This Week's [in]Security - Issue 273

Welcome to This Week’s [in]Security. PCI and payments: HSM FAQs. DSSv4 DESV, Payment pages. Skimmers. New breaches: City of PII, Flagstar, credentials. New Ransomware: pretenses, Greens, Automotive. Major outages: Cloudflare. Follow-ups & Fall-out: 25B for sale. Privacy: T-mobile, Brave, Health data. Laws & Regs - Canada: more C-11, Vaccine lawsuits. US: cyber, war-on-crypto, trackers, crypto & AML, DCMA, platform liability, trademarks. World: Clearview. Standards: NSA & NIST. Defense - Training & events: WEIS, RSA & ToB. MFA, Tools & Techniques, Supply chains, Netsec search, IoT, Powershell, Device verification. Vulnerabilities - Advisories: ICS. Patching: Chrome, Oracle. Other: Passwords, Acrobat, Azure, Hertzbleed, NTLM, Mega, Safari, IoT, Daycare apps. Other: Crypto-research: Cybercrime - Trends & Enforcement. Nation States and mercenaries. Other Risks: No-Code, 5G v Starlink, Ai. Microsoft. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

• New and updated FAQ’s
• PCI PTS HSM v4 Technical (mandatory) FAQs https://docs-prv.pcisecuritystandards.org/PTS/Frequently%20Asked%20Questions%20(FAQ)/PTS_HSM_Technical_FAQs_v4__June_2022.pdf
• PCI Related:
• PCI DSS v4.0 Supplemental ROC & AOC Templates for Designated Entities https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Reporting%20Template%20or%20Form/PCI-DSS-v4-0-DESV-S-ROC-Template.pdf and https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Reporting%20Template%20or%20Form/PCI-DSS-v4_0-ROC-AOC-Service-Providers.docx
• PCI DSS v4.0 FAQs for Designated Entities Supplemental Validation https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Frequently%20Asked%20Questions%20(FAQ)/PCI-DSS-v4-0-DESV-FAQs.pdf
• Responding to PCI 11.6.1: When Do I Need to Know if Something Has Changed On My Payment Page? https://sourcedefense.com/resources/responding-to-pci-11-6-1/
• Payment skimmers/malware/fraud:
• Magecart attacks are still around. And they are becoming more stealthy https://www.zdnet.com/article/magecart-attacks-are-still-around-and-they-are-becoming-more-stealthy
• Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign https://thehackernews.com/2022/06/newly-discovered-magecart.html

Breaches / Ransomware / Leaks

• New Breaches:
• A security breach of Fitness app Strava allowed unidentified operatives to spy on Israeli military's movements, report says https://businessinsider.com/strava-security-breach-enabled-spying-on-israeli-soldiers-report-2022-6
• Japanese man loses USB stick with entire city's personal details https://www.bbc.co.uk/news/world-asia-61921222
• 1.5 million customers impacted by Flagstar Bank data breach https://www.zdnet.com/article/1-5-million-customers-impacted-in-flagstar-data-breach
• Breach at Eye Care Software Vendor Hits Millions of Patients https://www.securityweek.com/breach-eye-care-software-vendor-hits-millions-patients
• Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html
• Voicemail phishing emails steal Microsoft credentials https://www.theregister.com/2022/06/21/phishing-voicemail-microsoft-zscaler/
• New 'BidenCash' site sells your stolen credit card for just 15 cents https://www.bleepingcomputer.com/news/security/new-bidencash-site-sells-your-stolen-credit-card-for-just-15-cents/
• New Ransomware and "Incidents":
• We're now truly in the era of ransomware as pure extortion without the encryption https://www.theregister.com/2022/06/25/ransomware_gangs_extortion_feature/
• Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal Enterprise https://www.tenable.com/blog/understanding-the-ransomware-ecosystem-screen-lockers-to-multimillion-dollar-criminal-enterprise
• Conti ransomware hacking spree breaches over 40 orgs in a month https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/
• Conti ransomware finally shuts down data leak, negotiation sites https://www.bleepingcomputer.com/news/security/conti-ransomware-finally-shuts-down-data-leak-negotiation-sites/
• Germany's Green Party Says Email System Hit by Cyberattack https://www.securityweek.com/germanys-green-party-says-email-system-hit-cyberattack
• Automotive fabric supplier TB Kawashima announces cyberattack https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/
• US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware https://www.securityweek.com/us-subsidiary-automotive-hose-maker-nichirin-hit-ransomware
• Yodel parcel company confirms cyberattack is disrupting delivery https://www.bleepingcomputer.com/news/security/yodel-parcel-company-confirms-cyberattack-is-disrupting-delivery/
• Major outages/downs:
• Massive Cloudflare outage caused by network configuration error https://www.bleepingcomputer.com/news/technology/massive-cloudflare-outage-caused-by-network-configuration-error/
• Follow-ups and fall-out:
• There are 24.6 billion pairs of credentials for sale on dark web https://www.theregister.com/2022/06/20/in_brief_security/
• FTC fines CafePress $500K for breach affecting 23 million users https://www.bleepingcomputer.com/news/security/ftc-fines-cafepress-500k-for-breach-affecting-23-million-users/

Privacy

• T-Mobile is selling your app usage data to advertisers — here's how to opt out https://www.theverge.com/2022/6/24/23181851/t-mobile-browsing-data-app-insights-marketing-opt-out
• Do Privacy and Data Protection Regulations Create as Many Problems as They Solve? https://www.securityweek.com/do-privacy-and-data-protection-regulations-create-many-problems-they-solve
• Privacy-focused Brave Search grew by 5,000% in a year https://www.bleepingcomputer.com/news/software/privacy-focused-brave-search-grew-by-5-000-percent-in-a-year/
• Tech firms under pressure to safeguard user data as abortion prosecutions loom https://www.theguardian.com/us-news/2022/jun/25/tech-companies-health-data-security-abortion-prosecution

Laws, Regulations, Platforms, Standards, and Public Policy

• Canada:
• Extreme intoxication bill unanimously passes House of Commons, heads to Senate https://globalnews.ca/news/8941446/extreme-intoxication-bill-passes-house/
• CRTC Chair Ian Scott Confirms Bill C-11 Can Be Used To Pressure Internet Platforms to Manipulate Algorithms https://www.michaelgeist.ca/2022/06/crtc-chair-ian-scott-confirms/
• The Law Bytes Podcast, Episode 131: The Bill C-11 Clause-by-Clause Review – What “An Affront to Democracy” Sounds Like https://www.michaelgeist.ca/2022/06/law-bytes-podcast-episode-131/
• My Appearance Before the Senate Transport and Communications Committee on Bill C-11: The Senate Starts Review As Bill Receives House Approval https://www.michaelgeist.ca/2022/06/my-appearance-before-the-senate-transport-and-communications-committee-on-bill-c-11-the-senate-starts-review-as-bill-receives-house-approval/
• TTC facing nearly $3M in lawsuits filed by former employees over vaccine policies https://toronto.ctvnews.ca/ttc-facing-nearly-3m-in-lawsuits-filed-by-former-employees-over-vaccine-policies-1.5962023
• US:
• Biden Signs Two Cybersecurity Bills Into Law https://www.securityweek.com/biden-signs-two-cybersecurity-bills-law
• Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills https://www.schneier.com/blog/archives/2022/06/hidden-anti-cryptography-provisions-in-internet-anti-trust-bills.html
• It's Official. CARD Act, Credit Rules, Now Under CFPB Review https://www.pymnts.com/news/cfpb/2022/its-official-card-act-credit-rules-now-under-cfpb-review/
• Senators Reintroduce Bill to Preserve Freedom of Payment Choice https://www.pymnts.com/news/regulation/2022/senators-reintroduce-bill-to-preserve-freedom-of-payment-choice/
• The Bipartisan Digital Advertising Act Would Break Up Big Trackers https://www.eff.org/deeplinks/2022/06/bipartisan-digital-advertising-act-would-break-big-trackers
• FTC Warns Congress About Using AI To Fix Online Harms https://www.pymnts.com/artificial-intelligence-2/2022/ftc-warns-congress-about-using-ai-to-fix-online-harms/
• A legal challenge over crypto reporting could strike down decades-old anti-money laundering laws https://www.theverge.com/2022/6/21/23176774/coin-center-legal-challenge-crypto-money-laundering-6050i
• SEC's ‘Backdoor' Approach to Crypto May Cost It Power https://www.pymnts.com/cryptocurrency/2022/secs-backdoor-approach-to-crypto-may-cost-it-power/
• Victory! Court Rules That DMCA Does Not Override First Amendment's Anonymous Speech Protections https://www.eff.org/deeplinks/2022/06/victory-court-rules-dmca-does-not-override-first-amendments-anonymous-speech
• When “Jawboning” Creates Private Liability https://www.eff.org/deeplinks/2022/06/when-jawboning-creates-private-liability
• The Ohio State University Has Won Its Fight to Trademark the Word ‘The' https://www.mentalfloss.com/posts/the-ohio-state-trademark
• U.S. President Joe Biden signs landmark gun safety bill: ‘Lives will be saved' https://globalnews.ca/news/8947339/u-s-biden-signs-landmark-gun-safety-bill/
• World:
• The walls are closing in on Clearview AI https://www.technologyreview.com/2022/05/24/1052653/clearview-ai-data-privacy-uk/
• Standards News:
• On the Subversion of NIST by the NSA https://www.schneier.com/blog/archives/2022/06/on-the-subversion-of-nist-by-the-nsa.html
• NIST Releases Special Publication (SP) 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP) https://csrc.nist.gov/publications/detail/sp/800-219/final
• NIST IoT Cybersecurity Risk Identification https://www.nist.gov/system/files/documents/2022/06/21/IoTRiskIdentificationDiscussionPaper.pdf
• NIST IR 8425 A Profile of the IoT Core Baseline for Consumer IoT Products https://csrc.nist.gov/publications/detail/nistir/8425/draft

Defense / Techniques / Solutions

• Educational events, webinars, courses, etc:
• WEIS 2022 – Liveblog https://www.lightbluetouchpaper.org/2022/06/21/weis-2022-liveblog/
• DtSR Episode 505 - Reflections on RSA Conference 2022 http://podcast.wh1t3rabbit.net/dtsr-episode-505-reflections-on-rsa-conference-2022
• Announcing the new Trail of Bits podcast https://blog.trailofbits.com/2022/06/20/announcing-the-new-trail-of-bits-podcast/
• General:
• GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar https://www.darkreading.com/endpoint/github-s-mfa-plans-should-spur-rest-of-industry-to-raise-the-bar
• Methods, Techniques, Tools, and Products:
• Aqua Security Ships Open Source Tool for Auditing Software Supply Chain https://www.securityweek.com/aqua-security-ships-open-source-tool-auditing-software-supply-chain
• NetSec Goggle shows search results only from cybersecurity sites https://www.bleepingcomputer.com/news/security/netsec-goggle-shows-search-results-only-from-cybersecurity-sites/
• Securing your IoT with Edge Secured-core devices https://www.microsoft.com/security/blog/2022/06/20/securing-your-iot-devices-with-edge-secured-core-devices/
• NSA shares tips on securing Windows devices with PowerShell https://www.bleepingcomputer.com/news/security/nsa-shares-tips-on-securing-windows-devices-with-powershell/
• Verify Apple devices with no installed software https://blog.cloudflare.com/private-attestation-token-device-posture/
• How Microsoft's AI spots ransomware attacks before they even get started https://www.zdnet.com/article/how-microsofts-ai-spots-ransomware-attacks-before-they-even-get-started
• Improving AI-based defenses to disrupt human-operated ransomware https://www.microsoft.com/security/blog/2022/06/21/improving-ai-based-defenses-to-disrupt-human-operated-ransomware/
• Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test https://www.microsoft.com/security/blog/2022/06/22/microsoft-defender-for-office-365-receives-highest-award-in-se-labs-enterprise-email-security-services-test/
• Microsoft: KB5014678 Windows Server 2022 update adds WSL2 support https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5014678-windows-server-2022-update-adds-wsl2-support/
• FLOSS 2.0 Has Been Released, (Thu, Jun 23rd) https://isc.sans.edu/diary/rss/28776
• 1Password's Insights tool to help admins monitor users' security practices https://www.theregister.com/2022/06/21/1password_trots_out_insights_tool/
• 7-zip now supports Windows ‘Mark-of-the-Web' security feature https://www.bleepingcomputer.com/news/microsoft/7-zip-now-supports-windows-mark-of-the-web-security-feature/
• Meta reportedly plans to shut down CrowdTangle, its tool that tracks popular social media posts https://www.theverge.com/2022/6/23/23180357/meta-crowdtangle-shut-down-facebook-misinformation-viral-news-tracker

Bugs / Design Flaws / Vulnerabilities / Research

• Advisories:
• CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure https://www.theregister.com/2022/06/21/56_vulnerabilities_critical_industrial/
• Industry Reactions to 'OT:Icefall' Vulnerabilities Found in ICS Products https://www.securityweek.com/industry-reactions-oticefall-vulnerabilities-found-ics-products
• Patching:
• Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors https://www.securityweek.com/codesys-patches-11-flaws-likely-affecting-controllers-several-ics-vendors
• Google Patches 14 Vulnerabilities With Release of Chrome 103 https://www.securityweek.com/google-patches-14-vulnerabilities-release-chrome-103
• Researchers: Oracle Took 6 Months to Patch Major Vulnerability Affecting Many Systems https://www.securityweek.com/researchers-it-took-oracle-6-months-patch-mega-vulnerability-affecting-many-systems
• Other Vulnerabilities:
• Most top websites are not following best practices in their password policies https://freedom-to-tinker.com/2022/06/22/most-top-websites-are-not-following-best-practices-in-their-password-policies/
• Adobe Acrobat may block antivirus tools from monitoring PDF files https://www.bleepingcomputer.com/news/security/adobe-acrobat-may-block-antivirus-tools-from-monitoring-pdf-files/
• Risky Business #668 -- Microsoft is hiding its Azure security problems https://risky.biz/RB668
• Hertzbleed: A New Side-Channel Attack https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html
• New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain https://thehackernews.com/2022/06/new-ntlm-relay-attack-lets-attackers.html
• Mega says it can't decrypt your files. New POC exploit shows otherwise https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/
• MEGA fixes critical flaws that allowed the decryption of user data https://www.bleepingcomputer.com/news/security/mega-fixes-critical-flaws-that-allowed-the-decryption-of-user-data/
• Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild https://thehackernews.com/2022/06/google-researchers-detail-5-year-old.html
• How refactoring code in Safari's WebKit resurrected 'zombie' security bug https://www.theregister.com/2022/06/21/apple-safari-zombie-exploit/
• Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack https://threatpost.com/office-365-opens-ransomware-attacks-on-onedrive-sharepoint/180010/
• Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors https://thehackernews.com/2022/06/researchers-disclose-56-vulnerabilities.html
• Microsoft prepares to forget about Windows 8.1 with end of support notifications https://www.theverge.com/2022/6/24/23181347/microsoft-windows-8-1-end-of-support-notifications-pop-ups
• Daycare Apps Are Dangerously Insecure https://www.eff.org/deeplinks/2022/06/daycare-apps-are-dangerously-insecure
• Research on new vulnerabilities:
• Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say https://www.darkreading.com/application-security/open-source-software-bugs--attackability
• The curious tale of a fake Communications Carrier.app Posted by Ian Beer, Google Project Zero NOTE: This issue was CVE-2021-30983 was... https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html
• Cryptography and Cryptographic Research:
• Block Cipher's Substitution Box Generation Based on Natural Randomness in Underwater Acoustics and Knight's Tour Chain https://eprint.iacr.org/2022/787
• Traceable Receipt-Free Encryption https://eprint.iacr.org/2022/822

Hacking / Malware / Cybercrime / Exploitation

• Trends, Alerts, and Events (other than major breaches):
• Clever phishing method bypasses MFA using Microsoft WebView2 apps https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/
• New MetaMask phishing campaign uses KYC lures to steal passphrases https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/
• Fake copyright infringement emails install LockBit ransomware https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/
• BRATA Android Malware Gains Advanced Mobile Threat Capabilities https://thehackernews.com/2022/06/brata-android-malware-gains-advanced.html
• Malicious Windows 'LNK' attacks made easy with new Quantum builder https://www.bleepingcomputer.com/news/security/malicious-windows-lnk-attacks-made-easy-with-new-quantum-builder/
• New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers https://thehackernews.com/2022/06/new-toddycat-hacker-group-on-experts.html
• The Call Is Coming from Inside the House: CrowdStrike Identifies Novel Exploit in VOIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
• Crime & Arrests, etc.:
• Why Paper Receipts are Money at the Drive-Thru https://krebsonsecurity.com/2022/06/why-paper-receipts-are-money-at-the-drive-thru/
• Hackers stole $100 million worth of cryptos from Harmony's blockchain in another blow to digital assets https://markets.businessinsider.com/news/currencies/100-million-cryptos-stolen-theft-hack-harmony-blockchain-bitcoin-2022-6
• Thomas Dang summoned for allegedly hacking COVID-19 vaccine passport website https://globalnews.ca/news/8945795/thomas-dang-court-summons-alberta-covid-19-website-hacking/
• Belgian, Dutch Police Dismantle Cybercrime Group https://www.securityweek.com/belgian-dutch-police-dismantle-cybercrime-group
• Europol Busts Phishing Gang Responsible for Millions in Losses https://thehackernews.com/2022/06/europol-busts-phishing-gang-responsible.html
• Feds Take Down Russian 'RSOCKS' Botnet https://www.darkreading.com/attacks-breaches/feds-take-down-russian-rsocks-botnet
• Capital One: Convicted techie got in via 'misconfigured' AWS buckets https://www.theregister.com/2022/06/20/captial_one_wire_fraud/
• Aylmer, Ont. investigate ‘grandparent' phone scams after one resident loses $10,000 https://globalnews.ca/news/8933168/alymer-ont-resident-scammed-10000/
• Thieves turning to new methods for getting inside homes says Crime Stoppers https://globalnews.ca/news/8943013/new-crime-trend-outside-items-crime-stoppers/
• Bulldozer crushes 100 seized vehicles in New York https://www.bbc.co.uk/news/world-us-canada-61893748
• Nation State Actors:
• NSO claims 'more than 5' EU states use Pegasus spyware https://www.theregister.com/2022/06/24/nso_customers_eu_pegasus/
• Google details commercial spyware that targets both Android and iOS devices https://www.zdnet.com/article/google-details-commercial-spyware-that-targets-both-android-and-ios-devices
• Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware https://thehackernews.com/2022/06/google-says-isps-helped-attackers.html
• Apple and Android phones hacked by Italian spyware, says Google https://www.theguardian.com/technology/2022/jun/23/apple-and-android-phones-hacked-by-italian-spyware-says-google
• Chinese APT 'Bronze Starlight' Uses Ransomware to Disguise Cyberespionage https://www.securityweek.com/chinese-apt-bronze-starlight-uses-ransomware-disguise-cyberespionage
• Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside https://thehackernews.com/2022/06/chinese-hackers-distributing-sms-bomber.html
• Chinese hackers target script kiddies with info-stealer trojan https://www.bleepingcomputer.com/news/security/chinese-hackers-target-script-kiddies-with-info-stealer-trojan/
• Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug https://threatpost.com/fancy-bear-nuke-threat-lure/180056/

Other Security / Risk

• General:

  • Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code https://www.darkreading.com/dr-tech/credential-sharing-as-a-service-hidden-risk-of-low-code-no-code
  • 5G interference may make starlink unusable https://gizmodo.com/spacex-starlink-internet-dish-5g-interference-unusable-1849093964
  • False Air Raid Sirens in Israel Possibly Triggered by Iranian Cyberattack https://www.securityweek.com/false-air-raid-sirens-israel-possibly-triggered-iranian-cyberattack
  • Scalper bots out of control in Israel, selling state appointments https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/
  • Open Source Software Security Begins to Mature https://www.darkreading.com/application-security/open-source-software-security-mature
  • A great day for non-robots: iOS 16 will bypass CAPTCHAs https://www.theregister.com/2022/06/21/believe_it_or_not_apple/

• Artificial Intelligence and Machine Learning:

  • How a Google Employee Fell for the Eliza Effect https://www.theatlantic.com/ideas/archive/2022/06/google-lamda-chatbot-sentient-ai/661322/
  • Microsoft Plans to Eliminate Face Analysis Tools in Push for ‘Responsible A.I.' https://www.nytimes.com/2022/06/21/technology/microsoft-facial-recognition.html
  • Microsoft to retire controversial facial recognition tool that claims to identify emotion https://www.theverge.com/2022/6/21/23177016/microsoft-retires-emotion-recognition-azure-ai-tool-api

• Disinformation and misinformation

  • The Open Secret of Google Search's Decay https://www.theatlantic.com/ideas/archive/2022/06/google-search-algorithm-internet/661325/
  • Why Social Media Makes People Unhappy--And Simple Ways to Fix It https://www.scientificamerican.com/article/why-social-media-makes-people-unhappy-and-simple-ways-to-fix-it/

• Health:

  • THE LANCET INFECTIOUS DISEASES: COVID-19 vaccines are estimated to have prevented 20 million deaths worldwide in the first year of the vaccine programme, modelling study finds https://scienmag.com/the-lancet-infectious-diseases-covid-19-vaccines-are-estimated-to-have-prevented-20-million-deaths-worldwide-in-the-first-year-of-the-vaccine-programme-modelling-study-finds/
  • Venomous Snail Unlocks New Diabetes Drugs https://www.scientificamerican.com/article/venomous-snail-unlocks-new-diabetes-drugs/
  • Can we save more lives if we let resistant bacteria live? https://scienmag.com/can-we-save-more-lives-if-we-let-resistant-bacteria-live/
  • An Ancient Killer (Typhoid) Is Rapidly Becoming Resistant to Antibiotics, Scientists Warn https://www.sciencealert.com/a-medieval-killer-is-rapidly-becoming-resistant-to-more-antibiotics
  • Polio Virus Has Been Detected in London's Sewage https://www.sciencealert.com/polio-virus-has-been-detected-in-london-s-sewage
  • Monkeypox is not yet a global health emergency, says WHO https://globalnews.ca/news/8947946/who-monkeypox-noyt-yet-health-emergency/
  • Monkeypox outbreak: Case count rises to more than 3,200 globally, says WHO https://globalnews.ca/news/8943814/monkeypox-case-count-who/
  • The U.S. Is Underreacting to Monkeypox https://www.theatlantic.com/ideas/archive/2022/06/monkeypox-vaccine-gay-bisexual-men-us/661380/
  • Canada signs $32.9M contract for smallpox drug with manufacturer Chimerix https://globalnews.ca/news/8945294/canada-contract-smallpox-chimerix/
  • Squirrels Could Make Monkeypox a Forever Problem https://www.theatlantic.com/health/archive/2022/06/monkeypox-outbreak-spread-animal-hosts/661338/
  • Pfizer says updated COVID-19 shots boost protection against omicron variant https://globalnews.ca/news/8947406/pfizer-says-updated-covid-19-shots-boost-protection-against-omicron-variant/

• Safety:

  • Lifeguard shortages impacting pools, water programs across Canada https://globalnews.ca/news/8945156/lifeguard-shortage-pools-water-programs/

  • Toronto cancels swim classes for 1,000-plus participants amid instructor shortage https://globalnews.ca/news/8939837/toronto-cancels-swim-classes/
  • Brampton to offer free lifeguard, swim instructor certification courses https://globalnews.ca/news/8942584/brampton-lifeguards-swim-instructor-free-courses/
  • 'Shocking' video shows GO train slamming into SUV https://toronto.ctvnews.ca/shocking-video-shows-go-train-slamming-into-suv-1.5954451
  • I Was a Police Officer for 20 Years. I Know What It Means to Put More Guns on the Street. https://www.theatlantic.com/ideas/archive/2022/06/supreme-court-new-york-gun-law-public-safety-police-officers-nypd/661372/
  • Homemade explosive device detonated at mall north of Toronto, police say https://toronto.ctvnews.ca/homemade-explosive-device-detonated-at-mall-north-of-toronto-police-say-1.5960353
  • Pedestrian dies after being struck by street sweeper truck in Toronto https://toronto.ctvnews.ca/pedestrian-dies-after-being-struck-by-street-sweeper-truck-in-toronto-1.5956246
  • She ordered a burger on Grubhub — and included a desperate plea for help https://www.washingtonpost.com/nation/2022/06/24/new-york-woman-rescued-grubhub-order/

• Environment:

  • Controversy Grows Over whether Mars Samples Endanger Earth https://www.scientificamerican.com/article/controversy-grows-over-whether-mars-samples-endanger-earth/
  • It's Worse Than We Thought: Food Miles Account For a Sickening Amount of Emissions https://www.sciencealert.com/stop-eating-asparagus-in-winter-food-miles-account-for-almost-20-of-all-food-emissions
  • Spray-On, Rinse-Off Food 'Wrapper' Can Cut Plastic Packaging https://www.scientificamerican.com/article/spray-on-rinse-off-food-lsquo-wrapper-rsquo-can-cut-plastic-packaging/
  • Could nuclear 'ships' solve droughts? https://www.bbc.co.uk/news/business-61483491
  • Climate change affects the likelihood of armed conflict https://scienmag.com/climate-change-affects-the-likelihood-of-armed-conflict/
  • 800 kilograms pulled from Lake Ontario during ‘Dive Against Debris' https://globalnews.ca/news/8934184/lake-ontario-during-dive-against-debris-2022/
  • Lake Ontario overflowing with microplastics, researchers find https://www.ctvnews.ca/climate-and-environment/lake-ontario-overflowing-with-microplastics-researchers-find-1.5959522

• Economy:

  • Highest inflation in 40 years: Angus Reid study https://globalnews.ca/news/8949156/highest-inflation-in-40-years-angus-reid-study/

Russia v. Ukraine

• The war:

  • Experts say there are mounting signs that the Kremlin is purging its top generals in Ukraine, the latest hint of deep dysfunction in Putin's army https://businessinsider.com/mounting-signs-the-kremlin-is-purging-top-generals-in-ukraine-experts-2022-6
  • Half Russian separatist force dead or wounded - UK https://www.bbc.co.uk/news/world-europe-61891462
  • Russian jets are flying so low they are crashing https://www.forbes.com/sites/davidaxe/2022/06/24/russian-jets-are-flying-so-low-to-dodge-ukrainian-air-defenses-that-theyre-running-into-the-ground/
  • A vegetable oil export terminal at a major Ukraine port is 'on fire' following Russian missile strike https://businessinsider.com/ukraine-agriculture-port-terminal-on-fire-russian-missile-strike-2022-6
  • Ukraine war: What Severodonetsk's fall means for the conflict https://www.bbc.co.uk/news/world-europe-61945914
  • Ukrainian missiles struck 3 gas platforms in the Black Sea that Russia had converted into 'small garrisons' https://businessinsider.com/ukraine-attacks-3-russian-gas-platforms-black-sea-used-garrisons-2022-6
  • What a 1904 War Can Teach Vladimir Putin https://www.theatlantic.com/ideas/archive/2022/06/russia-war-ukraine-japan/661312/

• Reaction and Response:

  • Germany considers seizing parts of a Russian gas pipeline to use in an LNG terminal as Europe reels from an energy crisis, report says https://markets.businessinsider.com/news/commodities/europe-energy-crisis-germany-russia-gas-pipeline-nord-stream-2-2022-6
  • Germany takes 'bitter' decision to fire up coal power plants as Russia chokes off its vital natural gas supplies https://businessinsider.com/germany-coal-power-plants-russia-cuts-natural-gas-climate-energy-2022-6
  • Germany takes step closer to gas rationing https://www.bbc.co.uk/news/business-61908998
  • Investment in coal — the dirtiest fossil fuel — is set to rise 10% this year as energy security grows increasingly fragile due to the Ukraine war https://markets.businessinsider.com/news/commodities/coal-investment-rise-10-percent-oil-gas-energy-security-fears-2022-6
  • Kaliningrad: Russia warns Lithuania of consequences over rail transit blockade https://www.bbc.co.uk/news/world-europe-61878929
  • Kaliningrad row: Lithuania accuses Russia of lying about rail 'blockade' https://www.bbc.co.uk/news/world-europe-61901764
  • Lithuania warns of rise in DDoS attacks against government sites https://www.bleepingcomputer.com/news/security/lithuania-warns-of-rise-in-ddos-attacks-against-government-sites/
  • How could Ukraine become an EU member and what does Russia say? https://www.bbc.co.uk/news/world-61844552
  • What If Russia Uses Nuclear Weapons in Ukraine? https://www.theatlantic.com/ideas/archive/2022/06/russia-ukraine-nuclear-weapon-us-response/661315/
  • Russian oil tankers are disappearing from tracking systems near Portugal's Azores islands as dark activity 'skyrockets' amid Ukraine war https://businessinsider.com/russian-oil-tankers-tracking-signals-dark-azores-islands-2022-6
  • Western planes in Russia are falling apart https://arstechnica.com/tech-policy/2022/06/in-russia-western-planes-are-falling-apart/
  • Windows 10 and Windows 11 downloads blocked in Russia https://www.bleepingcomputer.com/news/microsoft/windows-10-and-windows-11-downloads-blocked-in-russia/
  • Russia fines Google for spreading ‘unreliable' info defaming its army https://www.bleepingcomputer.com/news/google/russia-fines-google-for-spreading-unreliable-info-defaming-its-army/

• Sanctions & Economic Impact:

  • Russia is facing its worst recession in 30 years — and the 'Putin Generation' is paying the price https://businessinsider.com/russia-putin-generation-youth-shrinking-job-education-opportunities-2022-6
  • Europe told to prepare for Russia turning off gas https://www.bbc.co.uk/news/science-environment-61899509
  • Russia is now China's biggest oil supplier, overtaking Saudi Arabia as Western demand for its crude has dropped https://markets.businessinsider.com/news/commodities/russia-china-oil-energy-import-export-supplier-putin-war-sanction-2022-6
  • Ukraine war: UK joins ban on imports of Russian gold https://www.bbc.co.uk/news/business-61941589

• Information, Disinformation, and Propaganda:

  • Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies https://www.securityweek.com/microsoft-russian-cyber-spying-targets-42-ukraine-allies
  • DDoS Attacks Delay Putin Speech at Russian Economic Forum https://www.darkreading.com/attacks-breaches/ddos-attacks-delay-putin-speech-russian-economic-forum

• Cyber-attacks and the potential for cyber-war:

  • Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware https://www.bleepingcomputer.com/news/security/russian-govt-hackers-hit-ukraine-with-cobalt-strike-credomap-malware/
  • Telecom workers in occupied parts of Ukraine destroyed software to avoid Russian control over data and communications https://businessinsider.com/telecom-workers-ukraine-destroyed-software-avoid-russian-control-2022-6

Off-Topic / Science & Tech / Lighter Side

• Innovations & Inventions:

• A Huge Step Forward in Quantum Computing Was Just Announced: The First-Ever Quantum Circuit https://www.sciencealert.com/a-huge-step-forward-in-quantum-computing-was-just-announced-the-first-ever-quantum-circuit
• Solving the solar energy storage problem with rechargeable batteries that can convert and store energy at once https://scienmag.com/solving-the-solar-energy-storage-problem-with-rechargeable-batteries-that-can-convert-and-store-energy-at-once/
• Tiny fish-shaped robot ‘swims' around picking up microplastics https://scienmag.com/tiny-fish-shaped-robot-swims-around-picking-up-microplastics/
• App aimed at keeping Mi'kmaw language alive helping new generation of learners https://globalnews.ca/news/8943444/mikmaw-language-app-helping-new-generation/
• Retired Fredericton engineer's ultralight plane powered by electricity https://www.cbc.ca/news/canada/new-brunswick/homemade-electric-airplane-flying-over-fredericton-1.6492137
• A floating city is being built in the Maldives. It comprises a web of residences, shops, and schools that will one day be home to 20,000 people. https://businessinsider.com/dutch-firm-building-floating-city-in-maldives-house-20000-2022-6

• Other:

• Protons are 5% smaller than previously thought https://www.syfy.com/syfy-wire/bad-astronomy-protons-smaller-than-previously-thought
• The octopus' brain and the human brain share the same “jumping genes” https://scienmag.com/the-octopus-brain-and-the-human-brain-share-the-same-jumping-genes/
• USS Samuel B Roberts: World's deepest shipwreck discovered https://www.bbc.co.uk/news/science-environment-61925862
• Earth's core is speeding up and slowing down https://www.syfy.com/syfy-wire/bad-astronomy-earths-inner-cores-spin-is-constantly-changing
• Homesick dog escapes pet hotel, runs home while owners are on vacation https://globalnews.ca/news/8939486/homesick-dog-escapes-pet-hotel-runs-home-owners-vacation/
• NASA Funds the Development of a Nuclear Reactor on the Moon That Would Last for 10 Years https://www.universetoday.com/156461/nasa-funds-the-development-of-a-nuclear-reactor-on-the-moon-that-would-last-for-10-years/
• Astronomers Watched a “Near-Sun” Comet Disintegrate as it Flew too Close to the Sun https://www.universetoday.com/156357/astronomers-watched-a-near-sun-comet-disintegrate-as-it-flew-too-close-to-the-sun/
• The Mars Express spacecraft is finally getting a Windows 98 upgrade https://www.theverge.com/2022/6/24/23181715/mars-express-marsis-windows-98-upgrade-esa
• What happens when a star engulfs its planets? https://www.syfy.com/syfy-wire/bad-astronomy-new-research-star-eats-planet