This Week's [in]Security - Issue 293

Welcome to This Week’s [in]Security. So long PCI PA-DSS. Twitter turmoil. New breaches: TransUnion, Deutsche Bank, Thales, Medibank, Continental. New Ransomware: Sobeys, Mexico Transportation. Outages: Telus. Privacy: World Cup, COVID tracing, NSA. Laws & Regs - Canada: Online News. US: Privacy lacking, Filters, Scraping, Copyright. Standards: FIPS&NIST. Defense - Tools & Techniques: Sigstor, CIS, Passwordless. Vulnerabilities - Patching: strategy, SSVC tool, MS, Citrix, Android. Significant: Roundup, Citrix, Petro-ICS. Also: Memory-safe programming, Clear Wi-Fi, Lenovo. Research: MFA-bypass. Cryptography. Cybercrime - active campaigns, crimes & enforcement, FTX/Crypto melt-down, nation states and mercenaries. Other Risks - Elections, Root Certs, Cyber-insurance, Wi-Fi imaging, Paper, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation, and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates & News:
• Farewell to PA-DSS: A Tribute to a Foundational Standard https://blog.pcisecuritystandards.org/farewell-to-pa-dss-a-tribute-to-a-foundational-standard

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• TransUnion breached, consumers' financial information exposed https://appleinsider.com/articles/22/11/10/transunion-data-breach-exposes-consumers-financial-information
• An initial access broker claims to have hacked Deutsche Bank https://securityaffairs.co/wordpress/138416/data-breach/deutsche-bank-alleged-data-breach.html
• Thales confirms hackers have released its data on the dark web https://www.reuters.com/technology/hackers-release-thales-data-dark-web-franceinfo-says-2022-11-11/
• Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack https://thehackernews.com/2022/11/medibank-refuses-to-pay-ransom-after-97.html
• Ransomware Gang Threatens to Publish Medibank Customer Information https://www.securityweek.com/ransomware-gang-threatens-publish-medibank-customer-information
• Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million https://www.databreaches.net/ransomware-gang-offers-to-sell-files-stolen-from-continental-for-50-million/
• New Research Says a Third of Australians Victims of Data Breaches https://www.databreaches.net/new-research-says-a-third-of-australians-victims-of-data-breaches/
• Hackers Leak Australian Health Records on Dark Web https://www.securityweek.com/hackers-leak-australian-health-records-dark-web
• Booz Allen Hamilton Holding Corporation notifies employees of insider breach https://www.databreaches.net/booz-allen-hamilton-holding-corporation-notifies-employees-of-insider-breach/
• Lodi Unified School District reports breach involving its Aeries application https://www.databreaches.net/lodi-unified-school-district-reports-breach-involving-its-aeries-application/
• New Ransomware and "Incidents":
• 2 provincial privacy watchdogs confirm Sobeys experiencing data breach https://globalnews.ca/news/9271365/privacy-sobeys-data-breach-perscriptions/
• CTV News: Empire Co. tight-lipped as IT problems affect pharmacies at Sobeys and other stores. https://www.ctvnews.ca/business/empire-co-tight-lipped-as-it-problems-affect-pharmacies-at-sobeys-and-other-stores-1.6144415
• Canadian food retail giant Sobeys hit by Black Basta ransomware https://www.bleepingcomputer.com/news/security/canadian-food-retail-giant-sobeys-hit-by-black-basta-ransomware/
• Sobeys data breach serves as wake up call for industry https://globalnews.ca/news/9271365/privacy-sobeys-data-breach-perscriptions/
• Maple Leaf Foods suffers outage following weekend cyberattack https://www.databreaches.net/maple-leaf-foods-suffers-outage-following-weekend-cyberattack/
• Cyberattack disrupts Mexico's transportation system https://www.databreaches.net/cyberattack-disrupts-mexicos-transportation-system/
• Ransomware gangs shift tactics, making crimes harder to track https://www.databreaches.net/ransomware-gangs-shift-tactics-making-crimes-harder-to-track/
• New extortion scam threatens to damage sites' reputation, leak data https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
• Major outages/downs:
• 911 calling restored after outage for Telus landlines in parts of GTA and Hamilton https://toronto.ctvnews.ca/911-calling-restored-after-outage-for-telus-landlines-in-parts-of-gta-and-hamilton-1.6147153
• Follow-ups and fall-out:
• GGCorp - 2,376,330 breached accounts http://haveibeenpwned.com/PwnedWebsites#GGCorp
• Los Angeles prosecutors drop charges against Konnech CEO Eugene Yu, accused of overseeing ‘largest data breach in United States history' https://www.databreaches.net/los-angeles-prosecutors-drop-charges-against-konnech-ceo-eugene-yu-accused-of-overseeing-largest-data-breach-in-united-states-history/

Privacy

Articles about privacy related news, risks, and trends.

• World Cup apps pose a data security and privacy nightmare https://www.databreaches.net/world-cup-apps-pose-a-data-security-and-privacy-nightmare/
• Victorians' Covid contact tracing data sent for potential use by data mining platform https://www.theguardian.com/australia-news/2022/nov/09/victorians-covid-contact-tracing-data-sent-to-authority-for-potential-use-by-palantir
• NSA Over-surveillance https://www.schneier.com/blog/archives/2022/11/nsa-over-surveillance.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• The Law Bytes Podcast, Episode 145: Why Bill C-18's Mandated Payments for Links is a Threat to Freedom of Expression in Canada – My Appearance Before the Heritage Committee https://www.michaelgeist.ca/2022/11/law-bytes-podcast-episode-145/
• Independence Lost: Why Bill C-18 Undermines An Independent Press Even as It Purports to Protect It https://www.michaelgeist.ca/2022/11/independence-lost-why-bill-c-18-undermines-an-independent-press-even-as-it-purports-to-protect-it/
• Register Your TikTok Videos at the CRTC?!: Commission Encourages TikTokers To Participate in Future Process on Bill C-11 Content Registration https://www.michaelgeist.ca/2022/11/register-your-tiktok-videos-at-the-crtc-commission-encourages-tiktokers-to-participate-in-future-process-on-bill-c-11-registration-requirements/
• US:
• How US Businesses Suffer From the Lack of Personal Data Privacy Laws https://www.darkreading.com/edge-articles/how-us-businesses-suffer-from-the-lack-of-personal-data-privacy-laws
• The Filter Mandate Bill Is a Privacy and Security Mess https://www.eff.org/deeplinks/2022/11/filter-mandate-bill-privacy-and-security-mess
• Web Scraping - Is It Legal and Can It Be Prevented? https://www.securityweek.com/web-scraping-it-legal-and-can-it-be-prevented
• The Conviction of Uber's Chief Security Officer https://www.schneier.com/blog/archives/2022/11/the-conviction-of-ubers-chief-security-officer.html
• The lawsuit that could rewrite the rules of AI copyright https://www.theverge.com/2022/11/8/23446821/microsoft-openai-github-copilot-class-action-lawsuit-ai-copyright-violation-training-data
• EFF Files Amicus Brief Challenging Orange County, CA's Controversial DNA Collection Program https://www.eff.org/deeplinks/2022/11/eff-files-amicus-brief-challenging-orange-county-cas-controversial-dna-collection
• Infowars' Alex Jones ordered to pay US$473M more to Sandy Hook families https://globalnews.ca/news/9269086/infowars-alex-jones-sandy-hook/
• World:
• What happens if you break the law in space — and 3 times people or governments have tested the rules https://www.businessinsider.com/what-happens-if-you-break-the-law-in-space
• Meta to face antitrust charges in Europe over customer data use, sources say https://globalnews.ca/news/9265429/meta-antitrust-european-commission-charges/
• UK: Hacked evidence and stolen data swamp English courts https://www.databreaches.net/uk-hacked-evidence-and-stolen-data-swamp-english-courts/
• Update to the EncroChat data breach that exposed the criminal underworld and how a French court's decision could undo months of police work https://www.databreaches.net/update-to-the-encrochat-data-breach-that-exposed-the-criminal-underworld-and-how-a-french-courts-decision-could-undo-months-of-police-work/
• Turkey's New Disinformation Law Spells Trouble For Free Expression https://www.eff.org/deeplinks/2022/11/turkeys-new-disinformation-law-spells-trouble-free-expression
• Australia Eyes Ban on Paying Ransoms to Hackers https://www.pymnts.com/news/security-and-risk/2022/australia-eyes-ban-on-paying-ransoms-to-hackers/
• Navigating Blockchain's Complex Regulatory Landscape https://www.pymnts.com/blockchain/2022/navigating-blockchain-complex-regulatory-landscape/
• Standards News:
• Decision to Convert FIPS 198-1 to a NIST Special Publication https://csrc.nist.gov/news/2022/decision-to-convert-fips-198-1-to-nist-special-pub

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• General:
• Shift left: Still a Work in Progress https://www.tenable.com/blog/shift-left-still-a-work-in-progress
• New Book: A Hacker's Mind https://www.schneier.com/blog/archives/2022/11/new-book-a-hackers-mind.html
• Japan officially joins NATO's cyber defense center https://www.theregister.com/2022/11/07/japan_joins_nato_cyber_defence/
• Weekly Update 321 https://www.troyhunt.com/weekly-update-321/
• Methods, Techniques, Tools, and Products:
• We sign code now https://blog.trailofbits.com/2022/11/08/sigstore-code-signing-verification-software-supply-chain/
• Princeton CITP Launches the Digital Witness Lab to Help Journalists Track Bad Actors on Platforms https://freedom-to-tinker.com/2022/11/07/princeton-citp-launches-the-digital-witness-lab-to-help-journalists-track-bad-actors-on-platforms/
• The CIS Benchmarks Community Consensus Process https://www.darkreading.com/operations/the-cis-benchmarks-community-consensus-process
• Microsoft hits the switch on password-free smartphone authentication https://www.theregister.com/2022/11/07/microsoft_azure_phishing_mfa/
• Microsoft Defender network protection generally available on iOS, Android https://www.bleepingcomputer.com/news/security/microsoft-defender-network-protection-generally-available-on-ios-android/
• This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others https://thehackernews.com/2022/11/this-hidden-facebook-tool-lets-users.html
• The HakCat WiFi Nugget is a beginner's guide to wireless mischief https://www.theverge.com/23438967/hakcat-wifi-nugget-hacking-open-source-hak5
• Do you collect "Observables" or "IOCs"?, (Thu, Nov 10th) https://isc.sans.edu/diary/rss/29238
• Extracting Information From "logfmt" Files With CyberChef, (Sat, Nov 12th) https://isc.sans.edu/diary/rss/29244

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Patching:
• The problems with patching https://www.ncsc.gov.uk/blog-post/the-problems-with-patching
• Why CVE Management as a Primary Strategy Doesn't Work https://www.darkreading.com/vulnerabilities-threats/why-cve-management-as-a-primary-strategy-doesn-t-work
• CISA Releases Stakeholder-Specific Vulnerability Categorization (SSVC) Decision Tree Model to Help Companies Prioritize Vulnerability Patching https://www.cisa.gov/ssvc and calculator https://www.cisa.gov/ssvc-calculator 
• Patch Tuesday, November 2022 Election Edition https://krebsonsecurity.com/2022/11/patch-tuesday-november-2022-election-edition/
• Microsoft squashes six security bugs already exploited in the wild https://www.theregister.com/2022/11/09/microsoft_november_2022_patch_tuesday/
• Microsoft fixes Windows zero-day bug exploited to push malware https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-zero-day-bug-exploited-to-push-malware/
• Citrix urges admins to patch critical ADC, Gateway auth bypass https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-critical-adc-gateway-auth-bypass/
• Google Patches High-Severity Privilege Escalation Vulnerabilities in Android https://www.securityweek.com/google-patches-high-severity-privilege-escalation-vulnerabilities-android
• Significant:
• Control Gap Vulnerability Roundup: October 29th to November 4th https://www.controlgap.com/blog/vulnerability-roundup-october-29th-november-4th
• CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability https://www.tenable.com/blog/cve-2022-27510-critical-citrix-adc-and-gateway-authentication-bypass-vulnerability
• High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies https://thehackernews.com/2022/11/high-severity-flaw-reported-in-critical.html
• Google Pays $70k for Android Lock Screen Bypass https://www.securityweek.com/google-pays-70k-android-lock-screen-bypass
• Other Vulnerabilities:
• NSA urges orgs to use memory-safe programming languages https://www.theregister.com/2022/11/11/nsa_urges_orgs_to_use/
• NVIDIA Security Team: “What if we just stopped using C?” https://blog.adacore.com/nvidia-security-team-what-if-we-just-stopped-using-c
• Unencrypted Traffic Still Undermining Wi-Fi Security https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
• Lenovo Driver Goof Poses Security Risk For Users Of 25 Models https://packetstormsecurity.com/news/view/34027/Lenovo-Driver-Goof-Poses-Security-Risk-For-Users-Of-25-Models.html
• LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover https://www.securityweek.com/litespeed-vulnerabilities-can-lead-complete-web-server-takeover
• Foxit Patches Several Code Execution Vulnerabilities in PDF Reader https://www.securityweek.com/foxit-patches-several-code-execution-vulnerabilities-pdf-reader
• Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data https://thehackernews.com/2022/11/experts-find-urlscan-security-scanner.html
• Research on new vulnerabilities:
• Defeating Phishing-Resistant Multifactor Authentication https://www.schneier.com/blog/archives/2022/11/defeating-phishing-resistant-multifactor-authentication.html
• Cryptography and Cryptographic Research:
• How To Be Crypto-Agile Before Quantum Computing Upends The World https://www.forbes.com/sites/forbestechcouncil/2022/11/11/how-to-be-crypto-agile-before-quantum-computing-upends-the-world/
• Cryptography’s Future Will Be Quantum-Safe. Here’s How It Will Work https://www.quantamagazine.org/cryptographys-future-will-be-quantum-safe-heres-how-it-will-work-20221109/
• Don't Let Yourself Get Tangled Up by These 4 Quantum Mechanics Misconceptions https://www.sciencealert.com/dont-let-yourself-get-tangled-up-by-these-4-quantum-mechanics-misconceptions
• Privacy-Preserving Blueprints https://eprint.iacr.org/2022/1536

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• FBI warns scammers now impersonate refund payment portals https://www.bleepingcomputer.com/news/security/fbi-warns-scammers-now-impersonate-refund-payment-portals/
• Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network https://thehackernews.com/2022/11/experts-warn-of-browser-extensions.html
• B.C. government says it’s weathering a storm of hacking attempts https://biv.com/article/2022/11/bc-government-says-its-weathering-storm-hacking-attempts
• 15,000 sites hacked for massive Google SEO poisoning campaign https://www.bleepingcomputer.com/news/security/15-000-sites-hacked-for-massive-google-seo-poisoning-campaign/
• InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery https://www.darkreading.com/vulnerabilities-threats/use-of-interplanetary-file-system-for-phishing-malware-distribution-is-growing
• Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/
• Oh, look: More malware in the Google Play store https://www.theregister.com/2022/11/07/in_brief_security/
• Malicious Python Package Relies on Steganography to Download Malware https://www.darkreading.com/threat-intelligence/malicious-pypi-package-steganography-download-malware
• Worok hackers hide new malware in PNGs using steganography https://www.bleepingcomputer.com/news/security/worok-hackers-hide-new-malware-in-pngs-using-steganography/
• Warning: New Massive Malicious Campaigns Targeting Top Indian Banks' Customers https://thehackernews.com/2022/11/warning-this-widespread-malicious.html
• Crime & Arrests, etc.:
• Australia blames Russia for harboring health insurance hackers https://www.theregister.com/2022/11/11/russia_named_medibank_hack_source/
• FTX Investigating Possible $515 Million Hack After Bankruptcy Filing https://www.nytimes.com/2022/11/12/business/ftx-cryptocurrency-hack.html
• Collapsed FTX hit by unauthorized transactions as $1B in crypto vanishes https://globalnews.ca/news/9273540/ftx-unauthorized-transactions-1b-crypto/
• The Hunt for the FTX Thieves Has Begun https://www.wired.com/story/ftx-hack-theft-crypto-tracing/
• FTX files for bankruptcy in U.S. amid cryptocurrency exchange's meltdown https://globalnews.ca/news/9271459/crypto-cryptocurrency-ftx-bankrupt-binance/
• FTX's Enron Parallels Have Implications for Crypto's Great Regulatory Revamp https://www.pymnts.com/cryptocurrency/2022/ftxs-enron-parallels-have-implications-for-cryptos-great-regulatory-revamp/
• You Can Forget About Crypto Now https://www.theatlantic.com/technology/archive/2022/11/sam-bankman-fried-bankruptcy-crypto-ftx/672104/
• Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks https://thehackernews.com/2022/11/russian-canadian-national-charged-over.html
• Scammers Are Extorting Parents With Their Dead Children's Nude Images, FBI Says https://www.databreaches.net/scammers-are-extorting-parents-with-their-dead-childrens-nude-images-fbi-says/
• Ukraine arrests fraud ring members who made €200 million per year https://www.bleepingcomputer.com/news/security/ukraine-arrests-fraud-ring-members-who-made-200-million-per-year/
• U.S. seized 18 web domains used for recruiting money mules https://www.bleepingcomputer.com/news/security/us-seized-18-web-domains-used-for-recruiting-money-mules/
• Influencer 'Hushpuppi' gets 11 years in prison for cyber fraud https://www.bleepingcomputer.com/news/security/influencer-hushpuppi-gets-11-years-in-prison-for-cyber-fraud/
• U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud https://www.databreaches.net/u-s-attorney-announces-historic-3-36-billion-cryptocurrency-seizure-and-conviction-in-connection-with-silk-road-dark-web-fraud/
• Nation State Actors:
• Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft https://www.securityweek.com/nation-state-hacker-attacks-critical-infrastructure-soar-microsoft
• Husband and wife nuclear warship 'spy' team get 20 years each https://www.theregister.com/2022/11/10/husband_and_wife_spy_team/
• British embassy security guard David Smith admits spying for Russia https://www.bbc.co.uk/news/uk-63602000
• APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network https://thehackernews.com/2022/11/apt29-exploited-windows-feature-to.html
• Google says surveillance vendor targeted Samsung phones with zero-days https://techcrunch.com/2022/11/10/google-surveillance-samsung-spyware/
• China is likely stockpiling and deploying vulnerabilities, says Microsoft https://www.theregister.com/2022/11/07/china_stockpiles_vulnerabilities_microsoft_asserts/
• Chinese Spyware Targets Uyghurs Through Apps: Report https://www.securityweek.com/chinese-spyware-targets-uyghurs-through-apps-report
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
  • Trudeau accuses China of 'aggressive' election interference https://www.bbc.co.uk/news/world-us-canada-63551134
  • 2022 US midterm elections attack analysis https://blog.cloudflare.com/2022-us-midterm-elections-attack-analysis/
  • 5 tell-tale signs someone is manipulating you, according to a body-language expert https://www.businessinsider.com/how-to-tell-someone-manipulating-you-body-language-2022-11
  • An Untrustworthy TLS Certificate in Browsers https://www.schneier.com/blog/archives/2022/11/an-untrustworthy-tls-certificate-in-browsers.html
  • Mysterious company with government ties plays key internet role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
  • Rising cost of cyber attacks sends insurance policy charges soaring https://www.ft.com/content/753e76db-e9cc-4c90-985a-f354dbc5c9a4
  • Using Wi-FI to See through Walls https://www.schneier.com/blog/archives/2022/11/using-wi-fi-to-see-through-walls.html
  • When was the last time you checked on the paper records you put in storage somewhere? https://www.databreaches.net/when-was-the-last-time-you-checked-on-the-paper-records-you-put-in-storage-somewhere/
  • Netizens ‘Warn’ Elon Musk As China Displays Mammoth ‘Anti-Starlink’ Radar SLC-18P At Zhuhai Airshow https://eurasiantimes.com/netizens-warn-elon-musk-as-china-displays-mammoth-anti-starlink/
  • Nvidia's selling a nerfed GPU in China to get around export restrictions https://www.theverge.com/2022/11/8/23447886/nvidia-a800-china-chip-ai-research-slowed-down-restrictions
  • Microsoft is showing ads in the Windows 11 sign-out menu https://www.bleepingcomputer.com/news/microsoft/microsoft-is-showing-ads-in-the-windows-11-sign-out-menu/
  • Y2K and 2038 https://xkcd.com/2697/

• Twitter Turmoil:
  • Twitter chaos after wave of blue tick impersonations https://www.bbc.co.uk/news/technology-63599553
  • An $8 mess — Twitter Blue 'verified' accounts push crypto scams https://www.bleepingcomputer.com/news/security/an-8-mess-twitter-blue-verified-accounts-push-crypto-scams/
  • Trolls are already abusing Elon Musk's new Twitter verification system, impersonating everyone from George Bush to O.J. Simpson https://www.businessinsider.com/twitter-verification-abuse-trolls-parody-george-bush-oj-simpson-confession-2022-11
  • Here are 17 of the most outrageous impersonations to come from Elon Musk's Twitter Blue rollout blunder https://www.businessinsider.com/elon-musk-twitter-blue-most-shocking-verified-account-impersonations-2022-11
  • Twitter Users Create Havoc by Impersonating Brands https://www.nytimes.com/2022/11/11/technology/twitter-blue-fake-accounts.html
  • How are these fake Roblox and Ohio governor Twitter accounts still up? https://www.theverge.com/2022/11/11/23454237/twitter-verified-moderation-parodies-slipping-through-advertisers
  • Twitter Blue subscriptions paused after surge in verified imposter accounts https://globalnews.ca/news/9271982/twitter-blue-subscriptions-paused-elon-musk/
  • Twitter Blue ‘probably' coming back by end of next week: Elon Musk https://globalnews.ca/news/9274213/twitter-blue-elon-musk/
  • Another major ad agency recommends pausing Twitter ad campaigns https://www.theverge.com/2022/11/11/23453575/omnicom-media-group-twitter-advertising-pause
  • Musk says Twitter usage is 'at an all-time high,' but a report shows that more than 1 million accounts have been deactivated or suspended since his takeover https://www.businessinsider.com/twitter-elon-musk-usage-all-time-high-advertisers-user-growth-2022-11
  • Twitter security execs quit amid worries that Musk will violate FTC settlement https://arstechnica.com/tech-policy/2022/11/musk-fueled-chaos-at-twitter-makes-it-hard-to-comply-with-ftc-privacy-order/ 
  • Twitter Security Chief Resigns as Musk Sparks 'Deep Concern' https://www.securityweek.com/twitter-security-chief-resigns-musk-sparks-deep-concern
  • ‘Fix your companies. Or Congress will,' Senator Ed Markey warns Elon Musk https://www.theverge.com/2022/11/13/23456230/elon-musk-senator-ed-markey-fix-your-companies-congress-will-twitter-warning
  • Mastodon now has over 1 million users amid Twitter tensions https://www.bleepingcomputer.com/news/technology/mastodon-now-has-over-1-million-users-amid-twitter-tensions/

• Emerging technology, Artificial Intelligence and Machine Learning:
  • New Go-playing trick defeats world-class Go AI—but loses to human amateurs https://arstechnica.com/information-technology/2022/11/new-go-playing-trick-defeats-world-class-go-ai-but-loses-to-human-amateurs/
• Disinformation and misinformation
  • Fake posters satirically tell Toronto drivers to park illegally in bike lanes https://globalnews.ca/news/9262622/fake-posters-toronto-bike-lane-parking/
• Health:
  • In world-first trial, lab-grown blood was just injected into two people https://www.theverge.com/2022/11/8/23447076/lab-grown-blood-stem-cell-trial-sickle-cell
  • Most of Us Hit Snooze. But What Is It Actually Doing to Us? https://www.sciencealert.com/most-of-us-hit-snooze-but-what-is-it-actually-doing-to-us
  • Ebola outbreak in Uganda: Mubende, a district under lockdown https://www.bbc.co.uk/news/world-africa-63583403
  • Many military veterans struggle in silence https://globalnews.ca/news/9269734/many-military-veterans-struggle-in-silence/
  • This Cancer Treatment Actually Works Better After COVID Vaccination https://www.sciencealert.com/this-cancer-treatment-actually-works-better-after-covid-vaccination
  • Cruise ship docks in Sydney after 800 people on board infected by COVID outbreak https://www.businessinsider.com/majestic-cruise-ship-800-covid-positive-cases-docks-in-sydney-2022-11
  • Head of SickKids says he supports reinstating mask mandate to ease 'unprecedented' hospital pressures https://toronto.ctvnews.ca/head-of-sickkids-says-he-supports-reinstating-mask-mandate-to-ease-unprecedented-hospital-pressures-1.6150623
  • Toronto's top doctor called on to 'urgently explore' re-issuing mask mandates in schools https://toronto.ctvnews.ca/toronto-s-top-doctor-called-on-to-urgently-explore-re-issuing-mask-mandates-in-schools-1.6144564
• Safety:
  • There's Never Been a Crash Test Dummy Modeled After a Woman—Until Now https://www.mentalfloss.com/posts/crash-dummy-modeled-after-women
  • A Frontier Airlines flight made an emergency landing after a man with a box cutter threatened to stab other passengers https://www.businessinsider.com/frontier-flight-made-emergency-landing-passenger-box-cutter-stab-threats-2022-11
  • WW II-era planes collide mid-air at Dallas air show https://www.cbc.ca/news/world/dallas-airshow-collision-planes-1.6650038
• Environment:
  • Earth's Population Explodes to 8 Billion Humans This Month https://www.sciencealert.com/earths-population-explodes-to-8-billion-humans-this-month
  • UN announces satellite-based global methane detection system https://scienmag.com/un-announces-satellite-based-global-methane-detection-system/
  • Why Kenya is turning to genetically modified crops to help with drought https://www.bbc.co.uk/news/world-africa-63487149
  • Researchers cook up a new way to remove microplastics from water https://scienmag.com/researchers-cook-up-a-new-way-to-remove-microplastics-from-water/
  • Economy:
  • Why tech layoffs are happening all at once — and why the next few weeks could be the worst of them https://www.businessinsider.com/tech-layoffs-2022-causes-outcomes-2022-11
  • Meta let go of 11,000 employees, and it's not clear which divisions and roles were most affected https://www.businessinsider.com/meta-facebook-layoff-elon-musk-twitter-sbf-ftx-2022-11
  • Disney is preparing to cut jobs, according to leaked memo from CEO https://www.theverge.com/2022/11/11/23454045/disney-hiring-freeze-layoffs-cost-cutting-memo

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Russia’s MiG-31 Crews Are Shooting At Ukrainian Pilots From A Hundred Miles Away—And The Ukrainians Can’t Shoot Back https://www.forbes.com/sites/davidaxe/2022/11/08/russias-mig-31-crews-are-shooting-at-ukrainian-pilots-from-a-hundred-miles-away-and-the-ukrainians-cant-shoot-back
• Russia's military has likely lost half its tanks in Ukraine and will be weaker than it was before the war, Pentagon says https://www.businessinsider.com/putin-russia-probably-lost-half-main-battle-tanks-ukraine-pentagon-2022-11
• Putin can't escape fallout from Russian retreat in Ukraine https://www.bbc.co.uk/news/world-europe-63601426
• Ukraine war: Why is control of Kherson so important? https://www.bbc.co.uk/news/world-63511626
• Ukraine war: Kyiv claims major gains as Russia exits Kherson https://www.bbc.co.uk/news/world-europe-63589297
• Reaction and response:
• ‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery https://www.wired.com/story/nord-stream-pipeline-explosion-dark-ships/
• Information, Disinformation, and Propaganda:
• Ukraine war: Russians kept in the dark by internet search https://www.bbc.co.uk/news/world-europe-63246153
• Cyber-attacks and the potential for cyber-war:
• Microsoft links Russia's military to cyberattacks in Poland and Ukraine https://arstechnica.com/information-technology/2022/11/microsoft-links-russias-military-to-cyberattacks-in-poland-and-ukraine/
• Russia's New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• NASA Launched and Landed LOFTID, an Inflatable Flying Saucer Heat Shield https://www.nytimes.com/2022/11/10/science/nasa-loftid-inflatable-heat-shield.html
• Other:
• Redditor discovers legendary 1956 computer in grandparents' basement https://arstechnica.com/information-technology/2022/11/redditor-discovers-legendary-1956-computer-in-grandparents-basement/
• RETROTECHTACULAR: PROGRAMMING BY CARD (ah yes, the $#%@ old days) https://hackaday.com/2022/11/09/retrotechtacular-programming-by-card/
• 13 St. Louis Slang Terms You Should Know https://www.mentalfloss.com/posts/st-louis-slang-terms
• Divers Have Found a Piece of the Space Shuttle Challenger Off the Coast of Florida https://www.universetoday.com/158597/divers-have-found-a-piece-of-the-space-shuttle-challenger-off-the-coast-of-florida/
• The Case of the “Missing Exoplanets” https://www.universetoday.com/158541/the-case-of-the-missing-exoplanets/