This Week’s [in]Security – Issue 130

Posted on 30 Sep 2019.

Welcome to This Week’s [in]Security. This week: Big changes coming in PCI updates to DSS, P2PE PA-DSS/SSF. First PCI SPoC solutions. New Control Gap service offerings. New Magecart tactics. Breaches: 400M medical records, DoorDash. Breach updates on Dunkin, CafePress. 69K Facebook apps suspended. NIST privacy and zero trust. GDPR and Blockchain. California's privacy law. Right to be forgotten. Forensic transparency. Cost of fraud. Malicious RDP. Blocking malicious attachments. Ransomware tools. Pen-testers redirected to FBI site. Vaccines. Quantum milestone. Trade tools. Youtube 2FA bypassed. Visualizing an APT. New widespread SIM card attack. Fighting deep-fakes. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

News and announcements relating to Payment Security, Payments, PCI, and Card Brands.

Breaches / Leaks

Covering breaches, leaks, data exposures, and their fallout.

Privacy

Articles about privacy related news, risks, and trends.

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

Other Security / Risk

Articles covering other types of risks.

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.