[in]security Bill S-210 Bill C11 CIA This Week's [in]Security - Issue 254 | insecurity | Control Gap CG Blogger Share this blog post on Twitter Share this blog post on Facebook Share this blog post on LinkedIn Welcome to This Week’s [in]Security. PCI and payments: PCI updates, Skimmers, Carders, Payments, Training & events. New breaches, New Ransomware: insurance, decryptor, 49ers, Swissport. Major outages: Vodaphone. Follow-ups & Fall-out: IHS, Inmediata. Privacy: CIA, Canada, health sites, ID.me, AirTags. Laws & Regs - Canada: Bills C-11 & S-210. US: EARN IT, Facebook, Ohio. World: Cambridge, EU data sharing, Google Analytics, Consent spam, QWACs, Israel, Hacking Jamaica. Standards: NIST. Defense: 2FA, data retention liability, Shift-Left, trust, IoT audit, AI, Multiple Microsoft, deniable data! Vulnerabilities, Zerodays: Project Zero, Apple, Other Vulnerabilities: metrics, supply chains, Mozilla, PHP/Wordpress, Mazda, Bounties. Patching: 3 CISA alerts, android, Windows, SAP. Adobe, ECC vs quantum crypto. Cybercrime: Trends: IOCs, Modified Elephant, old tactics, Nation States and mercenaries. Crime & Enforcement; $4.5B, SIMs. romance, Other Risks: Spycraft, Chip errors, Chinese tech, Blockchain myths, Disinformation, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Covid Compliance. Innovation and more. PCI Compliance and Payments News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance. New PCI Documents: Participating Organization Name Change Application https://www.pcisecuritystandards.org/documents/Participating_Organization_Simple_Name_Change_Form_ext.pdf Payment skimmers/malware/fraud: Hundreds of e-commerce sites booby-trapped with payment card skimming malware https://arstechnica.com/information-technology/2022/02/hundreds-of-e-commerce-sites-booby-trapped-with-payment-card-skimming-malware/ Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html Russia arrests third hacking group, seizes carding forums https://www.bleepingcomputer.com/news/security/russia-arrests-third-hacking-group-seizes-carding-forums/ Russian Govt. Continues Carding Shop Crackdown https://krebsonsecurity.com/2022/02/russian-govt-continues-carding-shop-crackdown/ Other payment related: The Death of Cash https://www.businessinsider.com/2-11-2022-death-of-cash-report TSYS On Fraud-Fighting FinTech Trends In 2022 And Beyond https://www.pymnts.com/fraud-prevention/2022/tsys-on-fraud-fighting-fintech-trends-in-2022-and-beyond/ Educational events, webinars, courses, etc: Online CISSP Exam Coming Soon https://blog.isc2.org/isc2_blog/2022/02/online-cissp-exam-coming-soon.html Breaches / Ransomware / Leaks Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout. New Breaches: Data Breaches Remain a Nettlesome Problem, Especially for U.S. Companies https://www.digitaltransactions.net/%ef%bf%bcdata-breaches-remain-a-nettlesome-problem-especially-for-u-s-companies/ Puma hit by data breach after Kronos ransomware attack https://www.bleepingcomputer.com/news/security/puma-hit-by-data-breach-after-kronos-ransomware-attack/ Ransomware crew dumps stolen Optionis files online https://www.theregister.com/2022/02/11/optionis_stolen_data/ National Math and Science Initiative notifies more than 190,000 of data security incident https://www.databreaches.net/national-math-and-science-initiative-notifies-more-than-190000-of-data-security-incident/ HK: Harbour Plaza Hotel customers warned over data leak https://www.databreaches.net/hk-harbour-plaza-hotel-customers-warned-over-data-leak/ Illinois Housing Development Authority addresses data breach https://www.databreaches.net/illinois-housing-development-authority-addresses-data-breach/ Information for over 6,000 Memorial Hermann patients accessed in business associate's security breach https://www.databreaches.net/information-for-over-6000-memorial-hermann-patients-accessed-in-business-associates-security-breach/ Military sexual misconduct class action members' details accidentally released https://globalnews.ca/news/8607889/military-sexual-misconduct-class-action-privacy-breach/ DPD Group parcel tracking flaw may have exposed customer data https://www.bleepingcomputer.com/news/security/dpd-group-parcel-tracking-flaw-may-have-exposed-customer-data/ New Ransomware and "Incidents": Law Enforcement Blowback, Cyber Insurance Renewals Powering Anti-Ransomware Success https://www.securityweek.com/law-enforcement-blowback-cyber-insurance-renewals-powering-anti-ransomware-success Ransomware Reaches Beyond Money With More Sinister Goals https://www.pymnts.com/cybersecurity/2022/ransomware-reaches-beyond-money-with-more-sinister-goals/ Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares https://threatpost.com/decryptor-keys-maze-egregor-sekhmet-ransomwares/178363/ San Francisco 49ers confirm ransomware attack https://www.databreaches.net/san-francisco-49ers-confirm-ransomware-attack/ Swissport ransomware attack leads to flight delays https://www.databreaches.net/swissport-ransomware-attack-leads-to-flight-delays/ Major outages/downs: UK Foreign Office target of 'serious cyber incident' https://www.bbc.co.uk/news/technology-60309335 Cyberattack brings down Vodafone Portugal mobile, voice, and TV services https://www.databreaches.net/cyberattack-brings-down-vodafone-portugal-mobile-voice-and-tv-services/ Follow-ups and fall-out: On the Irish Health Services Executive Hack https://www.schneier.com/blog/archives/2022/02/on-the-irish-health-services-executive-hack.html Inmediata Data Breach $1.1M Class Action Settlement https://www.databreaches.net/inmediata-data-breach-1-1m-class-action-settlement/ Privacy Articles about privacy related news, risks, and trends. Senators: CIA Has Secret Program That Collects American Data https://www.securityweek.com/senators-cia-has-secret-program-collects-american-data We Need Answers About the CIA's Mass Surveillance https://www.eff.org/deeplinks/2022/02/we-need-answers-about-cias-mass-surveillance Privacy commissioner: Few realized the government was tracking their pandemic movements https://nationalpost.com/news/politics/privacy-commissioner-public-health-agency-of-canada-cellphone-location-data Health sites let ads track visitors without telling them https://arstechnica.com/information-technology/2022/02/health-sites-let-ads-track-visitors-without-telling-them/ IRS To Ditch Biometric Requirement for Online Access https://krebsonsecurity.com/2022/02/irs-to-ditch-biometric-requirement-for-online-access/ Victory! ID.me to Drop Facial Recognition Requirement for Government Services https://www.eff.org/deeplinks/2022/02/victory-irs-wont-require-facial-recognition-idme Feds are still using ID.me to scan your face — and human reviewers can't keep up https://www.theverge.com/2022/2/11/22928082/id-me-irs-facial-recognition-overworked-employees Are You Being Tracked by an AirTag? Here's How to Check https://www.wired.com/story/how-to-find-airtags I Used Apple AirTags, Tiles and a GPS Tracker to Watch My Husband's Every Move https://www.nytimes.com/2022/02/11/technology/airtags-gps-surveillance.html Google's Privacy Sandbox ad-tracking overhaul clears major regulatory hurdle https://www.theverge.com/2022/2/11/22814204/google-chrome-third-party-cookies-privacy-sandbox-uk-competition-and-markets-authority-regulator Laws, Regulations, Platforms, Standards, and Public Policy News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest. Canada: The Law Bytes Podcast, Episode 116: Is This Podcast a Program Subject to CRTC Regulation Under Bill C-11? https://www.michaelgeist.ca/2022/02/law-bytes-podcast-episode-116/ Bill C-11's Foundational Faults, Part One: The Nearly Unlimited Global Reach of CRTC Jurisdiction Over Internet Audio-Visual Services https://www.michaelgeist.ca/2022/02/bill-c-11s-foundational-faults-part-one-the-nearly-unlimited-global-reach-of-crtc-jurisdiction-over-internet-audio-visual-services/ Age Verification Requirements for Twitter or Website Blocking for Reddit?: My Appearance on Bill S-210 at the Senate Standing Committee on Legal and Constitutional Affairs https://www.michaelgeist.ca/2022/02/age-verification-requirements-for-twitter-or-website-blocking-for-reddit-my-appearance-on-bill-s-210-at-the-senate-standing-committee-on-legal-and-constitutional-affairs/ US: If EARN IT Passes, What Happens On Your iPhone Won't Stay On Your iPhone https://www.eff.org/deeplinks/2022/02/if-earn-it-passes-what-happens-your-iphone-wont-stay-your-iphone Key Senators Have Voted For The Anti-Encryption EARN IT Act https://www.eff.org/deeplinks/2022/02/key-senators-have-voted-anti-encryption-earn-it-act New algorithm bill could force Facebook to change how the news feed works https://www.theverge.com/2022/2/10/22927472/klobuchar-lummis-algorithm-bill-section-230-misinformation-teenager-mental-health Robots Have No Place Filtering Creative Content, EFF Tells U.S. Copyright Office https://www.eff.org/deeplinks/2022/02/robots-have-no-place-filtering-creative-content-eff-tells-us-copyright-office Ohio: Don't Give Big Tech a Pass On Privacy https://www.eff.org/deeplinks/2022/02/ohio-dont-give-big-tech-pass-privacy World: Facebook appeal over Cambridge Analytica data rejected by Australian court as ‘divorced from reality' https://www.theguardian.com/technology/2022/feb/07/facebook-appeal-over-cambridge-analytica-data-rejected-by-australian-court-as-divorced-from-reality Meta warns it could pull Instagram and Facebook in Europe if it loses a data-sharing ruling https://www.businessinsider.com/meta-could-pull-instagram-facebook-europe-data-sharing-ruling-2022-2 France Rules That Using Google Analytics Violates GDPR Data Protection Law https://thehackernews.com/2022/02/france-rules-that-using-google.html Demand to global brand CEOs: stop unlawful consent spam and delete the data https://www.iccl.ie/news/demand-to-ceos-of-worlds-biggest-advertisers-stop-unlawful-consent-spam-and-delete-the-data/ What the Duck? Why an EU Proposal to Require "QWACs" Will Hurt Internet Security https://www.eff.org/deeplinks/2022/02/what-duck-why-eu-proposal-require-qwacs-will-hurt-internet-security NSO Group: Israel launches inquiry into police hacking claims https://www.bbc.co.uk/news/world-middle-east-60287161 Ethical hackers face tough sanction under Jamaican law https://www.databreaches.net/ethical-hackers-face-tough-sanction-under-jamaican-law/ Standards News: NIST has published NISTIR 8286B, Prioritizing Cybersecurity Risk for Enterprise Risk Management https://csrc.nist.gov/publications/detail/nistir/8286b/final and https://csrc.nist.gov/publications/detail/nistir/8286c/draft CMVP Validation Authority Updates: Second Drafts of NIST SP 800-140C/D Rev. 1 Available for Comment through March 25 https://csrc.nist.gov/publications/detail/sp/800-140c/rev-1/draft and https://csrc.nist.gov/publications/detail/sp/800-140d/rev-1/draft Defense / Techniques / Solutions Covering developments and opportunities that may help improve security. Google account hacks dropped by half after pushing two-step authentication by default https://www.theverge.com/2022/2/8/22923618/google-account-hacks-dropped-half-two-step-authentication T'Mobile: Deleting Stale Data Reduces Liability https://freedom-to-tinker.com/2022/02/10/tmobile-deleting-stale-data-reduces-liability/ What is Shift-Left Testing and What are the Benefits? https://www.imperva.com/blog/what-is-shift-left-testing-and-what-are-the-benefits/ One way to fight the pandemic? Build trust in the government and each other https://www.npr.org/2022/02/06/1078634141/one-way-to-fight-the-pandemic-build-trust-in-the-government-and-each-other IoT/connected Device Discovery and Security Auditing in Corporate Networks https://thehackernews.com/2022/02/iotconnected-device-discovery-and.html Putting AI to Practical Use in Cybersecurity https://www.darkreading.com/emerging-tech/putting-ai-to-practical-use-in-cybersecurity When Multifactor Authentication Is Compromised: Fighting Back With AI https://www.darkreading.com/dr-tech/when-multifactor-authentication-is-compromised-fighting-back-with-ai Google Cloud Gets Virtual Machine Threat Detection https://www.securityweek.com/google-cloud-gets-virtual-machine-threat-detection What's Next in Security from Microsoft https://www.microsoft.com/security/blog/2022/02/10/whats-next-in-security-from-microsoft/ Microsoft to block downloaded VBA macros in Office – you may be able to run 'em anyway https://www.theregister.com/2022/02/08/microsoft_office_default_macro_block/ Microsoft starts killing off WMIC in Windows, will thwart attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-killing-off-wmic-in-windows-will-thwart-attacks/ Detect active network reconnaissance with Microsoft Defender for Endpoint https://www.microsoft.com/security/blog/2022/02/07/detect-active-network-reconnaissance-with-microsoft-defender-for-endpoint/ Microsoft is making it harder to steal Windows passwords from memory https://www.bleepingcomputer.com/news/microsoft/microsoft-is-making-it-harder-to-steal-windows-passwords-from-memory/ Bunnie Huang's Plausibly Deniable Database https://www.schneier.com/blog/archives/2022/02/bunnie-huangs-plausibly-deniable-database.html Bugs / Design Flaws / Vulnerabilities / Research Articles about newly discovered vulnerabilities and research. Other Zero-day news: Google Project Zero: Vendors are now quicker at fixing zero-days https://www.bleepingcomputer.com/news/security/google-project-zero-vendors-are-now-quicker-at-fixing-zero-days/ Apple Patches Actively Exploited WebKit Zero Day https://packetstormsecurity.com/news/view/33095/Apple-Patches-Actively-Exploited-WebKit-Zero-Day.html Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability https://www.theregister.com/2022/02/11/apple_emergency_webkit/ Other Vulnerabilities: Vulnerabilities (metrics) don’t count https://www.csoonline.com/article/3648997/vulnerabilities-dont-count.html DtSR Episode 487 - Software Supply Chain is a BFD http://podcast.wh1t3rabbit.net/dtsr-episode-487-software-supply-chain-is-a-bfd Mozilla fixes Firefox bug letting you get Windows admin privileges https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-bug-letting-you-get-windows-admin-privileges/ Critical Code Execution Flaws Patched in 'PHP Everywhere' WordPress Plugin https://www.securityweek.com/critical-code-execution-flaws-patched-php-everywhere-wordpress-plugin Critical Flaws Expose Mimosa Wireless Broadband Devices to Remote Attacks https://www.securityweek.com/critical-flaws-expose-mimosa-wireless-broadband-devices-remote-attacks Mazda head units are getting bricked by a local NPR station in Seattle https://www.theverge.com/2022/2/9/22925619/mazda-head-units-bricked-npr-seattle-need-ota-updates Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021 https://www.securityweek.com/google-paid-out-87-million-bug-bounty-rewards-2021 ExpressVPN offering $100,000 to first person who hacks its servers https://www.bleepingcomputer.com/news/security/expressvpn-offering-100-000-to-first-person-who-hacks-its-servers/ Patching: CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug https://threatpost.com/cisa-orders-federal-agencies-to-fix-actively-exploited-windows-bug/178270/ CISA orders federal agencies to update iPhones, Macs until Feb 25th https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-update-iphones-macs-until-feb-25th/ CISA urges orgs to patch actively exploited Windows SeriousSAM bug https://www.bleepingcomputer.com/news/security/cisa-urges-orgs-to-patch-actively-exploited-windows-serioussam-bug/ Google fixes remote escalation of privileges bug on Android https://www.bleepingcomputer.com/news/security/google-fixes-remote-escalation-of-privileges-bug-on-android/ Microsoft Patch Tuesday, February 2022 Edition https://krebsonsecurity.com/2022/02/microsoft-patch-tuesday-february-2022-edition/ SAP Patches Severe ‘ICMAD' Bugs https://threatpost.com/sap-patches-severe-icmad-bugs/178344/ Adobe Patches 13 Vulnerabilities in Illustrator https://www.securityweek.com/adobe-patches-13-vulnerabilities-illustrator Log4j: Getting From Stopgap Remedies to Long-Term Solutions https://www.darkreading.com/attacks-breaches/log4j-getting-from-stopgap-remedies-to-long-term-solutions Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer (no time soon) https://www.schneier.com/blog/archives/2022/02/breaking-245-bit-elliptic-curve-encryption-with-a-quantum-computer.html Hacking / Malware / Cybercrime / Exploitation News covering active trends, alerts, events. Trends, Alerts, and Events (other than major breaches): FBI Publishes IOCs for LockBit 2.0 Ransomware Attacks https://www.securityweek.com/fbi-publishes-iocs-lockbit-20-ransomware-attacks CISA Says 'HiveNightmare' Windows Vulnerability Exploited in Attacks https://www.securityweek.com/cisa-says-hivenightmare-windows-vulnerability-exploited-attacks Hacking group 'ModifiedElephant' evaded discovery for a decade https://www.bleepingcomputer.com/news/security/hacking-group-modifiedelephant-evaded-discovery-for-a-decade/ Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers https://thehackernews.com/2022/02/hackers-planted-fake-digital-evidence.html Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks https://www.darkreading.com/attacks-breaches/threat-actors-revive-20-year-old-tactic-in-microsoft-365-phishing-attacks Qbot needs only 30 minutes to steal your credentials, emails https://www.bleepingcomputer.com/news/security/qbot-needs-only-30-minutes-to-steal-your-credentials-emails/ An Insidious Mac Malware Is Growing More Sophisticated https://www.wired.com/story/mac-malware-growing-more-sophisticated 'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns https://thehackernews.com/2022/02/roaming-mantis-android-malware.html Medusa malware ramps up Android SMS phishing attacks https://www.bleepingcomputer.com/news/security/medusa-malware-ramps-up-android-sms-phishing-attacks/ Kimsuki hackers use commodity RATs with custom Gold Dragon malware https://www.bleepingcomputer.com/news/security/kimsuki-hackers-use-commodity-rats-with-custom-gold-dragon-malware/ Example of Cobalt Strike from Emotet infection, (Wed, Feb 9th) https://isc.sans.edu/diary/rss/28318 Nation State Actors: QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug https://threatpost.com/quadream-israeli-spyware-weaponized-iphone-bug/178252/ China Suspected of News Corp Cyberespionage Attack https://threatpost.com/china-suspected-news-corp-cyberespionage/178277/ Russian APT Hackers Used COVID-19 Lures to Target European Diplomats https://thehackernews.com/2022/02/russian-apt-hackers-used-covid-19-lures.html Russian APT Steps Up Malicious Cyber Activity in Ukraine https://www.darkreading.com/attacks-breaches/russian-apt-steps-up-malicious-activity-in-ukraine Lazarus hackers target defense industry with fake Lockheed Martin job offers https://www.zdnet.com/article/lazarus-hackers-target-defense-industry-with-fake-lockheed-martin-job-offers Palestine-Aligned Hackers Use New NimbleMamba Implant in Recent Attacks https://thehackernews.com/2022/02/palestinian-hackers-using-new.html Crime & Arrests, etc.: Crypto Networks Connected to Increase in Reported Fraud https://www.pymnts.com/cryptocurrency/2022/crypto-networks-connected-increase-reported-fraud/ FBI seizes $3.6bn in Bitcoin after New York 'tech couple' arrested over Bitfinex robbery https://www.theregister.com/2022/02/08/bitfinex_arrests_cryptocurrency/ The counterfeit NFT problem is only getting worse https://www.theverge.com/22905295/counterfeit-nft-artist-ripoffs-opensea-deviantart Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Cryptocurrency Stolen from Bitifinex in 2016 https://www.databreaches.net/two-arrested-for-alleged-conspiracy-to-launder-4-5-billion-in-cryptocurrency-stolen-from-bitifinex-in-2016/ FBI Received 1,600 SIM Swapping Complaints in 2021 https://www.securityweek.com/fbi-received-1600-sim-swapping-complaints-2021 Sharp SIM-Swapping Spike Causes $68M In Losses https://packetstormsecurity.com/news/view/33098/Sharp-SIM-Swapping-Spike-Causes-68M-In-Losses.html Spanish police arrest suspects in SIM-swapping ring https://www.zdnet.com/article/spanish-police-arrest-suspects-in-sim-swapping-ring $1.3 billion lost to romance scams in the past five years: FTC https://www.zdnet.com/article/1-3-billion-lost-to-romance-scams-in-the-past-five-years-ftc Canadian Netwalker ransomware crook pleads guilty to million-dollar crimes https://www.theregister.com/2022/02/08/netwalker_ransomware_jailed/ Canadian Hacker Bowser Sentenced To Three Years In Jail For Crimes Against Nintendo https://www.databreaches.net/canadian-hacker-bowser-sentenced-to-three-years-in-jail-for-crimes-against-nintendo/ Secret Service: Home Depot Worker Swapped $388K Cash with Fake Bills https://www.pymnts.com/news/security-and-risk/2022/secret-service-home-depot-worker-swapped-388k-cash-with-fake-bills/ Hacker Who Sold Pirated Video Games Gets More Than 3 Years in Prison https://www.nytimes.com/2022/02/10/technology/nintendo-hacker-gary-bowser.html Other Security / Risk Articles covering other types of risks. Amy Zegart on Spycraft in the Internet Age https://www.schneier.com/blog/archives/2022/02/amy-zegart-on-spycraft-in-the-internet-age.html Chip Errors Are Becoming More Common and Harder to Track Down https://www.nytimes.com/2022/02/07/technology/computer-chips-errors.html America's Chinese Tech Conundrum https://www.nytimes.com/2022/02/08/technology/china-us-tech-policy.html Debunking 4 Myths About Blockchain https://www.pymnts.com/blockchain/2022/debunking-4-myths-about-blockchain/ Cryptocurrency Is Funding Ukraine's Defense—and Its Hacktivists https://www.wired.com/story/ukraine-russia-cryptocurrency-donations-hacktivism Sports Betting Is Ruining More Than Your Bank Account https://www.theatlantic.com/technology/archive/2022/02/sports-betting-super-bowl/622058/ 23 Obsolete (Or Nearly Obsolete) Jobs https://www.mentalfloss.com/article/649701/obsolete-jobs Disinformation and misinformation What's the Harm in Medical Misinformation? https://www.theatlantic.com/newsletters/archive/2022/02/whats-the-harm-in-medical-misinformation/622072/ The Einstein Effect: People Trust Nonsense More if They Think a Scientist Said It https://www.sciencealert.com/the-einstein-effect-people-trust-nonsense-from-scientists-more-than-spiritual-gurus Health, Safety & Environment: No time to exercise? What about THREE SECONDS a day? https://scienmag.com/no-time-to-exercise-what-about-three-seconds-a-day/ Supercomputer helps Canadian researcher uncover thousands of viruses that could cause human diseases https://www.cbc.ca/news/health/supercomputer-virus-study-disease-1.6345158 HIV incidence rising steeply among people who inject drugs in Tijuana https://scienmag.com/hiv-incidence-rising-steeply-among-people-who-inject-drugs-in-tijuana/ Scientists Think They've Unlocked The Secret of Long-Term Lyme Disease Symptoms https://www.sciencealert.com/dead-bacteria-bits-may-be-behind-long-lyme-disease-symptoms Black Death mortality not as widespread as long thought https://scienmag.com/black-death-mortality-not-as-widespread-as-long-thought/ We May Finally Know Where Ebola Hides in The Brain to Emerge Years Later https://www.sciencealert.com/ebola-can-avoid-the-immune-system-for-years-and-primate-brains-reveal-its-hideout Two years into COVID, mental health service access still a problem https://globalnews.ca/news/8600197/covid-mental-health-service-access-problem/ Spinal Implant Enables Paralyzed Man With Severed Spine to Walk Again https://www.sciencealert.com/implant-allows-man-with-severed-spine-to-walk-again How gold nanoparticles can be used to quickly test drinking water for bacteria https://www.cbc.ca/news/canada/nova-scotia/st-fx-researchers-develop-test-to-find-bacteria-in-water-1.6340681 He Donated His Kidney and Received a $13,064 Bill in Return https://www.propublica.org/article/he-was-charged-13-064-for-donating-his-kidney Could Astronauts Hibernate on Long Space Voyages? https://www.universetoday.com/154382/could-astronauts-hibernate-on-long-space-voyages/ SSD prices could spike after Western Digital loses 6.5 billion gigabytes of NAND chips https://www.theverge.com/2022/2/11/22928867/western-digital-nand-flash-storage-contamination Ontario housing task force recommends ways to boost supply https://toronto.ctvnews.ca/ontario-housing-task-force-recommends-ways-to-boost-supply-1.5772386 Austria on high alert after series of deadly avalanches https://www.bbc.co.uk/news/world-europe-60287621 US nuclear power plants contain dangerous counterfeit parts, report finds https://www.theverge.com/2022/2/11/22929255/us-nuclear-power-plants-dangerous-counterfeit-parts-nrc-report Western Australia bushfires threaten lives after record summer heat https://www.bbc.co.uk/news/world-australia-60285018 The Most Extreme 'Rogue Wave' on Record Was Just Confirmed in The North Pacific https://www.sciencealert.com/a-rogue-wave-four-stories-high-is-the-largest-on-record Toronto is getting the largest solar power generating wall in North America https://www.blogto.com/city/2022/02/toronto-getting-largest-power-generating-solar-wall-north-america/ COVID-19 updates. COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147. The spread, curves, spikes, waves, reinfection, and variant strains: COVID-19 ICU admissions in Ontario reach lowest level since early January, another 42 deaths reported https://toronto.ctvnews.ca/covid-19-icu-admissions-in-ontario-reach-lowest-level-since-early-january-another-42-deaths-reported-1.5772587 ‘It's a lot': At least 2M Quebecers infected during fifth wave of COVID-19 pandemic https://globalnews.ca/news/8607701/quebec-2-million-covid-infections-omicron/ Guidance, Response, and Recovery: COVID-19 Is Over (If You're Rich) https://www.theatlantic.com/international/archive/2022/02/pandemic-easy-for-rich/622041/ Ontario ‘not in the clear' to remove COVID vaccine passports, masking as other provinces https://globalnews.ca/news/8606565/ontario-covid-vaccine-passports-masking/ Ontario to give out free COVID-19 rapid tests at grocery stores, sources say https://toronto.ctvnews.ca/ontario-to-give-out-free-covid-19-rapid-tests-at-grocery-stores-sources-say-1.5773469 Doug Ford fires back after Walmart enforces minimum purchase of $35 for free rapid tests https://toronto.ctvnews.ca/doug-ford-fires-back-after-walmart-enforces-minimum-purchase-of-35-for-free-rapid-tests-1.5774894 3,000 NYC staff face lost jobs over vaccine rules https://www.bbc.co.uk/news/business-60351455 New York state to eliminate indoor mask mandate as COVID surge eases https://globalnews.ca/news/8606077/new-york-covid-mask-mandate/ Treatments, Testing, Triage, Trials, and things we Learned: A Common Over-The-Counter Drug Could Treat Long COVID, Case Study Reports https://www.sciencealert.com/there-s-evidence-antihistamines-may-help-treat-long-covid-symptoms Old drug may have new trick: protecting against COVID-19 lung injury https://scienmag.com/old-drug-may-have-new-trick-protecting-against-covid-19-lung-injury/ Immunity and Vaccinations: Inhaled vaccine provides protection against COVID-19, according McMaster study https://globalnews.ca/news/8606203/inhaled-vaccine-protection-covid-mcmaster/ Things we learned: COVID Smell Loss and Long COVID Linked to Inflammation https://www.scientificamerican.com/article/covid-smell-loss-and-long-covid-linked-to-inflammation1/ Concordia researchers find patterns and predictors of physical distancing adherence https://scienmag.com/concordia-researchers-find-patterns-and-predictors-of-physical-distancing-adherence/ Masks, anti-maskers, distancing, compliance, defiance, and repercussions: The Canadian anti-vaccine mandate protests are causing automakers to cut production https://www.theverge.com/2022/2/11/22929249/canada-anti-vaccine-mandate-trucker-convoy-automakers-factory Ambassador Bridge protest: Truckers block vital Canada-US border crossing https://www.bbc.co.uk/news/world-us-canada-60320874 Injunction to end Windsor border protest granted following Ontario court hearing https://windsor.ctvnews.ca/injunction-to-end-windsor-border-protest-granted-following-ontario-court-hearing-1.5777568 Ontario declares a state of emergency to end 'siege' in Ottawa and Windsor https://toronto.ctvnews.ca/ontario-declares-a-state-of-emergency-to-end-siege-in-ottawa-and-windsor-1.5777336 A Canadian judge has ruled that protesting truckers blocking the streets of Ottawa can't honk their horns for 10 days https://www.businessinsider.com/protesting-ottawa-truckers-banned-from-honking-horns-2022-2 Canada bridge protesters cleared by police after a week of disruption https://www.bbc.co.uk/news/world-us-canada-60368408 Off-Topic / Science & Tech / Lighter Side A variety of scientific, technical, historical, and more light-hearted news. Innovations & Inventions: Newly Invented Catalyst Dramatically Increases The Efficiency of Turning CO2 Into Fuel https://www.sciencealert.com/new-catalyst-turns-co2-into-fuel-1-000-times-more-efficiently-than-before Fusion Power Experiment in The UK Smashes Its Old Record in Major Step Forward https://www.sciencealert.com/european-fusion-facility-smashes-old-record-by-generating-59-megajoules-of-energy 100 Years Ago, a Quantum Experiment Explained Why We Don't Fall through Our Chairs https://www.scientificamerican.com/article/100-years-ago-a-quantum-experiment-explained-why-we-dont-fall-through-our-chairs/ An Ancient Geometry Problem Falls to New Mathematical Techniques https://www.quantamagazine.org/an-ancient-geometry-problem-falls-to-new-mathematical-techniques-20220208/ Solving Wordle using information theory https://www.youtube.com/watch?v=v68zYyaEmEA Other: How Ouka the dog started flying on a paraglider https://www.bbc.co.uk/news/world-europe-60341236 It's Official: New Study Shows We Have No Idea What Megalodon Really Looked Like https://www.sciencealert.com/it-s-official-new-study-shows-that-we-have-absolutely-no-idea-what-megalodon-looked-like Underwater Photographer of the Year winner revealed https://www.bbc.co.uk/news/in-pictures-60334402 SpaceX loses 40 satellites to geomagnetic storm a day after launch https://www.bbc.co.uk/news/world-60317806 James Webb's First Pictures are Out! But it's a Work in Progress https://www.universetoday.com/154497/james-webbs-first-pictures-are-out-but-its-a-work-in-progress/ Wow. Parker Solar Probe Took a Picture of the Surface of Venus https://www.universetoday.com/154467/wow-parker-solar-probe-took-a-picture-of-the-surface-of-venus/ The Thing About to Crash Into The Moon May Not Be a SpaceX Rocket After All https://www.sciencealert.com/it-might-not-be-a-spacex-rocket-that-s-about-to-hit-the-moon Astronomers Spot The Youngest Pair of Asteroids Ever Discovered in The Solar System https://www.sciencealert.com/we-ve-just-found-a-pair-of-asteroids-that-only-formed-300-years-ago A third world may be orbiting around our closest neighboring star https://www.theverge.com/2022/2/10/22925418/proxima-centauri-d-third-exoplanet-discovery We Have The First Direct Evidence of a White Dwarf Violently Ripping Apart a Planet https://www.sciencealert.com/for-the-first-time-we-ve-caught-the-x-ray-flare-of-a-white-dwarf-devouring-a-planet
COVID-19 [in]security cryptography bluetooth Log4shell This Week's [in]Security - Issue 249 Welcome to This Week’s [in]Security. Skimmers, Training, Payments. Big-Hacks: Log4shell, EOL impediments, prevention, Log4-like vulns. New breaches: DatPiff,... CG Blogger Read More
COVID-19 IoT Ransomware NIST [in]security Bill C11 spyware This Week's [in]Security - Issue 253 | insecurity | Control Gap Welcome to This Week’s [in]Security. PCI and payments: Target's anti-skimmer Merry Maker, Segway. Payments, Training & events. New breaches: Securitas (S3), News Corp,... CG Blogger Read More
