Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news, opinions, and research. Quickly skim these annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

• Carders switching from Bitcoin as transaction fees on the rise  https://krebsonsecurity.com/2017/12/skyrocketing-bitcoin-fees-hit-carders-in-wallet/
• Visa mandates have been updated  https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html

Breaches / Leaks

• Medical records exposed in another AWS S3 leak,  https://mackeepersecurity.com/post/massive-trove-of-medical-records-potentially-exposed
• Just discovered 2015 breach of almost 300K Ancestry.com emails and plain text passwords https://haveibeenpwned.com/PwnedWebsites#Ancestry
• New card breach https://krebsonsecurity.com/2017/12/4-years-after-target-the-little-guy-is-the-target/
• Part 5 of Troy Hunt's Fixing Data Breaches : Penalties https://www.troyhunt.com/fixing-data-breaches-part-5-penalties/
• Spotify may have been breached http://www.ibtimes.com/was-spotify-hacked-users-getting-password-reset-emails-2634413

Laws & Regulations / Standards

• Citizen Lab and CIPPIC report on the CSE act https://deibert.citizenlab.ca/2017/12/close-look-proposed-cse-act/
• SEC plans cyber update on breach notifications https://www.databreachtoday.com/sec-plans-cybersecurity-guidance-refresh-what-to-expect-a-10554
• China shuts down 13,000 web sites https://www.darkreading.com/endpoint/china-shuts-down-13000-websites-for-breaking-internet-laws/d/d-id/1330723
• New rules for SWIFT banking network now in effect https://www.forbes.com/sites/madhvimavadiya/2017/12/11/swift-new-regulation-2018/

Bugs / Design Flaws

• Uber and researcher in dispute over Bug Bounty https://gizmodo.com/no-one-looks-good-in-ubers-bug-bounty-fight-1821583070
• Sonos and Bose vulnerabilities https://www.wired.com/story/hackers-can-rickroll-sonos-bose-speakers-over-internet/
• Canon printers using RSA BSAFE library and TLS Extended Random may be evidence of NSA Dual EC backdoor https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/
• DHS finds first responder iOS and Android apps with easy to fix security bugs https://www.bleepingcomputer.com/news/security/dhs-18-of-33-first-responder-apps-affected-by-security-flaws/

Privacy

• EFF on 2017's surveillance battles https://www.eff.org/deeplinks/2017/12/surveillance-battles-2017-review
• EPIC supports IRS move to truncate SSN's https://epic.org/2017/12/epic-supports-irs-proposal-to.html

Hacking / Malware / Cybercrime

• Web tracking software silently exploiting browser password managers to gain userID inof https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
• Dublin Zoo hit by business email compromise and scammed $600K https://www.pymnts.com/news/b2b-payments/2017/dublin-zoo-business-email-invoice-cybercrime/
• EFF on 2017 Nation State Hacking https://www.eff.org/deeplinks/2017/12/2017-year-nation-state-hacking
• Chrome extension "Archive Poster" carries crypto-jacking https://www.bleepingcomputer.com/news/security/chrome-extension-with-100-000-users-caught-pushing-cryptocurrency-miner/
• Wired on Crypto-jacking https://www.wired.com/story/cryptojacking-has-gotten-out-of-control/
• China targeting Think Tanks https://arstechnica.com/information-technology/2017/12/chinese-hackers-go-after-think-tanks-in-wave-of-more-surgical-strikes/

Other Security / Risk

• Random man killed in SWATting over gamer dispute https://krebsonsecurity.com/2017/12/kansas-man-killed-in-swatting-attack/
• On the Cyber / C-Suite disconnect https://www.darkreading.com/attacks-breaches/the-disconnect-between-cybersecurity-and-the-c-suite-/a/d-id/1330675
• NIST publishes first round of post-quantum cryptographic algorithms https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions and discussion https://www.schneier.com/blog/archives/2017/12/post-quantum_al.html
• Disrupting hard drives with acoustic attacks https://www.schneier.com/blog/archives/2017/12/acoustical_atta.html
• High level quantum programming languages https://www.technologyreview.com/s/609774/quantum-computers-barely-exist-heres-why-were-writing-languages-for-them-anyway/
• 2017 sees surge in HTTPS https://www.eff.org/deeplinks/2017/12/tipping-scales-https
• Legalization of pot raises workplace safety concerns https://www.enr.com/articles/43693-legalized-pot-in-canada-worries-contractors

Off-Topic

• XKCD on new phone security options https://xkcd.com/1934/
• A protein switch can turn off Ebola https://scienmag.com/researchers-inhibit-ebola-virus/