This Week's [in]Security - Issue 276

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: PAN Truncation, PIN Key Blocks. Skimmers: Hilton Garden. Payments: $20T. New breaches: Experian? New Ransomware: trends, decryptor. Major outages: Twitter, NJ Internet, Rogers (cont) Follow-ups & Fall-out: Alibaba, Robinhood. Privacy: WhatsApp, Ring, Tor. Laws & Regs - Canada, US, Push payments, World: UK safety & ransomware. Russian breaches. Standards: SP 800-53. Defense - Training & events. CISSP, teaching. Tools & Techniques, Vulnerabilities - Advisories, Zerodays, Patching, EOL, Sage300, macros, WordPress, Browser deanonymization, Crypto-research. Cybercrime - Trends: awareness, not your security firm, fakes. Crime & Enforcement: Politician charged, Vault 7. Nation States and mercenaries. Other Risks - General: Open source, OT. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:
• The FAQ on acceptable truncation of PAN was updated regarding 8-digit BINs https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/What-are-acceptable-formats-for-truncation-of-primary-account-numbers/
• Just Updated: Key Blocks Information Supplement https://blog.pcisecuritystandards.org/just-updated-key-blocks-information-supplement
• Information Supplement: PIN Security Requirement 18-3 − Key Blocks minor updates and re-alignment PIN and P2PE v3.1 dates and other https://docs-prv.pcisecuritystandards.org/PIN/Supporting%20Document/PIN_Security_Rqmt_18-3_Key_Blocks_2022_v1.1.pdf
• Payment skimmers/malware/fraud:
• Hilton Garden Inn Cleveland Downtown warns of credit card data breach https://www.databreaches.net/hilton-garden-inn-cleveland-downtown-warns-of-credit-card-data-breach/
• Why you should always pay with a credit card at gas stations, hotels, and car rental companies https://www.businessinsider.com/personal-finance/avoid-debit-card-holds-pay-with-credit
• Other payment related:
• Lit on Fire by Covid, E-Commerce Will Hit $20 Trillion Globally by 2026, RBR Says https://www.digitaltransactions.net/lit-on-fire-by-covid-e-commerce-will-hit-20-billion-globally-by-2026-rbr-says/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Experian, You Have Some Explaining to Do https://krebsonsecurity.com/2022/07/experian-you-have-some-explaining-to-do/
• Shanghai data breach exposes suppression of ‘white-hat' security research in China https://www.databreaches.net/shanghai-data-breach-exposes-suppression-of-white-hat-security-research-in-china/
• 1.9m patient records exposed in healthcare debt collector ransomware attack https://www.theregister.com/2022/07/13/19m_patients_medical_data_exposed/
• 200,000 Colorado Springs Utilities notified after unauthorized data access of subcontractor's system https://www.databreaches.net/200000-colorado-springs-utilities-notified-after-unauthorized-data-access-of-subcontractors-system/
• Bandai Namco confirms hack after ALPHV ransomware data leak threat https://www.bleepingcomputer.com/news/security/bandai-namco-confirms-hack-after-alphv-ransomware-data-leak-threat/
• New Ransomware and "Incidents":
• Data Breaches Linked to Ransomware Declined in Q2 2022 https://www.darkreading.com/attacks-breaches/data-breaches-linked-to-ransomware-declined-in-q2-2022
• 'Luna Moth' Group Ransoms Data Without the Ransomware https://www.darkreading.com/threat-intelligence/-luna-moth-group-ransoms-data-without-the-ransomware
• Free Decryptors Released for AstraLocker Ransomware https://www.securityweek.com/free-decryptors-released-astralocker-ransomware
• Ransomware gang now lets you search their stolen data https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/
• BlackCat (Aka ALPHV) Ransomware Is Increasing Stakes Up To $2.5M In Demands https://www.databreaches.net/blackcat-aka-alphv-ransomware-is-increasing-stakes-up-to-2-5m-in-demands/
• HavanaCrypt ransomware sails in as a fake Google update https://www.theregister.com/2022/07/11/havanacrypt-ransomware-google-update/
• Rhode Island sewer-system operator hit by cyber attack https://www.databreaches.net/rhode-island-sewer-system-operator-hit-by-cyber-attack/
• University of Windsor restores ‘vast majority' of systems after security breach https://www.databreaches.net/university-of-windsor-restores-vast-majority-of-systems-after-security-breach/
• Major outages/downs:
• Twitter experiences longest global outage in years https://www.theguardian.com/technology/2022/jul/14/twitter-experiences-longest-global-outage-in-years
• Major Optimum outage in New Jersey cuts off internet for many, but service is coming back https://www.theverge.com/2022/7/13/23207421/optimum-outage-new-jersey-parsippany-troy-hills-boonton
• This is where there's still Rogers outages in Ontario https://toronto.ctvnews.ca/this-is-where-there-s-still-rogers-outages-in-ontario-1.5983095
• Massive Rogers outage caused by a maintenance update https://www.bleepingcomputer.com/news/technology/massive-rogers-outage-caused-by-a-maintenance-update/
• The Rogers Outage Aftermath: What Else Should Be On Minister François-Philippe Champagne's Telecom To-Do List? https://www.michaelgeist.ca/2022/07/the-rogers-outage-aftermath/
• Statement by Ian Scott, Chairperson and CEO of the CRTC, regarding Rogers’ outage https://www.canada.ca/en/radio-television-telecommunications/news/2022/07/statement-by-ian-scott-chairperson-and-ceo-of-the-crtc-regarding-rogers-outage.html
• CRTC orders Rogers to give ‘comprehensive explanation' for outage by July 22 https://globalnews.ca/news/8984373/rogers-outage-crtc-response-order/
• Rogers outage: CRTC to investigate ‘root cause' of network failure, minister says https://globalnews.ca/news/8981259/rogers-outage-crtc-investigation/
• Rogers outage: House of Commons committee to discuss launching investigation https://globalnews.ca/news/8992261/rogers-outage-investigation-committee-meeting/
• Rogers outage: Millions to get credits over internet and mobile blackout https://www.bbc.co.uk/news/business-62145247
• Rogers to refund customers for 5 days of service in response to major outage https://globalnews.ca/news/8985039/rogers-outage-five-days-credit/
• Rogers to separate wireless, wireline traffic to prevent outages like July 8th https://mobilesyrup.com/2022/07/15/rogers-separate-wireless-wireline-traffic-prevent-outages/
• Follow-ups and fall-out:
• Chinese authorities summon Alibaba executives over data breach https://www.databreaches.net/chinese-authorities-summon-alibaba-executives-over-data-breach/
• Eskimi - 1,197,620 breached accounts https://haveibeenpwned.com/PwnedWebsites#Eskimi
• Famm - 535,240 breached accounts https://haveibeenpwned.com/PwnedWebsites#Famm
• La Poste Mobile - 533,886 breached accounts https://haveibeenpwned.com/PwnedWebsites#LaPosteMobile
• JukinMedia - 314,290 breached accounts https://haveibeenpwned.com/PwnedWebsites#JukinMedia
• Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack https://www.securityweek.com/associated-eye-care-discloses-impact-2020-netgain-ransomware-attack
• Robinhood settles data breach class action for $20M https://www.databreaches.net/robinhood-settles-data-breach-class-action-for-20m/
• Razer sues IT firm Capgemini for over US$7m, wants full compensation for data leak https://www.databreaches.net/razer-sues-it-firm-capgemini-for-over-us7m-wants-full-compensation-for-data-leak/
• Tenet Healthcare faces lawsuit after Baptist Health System data breach affects 1.2 million patients https://www.databreaches.net/tenet-healthcare-faces-lawsuit-after-baptist-health-system-data-breach-affects-1-2-million-patients/

Privacy

Articles about privacy related news, risks, and trends.

• UK Info Commissioner slams use of WhatsApp by health officials during pandemic https://www.theregister.com/2022/07/12/uk_department_of_health_and/
• Ring Reveals They Give Videos to Police Without User Consent or a Warrant https://www.eff.org/deeplinks/2022/07/ring-reveals-they-give-videos-police-without-user-consent-or-warrant
• Post-Roe Privacy https://www.schneier.com/blog/archives/2022/07/post-roe-privacy.html
• Tor Browser now bypasses internet censorship automatically https://www.bleepingcomputer.com/news/security/tor-browser-now-bypasses-internet-censorship-automatically/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Bill C-11 Now a Trade Issue: U.S. Warns Canada About Online Streaming Act Concerns https://www.michaelgeist.ca/2022/07/bill-c-11-now-a-trade-issue-u-s-warns-canada-about-online-streaming-act-concerns/
• US:
• U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens' Sensitive Data https://thehackernews.com/2022/07/us-ftc-vows-to-crack-down-on-illegal.html
• Federal Court Dismisses Colonial Pipeline Cybersecurity Litigation https://www.databreaches.net/federal-court-dismisses-colonial-pipeline-cybersecurity-litigation/
• California Privacy Protection Agency Sets Aug. 23 as Deadline on Data Rules https://www.pymnts.com/news/regulation/2022/california-privacy-protection-agency-sets-aug-23-as-deadline-on-data-rules/
• Balancing Act: Understanding the Legal Implications of Post-Data Breach Public Statements https://www.databreaches.net/balancing-act-understanding-the-legal-implications-of-post-data-breach-public-statements/
• What Is Delaware's Court of Chancery and Its Role in Elon Musk's Twitter Deal? https://www.nytimes.com/2022/07/11/technology/musk-twitter-delaware-court-chancery.html
• Should Banks Be Liable for Unauthorized Push Payments Fraud? https://www.pymnts.com/news/security-and-risk/2022/should-banks-be-liable-unauthorized-push-payments-fraud/
• World:
• Au: Infrastructure companies must report cyberattacks within 12 hours https://www.databreaches.net/au-infrastructure-companies-must-report-cyberattacks-within-12-hours/
• UK Online Safety Bill Put on Hold https://www.pymnts.com/news/international/2022/united-kingdom-online-safety-bill-put-on-hold/
• UK Warns Lawyers Not to Advise Ransomware Payments https://www.securityweek.com/uk-warns-lawyers-not-advise-ransomware-payments
• NFTs Are Now a Legal Way to Serve Documents in UK Courts https://www.pymnts.com/legal/2022/nfts-are-now-a-legal-way-to-serve-documents-in-uk-courts/
• Russian Ministry for Digital Development proposes turnover fines for data breaches https://www.databreaches.net/russian-ministry-for-digital-development-proposes-turnover-fines-for-data-breaches/
• Standards News:
• NIST Risk Management Framework - Public Comments on SP 800-53 Controls through August 12 https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/public-comments

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• Cybersecurity Career Awareness Week: October 17-22 https://content.govdelivery.com/accounts/USNIST/bulletins/32037f2
• General:
• CISSP Recognized as Top Cybersecurity Certification https://blog.isc2.org/isc2_blog/2022/07/cissp-recognized-as-top-cybersecurity-certification.html
• A who's who of CEOs is begging every school to teach computer science https://www.theverge.com/2022/7/12/23205907/tech-leaders-ceos-for-cs-apple-amazon-meta-microsoft
• Methods, Techniques, Tools, and Products:
• Can 'Lockdown Mode' Solve Apple's Mercenary Spyware Problem? https://www.securityweek.com/can-lockdown-mode-solve-apples-mercenary-spyware-problem
• Take the day off: Windows Autopatch is live and can even fix cloudy PCs https://www.theregister.com/2022/07/12/windows_auopatch_live/
• PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html
• Microsoft Releases Open Source Toolkit for Generating SBOMs https://www.securityweek.com/microsoft-releases-open-source-toolkit-generating-sboms
• How to auto block macros in Microsoft Office docs from the internet https://www.bleepingcomputer.com/news/microsoft/how-to-auto-block-macros-in-microsoft-office-docs-from-the-internet/
• Google Removes "App Permissions" List from Play Store for New "Data Safety" Section https://thehackernews.com/2022/07/google-removes-app-permissions-list.html
• Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies https://thehackernews.com/2022/07/avoiding-death-by-thousand-scripts.html
• Safer web surfing with a new method for detecting malicious modes https://scienmag.com/safer-web-surfing-with-a-new-method-for-detecting-malicious-modes/
• Achieving flexibility with no- and low-code applications https://www.technologyreview.com/2022/07/06/1055376/achieving-flexibility-with-no-and-low-code-applications/
• Introducing Nessus Expert, Now Built for the Modern Attack Surface https://www.tenable.com/blog/introducing-nessus-expert-now-built-for-the-modern-attack-surface

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA orders agencies to patch new Windows zero-day used in attacks https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-new-windows-zero-day-used-in-attacks/
• CISA pulls the fire alarm on Juniper Networks bugs https://www.theregister.com/2022/07/15/cisa_critical_juniper_bugs/
• Zero-day and other recent vulnerability news:
• Control Gap Vulnerability Roundup: July 1st to 8th https://www.controlgap.com/blog/vulnerability-roundup-july-1st-to-8th
• Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
• Windows Network File System flaw results in arbitrary code execution as SYSTEM https://www.theregister.com/2022/07/15/windows_nfs_patch/
• New UEFI firmware flaws impact over 70 Lenovo laptop models https://www.bleepingcomputer.com/news/security/new-uefi-firmware-flaws-impact-over-70-lenovo-laptop-models/
• New ‘Retbleed' Attack Can Swipe Key Data From Intel and AMD CPUs https://www.wired.com/story/retbleed-intel-amd-cpu-attack/
• Security Vulnerabilities in Honda's Keyless Entry System https://www.schneier.com/blog/archives/2022/07/security-vulnerabilities-in-hondas-keyless-entry-system.html
• Patching:
• Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html
• Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now https://www.darkreading.com/application-security/microsoft-issues-fixes-for-84-vulnerabilities-here-s-what-to-patch-now
• ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-59-vulnerabilities
• SAP Patches High-Severity Vulnerabilities in Business One Product https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-business-one-product
• Microsoft 365 patches for Windows 7 to end in 2023 https://www.theregister.com/2022/07/12/microsoft_365_windows_7_eol/
• Microsoft warns Windows Server 20H2 reaches EOS next month https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-windows-server-20h2-reaches-eos-next-month/
• Windows 8.1 now shows full-screen 'End of Support' warnings https://www.bleepingcomputer.com/news/microsoft/windows-81-now-shows-full-screen-end-of-support-warnings/
• DLL Hijacking Flaw Fixed in Microsoft Azure Site Recovery https://www.securityweek.com/dll-hijacking-flaw-fixed-microsoft-azure-site-recovery
• X.org servers update closes 2 security holes, adds neat component tweaks https://www.theregister.com/2022/07/13/xorg_servers_updated/
• Other Vulnerabilities:
• A Sage 300 Case Study https://www.controlgap.com/blog/sage-300-case-study
• Microsoft Confirms Temporary Rollback of Macro Blocking Feature https://www.securityweek.com/microsoft-confirms-temporary-rollback-macro-blocking-feature
• Attackers scan 1.6 million WordPress sites for vulnerable plugin https://www.bleepingcomputer.com/news/security/attackers-scan-16-million-wordpress-sites-for-vulnerable-plugin/
• IFSEC Global 2022 State of Physical Access Control Report https://www.hidglobal.com/sites/default/files/resource_files/hid-and-ifsec-physical-access-control-trend-report-2022.pdf
• Research on new vulnerabilities:
• New Browser De-anonymization Technique https://www.schneier.com/blog/archives/2022/07/new-browser-de-anonymization-technique.html
• Don't Have a COW: Containers on Windows and Other Container-Escape Research https://www.darkreading.com/application-security/dont-have-a-cow-containers-on-windows-and-other-container-escape-research
• Cryptography and Cryptographic Research:
• OpenFHE: Open-Source Fully Homomorphic Encryption Library https://eprint.iacr.org/2022/915
• Multi-Instance Secure Public-Key Encryption https://eprint.iacr.org/2022/909
• Patient Zero and Patient Six: Zero-Value and Correlation Attacks on CSIDH and SIKE https://eprint.iacr.org/2022/904
• Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks https://eprint.iacr.org/2022/916
• Cryptanalyzing MEGA in Six Queries https://eprint.iacr.org/2022/914

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• One-Third of Users Without Security Awareness Training Click on Phishing URLs https://www.darkreading.com/remote-workforce/one-third-of-users-click-on-phishing
• ‘Callback' Phishing Campaign Impersonates Security Firms https://www.databreaches.net/callback-phishing-campaign-impersonates-security-firms/
• How Hackers Create Fake Personas for Social Engineering https://www.darkreading.com/attacks-breaches/how-hackers-create-fake-personas-for-social-engineering
• Hackers pose as journalists to breach news media org's networks https://www.bleepingcomputer.com/news/security/hackers-pose-as-journalists-to-breach-news-media-org-s-networks/
• Journalists Emerge As Favored Attack Target For APTs https://packetstormsecurity.com/news/view/33635/Journalists-Emerge-As-Favored-Attack-Target-For-APTs.html
• Microsoft details phishing campaign that can hijack MFA-protected accounts https://arstechnica.com/information-technology/2022/07/microsoft-details-phishing-campaign-that-can-hijack-mfa-protected-accounts/
• Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations https://thehackernews.com/2022/07/microsoft-warns-of-large-scale-aitm.html
• New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials https://www.darkreading.com/remote-workforce/new-wave-phishing-attacks-shame-scare-victims-into-surrendering-twitter-discord-credentials
• Supply Chain Attack Technique Spoofs GitHub Commit Metadata https://www.securityweek.com/supply-chain-attack-technique-spoofs-github-commit-metadata
• Homeland Security warns: Expect Log4j risks for 'a decade or longer' https://www.theregister.com/2022/07/14/dhs_warns_expect_log4j_risks/
• Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs https://thehackernews.com/2022/07/cloud-based-cryptocurrency-miners.html
• Hackers Targeting VoIP Servers By Exploiting Digium Phone Software https://thehackernews.com/2022/07/hackers-targeting-voip-servers-by.html
• Malware circulating online wrangles industrial systems into a botnet https://arstechnica.com/information-technology/2022/07/malware-circulating-online-wrangles-industrial-systems-into-a-botnet/
• Massive campaign hits Elastix VoIP systems with 500,000 unique malware samples https://www.bleepingcomputer.com/news/security/massive-campaign-hits-elastix-voip-systems-with-500-000-unique-malware-samples/
• New Lilith ransomware emerges with extortion site, lists first victim https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
• Password recovery tool infects industrial systems with Sality malware https://www.bleepingcomputer.com/news/security/password-recovery-tool-infects-industrial-systems-with-sality-malware/
• Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware https://thehackernews.com/2022/07/researchers-uncover-new-variants-of.html
• Mantis - the most powerful botnet to date https://blog.cloudflare.com/mantis-botnet/
• Scammers are posting negative one-star reviews of restaurants on Google in extortion ploy for digital gift cards https://www.businessinsider.com/scammers-posting-negative-google-restaurant-reviews-gift-cards-2022-7
• Crime & Arrests, etc.:
• Online Payment Fraud Expected to Cost $343B Over Next 5 Years https://www.darkreading.com/application-security/online-payment-fraud-expected-to-cost-343b-over-5-years
• Usage of crypto mixers for stymying blockchain investigations hits all-time high https://arstechnica.com/information-technology/2022/07/usage-of-crypto-mixers-for-stymying-blockchain-investigations-hits-all-time-high/
• CEO Accused of Making Millions via Sale of Fake Cisco Devices https://www.securityweek.com/ceo-accused-making-millions-sale-fake-cisco-devices
• Hackers stole $620 million from Axie Infinity via fake job interviews https://www.bleepingcomputer.com/news/security/hackers-stole-620-million-from-axie-infinity-via-fake-job-interviews/
• Alberta MLA Thomas Dang charged with Health Information Act breach, could face $200K fine https://www.cbc.ca/news/canada/edmonton/alberta-mla-thomas-dang-charged-with-health-information-act-breach-could-face-200k-fine-1.6500955
• Ex-CIA engineer convicted for sending classified hacking tools and info to WikiLeaks https://www.theverge.com/2022/7/13/23208635/cia-wikileaks-vault-7-joshua-schulte-conviction
• Long Island Man Convicted of over $600 Million Health Care Fraud, Wire Fraud and Identity Theft Scheme https://www.databreaches.net/long-island-man-convicted-of-over-600-million-health-care-fraud-wire-fraud-and-identity-theft-scheme/
• Watch out for Kijiji rental scam in Toronto: police https://toronto.ctvnews.ca/watch-out-for-kijiji-rental-scam-in-toronto-police-1.5983223
• Nation State Actors:
• US military contractor moves to buy Israeli spy-tech company NSO Group https://www.theregister.com/2022/07/11/l3harris_nso_group/
• Journalists Emerge as Favored Attack Target for APTs https://threatpost.com/journalists-target-apts/180224/
• North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/
• Russian ‘Hacktivists' Are Causing Trouble Far Beyond Ukraine https://www.wired.com/story/russia-hacking-xaknet-killnet/

Other Security / Risk

Articles covering other types of risks.

• General:
• How Shady Code Commits Compromise the Security of the Open-Source Ecosystem https://www.trendmicro.com/en_us/research/22/g/how-shady-code-commits-compromise-the-security-of-the-open-sourc.html
• Two Big OT Security Concerns Related to People: Human Error and Staff Shortages https://www.securityweek.com/two-big-ot-security-concerns-related-people-human-error-and-staff-shortages
• What It Takes to Tackle Your SaaS Security https://thehackernews.com/2022/07/what-it-takes-to-tackle-your-saas.html
• Private 5G Network Security Expectations Part 3 https://www.trendmicro.com/en_us/research/22/g/private-5g-network-security-part-3.html
• Heathrow tells airlines to stop selling summer tickets https://www.bbc.co.uk/news/business-62136022
• Common Misconceptions About Forensic Science https://www.mentalfloss.com/posts/forensic-science-misconceptions
• These 4 Factors Can Explain Why So Many People Are Rejecting Science https://www.sciencealert.com/distrust-in-science-is-causing-harm-but-these-researchers-have-a-plan
• Increasing amounts of data require holistic governance https://www.technologyreview.com/2022/07/11/1055450/increasing-amounts-of-data-require-holistic-governance/
• Health:
• Microparticles could be used to deliver “self-boosting” vaccines https://scienmag.com/microparticles-could-be-used-to-deliver-self-boosting-vaccines/
• COVID Alert app prevented 74 virus-related deaths in Ontario: study https://toronto.ctvnews.ca/covid-alert-app-prevented-74-virus-related-deaths-in-ontario-study-1.5984732
• COVID reinfection has a silver lining—one that may help tame the pandemic – T-cells https://fortune.com/2022/07/16/covid-reinfection-silver-lining-t-cells-tcells-could-tame-pandemic-herd-immunity-protection/
• Ontario expands 4th COVID vaccine doses to those aged 18 to 59 amid 7th wave https://globalnews.ca/news/8986474/ontario-covid-4th-dose-booster-vaccine/
• New COVID Vaccines Will Be Ready This Fall. America Won't Be. https://www.theatlantic.com/health/archive/2022/07/covid-vaccines-fall-omicron-booster/670535/
• Canadian health care on ‘brink of disaster,' nurses say https://globalnews.ca/news/8981444/canadian-health-care-brink-disaster-nurses/
• Patient dies in waiting room of N.B. emergency room, eyewitness speaks out https://globalnews.ca/news/8986859/patient-dies-in-waiting-room-of-n-b-emergency-room-eyewitness-speaks-out/
• We're Living Through The Biggest Drop in Childhood Vaccination Rates in 30 Years https://www.sciencealert.com/we-re-living-through-the-biggest-drop-in-childhood-vaccination-rates-in-30-years
• WHO declares highly-infectious Marburg virus outbreak in Ghana https://globalnews.ca/news/8996712/marburg-outbreak-ghana-world-health-organization/
• Monkeypox cases in Canada rise by 59% in 9 days https://globalnews.ca/news/8987566/monkeypox-cases-canada-risen-59-percent-nine-days/
• US monkeypox outbreak: Demand for vaccines outstrips supply https://www.bbc.co.uk/news/world-us-canada-62188005
• Is BA.5 the ‘Reinfection Wave'? https://www.theatlantic.com/health/archive/2022/07/ba5-omicron-variant-covid-surge-immunity-reinfection/670485/
• SARS-Arena reveals hidden hooks in virus https://scienmag.com/sars-arena-reveals-hidden-hooks-in-virus/
• Abortion ban may mean denial of effective drugs for women with MS, migraine, epilepsy https://scienmag.com/abortion-ban-may-mean-denial-of-effective-drugs-for-women-with-ms-migraine-epilepsy/
• Safety:
• Assaults with paintball guns cause more serious eye injuries than previously known, new study reports https://scienmag.com/assaults-with-paintball-guns-cause-more-serious-eye-injuries-than-previously-known-new-study-reports/
• Lifesaving Society urges water safety practices during drowning prevention week https://globalnews.ca/news/8996746/lifesaving-society-urges-water-safety-practices-during-drowning-prevention-week/
• Our life-jacket laws are archaic and need to be overhauled https://www.cbc.ca/news/canada/newfoundland-labrador/life-jacket-laws-gord-follett-opinion-1.6521484
• Vancouver firefighters may stop responding to many medical calls https://globalnews.ca/news/8985684/vancouver-firefighters-medical-calls/
• U.S. tourist, 23, falls into Mount Vesuvius after taking selfie — and lives to tell the tale https://globalnews.ca/news/8983799/us-tourist-mount-vesuvius-selfie/
• How do the rich and famous protect their homes? https://www.bbc.co.uk/news/uk-61002030
• A Supervolcano in New Zealand Is Rumbling So Much It's Shifting The Ground Above It https://www.sciencealert.com/a-supervolcano-in-new-zealand-is-rumbling-so-much-it-s-shifting-the-ground-above-it
• Nigerian Prison Break https://www.schneier.com/blog/archives/2022/07/nigerian-prison-break.html
• Space rocket junk could have deadly consequences unless governments act https://scienmag.com/space-rocket-junk-could-have-deadly-consequences-unless-governments-act/
• The Most Threatening Asteroid Just got Downgraded to “Harmless”. No Impact in 2052 https://www.universetoday.com/156572/the-most-threatening-asteroid-just-got-downgraded-to-harmless-no-impact-in-2052/
• Environment:
• Great white shark sightings becoming more common in Atlantic Canada https://www.cbc.ca/news/canada/prince-edward-island/pei-great-white-shark-research-1.6519389
• Lake Mead drought reveals WWII-era landing craft as water levels decline https://globalnews.ca/news/8983573/lake-mead-drought-reveals-landing-craft-world-war-two/
• Texas heatwave and energy crunch curtails Bitcoin mining https://www.theverge.com/2022/7/12/23205066/texas-heat-curtails-bitcoin-mining-energy-demand-electricity-grid
• Ontario seeks new electricity generation as demand rises, nuclear plant to be retired https://globalnews.ca/news/8996358/ontario-seeks-new-electricity-generation-as-demand-rises-nuclear-plant-to-be-retired/
• Two-dimensional ionic liquids to effectively capture carbon dioxide https://scienmag.com/two-dimensional-ionic-liquids-to-effectively-capture-carbon-dioxide/
• Nearly 50 million litres of used oil recycled every year in B.C. https://globalnews.ca/news/8990692/used-oil-recycling-b-c/
• Irving Oil invests in hydrogen to lower emissions, offer clean energy to customers https://globalnews.ca/news/8983688/irving-oil-hydrogen-clean-energy/
• Economy:
• Majority of Canadians think country is in recession, new polls shows https://globalnews.ca/news/8983216/canada-recession-inflation-leger-poll/
• Bank of Canada expected to raise key interest rate to 2.25% as inflation soars https://globalnews.ca/news/8986132/bank-of-canada-interest-rate-july-2022/
• ‘A big shock': Canadians feeling squeezed by Bank of Canada's interest rate hikes https://globalnews.ca/news/8987895/bank-canada-interest-hikes-consumer/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine says it killed a Russian general with long-range rocket systems donated by the US https://www.businessinsider.com/ukraine-says-killed-russia-general-using-us-donated-rocket-systems-2022-7
• Ukraine claims arms depot attack in occupied Kherson with Himars rockets https://www.bbc.co.uk/news/world-europe-62132441
• Ukraine war: Iran plans to supply Russia with combat drones, US warns https://www.bbc.co.uk/news/world-us-canada-62130725
• Reaction and response:
• Ukraine war: Zelensky suspends security chief and top prosecutor https://www.bbc.co.uk/news/world-europe-62202078
• Ukraine war: Russian military equipment on show in Prague https://www.bbc.co.uk/news/world-europe-62130083

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• Physicists Find The 'Missing Link' That Could Provide Quantum Internet Technology https://www.sciencealert.com/physicists-find-the-missing-link-that-could-provide-quantum-internet-technology
• Zephyr breaks own record for longest unmanned flight https://www.bbc.co.uk/news/technology-62123819
• Other:
• Watch The Muppets Stay in Character Throughout This Hilarious Blooper Reel https://www.mentalfloss.com/posts/muppets-blooper-reel
• 11 Québec Slang Terms You Should Know https://www.mentalfloss.com/posts/quebecois-french-canadian-slang-words
• Asteroid Bennu Almost Swallowed Spacecraft Whole https://skyandtelescope.org/astronomy-news/asteroid-bennu-almost-swallowed-spacecraft-whole/
• China's Tianwen-1 has Imaged the Entire Surface of Mars, Completing its Primary Mission https://www.universetoday.com/156680/chinas-tianwen-1-has-imaged-the-entire-surface-of-mars-completing-its-primary-mission/
• To get Artificial Gravity on the Moon, you'd Need a Giant Rotating Lunar Base https://www.universetoday.com/156674/to-get-artificial-gravity-on-the-moon-youd-need-a-giant-rotating-lunar-base/
• Webb's First Deep Field https://apod.nasa.gov/apod/ap220713.html
• The first JWST images of the infrared sky are here and they do *not* disappoint https://www.syfy.com/syfy-wire/bad-astronomy-first-jwst-images