Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• Interesting a biometric EMV credit card https://www.theregister.co.uk/2017/04/20/mastercard_launches_fingerprint_sensor_to_replace_pins_with_cards/
• SANS paper on the compliance breach gap https://www.sans.org/reading-room/whitepapers/compliance/compliant-secure-pci-certified-companies-breached-36497

Breaches

• Point of sale breach at Shoneys restaurants managed by Best American Hospitality https://krebsonsecurity.com/2017/04/shoneys-hit-by-apparent-credit-card-breach/
• IHS breach was bigger than first thought https://krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/
• 2015 Neiman-Marcus breach exposed full card data http://www.databreachtoday.com/neiman-marcus-2015-breach-exposed-full-card-details-a-9846
• New Mexico is the 3rd last state to enact breach notification http://www.databreachtoday.com/new-mexico-governor-signs-data-breach-notification-law-a-9850
• London Cops leak gun ownership info https://www.theregister.co.uk/2017/04/19/met_police_30000_gun_owner_data_breach/

Lawful Access / Back-doors / Regulations

• Google objection to foreign server warrant overruled https://www.theregister.co.uk/2017/04/20/google_must_provide_overseas_gmail_data/
• Opinion article on DNI FISA factsheet and FBI/NSA surveillance https://www.theregister.co.uk/2017/04/19/nsa_fbi_spy_on_us_for_our_protection/

Bugs

• 15 years on Unicode lookalike characters mean homographic attacks are still a thing https://www.theregister.co.uk/2017/04/18/homograph_attack_again/
• Not so smart TV's.  So now, "There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling transmission." is now a real thing  https://www.schneier.com/blog/archives/2017/04/smart_tv_hack_v.html
• Survey of unpatched open source bugs in banking apps http://www.zdnet.com/article/researchers-find-widespread-weakness-in-tackling-open-source-vulnerability-risks/

Privacy

• Bose being sued for headphone app data mining https://betanews.com/2017/04/21/bose-headphone-wiretapping-privacy-lawsuit/
• Austrailian medical records found in dumpster http://www.smh.com.au/national/health/patient-privacy-breached-as-over-1400-medical-letters-found-dumped-in-sydney-bin-20170420-gvp8be.html
• Federal Privacy Watchdog concern over CSIS use of security screening records http://www.ctvnews.ca/canada/controversial-csis-run-data-crunching-centre-worries-privacy-czar-documents-show-1.3378403
• US States stepping into FCC Privacy Vacuum http://www.consumerreports.org/privacy/states-push-their-own-internet-privacy-rules/ and https://www.nytimes.com/2017/04/20/us/california-today-internet-privacy.html

Hacking / Malware

• Shadow broker dump implicates NSA in hacking SWIFT http://www.databreachtoday.com/hackers-reveal-apparent-nsa-targeting-swift-bureaus-a-9845
• Spammer using stolen defense contractor credentials https://krebsonsecurity.com/2017/04/tracing-spam-diet-pills-from-beltway-bandits/
• Leaked NSA tools now infecting in the wild https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
• Android "MilkyDoor" malware http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/

Other Security / Risk

• IoT and Smart Home risks and trends https://blog.pcisecuritystandards.org/your-smart-home-a-hackers-playground
• 90 days in, what's happening with US Cybersecurity https://www.theregister.co.uk/2017/04/20/trumps_cybersecurity_deadline_is_up/
• Interesting decoy proxy technology https://www.theregister.co.uk/2017/04/21/doctor_whoinspired_proxy_software_plays_nice_to_fool_censors/
• McAfee linkedin page hijacked http://www.csoonline.com/article/3190163/security/mcafee-linkedin-page-hijacked.html

Off-Topic

• Astronomers image accretion disk around a proto-star 1300 light Years away https://www.universetoday.com/135153/first-detailed-image-accretion-disk-around-young-star/