www.theregister.co.uk/2017/04/05/scottradevendorexposed20000customer_accounts/
• Russian "Fancy Bear" hacks athlete health records http://www.bbc.co.uk/sport/athletics/39477302
• Possible GameStop payment card breach including allegations of prohibited CVV2 storage https://krebsonsecurity.com/2017/04/gamestop-com-investigating-possible-breach/

Lawful Access / Back-doors

• Tim Berners-Lee opposes snoopable encryption https://www.theregister.co.uk/2017/04/04/webinventoropposescryptobackdoors/
• Is encryption protected speech (take 2)? https://www.schneier.com/blog/archives/2017/04/encryption_poli.html

Bugs

• iOS Wi-Fi remote code execution bug https://www.theregister.co.uk/2017/04/03/drivebywifiithing_fix/ and https://www.schneier.com/blog/archives/2017/04/manyandroidph.html (also see ProjectZero analysis link below)
• Cisco Wireless bugs https://www.theregister.co.uk/2017/04/06/stopusifyouveheardthisciscoaironethashardcodedpasswords/
• Splunk leaks user names and if remote access is enabled https://www.theregister.co.uk/2017/04/03/thatsoundyouhearissplunkleaking_data/
• Bad windows defender signature update https://www.theregister.co.uk/2017/04/03/msdefenderbluberfalsealarm/
• IoT sex toy with camera and WiFi! What could possibly go wrong? https://www.theregister.co.uk/2017/04/04/intimateadulttoyfailspenetration_test/

Privacy

• More discussion of the FCC privacy debate https://freedom-to-tinker.com/2017/04/03/dissecting-the-likely-forthcoming-repeal-of-the-fccs-privacy-rulemaking/
• What's next for consumer privacy http://www.databreachtoday.com/whats-next-consumer-privacy-after-dismantling-fcc-reg-a-9812

Hacking / Malware

• State backed hacking https://www.schneier.com/blog/archives/2017/04/apt10andcloud.html
• Lazurus Crew Hacking Analyzed http://www.databreachtoday.com/kaspersky-links-north-korean-ip-address-to-lazarus-a-9810
• More stolen NSA tools publically released https://www.schneier.com/blog/archives/2017/04/shadowbrokers\.html
• Suspected spammer and US election hacker arrested in Spain http://www.bbc.co.uk/news/technology-39553250 and https://krebsonsecurity.com/2017/04/alleged-spam-king-pyotr-levashov-arrested/

Other Security / Risk

• Discussion on the pros, cons, and risks of hacking back - podcast https://risky.biz/RB450/
• Security as a business enabler http://blog.isc2.org/isc2_blog/2017/04/cybersecurity-business-enabler.html
• Two security and privacy standards orgs merge https://www.theregister.co.uk/2017/04/05/otaisocmerger/
• NIST to provide SMB security guidance http://www.databreachtoday.com/measure-aims-to-help-small-businesses-build-cyberdefenses-a-9815
• SCADA security concerns continue to rise https://www.theregister.co.uk/2017/04/03/powerplantcyberthreatwarning/
• The risks of SSL/TLS intercept technology and other MITM http://www.databreachtoday.com/regulators-warn-man-in-the-middle-attack-risks-a-9813
• Healthcare cyber looking under the weather as well http://www.databreachtoday.com/boosting-healthcare-sector-cybersecurity-essential-steps-a-9811
• RCMP admits to having Stingrays http://www.cbc.ca/news/technology/rcmp-surveillance-imsi-catcher-mdi-stingray-cellphone-1.4056750
• The spy-craft parts of the CIA tools https://www.theregister.co.uk/2017/03/31/wikileaks_cia/
• Google analysis of new targeted Android spy-ware https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html
• Project Zero detailed analysis of mobile Wi-fi stack (pt.1) https://googleprojectzero.blogspot.ca/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
• AI's and detecting frauds and lies on the Internet https://www.theregister.co.uk/2017/04/10/machinevsmachinebattlehasbeguntodefraudtheinternetof_lies/

Off-Topic

• Reusable space launch vehicles are now a reality http://www.universetoday.com/134851/1st-reflown-spacex-falcon-9-soars-to-orbit-with-ses-10-revolutionizing-rocketry-photovideo-gallery/
• Accurate time keeping is not just for logging, it has always been critical to business http://www.bbc.co.uk/news/business-39129620
• Crowd sourced astronomy identifies 4 candidates for new planets in our solar system http://www.universetoday.com/134824/four-candidates-planet-9-located/
• A belated find, great April fools ad from Lexus. We all want this! https://youtu.be/Tzqio8ig6Gk