This Week's [in]Security - Issue 289

Welcome to This Week’s [in]Security. PCI FAQs, credit card surcharges. New breaches: Intel BIOS, Toyota, Woolworths, secret agents. New Ransomware: decryptors, Tata power. DDoS. Follow-ups. Privacy: Amazon's spy-house, deanonymization, Incognito Mode, Laws & Regs - Canada: workplace monitoring. US: Geofencing, Regulating DAO's. World: Data Sovereignty, Swiss AML, India. Defense - reports, tools & techniques. Vulnerabilities - Zerodays, Patching, Significant: Roundup, Fortinet, drivers. Research & cryptography: Office encryption, quantum tech & obstacles. Cybercrime - active campaigns, crimes & enforcement, nation states and mercenaries. Other Risks - Wi-Fi spy drones, digital license plates. AI: breakthroughs, bias, creativity, metaverses failing. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation, and more.

This week's Dali-esque image of a drone survielling an office building was generated by DALL-E 2.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates & News:
  • PCI Card Production physical reporting template update https://docs-prv.pcisecuritystandards.org/Card%20Production/Reporting%20Template%20or%20Form/PCI_CP_ROC_v3.0.1_Reporting_Template_SOC_Final.pdf
  • P2PE Technical FAQ update https://docs-prv.pcisecuritystandards.org/P2PE/Frequently%20Asked%20Questions%20(FAQ)/PCI-P2PE-v_3_x-Technical-FAQs-Oct2022.pdf
  • Our updated list of PCI FAQs https://www.controlgap.com/pci-frequently-asked-questions
• Payment Skimming & Fraud:
  • Store credit card numbers in a debug log, lose millions of accounts. Cost? $1.9m https://www.theregister.com/2022/10/14/zoetop_data_breach_fine/
  • Thieves targeting payment machine terminals in refund scam https://toronto.ctvnews.ca/thieves-targeting-payment-machine-terminals-in-refund-scam-1.6108239
• Other payment related:
  • Annoyed you have to pay to use your credit card? You should be https://www.cbc.ca/news/opinion/opinion-credit-card-transaction-fee-1.6615623
  • How will you know if you are being hit with a credit card surcharge? https://www.cbc.ca/news/ask-cbc/ask-credit-card-v2-1.6616908
  • LCBO not considering credit card surcharge ‘at the moment' https://globalnews.ca/news/9190330/lcbo-not-considering-credit-card-surcharge/
  • Mastercard OKs New Contactless Card Spec And Other Digital Transactions News briefs from 10/10/22 https://www.digitaltransactions.net/mastercard-oks-new-contactless-card-spec-and-other-digital-transactions-news-briefs-from-10-10-22/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Intel Alder Lake BIOS code leak may contain vital secrets https://www.theregister.com/2022/10/10/alder_lake_bios_code_leaked/
• Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns https://www.securityweek.com/intel-confirms-uefi-source-code-leak-security-experts-raise-concerns
• Toyota dev left key to customer info on public GitHub page for five years https://www.theregister.com/2022/10/11/toyota_source_code_email_leak/
• Woolworths says 2.2m MyDeal customers' data hacked https://www.databreaches.net/woolworths-says-2-2m-mydeal-customers-data-hacked/
• PG& E was publicly exposing partial SSN information of US consumers through its use of Experian Identity Verification questions. https://www.databreaches.net/pge-was-publicly-exposing-partial-ssn-information-of-us-consumers-through-its-use-of-experian-identity-verification-questions/
• Australian police secret agents exposed in Colombian data leak by Guacamaya https://www.databreaches.net/australian-police-secret-agents-exposed-in-colombian-data-leak-by-guacamaya/
• New Mexico's Cybersecurity Office Investigating Unauthorized Access To Information Systems At State Agency https://www.databreaches.net/new-mexicos-cybersecurity-office-investigating-unauthorized-access-to-information-systems-at-state-agency/
• Mormon Church IT ransacked, data stolen by 'state-sponsored' cyber-thieves https://www.theregister.com/2022/10/14/mormon_church_hacked/
• Ontario city 'regrets' exposing hundreds of voter identities in email privacy breach https://toronto.ctvnews.ca/ontario-city-regrets-exposing-hundreds-of-voter-identities-in-email-privacy-breach-1.6109136
• 64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan? https://thehackernews.com/2022/10/64000-additional-patients-impacted-by.html
• NHS vendor Advanced won't say if patient data was stolen during ransomware attack https://www.databreaches.net/nhs-vendor-advanced-wont-say-if-patient-data-was-stolen-during-ransomware-attack/
• Thumb drive with confidential Yukon gov't case files found in Whitehorse pawn shop https://www.databreaches.net/thumb-drive-with-confidential-yukon-govt-case-files-found-in-whitehorse-pawn-shop/
• New Ransomware and "Incidents":
• Police tricks DeadBolt ransomware out of 155 decryption keys https://www.bleepingcomputer.com/news/security/police-tricks-deadbolt-ransomware-out-of-155-decryption-keys/
• Tata Power, a top power producer in India, confirms cyberattack https://www.databreaches.net/tata-power-a-top-power-producer-in-india-confirms-cyberattack/
• Insurer Medibank hit by targeted cyberattack https://www.theregister.com/2022/10/13/mediabank_private_latest_aussie_business/
• Johnson Fitness and Wellness hit by DESORDEN Group https://www.databreaches.net/johnson-fitness-and-wellness-hit-by-desorden-group/
• Mars k-12 district in Pennsylvania victim of ransomware attack; data leaked https://www.databreaches.net/mars-k-12-district-in-pennsylvania-victim-of-ransomware-attack-data-leaked/
• State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident https://www.databreaches.net/state-bar-of-georgia-notifies-members-and-employees-of-cybersecurity-incident/
• Major outages/downs:
• Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server https://www.securityweek.com/mirai-botnet-launched-25-tbps-ddos-attack-against-minecraft-server
• US airports' sites taken down in DDoS attacks by pro-Russian hackers https://www.bleepingcomputer.com/news/security/us-airports-sites-taken-down-in-ddos-attacks-by-pro-russian-hackers/
• Follow-ups and fall-out:
• United Health Centers of the San Joaquin Valley reaches agreement to settle data breach litigation https://www.databreaches.net/united-health-centers-of-the-san-joaquin-valley-reaches-agreement-to-settle-data-breach-litigation/

Privacy

Articles about privacy related news, risks, and trends.

• Amazon’s Dream Home where every appliance is a spy https://www.washingtonpost.com/technology/interactive/2022/amazon-smart-home/
• Illinois Tech researchers extract personal information from anonymous cell phone data using machine learning, raising data security and privacy concerns https://scienmag.com/illinois-tech-researchers-extract-personal-information-from-anonymous-cell-phone-data-using-machine-learning-raising-data-security-and-privacy-concerns/
• Chrome's Incognito Mode Is The Butt Of Jokes Among Google Employees https://www.slashgear.com/1049300/chromes-incognito-mode-is-the-butt-of-jokes-among-google-employees-it-seems/
• School custodian refuses to download phone app that monitors location, says it got her fired https://www.cbc.ca/news/gopublic/tattleware-privacy-employment-1.5978337

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Many Ontario employers now need 'electronic monitoring' policies. Here's what that means for workers https://toronto.ctvnews.ca/many-ontario-employers-now-need-electronic-monitoring-policies-here-s-what-that-means-for-workers-1.6103760
• Why the Canadian Film and TV Production Sector's Bill C-11 Expectations Are Wildly Out of Touch With Global Standards https://www.michaelgeist.ca/2022/10/why-the-canadian-film-and-tv-production-sectors-bill-c-11-expectations-are-wildly-out-of-touch-with-global-standards/
• Canada announces plans to ease regulations bogging down supply chains https://globalnews.ca/news/9196832/canada-plans-ease-regulations-supply-chain/
• US:
• First Court in California Suppresses Evidence from Overbroad Geofence Warrant https://www.eff.org/deeplinks/2022/10/california-court-suppresses-evidence-overbroad-geofence-warrant
• Regulating DAOs https://www.schneier.com/blog/archives/2022/10/regulating-daos.html
• Biden Administration Clamps Down on China's Access to Chip Technology https://www.nytimes.com/2022/10/07/business/economy/biden-chip-technology.html
• SEC Targets Bored Ape NFTs as Possible Securities https://www.pymnts.com/nfts/2022/sec-targets-bored-ape-nfts-as-possible-securities/
• The Internet Is Not Facebook: Why Infrastructure Providers Should Stay Out of Content Policing https://www.eff.org/deeplinks/2022/10/internet-not-facebook-why-infrastructure-providers-should-stay-out-content
• A Data Breach Is Bad, But Disclosing Too Much Could be Worse https://www.databreaches.net/a-data-breach-is-bad-but-disclosing-too-much-could-be-worse/
• What the Uber Hack can teach us about navigating IT Security https://www.bleepingcomputer.com/news/security/what-the-uber-hack-can-teach-us-about-navigating-it-security/
• World:
• Just how critical is data sovereignty? https://www.theregister.com/2022/10/14/just_how_critical_is_data/
• Swiss Government Proposes Registry of Company Ownership https://www.pymnts.com/aml/2022/swiss-government-proposes-registry-of-company-ownership/
• India set to extend deadline for absurd infosec reporting requirements https://www.theregister.com/2022/10/14/india_cert_in_reporting_deadline_extension/
• U.S. holding Nexus trusted-traveler program ‘hostage,' Canada's ambassador says https://globalnews.ca/news/9196431/us-canada-nexus-negotiations/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:
• NIST Releases 2021 Cybersecurity and Privacy Program Annual Report https://content.govdelivery.com/accounts/USNIST/bulletins/33212c4
• Can IAM help save on cyber insurance? https://www.theregister.com/2022/10/11/can_iam_help_save_on/
• No work experience? Don't let that stop you from pursuing a career in cybersecurity https://blog.isc2.org/isc2_blog/2022/10/no-work-experience-dont-let-that-stop-you-from-pursuing-a-career-in-cybersecurity.html
• Methods, Techniques, Tools, and Products:
• CISA releases open-source 'RedEye' C2 log visualization tool https://www.bleepingcomputer.com/news/security/cisa-releases-open-source-redeye-c2-log-visualization-tool/
• Anti-Money Laundering Service AMLBot Cleans House https://krebsonsecurity.com/2022/10/anti-money-laundering-service-amlbot-cleans-house/
• Security of Passkeys in the Google Password Manager https://security.googleblog.com/2022/10/SecurityofPasskeysintheGooglePasswordManager.html
• Microsoft adds new RSS feed for security update notifications https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-new-rss-feed-for-security-update-notifications/
• 5 cybersecurity capabilities announced at Microsoft Ignite 2022 to help you secure more with less https://www.microsoft.com/security/blog/2022/10/12/5-cybersecurity-capabilities-announced-at-microsoft-ignite-2022-to-help-you-secure-more-with-less/
• Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections https://www.microsoft.com/security/blog/2022/10/12/introducing-new-microsoft-defender-for-cloud-innovations-to-strengthen-cloud-native-protections/
• Microsoft Defender adds command and control traffic detection https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-adds-command-and-control-traffic-detection/
• Microsoft Secures Azure Enclaves With Hardware Guards https://www.darkreading.com/dr-tech/microsoft-secures-azure-enclaves-with-hardware-guards
• DtSR Episode 521 - The Peanut Gallery Takes on XDR http://podcast.wh1t3rabbit.net/dtsr-episode-521-the-peanut-gallery-takes-on-xdr

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day and other recent vulnerability news:
• Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack https://www.securityweek.com/fortinet-confirms-zero-day-vulnerability-exploited-one-attack
• Researchers Detail Windows Zero-Day Vulnerability Patched Last Month https://thehackernews.com/2022/10/researchers-reveal-detail-for-windows.html
• Patching:
• Microsoft Patch Tuesday, October 2022 Edition https://krebsonsecurity.com/2022/10/microsoft-patch-tuesday-october-2022-edition/
• Android Security Updates Patch Critical Vulnerabilities https://www.securityweek.com/android-security-updates-patch-critical-vulnerabilities
• OtheSignificant:
• Control Gap Vulnerability Roundup: October 1st to October 7th https://www.controlgap.com/blog/vulnerability-roundup-october-1st-october-7th
• Exploit available for critical Fortinet auth bypass bug, patch now https://www.bleepingcomputer.com/news/security/exploit-available-for-critical-fortinet-auth-bypass-bug-patch-now/
• How a Microsoft blunder opened millions of PCs to potent malware attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
• Other Vulnerabilities:
• Aruba fixes critical RCE and auth bypass flaws in EdgeConnect https://www.bleepingcomputer.com/news/security/aruba-fixes-critical-rce-and-auth-bypass-flaws-in-edgeconnect/
• Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys https://thehackernews.com/2022/10/critical-bug-in-siemens-simatic-plcs.html
• Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox https://thehackernews.com/2022/10/researchers-detail-critical-rce-flaw.html
• New Timing Attack Against NPM Registry API Could Expose Private Packages https://thehackernews.com/2022/10/new-timing-attack-against-npm-registry.html
• JSON Web Token (JWT) Weaknesses https://blog.qualys.com/vulnerabilities-threat-research/2022/10/11/json-web-token-jwt-weaknesses
• Does the OWASP Top 10 Still Matter? https://thehackernews.com/2022/10/does-owasp-top-10-still-matter.html
• Research on new vulnerabilities:
• Recovering Passwords by Measuring Residual Heat https://www.schneier.com/blog/archives/2022/10/recovering-passwords-by-measuring-residual-heat.html
• Cryptography and Cryptographic Research:
• Microsoft Office 365 email encryption could expose message content https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/
• Safely Doubling your Block Ciphers for a Post-Quantum World https://eprint.iacr.org/2022/1342
• One-Wayness in Quantum Cryptography https://eprint.iacr.org/2022/1336
• Quantum computers may change the world but they have a few obstacles to overcome https://www.vox.com/23132776/quantum-computers-ibm-google-cybersecurity-artificial-intelligence-white-house

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks https://www.securityweek.com/lofygang-cybercrime-group-used-200-malicious-npm-packages-supply-chain-attacks
• Almost 900 servers hacked using Zimbra zero-day flaw https://www.bleepingcomputer.com/news/security/almost-900-servers-hacked-using-zimbra-zero-day-flaw/
• Cyberattackers Spoof Google Translate in Unique Phishing Tactic https://www.darkreading.com/threat-intelligence/cyberattackers-spoof-google-translate-unique-phishing-tactic
• Google Forms abused in new COVID-19 phishing wave in the U.S. https://www.bleepingcomputer.com/news/security/google-forms-abused-in-new-covid-19-phishing-wave-in-the-us/
• Hackers target SingTel's Dialog after huge Optus data breach https://www.databreaches.net/hackers-target-singtels-dialog-after-huge-optus-data-breach/
• Phishing works so well crims won't bother with deepfakes, says Sophos chap https://www.theregister.com/2022/10/17/phishing_beats_deepfakes/
• Microsoft Exchange servers hacked to deploy LockBit ransomware https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-lockbit-ransomware/
• Meta Uncovers 400 Malicious Apps On Android And iOS https://packetstormsecurity.com/news/view/33928/Meta-Uncovers-400-Malicious-Apps-On-Android-And-iOS.html
• New PHP information-stealing malware targets Facebook accounts https://www.bleepingcomputer.com/news/security/new-php-information-stealing-malware-targets-facebook-accounts/
• Unofficial WhatsApp Android app caught stealing users' accounts https://www.bleepingcomputer.com/news/security/unofficial-whatsapp-android-app-caught-stealing-users-accounts/
• Hackers Using Vishing to Trick Victims into Installing Android Banking Malware https://thehackernews.com/2022/10/hackers-using-vishing-tactics-to-trick.html
• Magniber ransomware now infects Windows users via JavaScript files https://www.bleepingcomputer.com/news/security/magniber-ransomware-now-infects-windows-users-via-javascript-files/
• New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems https://thehackernews.com/2022/10/new-chinese-malware-attack-framework.html
• Tis the season (SMeaSon?) for Smishing https://www.sans.org/blog/tis-the-season-smeason-for-smishing
• Researchers Detail Malicious Tools Used by Cyber Espionage Group Earth Aughisky https://thehackernews.com/2022/10/researchers-detail-malicious-tools-used.html
• Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html
• Siemens Not Ruling Out Future Attacks Exploiting Global Private Keys for PLC Hacking https://www.securityweek.com/siemens-not-ruling-out-future-attacks-exploiting-global-private-keys-plc-hacking
• Crime & Arrests, etc.:
• Crypto Whale Pilfers $100M From Solana DeFi Platform Mango https://www.pymnts.com/cryptocurrency/2022/crypto-whale-pilfers-100m-from-solana-defi-platform-mango/
• INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organization https://thehackernews.com/2022/10/interpol-led-operation-takes-down-black.html
• Complex Impersonation Story https://www.schneier.com/blog/archives/2022/10/complex-impersonation-story.html
• Prison Inmate Accused Of Orchestrating $11M Fraud Using Cellphone https://packetstormsecurity.com/news/view/33936/Prison-Inmate-Accused-Of-Orchestrating-11M-Fraud-Using-Cellphone.html
• 'Baby Al Capone' to pay $22m to SIM-swap crypto-heist victim https://www.theregister.com/2022/10/15/pinsky_terpin_sim_swap/
• Doctor Admits Criminal HIPAA Scheme for Wrongful Disclosure of Protected Patient Health Information to Pharmaceutical Sales Representative https://www.databreaches.net/doctor-admits-criminal-hipaa-scheme-for-wrongful-disclosure-of-protected-patient-health-information-to-pharmaceutical-sales-representative/
• Multiple arrests, hundreds of charges laid in moving company scam https://www.cbc.ca/news/canada/toronto/moving-scam-charges-toronto-1.6618362
• Fake ‘Russian astronaut' scammed woman out of over $41K to ‘return to Earth' https://globalnews.ca/news/9193160/fake-russian-astronaut-romance-scam-japan/
• Nation State Actors:
• Chinese technology poses major risk - GCHQ Chief https://www.bbc.co.uk/news/uk-63207771
• Chinese Cyberspies Targeting US State Legislature https://www.securityweek.com/chinese-cyberspies-targeting-us-state-legislature
• Bulgarian Government Hit By Cyberattack Blamed On Russian Hacking Group https://www.databreaches.net/bulgarian-government-hit-by-cyberattack-blamed-on-russian-hacking-group/

Other Security / Risk

Articles covering other types of risks.

• General:
  • How Wi-Fi spy drones snooped on financial firm https://www.theregister.com/2022/10/12/drone-roof-attack/
  • Does your risk assessment include drone-delivered exploits? https://www.databreaches.net/does-your-risk-assessment-include-drone-delivered-exploits/
  • Digital License Plates https://www.schneier.com/blog/archives/2022/10/digital-license-plates.html
  • Fake Amazon reviews more prevalent than you think https://toronto.ctvnews.ca/fake-amazon-reviews-more-prevalent-than-you-think-1.6104891
  • Toronto tech company cloned ArriveCan in under 48 hours to show the government overpaid millions (Possibly misleading as cloning a mobile App is far easier than building one and setting up supporting infrastructure/services) https://toronto.ctvnews.ca/toronto-tech-companies-cloned-arrivecan-in-under-48-hours-to-show-the-government-overpaid-millions-1.6104652
  • Manitoba not doing enough to protect information systems: auditor general https://globalnews.ca/news/9198273/manitoba-not-doing-enough-to-protect-information-systems-auditor-general/
• Emerging technology, Artificial Intelligence and Machine Learning:
  • DeepMind breaks 50-year math record using AI; new record falls a week later https://arstechnica.com/information-technology/2022/10/deepmind-breaks-50-year-math-record-using-ai-new-record-falls-a-week-later/
  • AI language models show bias against people with disabilities, study finds https://scienmag.com/ai-language-models-show-bias-against-people-with-disabilities-study-finds/
  • Claims AI can boost workplace diversity are ‘spurious and dangerous' https://scienmag.com/claims-ai-can-boost-workplace-diversity-are-spurious-and-dangerous/
  • Common approach to demystify black box AI not ready for prime time https://scienmag.com/common-approach-to-demystify-black-box-ai-not-ready-for-prime-time/
  • Inserting a Backdoor into a Machine-Learning System https://www.schneier.com/blog/archives/2022/10/inserting-a-backdoor-into-a-machine-learning-system.html
  • ML models must also think about trusting trust https://www.lightbluetouchpaper.org/2022/10/10/ml-models-must-also-think-about-trusting-trust/
  • AI-generated imagery is the new clip art as Microsoft adds DALL-E to its Office suite https://www.theverge.com/2022/10/12/23400270/ai-generated-art-dall-e-microsoft-designer-app-office-365-suite
  • Artists say AI image generators are copying their style to make thousands of new images — and it's completely out of their control https://www.businessinsider.com/ai-image-generators-artists-copying-style-thousands-images-2022-10
  • Music generated by artificial intelligence is coming to the radio sooner than you think https://globalnews.ca/news/9193451/ai-generated-music/
  • Fake Joe Rogan interviews fake Steve Jobs in an AI-powered podcast https://arstechnica.com/information-technology/2022/10/fake-joe-rogan-interviews-fake-steve-jobs-in-an-ai-powered-podcast/
  • Decentraland's billion-dollar ‘metaverse' reportedly had 38 active users in one day https://www.theverge.com/2022/10/13/23402418/decentraland-metaverse-empty-38-users-dappradar-wallet-data
  • Meta's VR Horizon Worlds Not Gaining Users, Documents Show https://www.pymnts.com/meta/2022/metas-vr-horizon-worlds-not-gaining-users-documents-show/
  • Most Metaverse users don't even make it a month, WSJ reports https://www.businessinsider.com/most-metaverse-users-dont-even-make-it-a-month-wsj-2022-10
  • AI generated Halloween candy https://www.aiweirdness.com/halloween-candy/
  • More AI weirdness: images of Halloween candy (yes it seems DALL E-2 can’t get signs and labels right) https://www.aiweirdness.com/halloween-candy/
• Disinformation and misinformation
  • The $1 Billion Alex Jones Effect https://www.wired.com/story/alex-jones-1-billion-damages-free-speech-moderation/
  • Whistleblower Frances Haugen on the alliance to hold social media accountable: ‘We need to act now' https://www.theguardian.com/technology/2022/oct/12/frances-haugen-council-for-responsible-media
• Health:
  • Doctors Still Struggle to Diagnose a Condition That Kills More Americans Than Stroke https://www.theatlantic.com/health/archive/2022/10/sepsis-artificial-intelligence-diagnosing-early-detection/671755/
  • Scientists detect dementia signs as early as nine years ahead of diagnosis https://scienmag.com/scientists-detect-dementia-signs-as-early-as-nine-years-ahead-of-diagnosis/
  • Bionic pancreas improves type 1 diabetes management in kids and adults https://scienmag.com/bionic-pancreas-improves-type-1-diabetes-management-in-kids-and-adults/
  • Chinese scientists reveal protein mechanism behind TB pathogen success https://scienmag.com/chinese-scientists-reveal-protein-mechanism-behind-tb-pathogen-success/
  • Ontario weighs declaring monkeypox outbreak over, Moore says https://globalnews.ca/news/9198489/ontario-weighs-declaring-monkeypox-outbreak-over/
  • Ontario's top doctor warns of more recommendations to public on masking ahead of 'difficult' winter https://toronto.ctvnews.ca/ontario-s-top-doctor-warns-of-more-recommendations-to-public-on-masking-ahead-of-difficult-winter-1.6107774
  • Updated Pfizer Omicron booster protects against sub-variants, company says https://globalnews.ca/news/9195347/pfizer-omicron-booster-subvariant-protection/
  • Will bivalent boosters work against future COVID variants? Here's what experts say https://globalnews.ca/news/9201576/bivalent-boosters-covid-variants/
  • Almost 1 in 2 Americans Didn't Tell The Truth About COVID, Study Finds https://www.sciencealert.com/almost-1-in-2-americans-didnt-tell-the-truth-about-covid-study-finds
  • Occupational hazard: COVID-19 false positives found in lab workers https://scienmag.com/occupational-hazard-covid-19-false-positives-found-in-lab-workers/
  • Parents group looks to take Ford government to court over classroom COVID measures https://globalnews.ca/news/9189860/parents-group-looks-to-take-ford-government-to-court-over-classroom-covid-measures/
  • The Masks We'll Wear in the Next Pandemic https://www.theatlantic.com/science/archive/2022/10/pandemic-n95-mask-protection-shortcomings-indoor-air-quality/671723/
• Safety:
  • P.E.I. official warns of carbon monoxide danger in using generators to stay warm https://globalnews.ca/news/9188991/pei-improper-generator-use-carbon-monoxide-fiona/
  • FireSmart Canada retires Smokey Bear in favour of Canadian-made fox mascot https://globalnews.ca/news/9196915/firesmart-canada-new-mascot/
  • Hockey Canada's board resignations came after ex-Supreme Court jurist's recommendation https://globalnews.ca/news/9196078/hockey-canada-board-resignations-justice-cromwell/
  • Air France Crash: Aviation bosses heckled as trial begins https://www.bbc.co.uk/news/world-europe-63209880
  • Astronomers Have Found More Than 30,000 Near-Earth Asteroids… so far https://www.universetoday.com/158121/astronomers-have-found-more-than-30000-near-earth-asteroids-so-far/
  • 4 Ontario police officers have been killed within 1 month https://globalnews.ca/news/9192776/4-ontario-police-officers-killed-within-1-month/
  • California Quakes Mysteriously Preceded by Shifts in Earth's Magnetic Field https://www.sciencealert.com/california-quakes-mysteriously-preceded-by-shifts-in-earths-magnetic-field
  • Radioactive waste from WWII era found in U.S. elementary school, new report shows https://globalnews.ca/news/9203115/radioactive-waste-wwii-era-u-s-elementary-school-report/
• Environment:
  • Major European airlines mislead customers with carbon offset credits, report says https://www.theverge.com/2022/10/11/23398780/european-airlines-mislead-customers-carbon-offset-credits-climate-change
  • New Zealand proposes taxing cow burps to reduce emissions https://www.bbc.co.uk/news/world-asia-63211506
  • Illinois Tech sustainable building design programs awarded DOE's first-ever Zero Energy Design Designation https://scienmag.com/illinois-tech-sustainable-building-design-programs-awarded-does-first-ever-zero-energy-design-designation/
  • Metro Vancouverites urged to conserve water as reservoir levels drop https://globalnews.ca/news/9197177/metro-vancouver-drought-water-conservation/
  • There Are Too Many Jellyfish in the Mediterranean. Why Not Eat Them? https://www.theatlantic.com/science/archive/2022/10/eating-jellyfish-mediterranean-italy-sustainability-benefits/671748/
• Economy:
  • Core Inflation Hits 40-Year High as Consumers Weigh Spending Priorities https://www.pymnts.com/economy/2022/core-inflation-hits-40-year-high-as-consumers-weigh-spending-priorities/
  • Inflation will stay elevated for the next decade after years of underinvestment in energy, sticky wage inflation, and aging demographics, BofA says https://markets.businessinsider.com/news/commodities/inflation-stay-higher-longer-energy-underinvestment-sticky-wages-aging-demographics-2022-10
  • Biden re-thinking U.S.-Saudi relationship after OPEC+ cuts oil production: White House https://globalnews.ca/news/9189887/biden-saudi-arabia-opec-oil-production/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• War in Ukraine: Is Russia's stock of weapons running low? https://www.bbc.co.uk/news/world-63247287
• Russian security forces say a key bridge to Crimea was sabotaged by a truck bomb hidden inside rolls of plastic wrap that repeatedly went unnoticed https://www.businessinsider.com/truck-bomb-hidden-plastic-wrap-crimea-bridge-blast-russia-says-2022-10
• Ukraine's day of missile strikes in a minute https://www.bbc.co.uk/news/world-europe-63208576
• Belgorod shooting: Gunmen kill 11 in attack on Russian trainee soldiers https://www.bbc.co.uk/news/world-europe-63273599
• Russian nuclear attack in Ukraine would cross ‘very important line,' NATO chief warns https://globalnews.ca/news/9195648/russia-ukraine-nuclear-warning-nato-stoltenberg/
• Would Russian military follow order to use nukes? ‘Questionable,' says ex-U.S. NATO envoy https://globalnews.ca/news/9200031/russia-ukraine-nuclear-weapons-putin-war-military/
• Reaction and response:
• UN General Assembly condemns Russia's ‘illegal' annexations in Ukraine in resolution https://globalnews.ca/news/9194155/un-condemns-russia-illegal-annexations-ukraine-resolution/
• Ukraine-Russia war: G7 countries will back Kyiv 'for as long as it takes' https://www.bbc.co.uk/news/world-europe-63217558
• Elon Musk says Starlink will keep funding Ukraine's government ‘for free' despite losing money https://www.theverge.com/2022/10/15/23406268/elon-musk-starlink-keep-funding-ukraine-government-free-losing-money
• German Cybersecurity Chief to be Sacked Over Alleged Russia Ties: Sources https://www.securityweek.com/german-cybersecurity-chief-be-sacked-over-alleged-russia-ties-sources
• Putin will be replaced – but by someone even more extreme, warns former UK spy chief https://www.businessinsider.com/putins-replacement-even-more-extreme-warns-ex-uk-spy-chief-2022-10
• A wrecked Russian tank can be put in front of Moscow's embassy in Germany, court rules https://www.businessinsider.com/tank-wreck-allowed-outside-russia-germany-embassy-court-rules-2022-10
• Cyber-attacks and the potential for cyber-war:
• Risky Business #682 -- Starlink goes dark on Ukraine's front line https://risky.biz/RB682
• New “Prestige” ransomware impacts organizations in Ukraine and Poland https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• Toward a fully edible sensor showing if frozen food has previously thawed https://scienmag.com/toward-a-fully-edible-sensor-showing-if-frozen-food-has-previously-thawed/
• Electric vehicles could be charged within 5 minutes thanks to tech developed by NASA for use in space https://www.businessinsider.com/evs-nasa-charged-electric-car-5-minutes-tech-2022-10
• Watch a tiny electric race car smash the world acceleration record with a 1.46-second run to 62 mph https://www.businessinsider.com/fastest-electric-car-acceleration-time-world-record-60-mph-2022-10
• Other:
• 7 Public Domain Horror Movies That Are Streaming Free on YouTube https://www.mentalfloss.com/posts/free-horror-movies-youtube
• Fat Bear Week winner crowned after cheating scandal https://www.bbc.co.uk/news/world-us-canada-63218790
• Watch 1 Billion Years of Shifting Tectonic Plates in 40 Mesmerizing Seconds https://www.sciencealert.com/watch-1-billion-years-of-shifting-tectonic-plates-in-40-mesmerizing-seconds
• A Reboot of the Maxwell’s Demon Thought Experiment—in Real Life https://www.wired.com/story/maxwells-demon-thought-experiment-reboot/
• SpinLaunch Completes its 10th Test, Hurling Payloads for NASA and Other Companies Into the air https://www.universetoday.com/158014/spinlaunch-completes-its-10th-test-hurling-payloads-for-nasa-and-other-companies-into-the-air/
• Success! DART Impact Shortened Asteroid's Orbit Time by 32 Minutes https://www.universetoday.com/158049/success-dart-impact-shortened-asteroids-orbit-time-by-32-minutes/
• China Launches First Solar Observatory ASO-S https://www.universetoday.com/158022/china-launches-first-solar-observatory-aso-s/
• Red Alert: massive stars sound warning they are about to go supernova https://scienmag.com/red-alert-massive-stars-sound-warning-they-are-about-to-go-supernova/
• This Black Hole Devoured a Star Years Ago. Now It's 'Burped' Something Out https://www.sciencealert.com/this-black-hole-devoured-a-star-years-ago-now-its-burped-something-out