Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• Self-inflicted phishing campaign goes viral http://svedic.org/programming/mastercard-serbia-asked-ladies-to-share-fb-photos-of-among-other-things-their-credit-card
• 17 arrested in ATM Jack-potting attacks http://www.databreachtoday.com/police-bust-atm-black-box-hacking-suspects-a-9931
• PCI advisory board changes  https://www.pcisecuritystandards.org/pdfs/2017_2019_PCI_SSC_Board_of_Advisors_Press_Release.pdf

Breaches

• Breach leads to malware spear-phishing campaign https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/
• Bell Canada customer email breach http://www.theglobeandmail.com/report-on-business/bell-apologizes-to-customers-after-data-breach-hits-19-million-e-mail-addresses/article35004027/
• More emails and passwords http://www.pymnts.com/news/security-and-risk/2017/zomato-breach-threatens-17-million-users/
• 11 month long breach at Equifax/TALX https://krebsonsecurity.com/2017/05/fraudsters-exploited-lax-security-at-equifaxs-talx-payroll-division/

Lawful Access / Back-doors / Regulations

• New York State's cybersecurity regulation features annual reporting, pen testing, secure development, MFA, encryption, and more http://www.darkreading.com/risk/the-wide-ranging-impact-of-new-yorks-cybersecurity-regulations/a/d-id/1328853
• UK government want's even more control of the Internet http://www.independent.co.uk/life-style/gadgets-and-tech/news/theresa-may-internet-conservatives-government-a7744176.html

Bugs

• MS sat on XP patch for WannaCry[pt] https://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/
• HP Laptops Conexant Audio Driver contains key logger https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/
• Some IoT actually gets patched https://www.theregister.co.uk/2017/05/18/home_system_insecurity/

Privacy

• France fines Facebook for privacy violations https://www.theregister.co.uk/2017/05/16/facebook_fined_in_france/

Hacking / Malware

• Was WannCry[pt] from North Korea http://www.darkreading.com/attacks-breaches/researchers-investigate-possible-connection-between-wannacry-and-north-korean-hacker-group/d/d-id/1328885
• Apparently Dead Men Do Tell Tales – movie ransom http://www.bbc.co.uk/news/entertainment-arts-39933406
• Shadow Brokers to dump more exploits https://www.theregister.co.uk/2017/05/16/shadow_brokers_return/
• Malware Miner malware may have reduced WannaCry[pt] victims https://www.theregister.co.uk/2017/05/16/crypto_miner_exploits_same_wannacrypt_vuln/ Risky Biz Podcast on WannaCry[pt] https://risky.biz/RB455/

Other Security / Risk

• “PATCH Act of 2017” (really who makes up these acronyms) http://www.databreachtoday.com/patch-act-aims-to-help-prevent-cyberattacks-a-9930
• Information leaked on an NSA brute force machine https://www.schneier.com/blog/archives/2017/05/nsa_brute-force.html
• Leadership? http://www.darkreading.com/operations/majority-of-ceos-knowingly-raise-risk-level-with-their-shadow-it/d/d-id/1328865
• New NIST on BlueTooth Security http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-121r2.pdf
• EFF says spend more of cyberdefensive research https://www.eff.org/deeplinks/2017/05/why-patching-problem-makes-us-wannacry more Wikileaks CIA documentation dumped https://www.bleepingcomputer.com/news/security/wikileaks-dump-reveals-cia-malware-that-can-sabotage-user-software/
• unpatching making gains http://www.darkreading.com/vulnerabilities--- threats/survey-unpatched-windows-os-on-the-rise/d/d-id/1328897
• Host Identify Protocol http://www.darkreading.com/endpoint/the-fundamental-flaw-in-tcp-ip-connecting-everything/a/d-id/1328864
• Blockchain based Identity Network https://beta.theglobeandmail.com/report-on-business/us-credit-agencies-test-canadian-blockchain-identity-network/article34901961/

Off-Topic

• Valkyrie, a space robot that looks a bit like IronMan http://www.skyandtelescope.com/astronomy-news/meet-valkyrie-nasa-space-robot/