This Week's [in]Security - Issue 296

Welcome to This Week’s [in]Security. Payment fraud. New breaches: Multiple Android Vendor Code Signing Keys, Amazon RDS, GoTo, more on WhatsApp, Twitter, & LastPass. New Ransomware: Wipers, Paying out. Downs. Privacy: border surveillance, repairs. Laws & Regs - Canada, US, World, Fines, Enforcements & Lawsuits: MD5 fine. UK & Mastercard, Standards. BYOD. Emerging: AI, Cryptography, Quantum. Defense - Tools & Techniques. Vulnerabilities - Advisories: Hive hit by irresponsible disclosure, Research: Cybercrime - active campaigns, crimes & enforcement, Bad-Actors: Heliconia. Other Risks, Bring Your Own Key, Consumer behaviour, Spreadsheets, Complexity, Twitter alternatives. Disinformation, Health, Safety, Environment, Economy, More FTX/Crypto. Russia v. Ukraine. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Payment fraud:
• Eye on E-Commerce: No Holiday From Online Fraud; Big Gains for BigCommerce Sellers https://www.digitaltransactions.net/eye-on-e-commerce-no-holiday-from-online-fraud-big-gains-for-bigcommerce-sellers/
• How the Nation's Biggest Banks Are Working to Address P2P Payment Scams https://www.digitaltransactions.net/how-the-nations-biggest-banks-are-working-to-address-p2p-payment-scams/
• Visa's ‘Compelling Evidence 3.0' Battles Friendly Fraud https://www.pymnts.com/news/security-and-risk/2022/visa-compelling-evidence-battles-friendly-fraud/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Android Phone Makers' Encryption Keys Stolen and Used in Malware https://www.wired.com/story/android-platform-certificates-malware/
• Multiple code signing keys have been leaked/breached/exposed and are being actively exploited to sign Android malware Apps https://thehackernews.com/2022/12/hackers-sign-android-malware-apps-with.html
• Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data https://thehackernews.com/2022/11/researchers-discover-hundreds-of-amazon.html?m=1
• GoTo says hackers breached its dev environment, cloud storage https://www.bleepingcomputer.com/news/security/goto-says-hackers-breached-its-dev-environment-cloud-storage/
• Hacker Attempts To Sell Recently Breached Data Of 500m WhatsApp Users On Dark Web https://packetstormsecurity.com/news/view/34076/Hacker-Attempts-To-Sell-Data-Of-500m-WhatsApp-Users-On-Dark-Web.html
• Twitter Data Breach Bigger Than Initially Reported https://www.securityweek.com/twitter-data-breach-bigger-initially-reported
• LastPass Security Breach https://www.schneier.com/blog/archives/2022/12/lastpass-security-breach.html
• ICE accidentally released the identities of 6,252 immigrants who sought protection in the U.S. https://www.databreaches.net/ice-accidentally-released-the-identities-of-6252-immigrants-who-sought-protection-in-the-u-s/
• IIROC-registered Canadian crypto exchange Coinsquare suffers data breach https://cointelegraph.com/news/iiroc-registered-canadian-crypto-exchange-coinsquare-suffers-data-breach
• VA admits to improperly disclosing COVID-19 vaccine data for 500,000 staff https://www.databreaches.net/va-admits-to-improperly-disclosing-covid-19-vaccine-data-for-500000-staff/
• Developing: Data purportedly from Kenosha Unified School District shows up on dark web https://www.databreaches.net/developing-data-from-kenosha-unified-school-district-shows-up-on-dark-web/
• NZ: ‘Unfortunate and regrettable incident': Inside the Otago University data breach https://www.databreaches.net/nz-unfortunate-and-regrettable-incident-inside-the-otago-university-data-breach/
• Hulu customer claims an employee violated her privacy by using personal information to contact her after a virtual service chat https://www.businessinsider.com/hulu-customer-says-employee-used-personal-contact-information-violated-privacy-2022-11
• New Ransomware and "Incidents":
• Wipers Are Widening: Here's Why That Matters https://www.securityweek.com/wipers-are-widening-heres-why-matters
• Paying the Ransom in Response to a Ransomware Attack can Sometimes Backfire https://www.databreaches.net/paying-the-ransom-in-response-to-a-ransomware-attack-can-sometimes-backfire/
• Brazilian debt collection firm pays Hive $500k ransom while SuspectFile spectates it all https://www.databreaches.net/brazilian-debt-collection-firm-pays-hive-500k-ransom-while-suspectfile-spectates-it-all/
• Rackspace rocked by ‘security incident' that has taken out some hosted Exchange services https://www.databreaches.net/rackspace-rocked-by-security-incident-that-has-taken-out-some-hosted-exchange-services/
• New Zealand health insurer Accuro says it's been hacked, can't rule out customers' data being accessed https://www.databreaches.net/new-zealand-health-insurer-accuro-says-its-been-hacked-cant-rule-out-customers-data-being-accessed/
• Ca: DDSB recovering from cyber attack that left schools without access to email or emergency contact information https://www.databreaches.net/ca-ddsb-recovering-from-cyber-attack-that-left-schools-without-access-to-email-or-emergency-contact-information/
• Ca: Personal info of 5,000 Edmonton employees compromised in insider data breach https://www.databreaches.net/ca-personal-info-of-5000-edmonton-employees-compromised-in-insider-data-breach/
• The Pope's website taken offline in suspected hacker attack https://www.databreaches.net/the-popes-website-taken-offline-in-suspected-hacker-attack/
• Vanuatu officials turn to phone books and typewriters, one month after cyber attack https://www.databreaches.net/vanuatu-officials-turn-to-phone-books-and-typewriters-one-month-after-cyber-attack/
• Major outages/downs:
• Killnet Gloats About DDoS Attacks Downing Starlink, White House https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov
• NJ: Internet issues caused by ‘unauthorized third party' close South Jersey school https://www.databreaches.net/nj-internet-issues-caused-by-unauthorized-third-party-close-south-jersey-school/

Privacy

Articles about privacy related news, risks, and trends.

• From Camera Towers to Spy Blimps, Border Researchers Now Can Use 65+ Open-licensed Images of Surveillance Tech from EFF https://www.eff.org/deeplinks/2022/11/eff-releases-images-surveillance-us-mexico-border-under-creative-commons
• Computer Repair Technicians Are Stealing Your Data https://www.schneier.com/blog/archives/2022/11/computer-repair-technicians-are-stealing-your-data.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Freedom of Expression for a Price: Government Confirms Bill C-18 Requires Platform Payment for User Posts That Include News Quotes and Hyperlinks https://www.michaelgeist.ca/2022/11/freedom-of-expression-for-a-price-government-confirms-bill-c-18-requires-platform-payment-for-user-posts-that-include-news-quotes-and-hyperlinks/
• The Law Bytes Podcast, Episode 148: Christelle Tessono on Bringing a Human Rights Lens to AI Regulation in Bill C-27 https://www.michaelgeist.ca/2022/11/law-bytes-podcast-episode-148/
• Don’t give more powers to CSE until it submits to effective review https://policyoptions.irpp.org/magazines/november-2022/communications-security-establishment-review/
• US:
• What the CISA Reporting Rule Means for Your IT Security Protocol https://thehackernews.com/2022/12/what-cisa-reporting-rule-means-for-your.html
• FTX Inquiry Sets Stage for Regulatory Turf War https://www.pymnts.com/cryptocurrency/2022/ftx-inquiry-sets-stage-for-regulatory-turf-war/
• TikTok NSFW if you work for the South Dakota government https://www.theregister.com/2022/11/30/tiktok_nsfw_if_you_work/
• World:
• British Court Orders Crypto Exchanges to Disclose Customer Information https://www.pymnts.com/cryptocurrency/2022/british-court-orders-crypto-exchanges-to-disclose-customer-information/
• Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches https://thehackernews.com/2022/11/australia-passes-bill-to-fine-companies.html
• After Delhi High Court Ruling, Telegram Discloses Names, Phone Numbers & IP Addresses Of Users Accused Of Sharing Infringing Material https://www.livelaw.in/news-updates/after-court-order-telegram-discloses-phone-numbers-ip-addresses-of-users-accused-of-sharing-infringing-material-215311
• India Requires Internet Services to Collect and Store Vast Amount of Customer Data, Building a Path to Mass Surveillance https://www.eff.org/deeplinks/2022/12/india-requires-internet-services-collect-and-store-vast-amount-customer-data
• Enforcements, Fines, Lawsuits:
• Facebook Fined $276M under GDPR https://www.schneier.com/blog/archives/2022/11/facebook-fined-276m-under-gdpr.html
• French Electricity Provider Fined for Storing Users' Passwords with Weak MD5 Algorithm https://thehackernews.com/2022/11/french-electricity-provider-fined-for.html
• British Court Denies Mastercard Appeal in $19B Class-Action Lawsuit https://www.pymnts.com/legal/2022/british-court-denies-mastercard-appeal-class-action-lawsuit/
• Newsroom Sues NSO Group for Pegasus Spyware Compromise https://www.darkreading.com/application-security/newsroom-sues-nso-group-for-pegasus-spyware
• Let Data Breach Victims Sue Marriott https://www.eff.org/deeplinks/2022/11/let-data-breach-victims-sue-marriott
• November settlements in some class action lawsuits involving health information https://www.databreaches.net/november-settlements-in-some-class-action-lawsuits-involving-health-information/
• Big Banks Devising Plan to Reimburse Zelle Scam Victims https://www.pymnts.com/news/banking/2022/big-banks-devising-plan-to-reimburse-zelle-scam-victims/
• Standards News:
• Open for Public Comment until January 13: SP 1800-22 Bring Your Own Device (BYOD) Second Draft https://www.nccoe.nist.gov/mobile-device-security/bring-your-own-device

Emerging technology and Innovations

Covering developments and risks with new technologies including AI, Quantum Computing, Cryptography:

• Artificial Intellgence & Machine Learning:
• OpenAI invites everyone to test new AI-powered chatbot—with amusing results https://arstechnica.com/information-technology/2022/12/openai-invites-everyone-to-test-new-ai-powered-chatbot-with-amusing-results/
• OpenAI's new chatbot can explain code and write sitcom scripts but is still easily tricked https://www.theverge.com/23488017/openai-chatbot-chatgpt-ai-examples-web-demo
• Now AI can write students' essays for them, will everyone become a cheat? | Rob Reich https://www.theguardian.com/commentisfree/2022/nov/28/ai-students-essays-cheat-teachers-plagiarism-tech
• OpenAI upgrades GPT-3, stunning with rhyming poetry and lyrics https://arstechnica.com/information-technology/2022/11/openai-conquers-rhyming-poetry-with-new-gpt-3-update/
• AI Advent Calendar 2022 https://www.aiweirdness.com/ai-advent-calendar-2022/
• Blockchain couldn't stop TXT spam in India, regulator now trying AI https://www.theregister.com/2022/11/29/india_txt_spam_crackdown/
• Cryptography and Cryptographic Research:
• France tests 'post-quantum' encryption for diplomatic messages https://www.geo.tv/latest/456179-france-tests-post-quantum-encryption-for-diplomatic-messages
• Backdooring Post-Quantum Cryptography: Kleptographic Attacks on Lattice-based KEMs https://eprint.iacr.org/2022/1681
• End-to-End Secure Messaging with Traceability Only for Illegal Content https://eprint.iacr.org/2022/1643
• Quatum Innovation.
• New quantum computing feat is a modern twist on a 150-year-old thought experiment https://scienmag.com/new-quantum-computing-feat-is-a-modern-twist-on-a-150-year-old-thought-experiment/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:
• Let's Encrypt issued over 3 billion certificates, securing 309M sites for free https://www.bleepingcomputer.com/news/security/let-s-encrypt-issued-over-3-billion-certificates-securing-309m-sites-for-free/
• Memory Safe Languages in Android 13 https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
• What Developers Need to Fight the Battle Against Common Vulnerabilities https://thehackernews.com/2022/12/what-developers-need-to-fight-battle.html
• What Every Enterprise Can Learn From Russia's Cyber Assault on Ukraine https://www.darkreading.com/microsoft/what-every-enterprise-can-learn-from-russia-s-cyber-assault-on-ukraine
• Methods, Techniques, Tools, and Products:
• Linux LOLBins Applications Available in Windows, (Sat, Dec 3rd) https://isc.sans.edu/diary/rss/29296
• Now 1Password remembers sites that use third-party accounts like Google or Facebook to log in https://www.theverge.com/2022/12/1/23486783/1password-sign-in-passwordless-feature-google-apple-facebook
• Password Salting to Increase Windows Active Directory Security https://www.bleepingcomputer.com/news/security/password-salting-to-increase-windows-active-directory-security/
• Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entra https://www.microsoft.com/en-us/security/blog/2022/11/30/implementing-zero-trust-access-to-business-data-on-byod-with-trustd-mtd-and-microsoft-entra/
• Microsoft Defender boosts default protection for all enterprise users https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-boosts-default-protection-for-all-enterprise-users/
• The Linux Kernel Key Retention Service and why you should use it in your next application https://blog.cloudflare.com/the-linux-kernel-key-retention-service-and-why-you-should-use-it-in-your-next-application/
• Cloudflare finds a way through China's network defences https://www.theregister.com/2022/11/30/cloudflare_china_networking/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html
• Oracle Fusion Middleware Flaw Flagged by CISA https://www.darkreading.com/threat-intelligence/oracle-fusion-middleware-flaw-flagged-by-cisa
• Significant:
• Control Gap Vulnerability Roundup: November 19th to November 25th https://www.controlgap.com/blog/vulnerability-roundup-november-19th-november-25th
• Google Chrome emergency update fixes 9th zero-day of the year https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/
• Chrome 108 Patches High-Severity Memory Safety Bugs https://www.securityweek.com/chrome-108-patches-high-severity-memory-safety-bugs
• Cybersecurity researchers take down DDoS botnet by accident https://www.bleepingcomputer.com/news/security/cybersecurity-researchers-take-down-ddos-botnet-by-accident/
• Project Zero Flags 'Patch Gap' Problems on Android https://www.securityweek.com/project-zero-flags-patch-gap-problems-android
• Other Vulnerabilities:
• Security Researchers Issue Warning Over Hive Social, the App Many Consider a Twitter Alternative https://www.gizmodo.com.au/2022/12/hive-social-app/
• Hive Social turns off servers after researchers warn hackers can access all data https://arstechnica.com/information-technology/2022/12/hive-social-turns-off-servers-after-researchers-warn-hackers-can-access-all-data/
• Bulletproof TLS Newsletter 95: The Battle of QWACs (the EU’s new certificates) Is in Full Swing, and other TLS news https://www.feistyduck.com/bulletproof-tls-newsletter/issue_95_the_battle_of_qwacs_is_in_full_swing
• Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL https://thehackernews.com/2022/12/researchers-disclose-supply-chain-flaw.html
• OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products https://www.securityweek.com/oticefall-continues-vulnerabilities-festo-codesys-products
• New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection https://thehackernews.com/2022/11/new-flaw-in-acer-laptops-could-let.html
• Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover https://www.theregister.com/2022/12/01/nvidia_gpu_driver_bugs/
• Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework https://thehackernews.com/2022/12/researchers-disclose-critical-rce.html
• Delta Electronics Patches Serious Flaws in Industrial Networking Devices https://www.securityweek.com/delta-electronics-patches-serious-flaws-industrial-networking-devices
• Industry 4.0: CNC Machine Security Risks Part 1 https://www.trendmicro.com/en_us/research/22/k/cnc-machine-security-risks-part-1.html
• Hyundai app bugs allowed hackers to remotely unlock, start cars https://www.bleepingcomputer.com/news/security/hyundai-app-bugs-allowed-hackers-to-remotely-unlock-start-cars/
• Sirius XM Software Vulnerability https://www.schneier.com/blog/archives/2022/12/sirius-xm-software-vulnerability.html
• The Metaverse Could Become a Top Avenue for Cyberattacks in 2023 https://www.darkreading.com/attacks-breaches/metaverse-top-avenue-cyberattacks-2023
• Research on new vulnerabilities:
• API Secrets: Where the Bearer Model Breaks Down https://www.darkreading.com/edge-articles/api-secrets-where-the-bearer-model-breaks-down
• Specialized Zero-Knowledge Proof failures https://blog.trailofbits.com/2022/11/29/specialized-zero-knowledge-proof-failures/
• Defeating A Cryptoprocessor With Laser Beams https://hackaday.com/2022/11/26/defeating-a-cryptoprocessor-with-laser-beams/
• Interactive Authentication https://eprint.iacr.org/2022/1682

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms https://thehackernews.com/2022/11/this-malicious-app-abused-hacked.html
• Crafty threat actor uses 'aged' domains to evade security platforms https://www.bleepingcomputer.com/news/security/crafty-threat-actor-uses-aged-domains-to-evade-security-platforms/
• Hackers use new, fake crypto app to breach networks, steal cryptocurrency https://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/
• Critical RCE bugs in Android remote keyboard apps with 2M installs https://www.bleepingcomputer.com/news/security/critical-rce-bugs-in-android-remote-keyboard-apps-with-2m-installs/
• Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware https://thehackernews.com/2022/11/hackers-using-trending-invisible.html
• Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users https://thehackernews.com/2022/12/schoolyard-bully-trojan-apps-stole.html
• Google discovers Windows exploit framework used to deploy spyware https://www.bleepingcomputer.com/news/security/google-discovers-windows-exploit-framework-used-to-deploy-spyware/
• Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection https://thehackernews.com/2022/11/researchers-find-way-malicious-npm.html
• Crime & Arrests, etc.:
• The Hunt for the Kingpin Behind AlphaBay, Part 6: Endgame https://www.wired.com/story/alphabay-series-part-6-endgame/
• Alberta MLA Thomas Dang sentenced for hacking COVID vaccine records portal https://nationalpost.com/news/canada/alberta-mla-thomas-dang-sentenced-for-hacking-covid-vaccine-records-portal
• Police arrest 55 members of 'Black Panthers' SIM Swap gang https://www.bleepingcomputer.com/news/security/police-arrest-55-members-of-black-panthers-sim-swap-gang/
• SIM swapper gets 18-months for involvement in $22 million crypto heist https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/
• NY Man Admits Guilt in $2M Crypto Mining Fraud https://www.pymnts.com/cryptocurrency/2022/ny-man-admits-guilt-in-2m-crypto-mining-fraud/
• Crackdown on African Cybercrime Leads to Arrests, Infrastructure Takedown https://www.securityweek.com/crackdown-african-cybercrime-leads-arrests-infrastructure-takedown
• Police warn about suspects looking through mailboxes https://globalnews.ca/news/9323565/london-police-man-mailboxes/
• Man with suspected gang ties charged after loaded ‘ghost gun' found in Delta, B.C. truck https://globalnews.ca/news/9316252/man-charged-ghost-gun-delta-bc-truck/
• Almost 300 predatory loan apps found in Google and Apple stores https://www.theregister.com/2022/12/01/apple_google_predatory_loans/

Bad-Actors / Nation-States / APTs / Cyber-Mercenaries

News covering Nation-State Actors, APTS, Hacking Groups, Mercenaries, Espionage, and the Notorious:

• U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer https://krebsonsecurity.com/2022/11/u-s-govt-apps-bundled-russian-code-with-ties-to-mobile-malware-developer/
• FBI director warns that TikTok could be exploited by China to collect user data for espionage https://www.businessinsider.com/fbi-director-chris-wray-warns-of-tiktok-espionage-2022-12
• US bans sales of Huawei, Hikvision, ZTE, and Dahua equipment https://www.bleepingcomputer.com/news/security/us-bans-sales-of-huawei-hikvision-zte-and-dahua-equipment/
• Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines https://thehackernews.com/2022/11/chinese-cyber-espionage-hackers-using.html
• Never-before-seen malware is nuking data in Russia's courts and mayors' offices https://arstechnica.com/information-technology/2022/12/never-before-seen-malware-is-nuking-data-in-russias-courts-and-mayors-offices/
• Sandworm gang launches Monster ransomware attacks on Ukraine https://www.theregister.com/2022/11/29/russia_ransomboggs_ransomware_ukraine/
• North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets https://thehackernews.com/2022/12/north-korea-hackers-using-new-dolphin.html
• Domain aging gang CashRewindo picks vintage sites to push malvertising https://www.theregister.com/2022/12/02/cashrewindo_scam_domain_aging/
• FBI: Cuba ransomware raked in $60 million from over 100 victims https://www.bleepingcomputer.com/news/security/fbi-cuba-ransomware-raked-in-60-million-from-over-100-victims/
• New DuckLogs malware service claims having thousands of ‘customers' https://www.bleepingcomputer.com/news/security/new-ducklogs-malware-service-claims-having-thousands-of-customers-/
• Chrome, Defender, and Firefox 0-days linked to commercial IT firm in Spain https://arstechnica.com/information-technology/2022/11/google-ties-spanish-it-firm-to-0-days-exploiting-chrome-defender-and-firefox/
• Google Moves to Block Invasive Spanish Spyware Framework https://www.wired.com/story/heliconia-spyware-google-tag/

Other Security / Risk

Articles covering other types of risks.

• General:
• Bring Your Own Key — A Placebo? https://www.darkreading.com/cloud/bring-your-own-key-a-placebo-
• Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands https://www.darkreading.com/endpoint/data-security-concerns-are-driving-changes-in-us-consumer-behavior-and-demands
• Spreadsheet Mistakes Cause Big Costly Consequences for CFOs https://www.pymnts.com/news/b2b-payments/2022/spreadsheet-mistakes-cause-big-costly-consequences-for-cfos/
• Web browsers drop mysterious company with ties to U.S. military contractor https://www.msn.com/en-us/news/technology/web-browsers-drop-mysterious-company-with-ties-to-us-military-contractor/ar-AA14L433
• Existential Risk and the Fermi Paradox https://www.schneier.com/blog/archives/2022/12/existential-risk-and-the-fermi-paradox.html
• Migration to other social media platforms shows no signs of slowing following Elon Musk's chaotic takeover at Twitter, report says https://www.businessinsider.com/twitter-migration-shows-no-signs-of-slowing-following-musks-takeover
• How secure a Twitter replacement is Mastodon? Let us count the ways https://arstechnica.com/information-technology/2022/11/how-secure-a-twitter-replacement-is-mastodon-let-us-count-the-ways/
• Twitter moderators turn to automation amid a reported surge in hate speech https://www.theguardian.com/technology/2022/dec/03/twitter-moderators-turn-to-automation-amid-a-reported-surge-in-hate-speech
• Why the voting machines failed in Mercer County https://freedom-to-tinker.com/2022/12/01/why-the-voting-machines-failed-in-mercer-county/
• The weird, worrisome mystery behind America's plague of purple streetlights https://www.businessinsider.com/led-city-streetlights-turning-purple-broken-tech-danger-2022-11
• US Air Force unveils new B-21 Raider nuclear stealth bomber https://www.bbc.co.uk/news/world-us-canada-63845082
• Interesting discussion of the void between morals and ethics https://opengovernance.net/we-need-more-unethical-morals-afc935c5faef
• Disinformation and misinformation
• Gaslighting: Merriam-Webster picks its word of the year https://www.bbc.co.uk/news/world-us-canada-63798242
• Is Spreading Medical Misinformation a Doctor's Free Speech Right? https://www.nytimes.com/2022/11/30/technology/medical-misinformation-covid-free-speech.html
• Twitter no longer enforcing COVID-19 misinformation policy after Musk takeover https://globalnews.ca/news/9312900/twitter-musk-covid-misinformation/
• Pegasus spyware inquiry targeted by disinformation campaign, say experts https://www.theguardian.com/world/2022/nov/28/pegasus-eu-parliament-spyware-inquiry-targeted-disinformation-campaign
• Health:
• Expiration Dates Are Meaningless https://www.theatlantic.com/health/archive/2022/11/expiration-dates-food-waste-safety/672311/
• Legalization of recreational cannabis linked with increased alcohol drinking https://scienmag.com/legalization-of-recreational-cannabis-linked-with-increased-alcohol-drinking/
• Few Americans are aware of links between alcohol and cancer risk https://scienmag.com/few-americans-are-aware-of-links-between-alcohol-and-cancer-risk/
• Many Canadians are skipping regular eye exams. What are the risks? https://globalnews.ca/news/9314708/canadians-skipping-eye-exams-risks/
• Scientists Just Caught Bacteria Using a Never-Before-Seen Trick to Avoid Antibiotics https://www.sciencealert.com/scientists-just-caught-bacteria-using-a-never-before-seen-trick-to-avoid-antibiotics
• Sunscreen Testing Is Riddled With Problems You've Probably Never Considered https://www.sciencealert.com/sunscreen-testing-is-riddled-with-problems-youve-probably-never-considered
• Ebola in Uganda: The people spreading misinformation online https://www.bbc.co.uk/news/63741125
• 20 years ago, a Lyme-disease vaccine was taken off the market. Now, 2 companies are developing one that could be available by 2025. https://www.businessinsider.com/a-new-lyme-vaccine-may-be-coming-soon-2022-12
• Lyme Disease Is on The Rise, But There Might Be Hope in a New Vaccine https://www.sciencealert.com/lyme-disease-is-on-the-rise-but-there-might-be-hope-in-a-new-vaccine
• mRNA vaccines offer one-two punch to combat malaria https://scienmag.com/mrna-vaccines-offer-one-two-punch-to-combat-malaria/
• An early-stage HIV vaccine is showing positive results. If it works, it would be first successful HIV vaccine after almost 40 years of research. https://www.businessinsider.com/early-stage-hiv-vaccine-candidate-positive-results-2022-11
• Monkeypox Has a New Name to Shake Off Old Stigmas, According to The WHO https://www.sciencealert.com/monkeypox-has-a-new-name-to-shake-off-old-stigmas-according-to-the-who
• Experimental COVID-19 vaccine offers long-term protection against severe disease https://scienmag.com/experimental-covid-19-vaccine-offers-long-term-protection-against-severe-disease/
• New COVID variant could emerge amid drop in surveillance, vaccination, WHO warns https://globalnews.ca/news/9321219/covid-variant-drop-surveillance-vaccination-who/
• Surgical masks are not inferior to N95 masks for health-care workers providing routine COVID-19 care https://scienmag.com/surgical-masks-are-not-inferior-to-n95-masks-for-health-care-workers-providing-routine-covid-19-care/
• Safety:
• One-pilot cockpits? Here’s what QF32 hero and ‘Sully’ Sullenberger think https://www.smh.com.au/national/one-pilot-cockpits-here-s-what-qf32-hero-and-sully-sullenberger-think-20221124-p5c14m.html
• Over 3,700 Volkswagen EVs recalled in Canada due to increased crash risk https://globalnews.ca/news/9323489/electric-audi-recall-transport-canada/
• Passenger killed after large ‘rogue' wave hits Antarctic cruise ship https://globalnews.ca/news/9321917/cruise-death-rogue-wave-antarctica-viking-polaris/
• Health Canada recalls thousands of laundry products over bacteria concern https://globalnews.ca/news/9321095/the-laundress-detergent-recall-canada/
• Winter tires mandatory in Quebec starting Thursday https://globalnews.ca/news/9317800/quebec-winter-tire-deadline-december-2022/
• ‘Flying tires' a risk as snow tire season is underway https://globalnews.ca/news/9313222/flying-tires-risk-snow-tire-season/
• ‘Increase in enforcement': Peel police launch holiday RIDE campaign https://globalnews.ca/news/9314930/peel-police-holiday-ride-campaign/
• Police proposal to use potentially deadly robots approved in San Francisco https://globalnews.ca/news/9314743/police-robots-san-francisco-approved/
• Toronto subway station evacuated over bomb threat: police https://globalnews.ca/news/9308982/toronto-bomb-threat-pioneer-village-subway/
• Environment:
• 5 Billion People Will Face Water Shortages by 2050, U.N. Says https://www.scientificamerican.com/article/5-billion-people-will-face-water-shortages-by-2050-u-n-says/
• Forests at Risk of Burning an Extra 30 Days a Year Without Climate Action https://www.sciencealert.com/forests-at-risk-of-burning-an-extra-30-days-a-year-without-climate-action
• 1930s Dust Bowl led to extreme heat around Northern Hemisphere https://scienmag.com/1930s-dust-bowl-led-to-extreme-heat-around-northern-hemisphere/
• China and Russia Continue to Block Protections for Antarctica https://www.scientificamerican.com/article/china-and-russia-continue-to-block-protections-for-antarctica/
• Ontario spends little to fight invasive species, despite economic impact: AG https://globalnews.ca/news/9314863/ontario-spends-little-to-fight-invasive-species-despite-economic-impact-ag/
• Engineers Propose an Ambitious Plan to Bury Excess Carbon at The Bottom of The Ocean https://www.sciencealert.com/engineers-propose-an-ambitious-plan-to-bury-excess-carbon-at-the-bottom-of-the-ocean
• Honey, we shrunk the nuclear reactor https://hackaday.com/2022/11/25/honey-we-shrunk-the-nuclear-reactor/
• The EU wants to legitimize carbon removal schemes https://www.theverge.com/2022/12/1/23486120/eu-european-commission-carbon-removal-proposal-certify
• World's first test run of a hydrogen jet engine a success https://www.theverge.com/2022/11/29/23483889/rolls-royce-easyjet-hydrogen-fuel-jet-engine-test
• Dimming the Sun to Cool the Planet Is a Desperate Idea, Yet We’re Inching Toward It https://www.newyorker.com/news/annals-of-a-warming-planet/dimming-the-sun-to-cool-the-planet-is-a-desperate-idea-yet-were-inching-toward-it
• Mauna Loa, Earth's Largest Active Volcano, Just Woke Up after 38 Years https://www.scientificamerican.com/article/mauna-loa-earths-largest-active-volcano-just-woke-up-after-38-years/
• Economy:
• Apple is accelerating plans to move production out of China as protests and riots intensify in response to zero-Covid policies, report says https://www.businessinsider.com/apple-accelerates-production-china-protests-2022-12
• DoorDash is laying off 1,250 employees and sounding the alarm on the food delivery industry. 'Today was a wake-up call for DoorDash,' CTO said. https://www.businessinsider.com/doordash-cuts-1000-workers-costly-expenses-memo-2022-11
• Here's everything that went wrong with FTX https://www.theverge.com/2022/11/30/23484331/ftx-explained-cryptocurrency-sbf-sam-bankman-fried
• FTX Collapse Was Old Tricks Powered by New Technology https://www.pymnts.com/cryptocurrency/2022/ftx-collapse-was-old-tricks-powered-by-new-technology/
• Sam Bankman-Fried's defense that he 'didn't know exactly what was going on' isn't a defense for CEOs whose companies are in hot water https://www.businessinsider.com/ftx-founder-sam-bankman-frieds-defense-doesnt-work-for-leaders-2022-12
• Crypto Firm BlockFi Files For Bankruptcy After FTX Collapse https://packetstormsecurity.com/news/view/34086/Crypto-Firm-BlockFi-Files-For-Bankruptcy-After-FTX-Collapse.html
• Bitcoin teeters after Grayscale owner DCB reveals it's $2bn in debt https://uk.finance.yahoo.com/news/bitcoin-teeters-grayscale-owner-dcb-reveals-debt-145958704.html
• Kraken, the 3rd-largest digital assets exchange, is laying off 30% of its staff as crypto winter deepens https://markets.businessinsider.com/news/currencies/kraken-layoffs-crypto-exchange-ftx-winter-jesse-powell-2022-11

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Is attacking Ukraine's power grid a war crime? https://www.bbc.co.uk/news/world-europe-63754808
• Ukraine war: Letter bomb at Ukraine's Spain embassy injures employee https://www.bbc.co.uk/news/world-europe-63812148
• Ukraine war: Kyiv displays dummy nuclear-capable missile fired by Russia https://www.bbc.co.uk/news/world-europe-63826082
• Reaction and response:
• EU seeks specialized court to probe possible Russian war crimes in Ukraine https://globalnews.ca/news/9314297/eu-tribunal-russia-war-crimes/
• ‘No immunity': Canada joins G7 pledge to coordinate Russian war crimes probes https://globalnews.ca/news/9312240/ukraine-war-crime-investigation-canada-g7/
• Ukraine war: NATO pledges to provide more weapons and fix power grid https://www.bbc.co.uk/news/world-europe-63798506
• Canada funded group clearing landmines in Ukraine after Russian retreat https://globalnews.ca/news/9320510/ukraine-russia-war-landmines-removal/
• Leaked Kremlin poll shows 55% of Russians want to see negotiations with Ukraine to end the war: report https://www.businessinsider.com/leaked-kremlin-poll-55-of-russians-want-talks-end-ukraine-war-2022-12
• Ukraine war: Russia demands annexations recognised before talks https://www.bbc.co.uk/news/world-europe-63832151
• Sanctions & economic Impact:
• Ukraine war: Russia rejects US$60 a barrel cap on its oil, threatens to cut supply https://globalnews.ca/news/9323447/ukraine-war-zelenskyy-russian-oil-prices/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Local:
• Exploring a tunnel deep below Niagara Falls https://www.ctvnews.ca/world/exploring-a-tunnel-deep-below-niagara-falls-1.6177407
• Lighter:
• The World Cup of Microsoft Excel https://www.theatlantic.com/technology/archive/2022/12/world-cup-microsoft-excel/672320/
• Science:
• Charles V of Spain Secret Code Cracked https://www.schneier.com/blog/archives/2022/11/charles-v-of-spain-secret-code-cracked.html
• A Strange Thing Happens to Wolves Infected by Infamous Mind-Altering Parasite https://www.sciencealert.com/a-strange-thing-happens-to-wolves-infected-by-infamous-mind-altering-parasite
• Cephalopods Can Pass a Cognitive Test Designed For Human Children https://www.sciencealert.com/cephalopods-can-pass-a-cognitive-test-designed-for-human-children
• Two Minerals Never Seen Before in Nature Discovered In an Asteroid That Fell to Earth https://www.sciencealert.com/two-minerals-never-seen-before-in-nature-discovered-in-an-asteroid-that-fell-to-earth
• A New Satellite Is One of The Brightest Objects in The Sky, And It's a Big Problem https://www.sciencealert.com/a-new-satellite-is-one-of-the-brightest-objects-in-the-sky-and-its-a-big-problem
• Astronomers Directly Image a Jupiter-Sized Planet Orbiting a Sunlike Star https://www.universetoday.com/158776/astronomers-directly-image-a-jupiter-sized-planet-orbiting-a-sunlike-star/