This Week’s [in]Security – Issue 128

Posted on 16 Sep 2019.

Welcome to This Week’s [in]Security. This week: PCI SSF & SSLC Reporting Templates. PIN Technical (mandatory) FAQ update. Photographic memory breach. 200M+ in DealerLeads, Verizon, and Monster (jobs) breaches. Hospital pager PHI leak. Facebook and sex. Widening the encryption debate. Canada Cyber Safe? Copyright take-down backfires. Every state is investigating Google. Web scraping legality. Cyber skills gap. SD-WAN security. Encrypted DNS. Cyber insurance. Snake-oil indicators. BlueKeep is out there. Flashlight apps really? NetCat side channel attack. SIMjacker. Monetizing IoT attacks. RDP , passwords, and ransomware. Damaging the power grid. Spies. ATM EMV cash-out. Vanishing payroll. Interesting Crypto conference take-aways. Pentesting gone wrong. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

News and announcements relating to Payment Security, Payments, PCI, and Card Brands.

Breaches / Leaks

Covering breaches, leaks, data exposures, and their fallout.


Articles about privacy related news, risks, and trends.

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

Other Security / Risk

Articles covering other types of risks.

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.