Standard Design for Testability (DfT) structures are well known as potential sources of confidential information leakage. Scan-based attacks have been reported in publications since the early 2000s. It has been shown for instance that the secret key for symmetric encryption standards (DES, AES) could be retrieved from information gathered on scan-out pins when scan-chains are fully observed through these pins. However DfT practices have progressed to adapt to large and complex designs such as test response compaction, associated Xmasking structure, partial scan, etc. As a side effect, these techniques mask part of the information collected on scan outputs. Thus, at first glance, they may appear as countermeasures against scan-based attacks. Nevertheless, in this paper we show that DfT structures, regardless of their nature, do not inherently enhance security and that specific additional countermeasures are still needed. We propose a newscan attack able to deal with designs where only part of the internal circuit's state is observed for test purpose.