COVID-19 IoT Ransomware NIST [in]security Bill C11 spyware This Week's [in]Security - Issue 253 | insecurity | Control Gap CG Blogger Share this blog post on Twitter Share this blog post on Facebook Share this blog post on LinkedIn Welcome to This Week’s [in]Security. PCI and payments: Target's anti-skimmer Merry Maker, Segway. Payments, Training & events. New breaches: Securitas (S3), News Corp, Whisper. New Ransomware: Changing tactics, Oiltanking, Kronos. Follow-ups & Fall-out: Equifax. Privacy: GPU-fingerprinting, Ungoogling yourself. Laws & Regs - Canada: C-11/streaming, Online harms, Digital Taxes. US: EARN IT, Cyber Review board, EFF. World: EU vs. US. Standards: NIST Software, IoT, &, Security Labeling. NVD API. Defense: volunteers, browsers. Vulnerabilities, Zerodays: Zimbra. Other Vulnerabilities: CISA alerts, Log4shell lives on, Firmware, Cisco, ESET, Supply chains, MSIX, Finding Open Source vulns, Walmart analyzes new ransomware. Patching: CISA must patch, Samba. Crypto-research. Cybercrime: Trends: Reverse proxy attacks, Nation States: taking down North Korea, China, more spyware, Ukraine. Crime & Enforcement; fraud & blackmail, big heists, drones, Other Risks: Automation. Banning ideas. App monopolies, too many secrets, Internet next, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Learned; Covid Ugly; Innovation and more. PCI Compliance and Payments News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance. Target open sources scanner for digital credit card skimmers https://www.bleepingcomputer.com/news/security/target-open-sources-scanner-for-digital-credit-card-skimmers/ Magecart Attackers Ride into Segway's E-commerce Website, Segue to Stealing Visitor Data https://sourcedefense.com/resources/magecart-attackers-ride-into-segways-e-commerce-website-segue-to-stealing-visitor-data/ Other payment related: Visa Calls for Payment Standards in EV Charging https://www.pymnts.com/news/payments-innovation/2022/visa-calls-for-payment-standards-in-ev-charging/ Interac on 2021 https://www.interac.ca/en/content/inside-interac/2021-a-year-in-review-at-interac/ Dynamic Security Code Cards: A Primer https://www.securetechalliance.org/publications-dynamic-security-code-cards-a-primer/ T-Mobile Money app to use Mastercard True Name https://www.finextra.com/pressarticle/91245/t-mobile-money-app-to-use-mastercard-true-name Secure Technology Alliance Payments Council https://www.securetechalliance.org/activities-councils-payments/ Other educational events, webinars, courses: FISSEA Winter Forum February 15, 2022, 1:00pm-4:00 pm ET https://www.nist.gov/news-events/events/2022/02/fissea-winter-forum-february-15-2022 NICE Computational Literacy - A New Literacy Necessary for the Future of Learning and Work February 16, 2022 | 2:00-3:00 PM ET https://www.nist.gov/news-events/events/2022/02/nice-webinar-computational-literacy-new-literacy-necessary-future Breaches / Ransomware / Leaks Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout. New Breaches: Unsecured AWS server exposed 3TB in airport employee records https://www.zdnet.com/article/unsecured-aws-server-exposed-airport-employee-records-3tb-in-data Suspected Chinese spies break into cloud accounts of News Corp journalists https://www.theregister.com/2022/02/04/news_corp_china_compromised/ Security issue may have made some personal information vulnerable on WSDOT system https://www.databreaches.net/security-issue-may-have-made-some-personal-information-vulnerable-on-wsdot-system/ British Council exposed more than 100,000 files with student records https://www.bleepingcomputer.com/news/security/british-council-exposed-more-than-100-000-files-with-student-records/ Messages and user data from secret sharing app Whisper exposed online (again): report https://www.comparitech.com/blog/information-security/secret-sharing-app-exposure/ New Ransomware and "Incidents": Law enforcement action push ransomware gangs to surgical attacks https://www.bleepingcomputer.com/news/security/law-enforcement-action-push-ransomware-gangs-to-surgical-attacks/ One in seven ransomware extortion attempts leak key operational tech records https://www.zdnet.com/article/one-in-seven-ransomware-extortion-attempts-leak-key-business-operation-data OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks https://www.securityweek.com/ot-data-stolen-ransomware-gangs-can-facilitate-cyber-physical-attacks Ransomware means your database IS the front line. How are you defending it? https://www.theregister.com/2022/02/01/ransomware_database/ Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks https://thehackernews.com/2022/02/hacker-group-moses-staff-using-new.html Inside Trickbot, Russia's Notorious Ransomware Gang https://www.wired.com/story/trickbot-malware-group-internal-messages Iranian Hackers Using New PowerShell Backdoor Linked to Memento Ransomware https://www.securityweek.com/iranian-hackers-using-new-powershell-backdoor-linked-memento-ransomware Cyberattacks Increasingly Hobble Pandemic-Weary US Schools https://www.securityweek.com/cyberattacks-increasingly-hobble-pandemic-weary-us-schools German petrol supply firm Oiltanking paralyzed by cyber attack https://www.bleepingcomputer.com/news/security/german-petrol-supply-firm-oiltanking-paralyzed-by-cyber-attack/ Rupert Murdoch's News Corp hit by cyberattack it says was from China https://www.businessinsider.com/news-corp-cyberattack-suspect-china-wsj-2022-2 UK Snack Company Hit by Ransomware Attack, Which Could Cause Delivery Delays https://www.databreaches.net/uk-snack-company-hit-by-ransomware-attack-which-could-cause-delivery-delays/ Kronos Still Dragging Itself Back From Ransomware Hell https://threatpost.com/kronos-dragging-itself-back-ransomware-hell/178213/ Follow-ups and fall-out: Yes, the Equifax data breach settlement email and website are real https://www.databreaches.net/yes-the-equifax-data-breach-settlement-email-and-website-are-real/ Rhode Island attorney general subpoenas RIPTA, UnitedHealthcare over data breach https://www.databreaches.net/rhode-island-attorney-general-subpoenas-ripta-unitedhealthcare-over-data-breach/ UK: Statement on an agreement reached between Somerset Bridge Insurance Services Limited and the ICO https://www.databreaches.net/uk-statement-on-an-agreement-reached-between-somerset-bridge-insurance-services-limited-and-the-ico/ Can Data Breaches Be Good For Some Corporate Brands? https://www.databreaches.net/can-data-breaches-be-good-for-some-corporate-brands/ Privacy Articles about privacy related news, risks, and trends. Researchers use GPU fingerprinting to track users online https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/ What To Do To Delete The Scary Amount Of Data Google Has On You https://packetstormsecurity.com/news/view/33056/What-To-Do-To-Delete-The-Scary-Amount-Of-Data-Google-Has-On-You.html Welcome to the Burner Phone Olympics https://www.wired.com/story/winter-olympics-2022-phones-security Laws, Regulations, Platforms, Standards, and Public Policy News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest. Canada: Not Ready for Prime Time: Why Bill C-11 Leaves the Door Open to CRTC Regulation of User Generated Content https://www.michaelgeist.ca/2022/02/not-ready-for-prime-time/ Liberals say new online streaming bill won't hurt free speech — but some remain skeptical https://globalnews.ca/news/8592505/online-streaming-bill-c-11-free-speech/ Time to Hit the Reset Button: Canadian Heritage Releases “What We Heard” Report on Online Harms Consultation https://www.michaelgeist.ca/2022/02/time-to-hit-the-reset-button-canadian-heritage-releases-what-we-heard-report-on-online-harms-consultation/ The Law Bytes Podcast, Episode 115: Reuven Avi-Yonah on the Past, Present and Future of Digital Services Taxes https://www.michaelgeist.ca/2022/01/law-bytes-podcast-episode-115/ US: The EARN IT Act Is Back https://www.schneier.com/blog/archives/2022/02/the-earn-it-act-is-back.html It's Back: Senators Want EARN IT Bill to Scan All Online Messages https://www.eff.org/deeplinks/2022/02/its-back-senators-want-earn-it-bill-scan-all-online-messages DHS Launches Cyber Safety Review Board to Analyze Major Vulnerability Events https://www.darkreading.com/vulnerabilities-threats/cyber-safety-review-board-to-analyze-major-vulnerability-events Podcast Episode: Saving Podcasts from a Patent Troll https://www.eff.org/deeplinks/2022/01/podcast-episode-saving-podcasts-patent-troll Nike Suing Retailer Selling Sneaker NFTs https://www.pymnts.com/news/retail/2022/nike-suing-retailer-selling-sneaker-nfts/ Tell the Copyright Office Who Is Really Affected by Filters https://www.eff.org/deeplinks/2022/02/tell-copyright-office-who-really-affected-filters World: Privacy Shield: EU citizens might get right to challenge US access to their data https://www.theregister.com/2022/02/03/privacy_shield_progress/ Google Faces New Antitrust Law in Europe https://www.nytimes.com/2022/02/02/technology/google-seznam-antitrust-czech-republic.html Israeli Lawyer, Hungarian Rights Group Target Pegasus Spyware https://www.securityweek.com/israeli-lawyer-hungarian-rights-group-target-pegasus-spyware Standards News: NIST Issues Guidance on Software, IoT Security and Labeling: Executive Order https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/software-supply-chain-security-guidance Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities https://csrc.nist.gov/publications/detail/sp/800-218/final Consumer Cybersecurity Labeling Pilots: The Approach and Contributions https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/consumer-cybersecurity-labeling-pilots-approach Recommended Criteria for Cybersecurity Labeling of Consumer Software https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.02042022-1.pdf Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.02042022-2.pdf NIST Special Publication 1800-32 Securing Distributed Energy Resources: An Example Solution of Industrial Internet of Things Cybersecurity https://www.nccoe.nist.gov/energy/securing-distributed-energy-resources REMINDER | National Vulnerability Database (NVD) API Keys are NOW Available https://nvd.nist.gov/developers/request-an-api-key Defense / Techniques / Solutions Covering developments and opportunities that may help improve security. Vulnerability Remediation: It's Not Just Patching https://blog.qualys.com/product-tech/2022/02/01/vulnerability-remediation-its-not-just-patching Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities https://threatpost.com/living-off-the-land-malicious-use-legitimate-utilities/177762/ HOW TO BECOME AN (ISC)² VOLUNTEER AND MAKE A DIFFERENCE IN THE CYBERSECURITY COMMUNITY https://blog.isc2.org/isc2_blog/2022/01/how-to-become-an-isc%C2%B2-volunteer.html Projects I Support https://scotthelme.co.uk/projects-i-support/ 2022 Information Controls Fellowship Program https://citizenlab.ca/2022/01/2022-information-controls-fellowship-program/ Secure Web Browsers Tackle Ransomware, Insider Threat in Enterprises https://www.darkreading.com/emerging-tech/secure-web-browsers-tackle-ransomware-insider-threat-in-enterprises Firefox's anti-tracking feature adds per-account VPN for more privacy https://www.theverge.com/2022/2/2/22914078/mozilla-vpn-multi-account-containers-add-on DevSecOps for Databases: Data Masking, Cloud Backup, WAF and More https://www.datex.ca/blog/devsecops-for-databases-data-masking-cloud-backup-waf-and-more NortonLifeLock Introduces Social Media Monitoring https://www.darkreading.com/endpoint/nortonlifelock-introduces-social-media-monitoring Bugs / Design Flaws / Vulnerabilities / Research Articles about newly discovered vulnerabilities and research. Other Zero-day news: Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users https://thehackernews.com/2022/02/hackers-exploited-0-day-vulnerability.html Other Vulnerabilities: CISA adds 8 vulnerabilities to list of actively exploited bugs https://www.bleepingcomputer.com/news/security/cisa-adds-8-vulnerabilities-to-list-of-actively-exploited-bugs/ CISA issues advisory warning of critical vulnerabilities in Airspan Networks Mimosa https://www.zdnet.com/article/cisa-issues-advisory-warning-of-critical-vulnerabilities-in-airspan-networks-mimosa ‘Long Live Log4Shell': CVE-2021-44228 Not Dead Yet https://threatpost.com/log4shell-cve-2021-44228/178225/ UEFI firmware vulnerabilities affect at least 25 computer vendors https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/ CVE-2022-20699, CVE-2022-20700, CVE-2022-20708: Critical Flaws in Cisco Small Business RV Series Routers https://www.tenable.com/blog/cve-2022-20699-cve-2022-20700-cve-2022-20708-critical-flaws-in-cisco-small-business-rv-series ESET antivirus bug let attackers gain Windows SYSTEM privileges https://www.bleepingcomputer.com/news/microsoft/eset-antivirus-bug-let-attackers-gain-windows-system-privileges/ DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off https://www.theregister.com/2022/02/02/dmca_com_live_xss_flaw/ OpenSSF Alpha-Omega Project Tackles Supply Chain Security https://www.securityweek.com/openssf-alpha-omega-project-tackles-supply-chain-security Supply-Chain Security Is Not a Problem…It's a Predicament https://threatpost.com/supply-chain-security-predicament/178166/ Worried about occasional npm malware scares? It's more common than you may think https://www.theregister.com/2022/02/03/npm_malware_report/ New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks https://thehackernews.com/2022/01/new-suremdm-vulnerabilities-could.html Microsoft disables MSIX protocol handler abused in Emotet attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-msix-protocol-handler-abused-in-emotet-attacks/ Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam https://thehackernews.com/2022/01/apple-pays-100500-bounty-to-hacker-who.html Security Through Obscurity. It Doesn't Work. https://blog.isc2.org/isc2_blog/2022/02/security-through-obscurity-it-doesnt-work.html Finding Vulnerabilities in Open Source Projects https://www.schneier.com/blog/archives/2022/02/finding-vulnerabilities-in-open-source-projects.html Walmart Dissects New 'Sugar' Ransomware https://www.securityweek.com/walmart-dissects-new-sugar-ransomware Patching: CISA Adds Recent iOS, SonicWall Vulnerabilities to 'Must Patch' List https://www.securityweek.com/cisa-adds-recent-ios-sonicwall-vulnerabilities-must-patch-list CISA orders federal agencies to patch actively exploited Windows bug https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-actively-exploited-windows-bug/ Samba Patches Critical Flaws That Earned Researchers Big Rewards https://www.securityweek.com/samba-patches-critical-flaws-earned-researchers-big-rewards Twelve-Year-Old Linux Vulnerability Discovered and Patched https://www.schneier.com/blog/archives/2022/01/twelve-year-old-linux-vulnerability-discovered-and-patched.html Cryptography and Cryptographic Research: Development of Cryptography since Shannon, by Funda Özdemir and Çetin Kaya Koç https://eprint.iacr.org/2022/100 Rocca: An Efficient AES-based Encryption Scheme for Beyond 5G (Full version), by Kosei Sakamoto and Fukang Liu and Yuto Nakano and Shinsaku Kiyomoto and Takanori Isobe https://eprint.iacr.org/2022/116 Hacking / Malware / Cybercrime / Exploitation News covering active trends, alerts, events. Trends, Alerts, and Events (other than major breaches): MFA adoption pushes phishing actors to reverse-proxy solutions https://www.bleepingcomputer.com/news/security/mfa-adoption-pushes-phishing-actors-to-reverse-proxy-solutions/ Phishing kits' use of man-in-the-middle reverse proxies is growing, warns Proofpoint https://www.theregister.com/2022/02/03/proofpoint_mitm_reverse_proxies/ FBI shares Lockbit ransomware technical details, defense tips https://www.bleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tips/ FBI warns of 2022 Beijing Olympics cyberattack, privacy risks https://www.bleepingcomputer.com/news/security/fbi-warns-of-2022-beijing-olympics-cyberattack-privacy-risks/ Beware of phishing scams offering packages, refunds, or rebates https://toronto.ctvnews.ca/beware-of-phishing-scams-offering-packages-refunds-or-rebates-1.5762062 How Phishers Are Slinking Their Links Into LinkedIn https://krebsonsecurity.com/2022/02/how-phishers-are-slinking-their-links-into-linkedin/ Mac Malware-Dropping Adware Gets More Dangerous https://www.darkreading.com/vulnerabilities-threats/mac-malware-dropping-adware-gets-more-dangerous New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software https://thehackernews.com/2022/02/new-seo-poisoning-campaign-distributing.html SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems https://thehackernews.com/2022/02/solarmarker-malware-uses-novel.html The evolution of a Mac trojan: UpdateAgent's progression https://www.microsoft.com/security/blog/2022/02/02/the-evolution-of-a-mac-trojan-updateagents-progression/ Be careful with RPMSG files, (Mon, Jan 31st) https://isc.sans.edu/diary/rss/28292 Reasons Why Every Business is a Target of DDoS Attacks https://thehackernews.com/2022/01/reasons-why-every-business-is-target-of.html Nation State Actors: A lone hacker on a revenge mission says he is the one who keeps turning off North Korea's internet https://www.businessinsider.com/lone-hacker-claims-responsibility-for-turning-off-north-koreas-internet-2022-2 FBI says more cyber attacks come from China than everywhere else combined https://www.theregister.com/2022/02/03/fbi_china_threat_to_usa/ New Malware Used by SolarWinds Attackers Went Undetected for Years https://thehackernews.com/2022/02/new-malware-used-by-solarwinds.html Finnish Diplomats Targeted by Pegasus Spyware: Ministry https://www.securityweek.com/finnish-diplomats-targeted-pegasus-spyware-ministry iPhone Flaw Exploited By Second Israeli Spy Firm https://packetstormsecurity.com/news/view/33067/iPhone-Flaw-Exploited-By-Second-Israeli-Spy-Firm.html ACTINIUM targets Ukrainian organizations https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/ Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users https://thehackernews.com/2022/01/researchers-uncover-new-iranian-hacking.html State hackers' new malware helped them stay undetected for 250 days https://www.bleepingcomputer.com/news/security/state-hackers-new-malware-helped-them-stay-undetected-for-250-days/ Crime & Arrests, etc.: FTC: Americans lost $770 million from social media fraud surge https://www.bleepingcomputer.com/news/security/ftc-americans-lost-770-million-from-social-media-fraud-surge/ Landmark research shows increase in online sex blackmailing during pandemic https://scienmag.com/landmark-research-shows-increase-in-online-sex-blackmailing-during-pandemic/ Hackers Move $3.55B Worth of Bitcoin From 2016 Bitfinex Hack https://www.databreaches.net/hackers-move-3-55b-worth-of-bitcoin-from-2016-bitfinex-hack/ ‘Catfishing on a whole other level': the shocking story of the Tinder Swindler https://www.theguardian.com/film/2022/feb/02/tinder-swindler-netflix-documentary-simon-leviev That's a signature move: How $320m in Ether was stolen from crypto biz Wormhole https://www.theregister.com/2022/02/04/wormhole_currency_theft/ Wormhole restores stolen $326 million after major crypto bailout https://www.bleepingcomputer.com/news/security/wormhole-restores-stolen-326-million-after-major-crypto-bailout/ DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering https://thehackernews.com/2022/01/deepdotweb-news-site-operator-sentenced.html A tiny DJI drone smuggled its own weight in drugs over the US border wall https://www.theverge.com/2022/2/3/22916246/dji-mini-2-drone-smuggle-meth-us-mexico-border-wall Drugs, weapons 'smuggled to prisoners by drone' https://www.bbc.co.uk/news/world-us-canada-60262715 Catalytic converter thefts already an issue for drivers this year https://globalnews.ca/news/8596619/catalytic-converter-thefts-already-an-issue-2022/ Robbers staged public shootings to distract from Toronto-area jewelry store heists: court video https://toronto.ctvnews.ca/robbers-staged-public-shootings-to-distract-from-toronto-area-jewelry-store-heists-court-video-1.5763726 Other Security / Risk Articles covering other types of risks. Automation is Nice But Don't Replace Your Knowledge, (Tue, Feb 1st) https://isc.sans.edu/diary/rss/28296 Banning Bad Ideas Won't Make Them Go Away https://www.theatlantic.com/ideas/archive/2022/02/south-carolina-education-legislate-bad-ideas/621406/ Me on App Store Monopolies and Security https://www.schneier.com/blog/archives/2022/02/me-on-app-store-monopolies-and-security.html Top US Spy Warns Too Many Government Secrets Harms National Security https://packetstormsecurity.com/news/view/33058/Top-US-Spy-Warns-Too-Many-Government-Secrets-Harms-National-Security.html The Reason Putin Would Risk War https://www.theatlantic.com/ideas/archive/2022/02/putin-ukraine-democracy/621465/ The Atlantic Daily: People Really, Really Hate the Future of the Internet https://www.theatlantic.com/newsletters/archive/2022/02/future-of-crypto-nft-web3/621504/ The Collateral Damage of Facebook's Flops https://www.nytimes.com/2022/02/01/technology/facebook-experiments.html Interview with the Head of the NSA's Research Directorate https://www.schneier.com/blog/archives/2022/02/interview-with-the-head-of-the-nsas-research-directorate.html Meet the NSA spies shaping the future https://www.technologyreview.com/2022/02/01/1044561/meet-the-nsa-spies-shaping-the-future/ US carriers want to junk three times more Chinese comms kit than planned https://www.theregister.com/2022/02/07/secure_and_trusted_communications_reimbursement_program_overrun/ Air Force Taps Clearview AI to Research Face-Identifying A.R. Glasses https://www.nytimes.com/2022/02/03/technology/air-force-clearview-ai-glasses.html Apple's Face ID with a Mask works so well, it might end password purgatory https://www.theverge.com/2022/2/2/22912677/apple-face-id-mask-update-ios-15-4-beta-hands-on-impressions DeepMind AI rivals average human competitive coder https://www.bbc.co.uk/news/technology-60231058 Google has lost 2 ethical AI researchers to a research institute founded by ousted colleague Timnit Gebru https://www.businessinsider.com/two-google-researchers-quit-to-join-timnit-gebru-ethical-ai-2022-2 Canada lost 200K jobs in January amid Omicron-driven shutdowns https://globalnews.ca/news/8594594/canada-jobs-january-omicron-lockdowns/ One in three Canadians struggles with non-mortgage debts, Credit Counselling Society says https://globalnews.ca/news/8593839/canadians-non-mortgage-debt/ Toronto considers new tax for homeowners to help curb soaring house prices https://toronto.ctvnews.ca/toronto-considers-new-tax-for-homeowners-to-help-curb-soaring-house-prices-1.5763407 Economist Mohamed El-Erian warns more wild volatility in stocks is likely, and sets out two overlooked factors driving the swings https://markets.businessinsider.com/news/stocks/mohamed-el-erian-stocks-volatility-selloff-federal-reserve-liquidity-etfs-2022-2 Facebook's user numbers shrunk for the first time in its history https://www.businessinsider.com/meta-facebook-user-numbers-shrink-first-time-ever-2022-2 Health, Safety & Environment: COVID-19: Canadian Blood Services makes urgent call for donors to replenish the supply depleted during Omicron https://globalnews.ca/news/8584437/covid-19-canadian-blood-services-makes-urgent-call-for-donors-to-replenish-the-supply-depleted-during-omicron/ Hospitals Can't Accept This as ‘Normal' https://www.theatlantic.com/health/archive/2022/02/omicron-surge-hospital-chicago/621455/ The myth of a 'super-charged' immune system https://www.bbc.co.uk/news/health-60171592 Five Lessons Humans must Learn to Defeat Pandemics https://www.horsesforsources.com/5-lessons-pandemics_020322 The Lancet: Over 1.2 million additional opioid overdose deaths expected in North America by 2029, with epidemic set to expand globally, experts warn https://scienmag.com/the-lancet-over-1-2-million-additional-opioid-overdose-deaths-expected-in-north-america-by-2029-with-epidemic-set-to-expand-globally-experts-warn/ An aggressive HIV variant silently spread in the Netherlands for 2 decades — a cautionary tale for the current pandemic https://www.businessinsider.com/lethal-hiv-variant-spreading-decades-netherlands-2022-2 Avian Flu detected in geese on hobby farm outside Halifax, owner ‘devastated' https://globalnews.ca/news/8584192/avian-flu-detected-in-geese-on-hobby-farm-outside-halifax-owner-devastated/ Mysterious 'Havana Syndrome' may be attacks caused by targeted electromagnetic pulses, US intel report says https://www.businessinsider.com/havana-syndrome-may-caused-electromagnetic-attack-us-intelligence-report-2022-2 Mosquitoes are seeing red: These new findings about their vision could help you hide from these disease vectors https://scienmag.com/mosquitoes-are-seeing-red-these-new-findings-about-their-vision-could-help-you-hide-from-these-disease-vectors/ Illinois research reveals cadmium's route into chocolate https://scienmag.com/illinois-research-reveals-cadmiums-route-into-chocolate/ A Cosmic Airburst May Have Devastated a Vast Native American Culture 1,500 Years Ago https://www.sciencealert.com/a-near-earth-comet-may-have-destroyed-a-north-american-culture-1-500-years-ago Smoke detectors have a life expectancy. A Nova Scotia family is sounding the alarm https://www.cbc.ca/news/canada/nova-scotia/fire-related-deaths-nova-scotia-1.6331334 SpaceX aborts rocket mission 33 seconds before launch after a cruise liner sailed close to the launch site https://www.businessinsider.com/spacex-aborts-rocket-launch-seconds-cruise-liner-sails-hazard-zone-2022-1 Tesla owners report dozens of instances of ‘phantom braking' https://www.theverge.com/2022/2/2/22914236/tesla-phantom-braking-complaints-nhtsa-fsd Tesla Recalls Cars With Full Self-Driving to Prevent Rolling Stops https://www.nytimes.com/2022/02/01/business/tesla-recall.html 13,000 Years Ago, a Firestorm Covered 10% of Earth's Surface, Triggering an Ice Age https://www.sciencealert.com/a-firestorm-bigger-than-the-one-that-killed-the-dinosaurs-triggered-an-ice-age-13-000-years-ago Almost 500-mile-long lightning bolt crossed three US states https://www.bbc.co.uk/news/world-us-canada-60221521 Almost No Coral Reefs in The World Will Be Safe at 1.5°C Warming, Scientists Warn https://www.sciencealert.com/study-warns-safe-havens-for-coral-reefs-will-be-almost-non-existent-at-1-5-c-warming Extreme marine heat has become the “new normal”, in analysis of data from 1870 onwards – with 57% of the ocean surface recording 2019 temperatures once considered extreme https://scienmag.com/extreme-marine-heat-has-become-the-new-normal-in-analysis-of-data-from-1870-onwards-with-57-of-the-ocean-surface-recording-2019-temperatures-once-considered-extreme/ Flowers in The UK Are Blooming a Whole Month Earlier Than They Did in The 1980s https://www.sciencealert.com/flowers-are-blooming-a-whole-month-earlier-in-britain-than-they-did-in-the-early-80s Global Covid response generating masses of waste, WHO says https://www.bbc.co.uk/news/world-60214689 Crows trained to clean up cigarette butts on Swedish streets https://globalnews.ca/news/8586599/crows-cigarette-butts-sweden/ Game-changing technology to remove 99% of carbon dioxide from air https://scienmag.com/game-changing-technology-to-remove-99-of-carbon-dioxide-from-air/ How to Destroy 'Forever Chemicals' https://www.scientificamerican.com/article/how-to-destroy-forever-chemicals/ Satellites and light reflections help spot costal plastic waste https://scienmag.com/satellites-and-light-reflections-help-spot-costal-plastic-waste/ Researchers mystified after Canada goose tagged in B.C. is spotted almost 3,000 km away in Chicago https://www.cbc.ca/news/canada/british-columbia/bc-canada-goose-chicago-1.6334676 We Almost Forgot About the Moon Trees https://www.theatlantic.com/science/archive/2022/01/nasa-moon-trees-apollo/621395/ COVID-19 updates. COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147. The spread, curves, spikes, waves, reinfection, and variant strains: ‘Shouldn't be happening': WHO tracking ‘worrying' increase in deaths as Omicron surges https://globalnews.ca/news/8585718/who-omicron-cases-when-to-lift-restrictions/ BA.2 subvariant harder to identify than original Omicron strain, WHO says https://globalnews.ca/news/8592197/ba2-harder-to-identify-original-omicron-who/ ‘Deltacron' danger: Name of presumed hybrid fuels panic, experts say https://globalnews.ca/news/8578002/covid-deltacron-hybrid-panic/ Researchers use mobile device data to predict COVID-19 outbreaks https://scienmag.com/researchers-use-mobile-device-data-to-predict-covid-19-outbreaks/ 46% of people who felt well enough to work 5 days after COVID were likely still infectious, study finds https://www.businessinsider.com/46-still-likely-contagious-5-days-felt-ok-study-2022-2 WHO calls for stronger China collaboration on COVID-19 origins https://globalnews.ca/news/8597673/who-china-covid-origins/ Guidance, Response, and Recovery: Legal “sunset clauses” should be used to limit use of covid certificates to current pandemic https://scienmag.com/legal-sunset-clauses-should-be-used-to-limit-use-of-covid-certificates-to-current-pandemic/ 'Frustration is real' Ontario politicians agree on eliminating COVID-19 lockdowns https://toronto.ctvnews.ca/frustration-is-real-ontario-politicians-agree-on-eliminating-covid-19-lockdowns-1.5761605 'Hopefully this is the last time': Ontario businesses reopen with cautious optimism https://toronto.ctvnews.ca/hopefully-this-is-the-last-time-ontario-businesses-reopen-with-cautious-optimism-1.5761034 How Denmark Decided COVID Isn't a Critical Threat to Society https://www.theatlantic.com/ideas/archive/2022/02/denmark-covid-restrictions/621482/ COVID-19: Quebec premier drops plan to tax people who are unvaccinated https://globalnews.ca/news/8585595/covid-19-quebec-premier-drops-plan-to-tax-people-who-are-unvaccinated/ COVID-19: Saskatchewan business owners wonder how no proof of vaccine will affect business https://globalnews.ca/news/8587554/covid-19-saskatchewan-business-owners-proof-vaccine/ Treatments, Testing, Triage, Trials, and things we Learned: CNIO researchers identify drugs potentially capable of reducing the mortality of COVID-19 https://scienmag.com/cnio-researchers-identify-drugs-potentially-capable-of-reducing-the-mortality-of-covid-19/ Researchers develop molecular traps to target SARS-CoV-2 https://scienmag.com/researchers-develop-molecular-traps-to-target-sars-cov-2/ Things we learned: Small group of genetic variants found in extremely ill patients with COVID may help explain big differences in how sick people get https://scienmag.com/small-group-of-genetic-variants-found-in-extremely-ill-patients-with-covid-may-help-explain-big-differences-in-how-sick-people-get/ More of the good, the bad, and the ugly: ‘Sham' coronavirus testing company gave people false results as samples piled up in trash bags, lawsuit claims https://www.washingtonpost.com/nation/2022/02/02/washington-sues-testing-company-center-for-covid-control/ Ottawa declares state of emergency over Canadian trucker protests that have blockaded the city for 10 days https://www.businessinsider.com/ottawa-state-of-emergency-canadian-trucker-protests-feedom-convoy-2022-2 Ottawa police issue more than 450 tickets in connection with anti-mandate protests https://globalnews.ca/news/8598918/ottawa-police-tickets-anti-mandate-protests/ Ottawa police vow ‘surge and contain' response to trucker convoy ‘occupation' https://globalnews.ca/news/8594689/ottawa-trucker-convoy-plan-to-end/ Ottawa police, city lawyers considering court order to end convoy protests https://www.ctvnews.ca/canada/ottawa-police-city-lawyers-considering-court-order-to-end-convoy-protests-1.5764263 This is what Toronto's anti-mandate protests looked like https://toronto.ctvnews.ca/this-is-what-toronto-s-anti-mandate-protests-looked-like-1.5769598 Toronto hospitals suggest that staff wear plainclothes when coming into work due to weekend 'Freedom Convoy' https://toronto.ctvnews.ca/toronto-hospitals-suggest-that-staff-wear-plainclothes-when-coming-into-work-due-to-weekend-freedom-convoy-1.5766916 Man arrested after allegedly throwing feces at another person during Toronto convoy protest https://toronto.ctvnews.ca/man-arrested-after-allegedly-throwing-feces-at-another-person-during-toronto-convoy-protest-1.5770126 Trucker convoy in Ottawa faces lawsuit worth $10M: ‘excruciatingly loud' https://globalnews.ca/news/8596707/trucker-convoy-ottawa-lawsuit/ Off-Topic / Science & Tech / Lighter Side A variety of scientific, technical, historical, and more light-hearted news. Innovations & Inventions: Math That Helped Solve Fermat's Theorem Now Safeguards the Digital World https://www.nytimes.com/2022/01/31/science/fermat-elliptic-curves-encryption.html A new method for quantum computing https://scienmag.com/a-new-method-for-quantum-computing/ Electric Porsche breaks battery record by driving from LA to New York with just 2.5 hours of charge https://www.independent.co.uk/life-style/gadgets-and-tech/electric-car-battery-record-porsche-b2004169.html Recycled Lithium-Ion Batteries Can Perform Better Than New Ones https://www.scientificamerican.com/article/recycled-lithium-ion-batteries-can-perform-better-than-new-ones/ U.S. Project Reaches Major Milestone toward Practical Fusion Power https://www.scientificamerican.com/article/u-s-project-reaches-major-milestone-toward-practical-fusion-power/ A Chinese Space Tug Just Grappled a Dead Satellite https://www.universetoday.com/154338/a-chinese-space-tug-just-grappled-a-dead-satellite/ Finally, a Practical use for Space-Based Power Beaming. Sending Power to Satellites in Shade https://www.universetoday.com/154353/finally-a-practical-use-for-space-based-power-beaming-sending-power-to-satellites-in-shade/ Other: More than half of her class had never seen snow. So a Florida teacher got her sister to ship her a snowman. https://www.washingtonpost.com/nation/2022/02/01/florida-teacher-snowman-kentucky/ AI-generated Valentine's Cards https://www.aiweirdness.com/ai-generated-valentines-cards/ and https://www.aiweirdness.com/bonus-more-ai-generated-valentine-cards/ XKCD's Randall Munroe announces What If? 2, with more scientific answers to life's most absurd hypothetical questions https://www.theverge.com/2022/1/31/22910603/xkcd-randall-munroe-what-if-2-book-annoucement-release-date Shackleton's Endurance: The impossible search for the greatest shipwreck https://www.bbc.co.uk/news/science-environment-60239105 Astronomers Finally Find a Second Asteroid in Earth's Trojan Belt https://www.universetoday.com/154348/astronomers-finally-find-a-second-asteroid-in-earths-trojan-belt/ NASA Details Its Plan for the End of the International Space Station in 2031 https://www.universetoday.com/154375/nasa-details-its-plan-for-the-end-of-the-international-space-station-in-2031/ The Space Shuttle was Originally Hoped to be a Fully Reusable two-Stage Rocket https://www.universetoday.com/154381/the-space-shuttle-was-originally-hoped-to-be-a-fully-reusable-two-stage-rocket/ Our Solar System in True Color Is Really Something Else https://www.theatlantic.com/science/archive/2022/02/venus-true-color-solar-system/621460/ The Atmosphere of This Extreme Exoplanet Has an Intriguing Similarity to Earth https://www.sciencealert.com/the-atmosphere-of-this-extreme-exoplanet-has-an-intriguing-similarity-to-earth-s Astronomers find the first rogue black hole wandering the Milky Way! https://www.syfy.com/syfy-wire/bad-astronomy-first-rogue-black-hole-ever-found
COVID-19 [in]security cryptography bluetooth Log4shell This Week's [in]Security - Issue 249 Welcome to This Week’s [in]Security. Skimmers, Training, Payments. Big-Hacks: Log4shell, EOL impediments, prevention, Log4-like vulns. New breaches: DatPiff,... CG Blogger Read More
[in]security Bill S-210 Bill C11 CIA This Week's [in]Security - Issue 254 | insecurity | Control Gap Welcome to This Week’s [in]Security. PCI and payments: PCI updates, Skimmers, Carders, Payments, Training & events. New breaches, New Ransomware: insurance, decryptor,... CG Blogger Read More
