This Week's [in]Security - Issue 272

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: MPoC RFC. Payments: chargebacks and friendly fraud. New breaches: credentials, Elasticsearch. Follow-ups & Fall-out: Desjardins. Privacy: TikTok, Location data, tracking tech. Laws & Regs - Canada: cybersecurity law, C-11. US: privacy, copyright, World: cookies, deepfakes, Assange. Standards: NIST. Defense - Training & events: PCI SSC CM, NICE. global initiatives. Tools & Techniques, Vulnerabilities - Advisories: Zerodays, Patching: Splunk, WordPress, Other: Citrix, CPUs, Hertzbleed. Azure, Sharepoint/OneDrive, Drupal, FastJSON, Siemens, Zimbra. Vulnerability research: AI/ML, Crypto-research: Cybercrime - Trends: Crime & Enforcement: Nation States and mercenaries. Other Risks: Googles Chatbot, Self-drive crashes. Disinformation, Health, Safety, Environment, Crypto-crash. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

• PCI Updates:
• Request for Comments: New Mobile Payments on COTS (MPoC) Standard https://blog.pcisecuritystandards.org/request-for-comments-new-mobile-payments-on-cots-standard
• Other payment related:
• Spike in Friendly Fraud Triggers Review of Chargeback Systems https://www.pymnts.com/news/security-and-risk/2022/spike-in-friendly-fraud-triggers-review-of-chargeback-systems/
• Visa Adjusts Its Chargeback Rules to Help Stem a Rising Tide of Friendly Fraud https://www.digitaltransactions.net/visa-adjusts-its-chargeback-rules-to-help-stem-a-rising-tide-of-friendly-fraud/
• The Data Point: 44% of Consumers Say They Would Switch Merchants Over Card Surcharges https://www.pymnts.com/credit-cards/2022/the-data-point-44-pct-consumers-would-switch-merchants-over-card-surcharges/

Breaches / Ransomware / Leaks

• New Breaches:
• Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs https://www.bleepingcomputer.com/news/security/thousands-of-github-aws-docker-tokens-exposed-in-travis-ci-logs/
• Credentials for thousands of open source projects free for the taking—again! https://arstechnica.com/information-technology/2022/06/credentials-for-thousands-of-open-source-projects-free-for-the-taking-again/
• Elasticsearch server with no password or encryption leaks a million records https://www.theregister.com/2022/06/16/storehub_data_leak/
• Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach https://threatpost.com/kaiser-permanente-breach/179949/
• Personal details of 15,000 MUN students leaked in accidental data breach https://www.cbc.ca/news/canada/newfoundland-labrador/mun-data-breach-1.6492697
• Indian government issues confidential infosec guidance to staff – who leak it https://www.theregister.com/2022/06/20/indian_government_infosec_guidance_leaks/
• Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts https://www.securityweek.com/staffing-firm-robert-half-says-hackers-targeted-over-1000-customer-accounts
• New Ransomware and "Incidents":
• Ransomware Group Debuts Searchable Victim Data https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/
• Costa Rica Chaos a Warning That Ransomware Threat Remains https://www.securityweek.com/costa-rica-chaos-warning-ransomware-threat-remains
• QNAP 'thoroughly investigating' new DeadBolt ransomware attacks https://www.bleepingcomputer.com/news/security/qnap-thoroughly-investigating-new-deadbolt-ransomware-attacks/
• Extortion gang ransoms Shoprite, largest supermarket chain in Africa https://www.bleepingcomputer.com/news/security/extortion-gang-ransoms-shoprite-largest-supermarket-chain-in-africa/
• Follow-ups and fall-out:
• Quebec court approves $200.9M settlement against Desjardins over data breach https://globalnews.ca/news/8930182/desjardins-data-breach-class-action-settlement/
• DivX SubTitles - 783,058 breached accounts https://haveibeenpwned.com/PwnedWebsites#DivXSubTitles

Privacy

• TikTok moves to ease fears amid report workers in China accessed US users' data https://www.theguardian.com/technology/2022/jun/17/tiktok-us-user-data-china-bytedance
• How the Federal Government Buys Our Cell Phone Location Data https://www.eff.org/deeplinks/2022/06/how-federal-government-buys-our-cell-phone-location-data
• Why is the Canadian Government So Indifferent to Privacy? https://www.michaelgeist.ca/2022/06/canadianprivacy/
• Tracking People via Bluetooth on Their Phones https://www.schneier.com/blog/archives/2022/06/tracking-people-via-bluetooth-on-their-phones.html
• Google Chrome extensions can be fingerprinted to track you online https://www.bleepingcomputer.com/news/security/google-chrome-extensions-can-be-fingerprinted-to-track-you-online/

Laws, Regulations, Platforms, Standards, and Public Policy

• Canada:
• New federal bill would compel key industries to bolster cyber security — or pay a price https://www.cbc.ca/news/politics/cyberattacks-bill-1.6487826
• Ottawa's cybersecurity bill has ‘good bones' — but secrecy rules need work, experts say https://globalnews.ca/news/8925717/ottawa-cybersecurity-bill-secrecy-rules/
• The Groundhog Day Privacy Bill: The Government Waited Months to Bring Back Roughly the Same Privacy Plan?! https://www.michaelgeist.ca/2022/06/the-groundhog-day-privacy-bill/
• Bill C-11 Enters a Danger Zone: Government Shifts from Ignoring Witnesses on User Content Regulation to Dismissing Criticisms as “Misinformation” https://www.michaelgeist.ca/2022/06/bill-c-11-enters-a-danger-zone-government-shifts-from-ignoring-witnesses-on-user-content-regulation-to-dismissing-criticisms-as-misinformation/
• Canada's spy service failing to meet legal obligations to obtain warrants: watchdog https://globalnews.ca/news/8927991/spy-watchdog-report-csis-warrants/
• Experts say Ontario's right to disconnect law too vague to help work-life balance https://toronto.ctvnews.ca/experts-say-ontario-s-right-to-disconnect-law-too-vague-to-help-work-life-balance-1.5953800
• Cambridge, Ont. homeowner says driveway paved without permission https://kitchener.ctvnews.ca/cambridge-ont-homeowner-says-driveway-paved-without-permission-1.5945525
• US:
• EFF Urges Congress to Strengthen the American Data Privacy and Protection Act https://www.eff.org/deeplinks/2022/06/eff-urges-congress-strengthen-american-data-privacy-and-protection-act
• Warren proposes sweeping ban on location and health data sales https://www.theverge.com/2022/6/15/23169718/roe-wade-elizabeth-warren-location-data-tracking-ban-sale-brokers
• EFF Warns Another Court About the Dangers of Broad Site-Blocking Orders https://www.eff.org/deeplinks/2022/06/eff-warns-another-court-about-dangers-broad-site-blocking-orders
• Copyright "Small Claims" Quasi-Court Opens. Here's Why Many Defendants Will Opt Out. https://www.eff.org/deeplinks/2022/06/copyright-small-claims-quasi-court-opens-heres-why-many-defendants-will-opt-out
• The US needs a common charger, Dems say https://www.theverge.com/2022/6/17/23171402/universal-charger-standard-usbc-bernie-sanders-markey-elizabeth-warren
• Qualcomm Wins Appeal of EU $1B Antitrust Fine for Apple Payments https://www.pymnts.com/news/regulation/2022/qualcomm-wins-appeal-of-eu-1b-antitrust-fine-for-apple-payments/
• World:
• Cookie consent crumbles under fresh UK data law proposals https://www.theregister.com/2022/06/17/cookies_crumble_in_uk_data/
• Meta, Google, and Twitter are set to face huge fines if they don't tackle deepfakes and fake accounts on their platforms https://www.businessinsider.com/meta-google-twitter-tackle-deepfakes-face-huge-eu-fines-report-2022-6
• Julian Assange can be extradited, says UK home secretary https://www.bbc.co.uk/news/uk-61839256
• What Europe's Universal Charger Mandate Means for You https://www.nytimes.com/2022/06/15/technology/personaltech/europe-universal-charger.html
• Apple battery row: Millions of iPhone users could get payouts in legal action https://www.bbc.co.uk/news/business-61823512
• Standards News:
• White Paper NIST CSWP 26 Ordered t-way Combinations for Testing State-based Systems https://csrc.nist.gov/publications/detail/white-paper/2022/06/13/ordered-t-way-combinations-for-testing-state-based-systems/final

Defense / Techniques / Solutions

• Educational events, webinars, courses, etc:
• Early Bird Registration Open: 2022 PCI SSC Community Meetings https://events.pcisecuritystandards.org/
• NICE Webinar: Creating the Infrastructure Needed for Scalable Learning and Employment Records (Rescheduled) June 29, 2022 | 2:00-3:00 PM EDT https://content.govdelivery.com/accounts/USNIST/bulletins/31bf14f
• General:
• Can We Make a Global Agreement to Halt Attacks on Our Energy Infrastructure? https://www.darkreading.com/attacks-breaches/can-we-make-a-global-agreement-to-halt-attacks-on-our-energy-infrastructure-
• EU & US Unite to Fight Ransomware https://www.darkreading.com/threat-intelligence/eu-us-enhance-cooperation-in-fighting-ransomware-attacks
• Why We Need Security Knowledge and Not Just Threat Intel https://www.darkreading.com/threat-intelligence/why-we-need-security-knowledge-and-not-just-threat-intel
• Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning https://thehackernews.com/2022/06/difference-between-agent-based-and.html
• Methods, Techniques, Tools, and Products:
• Firefox boosts privacy by giving ‘total cookie protection' to all users by default https://www.theverge.com/2022/6/14/23166537/firefox-privacy-total-cookie-protection-default
• Firefox now blocks cross-site tracking by default for all users https://www.bleepingcomputer.com/news/security/firefox-now-blocks-cross-site-tracking-by-default-for-all-users/
• Metasploit 6.2.0 improves credential theft, SMB support features, more https://www.bleepingcomputer.com/news/security/metasploit-620-improves-credential-theft-smb-support-features-more/
• Microsoft Defender launches on Windows, macOS, iOS, and Android https://www.theverge.com/2022/6/16/23170743/microsoft-defender-ios-android-mac-windows-app-dashboard-microsoft-365
• New Windows 11 privacy feature lists apps that used your microphone, camera https://www.bleepingcomputer.com/news/microsoft/new-windows-11-privacy-feature-lists-apps-that-used-your-microphone-camera/
• This browser extension lets you remove specific sites from search results https://www.bleepingcomputer.com/news/technology/this-browser-extension-lets-you-remove-specific-sites-from-search-results/
• Power Up Memory Forensics with Memory Baseliner https://www.sans.org/blog/power-up-memory-forensics-with-memory-baseliner
• Cloudflare mitigates record-breaking HTTPS DDoS attack https://www.bleepingcomputer.com/news/security/cloudflare-mitigates-record-breaking-https-ddos-attack/

Bugs / Design Flaws / Vulnerabilities / Research

• Zero-day and other recent vulnerability news:
  • An Autopsy on a Zombie In-the-Wild 0-day https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
  • Cisco says it won't fix zero-day RCE in end-of-life VPN routers https://www.bleepingcomputer.com/news/security/cisco-says-it-won-t-fix-zero-day-rce-in-end-of-life-vpn-routers/
• Patching:
  • Critical Code Execution Vulnerability Patched in Splunk Enterprise https://www.securityweek.com/critical-code-execution-vulnerability-patched-splunk-enterprise
  • Exploited Vulnerability Patched in WordPress Plugin With Over 1 Million Installations https://www.securityweek.com/exploited-vulnerability-patched-wordpress-plugin-over-1-million-installations
  • Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability https://thehackernews.com/2022/06/over-million-wordpress-sites-forcibly.html
  • Microsoft's June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190) https://www.tenable.com/blog/microsofts-june-2022-patch-tuesday-addresses-55-cves-cve-2022-30190
  • Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR https://blog.qualys.com/product-tech/2022/06/14/detect-the-follina-msdt-vulnerability-cve-2022-30190-with-qualys-multi-vector-edr-context-xdr
  • Microsoft patches actively exploited Follina Windows zero-day https://www.bleepingcomputer.com/news/security/microsoft-patches-actively-exploited-follina-windows-zero-day/
  • June Windows updates break Microsoft 365 sign-ins on Arm devices https://www.bleepingcomputer.com/news/microsoft/june-windows-updates-break-microsoft-365-sign-ins-on-arm-devices/
  • Microsoft: June Windows updates may break Wi-Fi hotspots https://www.bleepingcomputer.com/news/microsoft/microsoft-june-windows-updates-may-break-wi-fi-hotspots/
• Other Vulnerabilities:
  • Citrix warns critical bug can let attackers reset admin passwords https://www.bleepingcomputer.com/news/security/citrix-warns-critical-bug-can-let-attackers-reset-admin-passwords/
  • Researchers exploit new Intel and AMD CPU flaw to steal encryption keys https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/
  • New Hertzbleed side-channel attack affects Intel, AMD systems https://www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-systems/
  • M1 Chip Vulnerability https://www.schneier.com/blog/archives/2022/06/m1-chip-vulnerability.html
  • Microsoft Azure Synapse Pwnalytics https://www.tenable.com/blog/microsoft-azure-synapse-pwnalytics
  • Researchers Discover Way to Attack SharePoint and OneDrive Files With Ransomware https://www.securityweek.com/researchers-discover-way-attack-sharepoint-and-onedrive-files-ransomware
  • Drupal Patches 'High-Risk' Third-Party Library Flaws https://www.securityweek.com/drupal-patches-high-risk-third-party-library-flaws
  • High-Severity RCE Vulnerability Reported in Popular Fastjson Library https://thehackernews.com/2022/06/high-severity-rce-vulnerability.html
  • Over a Dozen Flaws Found in Siemens' Industrial Network Management System https://thehackernews.com/2022/06/over-dozen-flaws-found-in-siemens.html
  • Zimbra bug allows stealing email logins with no user interaction https://www.bleepingcomputer.com/news/security/zimbra-bug-allows-stealing-email-logins-with-no-user-interaction/
  • Internet Explorer Now Retired but Still an Attacker Target https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
  • Microsoft to retire Internet Explorer after 27 years, push users to Edge browser https://globalnews.ca/news/8921330/microsoft-to-retire-internet-explorer-after-27-years-push-users-to-edge-browser/
• Research on new vulnerabilities:
  • Attacking the Performance of Machine Learning Systems https://www.schneier.com/blog/archives/2022/06/attacking-the-performance-of-machine-learning-systems.html
  • Hacking Tesla's Remote Key Cards https://www.schneier.com/blog/archives/2022/06/hacking-teslas-remote-key-cards.html
• Cryptography and Cryptographic Research:
  • A Quantum Analysis of Nested Search Problems with Applications in Cryptanalysis https://eprint.iacr.org/2022/761
  • Public-Key Watermarking Schemes for Pseudorandom Functions https://eprint.iacr.org/2022/768
  • Password-Authenticated Key Exchange from Group Actions https://eprint.iacr.org/2022/770
  • Cryptanalysis of Draco https://eprint.iacr.org/2022/749
  • Cryptanalysis of ENCSecurity's Encryption Implementation https://www.schneier.com/blog/archives/2022/06/cryptanalysis-of-encsecuritys-encryption-implementation.html
  • The Voynich Manuscript, the Somerton Man, and 6 Other Infamous Uncracked Codes https://www.mentalfloss.com/posts/uncracked-codes-from-history
  • What is a preimage attack? https://www.comparitech.com/blog/information-security/what-is-preimage-attack/

Hacking / Malware / Cybercrime / Exploitation

• Trends, Alerts, and Events (other than major breaches):
• Sophisticated Android Spyware 'Hermit' Used by Governments https://www.securityweek.com/sophisticated-android-spyware-hermit-used-governments
• HelloXD ransomware bulked up with better encryption, nastier payload https://www.theregister.com/2022/06/13/helloxd-ransomware-evolving/
• Houdini is Back Delivered Through a JavaScript Dropper, (Thu, Jun 16th) https://isc.sans.edu/diary/rss/28746
• New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets" https://thehackernews.com/2022/06/new-syslogk-linux-rootkit-lets.html
• Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html
• QNAP NAS devices targeted by surge of eCh0raix ransomware attacks https://www.bleepingcomputer.com/news/security/qnap-nas-devices-targeted-by-surge-of-ech0raix-ransomware-attacks/
• Wave of 'Matanbuchus' spam is infecting devices with Cobalt Strike https://www.bleepingcomputer.com/news/security/wave-of-matanbuchus-spam-is-infecting-devices-with-cobalt-strike/
• New Qualys Research Report: Inside a Redline InfoStealer Campaign https://blog.qualys.com/vulnerabilities-threat-research/2022/06/15/new-qualys-research-report-inside-a-redline-infostealer-campaign
• Crime & Arrests, etc.:
• International operation takes down Russian RSOCKS botnet https://www.theregister.com/2022/06/17/rsocks_russia_botnet/
• Interpol anti-fraud operation busts call centers behind business email scams https://www.theregister.com/2022/06/17/interpol_operation_first_light_fraud_scam/
• 2,000 People Arrested Worldwide for Social Engineering Schemes https://www.securityweek.com/2000-people-arrested-worldwide-social-engineering-schemes
• iCloud hacker gets 9 years in prison for stealing nude photos https://www.bleepingcomputer.com/news/security/icloud-hacker-gets-9-years-in-prison-for-stealing-nude-photos/
• Owner of ‘DownThem' DDoS service gets 2 years in prison https://www.bleepingcomputer.com/news/security/owner-of-downthem-ddos-service-gets-2-years-in-prison/
• Nation State Actors:
• US defence contractor in talks to take over NSO Group's hacking technology https://www.theguardian.com/world/2022/jun/14/nso-group-pegasus-us-l3harris
• Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html
• Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT https://www.theregister.com/2022/06/14/gallium-pingpull-rat/
• State-Sponsored Phishing Attack Targeted Israeli Military Officials https://threatpost.com/phishing-attack-israeli-officials/179987/
• Malaysia-linked DragonForce hacktivists attack Indian targets https://www.theregister.com/2022/06/15/dragonforce_malaysia_india_attacks/

Other Security / Risk

• General:
  • Most Canadians more trusting of neighbours, institutions since COVID-19 pandemic: study https://globalnews.ca/news/8925000/canadians-more-trusting-covid-survey/
  • Ransomware and Phishing Remain IT's Biggest Concerns https://www.darkreading.com/edge-threat-monitor/ransomware-and-phishing-remain-it-s-biggest-concerns
  • Positive reviews online? They may be fakes https://toronto.ctvnews.ca/positive-reviews-online-they-may-be-fakes-1.5948746
  • Here's Why You're Still Stuck in Robocall Hell https://www.wired.com/story/how-to-stop-robocalls/
  • Chinese attack on Taiwan would hit world trade harder than Ukraine war, Taipei says https://globalnews.ca/news/8920168/chinese-attack-on-taiwan-would-hit-world-trade-harder-than-ukraine-war-taipei-says/
  • Russian GRU spy tried to infiltrate International Criminal Court https://www.bbc.co.uk/news/world-europe-61831961
  • Here's what happens when Sonos won't stop sending you speakers https://www.theverge.com/2022/6/15/23169668/sonos-ordering-glitch-sent-30-speaker-shipments
  • Canada, Denmark reach deal to end dispute over tiny Arctic island https://globalnews.ca/news/8918681/canada-denmark-hans-island-deal/
  • Interview with a squirrel https://www.aiweirdness.com/interview-with-a-squirrel/
  • Google engineer put on leave after saying AI chatbot has become sentient https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine
  • Google's ‘Sentient' Chatbot Is Our Self-Deceiving Future https://www.theatlantic.com/technology/archive/2022/06/google-engineer-sentient-ai-chatbot/661273/
  • How Google's chatbot works – and why it isn't sentient – podcast https://www.theguardian.com/science/audio/2022/jun/16/how-googles-chatbot-works-and-why-it-isnt-sentient-podcast
  • How human-like are the most sophisticated chatbots? https://www.bbc.co.uk/news/business-61793984
  • Human-like programs abuse our empathy – even Google engineers aren't immune | Emily M Bender https://www.theguardian.com/commentisfree/2022/jun/14/human-like-programs-abuse-our-empathy-even-google-engineers-arent-immune
  • Forget sentience… the worry is that AI copies human bias | Kenan Malik https://www.theguardian.com/commentisfree/2022/jun/19/forget-sentience-the-worry-is-that-ai-copies-human-bias
  • U.S. report shows nearly 400 crashes of automated vehicles in less than a year https://globalnews.ca/news/8922551/us-report-autopilot-car-crash-tesla/
  • US releases new driver-assist crash data, and surprise, it's mostly Tesla https://www.theverge.com/2022/6/15/23168088/nhtsa-adas-self-driving-crash-data-tesla
  • Minority Report Tried to Warn Us About Technology https://www.theatlantic.com/culture/archive/2022/06/minority-report-spielberg-movie-tom-cruise/661274/
• Disinformation and misinformation:
  • ‘Alternative facts' are cons, Illinois Tech philosopher's paper argues—and journalists can help quash them https://scienmag.com/alternative-facts-are-cons-illinois-tech-philosophers-paper-argues-and-journalists-can-help-quash-them/
• Health:
  • Does monkeypox represent a global health emergency? WHO to decide https://globalnews.ca/news/8918937/monkeypox-health-emergency-who-meeting/
  • Monkeypox Vaccines Are Too Gnarly for the Masses https://www.theatlantic.com/health/archive/2022/06/monkeypox-prevention-vaccines/661271/
  • Giant Study Reveals Over 14% of The World Has Probably Had Lyme Disease https://www.sciencealert.com/giant-study-reveals-over-14-of-the-world-has-probably-had-lyme-disease
  • New drug price rule could save Canada billions, parliamentary budget officer reports https://globalnews.ca/news/8920631/new-drug-price-rule-could-save-canada-billions-parliamentary-budget-officer-reports/
  • Harvard Scientists Have Developed a Revolutionary New Treatment for Type I Diabetes https://scitechdaily.com/harvard-scientists-have-developed-a-revolutionary-new-treatment-for-diabetes/
  • How researchers are using old phones to screen for Alzheimer's https://www.theverge.com/23167672/google-pixel-health-screening-old-phones-infrared-alzheimers
  • Progress on early detection of Alzheimer's disease https://scienmag.com/progress-on-early-detection-of-alzheimers-disease/
  • Rethinking the rabies vaccine https://scienmag.com/rethinking-the-rabies-vaccine/
  • A Mouse Study Just Revealed a New Molecular Link Between Hunger And Exercise https://www.sciencealert.com/scientists-discover-a-new-molecular-link-between-exercise-and-hunger
  • Canada dropping vaccine mandate for domestic and outbound international travel as of June 20 https://www.ctvnews.ca/health/coronavirus/canada-dropping-vaccine-mandate-for-domestic-and-outbound-international-travel-as-of-june-20-1.5946009
  • Covid infections up after Platinum Jubilee celebrations https://www.bbc.co.uk/news/health-61839777
  • Feds to lift COVID-19 vaccination requirement to board flights, trains: source https://globalnews.ca/news/8918505/covid-vaccine-requirement-planes-trains-canada/
  • Global COVID-19 deaths rise for 1st time in 5 weeks, WHO reports https://globalnews.ca/news/8925081/global-covid-19-deaths-who-report/
  • RSAC branded a 'super spreader event' as attendees share COVID-19 test results https://www.theregister.com/2022/06/16/rsa_covid_risk/
  • Bad COVID Public Health Messaging Is Blocking Our Path To A "New Normal" https://www.scientificamerican.com/article/bad-covid-public-health-messaging-is-blocking-our-path-to-a-new-normal/
  • Nordic walking improves functional capacity in people with heart disease https://scienmag.com/nordic-walking-improves-functional-capacity-in-people-with-heart-disease/
  • The Most Likely Origin of The Black Death Was Finally Revealed in an Unexpected Place https://www.sciencealert.com/ancient-dna-evidence-reveals-where-the-black-death-most-likely-originated
• Safety:
  • “Big Lie” Vigilantism Is on the Rise. Big Tech Is Failing to Respond. https://www.propublica.org/article/election-fraud-ballot-mules-facebook-tiktok-memes#1355169
  • Canadian high school students to learn how to administer naloxone https://globalnews.ca/news/8918705/naloxone-canada-high-school-training/
  • Woman set on fire near Toronto transit station; male in custody https://toronto.ctvnews.ca/woman-set-on-fire-near-toronto-transit-station-male-in-custody-1.5951801
  • About 80 families evacuated north of Quebec City over risk of landslide https://globalnews.ca/news/8931997/80-families-evacuated-quebec-landslide/
  • India and Bangladesh floods displace millions and kill dozens https://www.bbc.co.uk/news/world-asia-india-61670666
  • Infant rockers blamed for 14 deaths; U.S. officials, Fisher-Price issue warning https://globalnews.ca/news/8922068/infant-rockers-deaths-us-fisher-price-warning/
  • The International Space Station swerved to avoid colliding with shrapnel from a Russian anti-satellite missile test https://businessinsider.com/international-space-station-swerved-to-avoid-collision-with-russian-debris-2022-6
  • Two Air Canada planes come at risk of colliding at Toronto Pearson after pilot misses radio call https://toronto.ctvnews.ca/two-air-canada-planes-come-at-risk-of-colliding-at-toronto-pearson-after-pilot-misses-radio-call-1.5946090
  • Fake nurse worked for months at B.C. hospital despite several complaints: court filing https://globalnews.ca/news/8917931/imposter-nurse-disciplined-but-kept-working-bc-hospital/
  • What Are Those Plastic Arrows You Sometimes See on the Wheels of Trucks and Buses? https://www.mentalfloss.com/posts/why-do-truck-wheels-have-plastic-arrows
• Environment:
  • Inadequate charging networks could thwart EV adoption goals https://scienmag.com/inadequate-charging-networks-could-thwart-ev-adoption-goals/
  • The true cost of turning America's school buses electric https://businessinsider.com/cost-electric-school-buses-diesel-2022-6
  • Common Drugs Pollute Rivers on Every Continent https://www.scientificamerican.com/article/common-drugs-pollute-rivers-on-every-continent/
  • Secret Polar Bear Population Is Found Living in a Seemingly Impossible Habitat https://www.scientificamerican.com/article/secret-polar-bear-population-is-found-living-in-a-seemingly-impossible-habitat/
  • Ban on trucks more than 12 years old to proceed at Vancouver port in September https://globalnews.ca/news/8922981/rolling-age-truck-program-launch-september-vancouver-port/
  • Parts of southern Ontario hit with ping pong ball-sized hail as severe storms move through https://toronto.ctvnews.ca/parts-of-southern-ontario-hit-with-ping-pong-ball-sized-hail-as-severe-storms-move-through-1.5949715
  • Yellowstone National Park: Building swept away amid record flooding and park closure https://www.bbc.co.uk/news/world-us-canada-61797259
• Economy:
  • Amid a Bitcoin Pricing Collapse, Coinbase Trims Its Staff https://www.digitaltransactions.net/amid-a-bitcoin-pricing-collapse-coinbase-trims-its-staff/
  • Another crypto lending platform is freezing withdrawals as the industry's downward spiral continues https://businessinsider.com/crypto-lending-babel-freeze-withdrawals-for-users-celsius-bitcoin-selloff-2022-6
  • Bitcoin and crypto platforms are in trouble. What's behind the collapse? https://globalnews.ca/news/8920232/bitcoin-crypto-winter-celsius-coinbase-crash/
  • Collapse of Crypto Lending Platform Celsius Points to Bigger Problems https://www.pymnts.com/cryptocurrency/2022/collapse-of-crypto-lending-platform-celsius-points-to-bigger-problems/
  • Crypto Companies Lay Off Staff and Freeze Withdrawals Amid Losses https://www.nytimes.com/2022/06/14/technology/crypto-industry-prices-fall.html
  • Crypto Lender Celsius Under Investigation by Several US State Regulators https://www.pymnts.com/cryptocurrency/2022/crypto-lender-celsius-under-investigation-by-several-us-state-regulators/
  • Ripple Lawyer Critical of SEC Push to Regulate Crypto https://www.pymnts.com/cryptocurrency/2022/ripple-lawyer-critical-of-sec-push-to-regulate-crypto/
  • Tether: The Coin That Could Wreck Crypto https://www.nytimes.com/2022/06/17/technology/tether-stablecoin-cryptocurrency.html
  • Trillion-dollar crypto collapse sparks flurry of US lawsuits – who's to blame? https://www.theguardian.com/technology/2022/jun/18/cryptocurrency-collapse-bitcoin-kim-kardashian-floyd-mayweather
  • Bank of England boss Bailey says 'be prepared to lose all your money' in crypto after lender Celsius freezes accounts https://markets.businessinsider.com/news/currencies/crypto-investors-lose-money-bank-of-england-boe-bailey-warns-2022-6
  • US makes biggest interest rate rise in almost 30 years https://www.bbc.co.uk/news/business-61804877
  • The End of the Asset Economy https://www.theatlantic.com/ideas/archive/2022/06/asset-economy-high-interest-rates-inflation/661323/
  • Canada seeing surge in new startups amid COVID-19 pandemic, poll shows https://globalnews.ca/news/8918680/covid-pandemic-startups-surge-poll/

Russia v. Ukraine

• The war:
• Ukraine war: Every bridge leading to key city Severodonetsk destroyed https://www.bbc.co.uk/news/world-europe-61786949
• Ukraine war could last for years, warns Nato chief https://www.bbc.co.uk/news/world-europe-61856144
• Reaction and response:
• Ukraine moves one step closer to EU membership https://www.bbc.co.uk/news/world-europe-61841598
• Ukraine to bar Russian citizens from entering country without a visa come July https://globalnews.ca/news/8928591/ukraine-introduces-russia-visa-july/
• The War in Ukraine Has Exposed a Critical American Vulnerability https://www.theatlantic.com/ideas/archive/2022/06/us-supply-chain-semiconductor-production-economic-warfare/661267/
• Newfoundland set to welcome 2nd planeload of Ukrainian refugees https://globalnews.ca/news/8918645/ukraine-refugees-2nd-flight-newfoundland-and-labrador/
• Russia cuts more natural gas exports to Europe amid Ukraine war https://globalnews.ca/news/8928138/russia-europe-natural-gas-exports-ukraine-war/
• Russia has issued a court order demanding Wikipedia take down information about the Ukraine war, but the website is refusing https://www.businessinsider.com/wikipedia-fighting-russian-court-order-to-remove-info-about-war-2022-6
• Wikimedia Foundation appeals Russian fine over Ukraine war articles https://www.theverge.com/2022/6/13/23164768/wikimedia-foundation-appeals-russian-court-disinformation-decision-ukraine-war-articles
• Russia will lose the most millionaires this year as war spurs a 'tsunami' of capital flight — and China is close behind https://markets.businessinsider.com/news/stocks/russia-china-millionaire-migration-uae-wealth-haven-ukraine-war-sanctions-2022-6
• Sanctions & economic Impact:
• Russia's economy in for a bumpy ride as sanctions bite https://www.bbc.co.uk/news/world-europe-61796067
• Ukraine war: Russia earns $97bn on energy exports since invasion https://www.bbc.co.uk/news/business-61785111
• Oil markets are heading for an insanely difficult summer, with Russian production plunging under EU pressure https://markets.businessinsider.com/news/commodities/oil-price-outlook-russian-production-plunge-eu-embargo-sanctions-ukraine-2022-6
• Joe Biden orders oil companies to explain why they're cutting gasoline production as prices soar above $5 a gallon https://markets.businessinsider.com/news/commodities/gas-prices-record-gallon-oil-biden-orders-companies-cut-production-2022-6
• Cyber-attacks and the potential for cyber-war:
• Russian hackers start targeting Ukraine with Follina exploits https://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/

Off-Topic / Science & Tech / Lighter Side

• Innovations & Inventions:
  • Dutch group targets hydrogen-fuelled commercial flight in 2028 https://www.theguardian.com/environment/2022/jun/13/dutch-group-targets-hydrogen-fuelled-commercial-flight-in-2028
  • Helium-filled airships to carry passengers as soon as 2026 in $600 million deal with British Airways' sister airline https://www.businessinsider.com/helium-filled-airships-travel-option-spain-british-airways-air-nostrum-2022-6
  • Physicists make leaps in reading out qubits with laser light https://scienmag.com/physicists-make-leaps-in-reading-out-qubits-with-laser-light/
  • The potential of probabilistic computers or p-computers https://scienmag.com/the-potential-of-p-computers/
  • Tiny satellite built in Nova Scotia ready for 1st mission to space https://www.cbc.ca/news/canada/nova-scotia/tiny-satellite-built-in-nova-scotia-space-mission-1.6484831
• Other:

• • How the British air force's newest jets commemorate a daring and costly World War II bombing mission https://businessinsider.com/new-british-air-force-f35-jets-commemorate-daring-wwii-mission-2022-6

  • Two new observatory domes installed at Toronto university https://toronto.ctvnews.ca/two-new-observatory-domes-installed-at-toronto-university-1.5947318

  • Fire Acts Strangely in Microgravity. Astronauts Have Lit More Than 1,500 Fires on the Space Station to Figure Out Why https://www.universetoday.com/156351/fire-acts-strangely-in-microgravity-astronauts-have-lit-more-than-1500-fires-on-the-space-station-to-figure-out-why/

  • Near-sun comet roasted to death https://scienmag.com/near-sun-comet-roasted-to-death/

  • ESA Gives Green Light on its Comet Interceptor Mission https://www.universetoday.com/156282/esa-gives-green-light-on-its-comet-interceptor-mission/

  • Record-Breaking Voyager Spacecraft Begin to Power Down https://www.scientificamerican.com/article/record-breaking-voyager-spacecraft-begin-to-power-down/

  • Astronomers discover a multiplanet system nearby https://scienmag.com/astronomers-discover-a-multiplanet-system-nearby/

  • There Could Be Four Hostile Civilizations in the Milky Way https://www.universetoday.com/156281/there-could-be-four-hostile-civilizations-in-the-milky-way/