Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• New FAQ on 2018 PCI Penetration testing requirements https://pcissc.secure.force.com/faq/articles/FrequentlyAskedQuestion/How-does-PCI-DSS-Requirement-11-3-4-1-impact-timing-of-penetration-tests-for-service-providers
• Updated FAQ on forensic service retainers https://pcissc.secure.force.com/faq/articles/FrequentlyAskedQuestion/Are-PCI-Forensic-Investigators-PFIs-permitted-to-enter-into-retainer-type-agreements-with-merchants-and-service-providers/
• Older payment terminals (PTS v2) now being phased out https://www.pcisecuritystandards.org/pdfs/20170410PCISSCBulletinontheexpirationoftheapprovalofPTSPOIv2_devices.pdf

Breaches

• Retail Cyber Intelligence Sharing Center http://www.databreachtoday.com/retail-breaches-payoff-from-information-sharing-a-9827
• Settlemnt on HIPAA breach http://www.databreachtoday.com/ocr-signs-400k-hipaa-settlement-colorado-based-health-center-a-9840
• Insights from a PCI forensic investigator https://blog.pcisecuritystandards.org/insights-from-a-pci-forensic-investigator http://www.databreachtoday.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824
• Ireland to go after Yahoo over breach(es) https://www.theregister.co.uk/2017/04/13/irishdataprotectioncommissioneryahoo_report/

Lawful Access / Back-doors / Regulations

• New York changes security incident response disclosure rules http://www.threatgeek.com/2017/03/regulations-likely-to-impact-ciso-role.html
• The Internet Society pushes full encryption https://www.theregister.co.uk/2017/04/10/internetsocietyfull_encryption/

Bugs

• More IoT woes, and yes they actually put a SIM card in an oven https://www.theregister.co.uk/2017/04/13/agaoveniot_insecurity/

Privacy

• Sometimes even HTTPS can’t protect your privacy https://www.theregister.co.uk/2017/04/12/breakingbadprivacyprotectionboffinbeatsnetflix_https/

Hacking / Malware

• Disgruntled Sysadmin resigns and hits companies financials https://www.theregister.co.uk/2017/04/14/sysadmincrashformeremployersoracle_db/
• Bricker Bot killing IoT devices https://www.schneier.com/blog/archives/2017/04/new_destructive.html
• US election hack connection for spammer arrested in Spain last week was misinformation https://krebsonsecurity.com/2017/04/fake-news-at-work-in-spam-kingpins-arrest/
• Every Dallas Tornado Siren activated by a DTMF (phone) hack https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/ and https://www.theregister.co.uk/2017/04/13/dtmfreplayphreakedoutthedallastornadoalarmsay_researchers/

Other Security / Risk

• New developments in ad blockers https://freedom-to-tinker.com/2017/04/14/the-future-of-ad-blocking/
• New C++ Secure Coding Standard https://www.schneier.com/blog/archives/2017/04/newcsecure_co.html
• Security risks in IPv6 transition tools https://www.theregister.co.uk/2017/04/10/ipv6securityconcerns/
• Microservices may be the next generation legacy nightmare https://www.theregister.co.uk/2017/03/09/microservicesportproblem/
• India to hold hackathon on election machines https://www.theregister.co.uk/2017/04/12/indiaelectronicelection_hacking/
• Another Wikileak CIA dump https://www.schneier.com/blog/archives/2017/04/fourth_wikileak.html
• Project Zero analysis of font library vulnerabilities https://googleprojectzero.blogspot.ca/2017/04/notes-on-windows-uniscribe-fuzzing.html
• Malware can use sensors to narrow in on passwords and PINs http://www.bbc.co.uk/newsbeat/article/39565372/the-way-people-tilt-their-smartphone-can-give-away-passwords-and-pins
• Two BGP based attacks on Bitcoin https://www.theregister.co.uk/2017/04/11/evilispscoulddisruptbitcoins_blockchain/
• Part 2 of Project Zero's work on exploiting mobile devices via WiFi chips https://googleprojectzero.blogspot.ca/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html

Events

• Fraud & Breach Prevention conference comes to Toronto in September http://events.ismgcorp.com/event/fraud-breach-prevention-toronto/

Off-Topic

• Tank restorer finds £2M in gold bars in old Iraqi tank http://www.dailymail.co.uk/news/article-4404096/Military-buffs-discover-five-gold-bars-Iraqi-tank.html
• Imaging the event horizon of a black hole https://www.universetoday.com/134996/black-hole-imaged-first-time-event-horizon-telescope/