This Week’s [in]Security – Issue 140

Posted on 09 Dec 2019.

Welcome to This Week’s [in]Security. This week: PCI Contactless Payments on COTS arrives, Magecart/skimming Smith & Wesson, Salesforce. Mega-breaches: TruDialog spills text messages, MixCloud. Others: HackerOne, BMW, Hyundai, Healthcare. Credential stealing Python. Breach fallout. Breaches climb after mandatory disclosure. Hiding breaches with NDAs. Facial recognition and biometrics. iOS & China. Federal Privacy Law. US bans on travelers up. Certbot helps Let's Encrypt. IoT defense. Hacked election machine? Cipher breaks - RSA and DLP 240 fall. (795 bits). Nation State attacks, espionage, targeting biometric data, bricking Android, ransomware. Arrests and charges. Scams. Security crystal ball. The Internet Of Bodies? Measles deaths and response. Fake CV leads to jail. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

News and announcements relating to Payment Security, Payments, PCI, and Card Brands.

Breaches / Leaks

Covering breaches, leaks, data exposures, and their fallout.


Articles about privacy related news, risks, and trends.

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

Other Security / Risk

Articles covering other types of risks.

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.