This Week's [in]Security - Issue 278

Welcome to This Week’s [in]Security. PCI PIN FAQ update, skimmers, payments. New breaches: Entrust, Residential Proxy Service. New Ransomware, Major outages, Follow-ups & Fall-out: China, US Fed, Uber, Timmies, Wawa. Privacy: Ring Cameras. Laws & Regs - Canada. US. World: Fedora & CC0, Defense - Securing Open-source, Tools & Techniques, Vulnerabilities - Advisories: Roundup, 10 isn't what it used to be, Bug-bounty-fail. Crypto-research. Cybercrime - Trends: UEFI Rootkit, new tricks, crime & enforcement, nation states and mercenaries. The zeroday industry, KNOTWEED, Other Risks, halth, safety, environment, economy. Russia v. Ukraine. Innovation and more. 

PCI Compliance and Payments

• PCI Updates:
• PTS PIN Technical Frequently Asked Questions https://docs-prv.pcisecuritystandards.org/PIN/Frequently%20Asked%20Questions%20(FAQ)/PTS_PIN_Technical_FAQs_v3_July_2022.pdf
• Payment skimmers/malware/fraud:
• Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants https://thehackernews.com/2022/07/magecart-hacks-online-food-ordering.html
• Malicious npm packages steal Discord users' payment card info https://www.bleepingcomputer.com/news/security/malicious-npm-packages-steal-discord-users-payment-card-info/
• Other payment related:
• What possible credit-card legislation could mean for Visa, Mastercard, and you https://www.marketwatch.com/story/what-possible-credit-legislation-could-mean-for-visa-mastercard-and-you-11658967695
• Four Main Reasons Shoppers Abandon eCommerce Carts https://www.imperva.com/blog/four-main-reasons-shoppers-abandon-ecommerce-carts/

Breaches / Ransomware / Leaks

• New Breaches:
• Average Data Breach Costs Soar to $4.4M in 2022 https://www.darkreading.com/risk/most-companies-pass-on-breach-costs-to-customers
• Businesses confess: We pass cyberattack costs onto customers https://www.theregister.com/2022/07/29/ibm_data_inflation/
• IBM Security: Cost of Data Breach Hitting All-Time Highs https://www.securityweek.com/ibm-security-cost-data-breach-hitting-all-time-highs
• Source code for Rust-based info-stealer released on hacker forums https://www.bleepingcomputer.com/news/security/source-code-for-rust-based-info-stealer-released-on-hacker-forums/
• Digital security giant Entrust breached by ransomware gang https://www.databreaches.net/digital-security-giant-entrust-breached-by-ransomware-gang/
• US court system suffered 'incredibly significant attack' – sealed files at risk https://www.theregister.com/2022/07/29/us_judiciary_attack/
• 911 Proxy Service Implodes After Disclosing Breach https://krebsonsecurity.com/2022/07/911-proxy-service-implodes-after-disclosing-breach/
• Breach Exposes Users of Microleaves Proxy Service https://krebsonsecurity.com/2022/07/breach-exposes-users-of-microleaves-proxy-service/
• Top secret documents scattered in street after careless disposal by German Chancellor Scholz https://www.databreaches.net/top-secret-documents-scattered-in-street-after-careless-disposal-by-german-chancellor-scholz/
• LockBit ransomware gang claims it ransacked Italy's tax agency https://www.theregister.com/2022/07/26/lockbit-italy-ransomware-attack/
• Newfoundland and Labrador English School District https://www.databreaches.net/newfoundland-and-labrador-english-school-district/
• Infinity Rehab and Avamere Health Services notify 380,984 patients about breach at Avamere https://www.databreaches.net/infinity-rehab-and-avamere-health-services-notify-380984-patients-about-breach-at-avamere/
• Anti-vax dating site exposed data for 3,500 users through ‘debug mode' bug https://www.theverge.com/2022/7/25/23277788/unjected-anti-vax-dating-debug-mode-data-covid
• New Ransomware and "Incidents":
• No More Ransom helps millions of ransomware victims in 6 years https://www.bleepingcomputer.com/news/security/no-more-ransom-helps-millions-of-ransomware-victims-in-6-years/
• Ransom payments fall as fewer victims choose to pay hackers https://www.bleepingcomputer.com/news/security/ransom-payments-fall-as-fewer-victims-choose-to-pay-hackers/
• The Ransomware Ecosystem: In Pursuit of Fame and Fortune https://www.tenable.com/blog/the-ransomware-ecosystem-in-pursuit-of-fame-and-fortune
• This is what to expect when a managed service provider gets popped https://www.theregister.com/2022/07/30/msp_access_russia/
• With ransomware, the road to recovery starts well before you're attacked https://www.theregister.com/2022/07/26/with_ransomware_the_road_to/
• LockBit ransomware gang claims it ransacked Italy's tax agency. Not so fast, says the agency. https://www.databreaches.net/lockbit-ransomware-gang-claims-it-ransacked-italys-tax-agency-not-so-fast-says-the-agency/
• Months after Lopes claimed no anomalies found in their system, hackers were in their system https://www.databreaches.net/months-after-lopes-claimed-no-anomalies-found-in-their-system-hackers-were-in-their-system/
• Major outages/downs:
• Apple network traffic takes mysterious detour through Russia https://www.theregister.com/2022/07/27/apple_networking_traffic_russia_bgp/
• Microsoft 365 outage knocks down admin center in North America https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-knocks-down-admin-center-in-north-america/
• How a coding error caused Rogers outage that left millions without service https://www.theglobeandmail.com/business/article-how-a-coding-error-caused-rogers-outage-that-left-millions-without/
• Follow-ups and fall-out:
• BreachForums booms on the back of billion-record Chinese data leak https://www.theregister.com/2022/07/29/breachedforums_popularity_surge/
• Weak data protection helped China attack US Federal Reserve, report says https://www.theregister.com/2022/07/27/weak_data_protection_helped_chinese/
• Uber Settles With Federal Investigators Over 2016 Data Breach Coverup https://www.securityweek.com/uber-settles-federal-investigators-over-2016-data-breach-coverup
• Tim Hortons to offer free coffee, doughnut to app users involved in privacy lawsuit https://globalnews.ca/news/9024843/tim-hortons-app-coffee-doughnut-lawsuit-settlement/
• Wawa Agrees to Payment, Security Changes for '19 Data Breach https://www.securityweek.com/wawa-agrees-payment-security-changes-19-data-breach
• Battlefy - 83,610 breached accounts https://haveibeenpwned.com/PwnedWebsites#Battlefy
• Paytm - 3,395,101 breached accounts https://haveibeenpwned.com/PwnedWebsites#Paytm
• Tenet Health cyberattack, monthlong outage led to $100M in ‘unfavorable impact' https://www.databreaches.net/tenet-health-cyberattack-monthlong-outage-led-to-100m-in-unfavorable-impact/

Privacy

• Google, like Amazon, may let police see your video without a warrant https://www.theverge.com/2022/7/26/23279562/arlo-apple-wyze-eufy-google-ring-security-camera-foortage-warrant

Laws, Regulations, Platforms, Standards, and Public Policy

• Canada:
• The CRTC Shrugged: A Special Law Bytes Podcast on the Industry Committee Hearing Into the Rogers Outage https://www.michaelgeist.ca/2022/07/the-crtc-shrugged/
• The Law Bytes Podcast, Episode 136: Jeremy de Beer on SOCAN v. ESA, the Supreme Court's Latest Endorsement of Copyright Balance and Technological Neutrality https://www.michaelgeist.ca/2022/07/law-bytes-podcast-episode-136/
• US:
• Senators Introduce Bipartisan Quantum Computing Cybersecurity Bill https://www.securityweek.com/senators-introduce-bipartisan-quantum-computing-cybersecurity-bill
• World:
• Fedora ditches CC0 'No Rights Reserved' software over patent concerns https://www.bleepingcomputer.com/news/security/fedora-ditches-cc0-no-rights-reserved-software-over-patent-concerns/
• EU Considers Creating Tech Regulator https://www.pymnts.com/news/regulation/2022/eu-considers-creating-tech-regulator/
• France Closes 'Cookies' Case Against Facebook https://www.securityweek.com/france-closes-cookies-case-against-facebook
• Convenience store spy cameras face legal challenge https://www.bbc.co.uk/news/uk-england-62297546

Defense / Techniques / Solutions

• Newsletters:
• Bulletproof TLS #91 All the TLS news – NIST PQC and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue_91_nist_announces_preliminary_winners_of_post-quantum_competition
• Weekly Update 306 https://www.troyhunt.com/weekly-update-306/
• NICE Summer 2022 Quarterly eNewsletter https://content.govdelivery.com/accounts/USNIST/bulletins/324feef
• General:
• Securing Open-Source Software https://www.schneier.com/blog/archives/2022/07/securing-open-source-software.html
• Methods, Techniques, Tools, and Products:
• Apple's Lockdown Mode https://www.schneier.com/blog/archives/2022/07/apples-lockdown-mode-2.html
• Attack Surface Management: a Critical Pillar of Cybersecurity Asset Management https://blog.qualys.com/qualys-insights/2022/07/28/attack-surface-management-a-critical-pillar-of-cybersecurity-asset-management
• GitHub Improves npm Account Security as Incidents Rise https://www.securityweek.com/github-improves-npm-account-security-incidents-rise
• Google's new Play Store rules target annoying ads and copycat crypto apps https://www.theverge.com/2022/7/28/23282447/google-android-play-store-policy-unskippable-ads-rules
• Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11 https://thehackernews.com/2022/07/microsoft-adds-default-protection.html
• Using Account Lockout policies to block Windows Brute Force Attacks https://www.bleepingcomputer.com/news/security/using-account-lockout-policies-to-block-windows-brute-force-attacks/
• Windows 11's new kiosk mode lets admins limit available apps https://www.bleepingcomputer.com/news/microsoft/windows-11-s-new-kiosk-mode-lets-admins-limit-available-apps/
• IBM puts NIST's quantum-resistant crypto to work in Z16 mainframe https://www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/
• Discover 5 lessons Microsoft has learned about compliance management https://www.microsoft.com/security/blog/2022/07/25/discover-5-lessons-microsoft-has-learned-about-compliance-management/
• How one Microsoft product manager acts as champion for identity security https://www.microsoft.com/security/blog/2022/07/26/how-one-microsoft-product-manager-acts-as-champion-for-identity-security/
• Knocking Data Sovereignty Fears On The Head https://datexdatastealth.com/blog/knocking-data-sovereignty-fears-on-the-head

Bugs / Design Flaws / Vulnerabilities / Research

• Significant:
• Control Gap Vulnerability Roundup: July 16th to 22nd https://www.controlgap.com/blog/vulnerability-roundup-july-16th-22nd
• Half of 10.0 CVSS vulnerabilities reported so far in 2022 scored incorrectly https://www.scmagazine.com/news/vulnerability-management/half-of-10-0-cvss-vulnerabilities-reported-so-far-in-2022-scored-incorrectly
• Attackers Have 'Favorite' Vulnerabilities to Exploit https://www.darkreading.com/edge-threat-monitor/attackers-have-favorite-vulnerabilities-to-exploit
• Time from vulnerability disclosures to exploits is shrinking https://www.theregister.com/2022/07/27/palo_alto_unit_42/
• Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers https://thehackernews.com/2022/07/critical-filewave-mdm-flaws-open.html
• FileWave Fixes Bugs That Left 1,000+ Orgs Open To Ransomware https://packetstormsecurity.com/news/view/33676/FileWave-Fixes-Bugs-That-Left-1-000-Orgs-Open-To-Ransomware.html
• LibreOffice addresses security issues with macros, passwords https://www.bleepingcomputer.com/news/security/libreoffice-addresses-security-issues-with-macros-passwords/
• New UEFI firmware flaws impact over 70 Lenovo laptop models https://www.bleepingcomputer.com/news/security/new-uefi-firmware-flaws-impact-over-70-lenovo-laptop-models/
• Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products https://blog.talosintelligence.com/2022/07/vulnerability-spotlight-how-code-re-use.html

• Patching:
• Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization https://www.darkreading.com/application-security/security-teams-overwhelmed-bugs-patch-prioritization
• Other Vulnerabilities:
• Microsoft reminder: Windows Server 20H2 reaches EOS next month https://www.bleepingcomputer.com/news/microsoft/microsoft-reminder-windows-server-20h2-reaches-eos-next-month/
• Node.js prototype pollution is bad for your app environment https://www.theregister.com/2022/07/25/nodejs_prototype_pollution/
• Why Bug-Bounty Programs Are Failing Everyone https://www.darkreading.com/black-hat/why-bug-bounty-programs-failing-everyone
• Responsible disclosure: DIVD describes a “long and windy road” notifying a Chinese firm https://www.databreaches.net/responsible-disclosure-divd-describes-a-long-and-windy-road-notifying-a-chinese-firm/
• Cryptography and Cryptographic Research:
• Keyed Streebog is a secure PRF and MAC https://eprint.iacr.org/2022/972

Hacking / Malware / Cybercrime / Exploitation

• Trends, Alerts, and Events (other than major breaches):
• New UFEI Rootkit https://www.schneier.com/blog/archives/2022/07/new-ufei-rootkit.html

• Threat Actors Pivot Around Microsoft's Macro-Blocking in Office https://threatpost.com/threat-pivot-microsofts-macro/180319/
• Hackers scan for vulnerabilities within 15 minutes of disclosure https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosure/
• Hackers exploited PrestaShop zero-day to breach online stores https://www.bleepingcomputer.com/news/security/hackers-exploited-prestashop-zero-day-to-breach-online-stores/
• Microsoft: Windows, Adobe zero-days used to deploy Subzero malware https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-adobe-zero-days-used-to-deploy-subzero-malware/
• Gootkit Loader's Updated Tactics and Fileless Delivery of Cobalt Strike https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html
• Newly found Lightning Framework offers a plethora of Linux hacking capabilities https://arstechnica.com/information-technology/2022/07/newly-found-lightning-framework-offers-a-plethora-of-linux-hacking-capabilities/
• MS-SQL servers hacked to steal bandwidth with proxyware https://www.bleepingcomputer.com/news/security/ms-sql-servers-hacked-to-steal-bandwidth-with-proxyware/
• Malicious IIS extensions quietly open persistent backdoors into servers https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/
• Adware cleaner apps promoted on Facebook sneaked into the Play Store https://www.bleepingcomputer.com/news/security/adware-cleaner-apps-promoted-on-facebook-sneaked-into-the-play-store/
• New Android malware apps installed 10 million times from Google Play https://www.bleepingcomputer.com/news/security/new-android-malware-apps-installed-10-million-times-from-google-play/
• New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts https://thehackernews.com/2022/07/new-ducktail-infostealer-malware.html
• Qakbot Is Back With a New Trick: DLL Sideloading https://www.darkreading.com/attacks-breaches/qakbot-back-new-trick-dll-sideloading
• Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands https://threatpost.com/popular-bait-in-phishing-attacks/180281/
• LinkedIn phishing target employees managing Facebook Ad Accounts https://www.bleepingcomputer.com/news/security/linkedin-phishing-target-employees-managing-facebook-ad-accounts/
• Huge network of 11,000 fake investment sites targets Europe https://www.bleepingcomputer.com/news/security/huge-network-of-11-000-fake-investment-sites-targets-europe/
• Crime & Arrests, etc.:
• US raises reward for tips on North Korean hackers to $10 million https://www.bleepingcomputer.com/news/security/us-raises-reward-for-tips-on-north-korean-hackers-to-10-million/
• Worldwide NFT heists tracker (updated daily) https://www.comparitech.com/blog/vpn-privacy/biggest-nft-heists/
• Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection https://thehackernews.com/2022/07/hackers-increasingly-using-webassembly.html
• Hackers steal $6 million from blockchain music platform Audius https://www.bleepingcomputer.com/news/security/hackers-steal-6-million-from-blockchain-music-platform-audius/
• Members of GnosticPlayers arrested and charged as members of ShinyHunters? https://www.databreaches.net/members-of-gnosticplayers-arrested-and-charged-as-members-of-shinyhunters/
• Spyware developer charged by Australian Police after 14,500 sales https://www.theregister.com/2022/08/01/asia_tech_news_roundup/
• Australia charges dev of Imminent Monitor RAT used by domestic abusers https://www.bleepingcomputer.com/news/security/australia-charges-dev-of-imminent-monitor-rat-used-by-domestic-abusers/
• Woman gets prison time after her GoFundMe duped donors out of $400,000 https://www.washingtonpost.com/nation/2022/07/25/kate-mcclure-gofundme-scam/
• U.S. Bank illegally used customer data to create sham accounts to inflate sales numbers for the last decade. Now they've been fined $37.5 million plus interest on unlawfully collected fees. https://www.businessinsider.com/us-bank-fined-375-million-for-illegally-using-customer-data-2022-7
• Nation State Actors:
• Microsoft Zero-Days Sold and then Used https://www.schneier.com/blog/archives/2022/07/microsoft-zero-days-sold-and-then-used.html
• Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
• Microsoft says 0-days sold by Austrian firm were used to hack customers https://arstechnica.com/information-technology/2022/07/microsoft-says-0-days-sold-by-austrian-firm-were-used-to-hack-customers/
• European Lawmaker Targeted With Cytrox Predator Surveillance Spyware https://www.securityweek.com/european-lawmaker-targeted-cytrox-predator-surveillance-spyware
• Israeli company Candiru allegedly behind cyberattacks against journalists https://www.databreaches.net/israeli-company-candiru-allegedly-behind-cyberattacks-against-journalists/
• We're likely only seeing 'the tip of the iceberg' of Pegasus spyware use against the US https://www.theregister.com/2022/07/27/us_congress_spyware_debate/
• Calls Mount for US Gov Clampdown on Mercenary Spyware Merchants https://www.securityweek.com/calls-mount-us-gov-clampdown-mercenary-spyware-merchants
• Cyber-mercenaries for hire represent shifting criminal business model https://www.theregister.com/2022/07/25/aig-unique-cybercrime-business/
• Chinese UEFI Rootkit Found on Gigabyte and Asus Motherboards https://www.securityweek.com/chinese-uefi-rootkit-found-gigabyte-and-asus-motherboards

Other Security / Risk

• General:
• The Word of the Year Is ‘Uncertainty' https://www.nytimes.com/2022/07/28/technology/tech-uncertainty.html
• Ready or not, the Glassholes are coming back https://www.theverge.com/2022/7/25/23054367/google-ar-glasses-glassholes-coming-back
• Meta might let anti-vax posts back onto Facebook and Instagram https://www.theverge.com/2022/7/27/23280404/facebook-instagram-covid-antivax-misinformation-oversight-board-review
• Health:
• A “nano-robot” built entirely from DNA to explore cell processes https://scienmag.com/a-nano-robot-built-entirely-from-dna-to-explore-cell-processes/
• DeepMind uncovers structure of 200m proteins in scientific leap forward https://www.theguardian.com/technology/2022/jul/28/deepmind-uncovers-structure-of-200m-proteins-in-scientific-leap-forward
• Dietary Supplement Cuts Risk of Hereditary Cancer by 60%, Scientists Find https://www.sciencealert.com/in-a-first-a-dietary-supplement-shown-to-cut-the-risk-of-hereditary-cancer-by-60
• Stick-on ultrasound patch hailed as revolution in medical imaging https://www.theguardian.com/science/2022/jul/28/stick-on-ultrasound-patch-revolution-medical-imaging
• Tens of thousands of nurses on the sidelines as ERs on the brink of closure in Ontario https://toronto.ctvnews.ca/tens-of-thousands-of-nurses-on-the-sidelines-as-ers-on-the-brink-of-closure-in-ontario-1.6002766
• 'Titanic' staffing crisis leaving at least 14 Ontario hospital units shut down ahead of long weekend https://toronto.ctvnews.ca/titanic-staffing-crisis-leaving-at-least-14-ontario-hospital-units-shut-down-ahead-of-long-weekend-1.6006460
• After 1st U.S. polio case in a decade, doctors in Canada stress vaccination https://globalnews.ca/news/9017164/canada-after-u-s-polio-case-doctors-stress-vaccination/
• Exposure to ‘forever chemicals' costs US billions in health costs https://scienmag.com/exposure-to-forever-chemicals-costs-us-billions-in-health-costs/
• Mystery Child Hepatitis Seems to Be 2 Viruses Working Together, Scientists Say https://www.sciencealert.com/research-breakthrough-in-mystery-child-hepatitis
• How Long Can the Coronavirus Keep Reinfecting Us? https://www.theatlantic.com/health/archive/2022/07/coronavirus-will-never-run-out-ways-reinfect-us/670976/
• The Earliest Known Cases of COVID-19 Have Finally Been Pinpointed https://www.sciencealert.com/scientists-have-finally-pinpointed-the-location-of-the-earliest-cases-of-covid-19
• New Face Mask Material Can Capture And Deactivate Coronavirus Particles https://www.sciencealert.com/newly-designed-face-mask-can-capture-and-deactivate-coronavirus-particles
• COVID vaccine patch fights variants better than needles https://scienmag.com/covid-vaccine-patch-fights-variants-better-than-needles/
• Pfizer begins mid-stage trial for new vaccine targeting Omicron subvariant https://globalnews.ca/news/9019914/pfizer-mid-stage-vaccine-omicron-subvariant/
• Promising developments in pursuit to design pan-coronavirus vaccine https://scienmag.com/promising-developments-in-pursuit-to-design-pan-coronavirus-vaccine/
• Window is closing to stop monkeypox spread, experts say https://www.ctvnews.ca/health/window-is-closing-to-stop-monkeypox-spread-experts-say-1.6003718
• Safety:
• 'Extremely dangerous': Multiple people seen riding on top of moving GO Train https://toronto.ctvnews.ca/extremely-dangerous-multiple-people-seen-riding-on-top-of-moving-go-train-1.6003262
• EF0 tornado touched down in Wyoming, Ont. last week, Northern Tornadoes Project confirms https://globalnews.ca/news/9016212/ef0-tornado-wyoming-ont-july-19-northern-tornadoes-project/
• Man choked by 18-foot boa constrictor dies in hospital days after attack https://globalnews.ca/news/9016286/man-strangled-18-foot-boa-constrictor-dies-hospital/
• China's Long March Rocket Booster Makes Uncontrolled Reentry Back to Earth https://www.universetoday.com/156962/chinas-long-march-rocket-booster-makes-uncontrolled-reentry-back-to-earth/
• Falling Space Junk has a 10% Chance of Killing Someone in the Next Decade https://www.universetoday.com/156916/falling-space-junk-has-a-10-chance-of-killing-someone-in-the-next-decade/
• Ontario driver busted going 200km/h says he didn't know he was speeding https://toronto.ctvnews.ca/ontario-driver-busted-going-200km-h-says-he-didn-t-know-he-was-speeding-1.6002915
• Environment:
• Invasive reptiles and amphibians have cost the global economy billions, study suggests https://www.cbc.ca/news/science/invasive-reptiles-amphibians-study-1.6536446
• Utah's Great Salt Lake is running out of water https://www.bbc.co.uk/news/world-us-canada-62300414
• Can hydrogen fuel cells power Microsoft data centers? https://www.theverge.com/2022/7/28/23281394/microsoft-data-centers-hydrogen-fuel-cells
• Joe Biden's new plan: solar power for everyone, not just the rich https://www.theverge.com/2022/7/27/23280446/community-solar-power-biden-energy-bills-clean-electricity
• Economy:
• US makes huge interest rate rise to tame soaring prices https://www.bbc.co.uk/news/business-62310354
• US home prices are about to tumble as demand for new houses 'craters', an economist warns https://markets.businessinsider.com/news/stocks/housing-market-crash-new-homes-prices-mortgage-applications-cratering-rates-2022-7
• An Ohio man quit his job as a teacher after six years to work at a Walmart because it pays $12,000 more per year https://www.businessinsider.com/ohio-teacher-quits-walmart-job-paying-12000-tiktok-2022-7
• Shopify just cut thousands of jobs in Toronto https://www.blogto.com/tech/2022/07/canadian-tech-company-cuts-thousands-jobs-toronto/
• Shopify Cutting 10% of Global Workforce https://www.pymnts.com/news/ecommerce/2022/shopify-cutting-10-of-global-workforce/

Russia v. Ukraine

• The war:
• Russian advance puts fate of Ukraine's 2nd biggest power plant in question https://globalnews.ca/news/9018652/ukraine-russia-donbas-war-july-27/
• More than 75,000 Russian troops in Ukraine have been killed or injured, US says — one of the highest estimates so far https://www.businessinsider.com/75000-russian-troops-killed-or-injured-ukraine-us-says-reports-2022-7
• Ukraine war: Grain exports could restart 'within days' https://www.bbc.co.uk/news/world-europe-62296640
• Reaction and response:
• U.N. meeting set to talk nuclear weapons as Russia-Ukraine war heightens concerns https://globalnews.ca/news/9027927/ukraine-nuclear-nonproliferation-treaty-russia-un/
• Ukraine will pursue war-crimes charges against leaders of JPMorgan Chase, Citi, and HSBC over Russia financing, Zelenskyy's economic advisor says https://www.businessinsider.com/ukraine-zelenskyy-pursue-war-crimes-charges-leaders-jpmorgan-citi-hsbc-2022-7
• Cold showers as German city of Hanover reacts to Russian gas crisis https://www.bbc.co.uk/news/world-europe-62335911
• Germany says it may leave its final 3 nuclear energy plants running for longer than planned, reversing nearly a decade of work https://www.businessinsider.com/germany-delay-nuclear-energy-plant-exit-russia-natural-gas-cut-2022-7
• UK troops in Finland exercise amid Russia threats https://www.bbc.co.uk/news/uk-62356696
• Sweden's new, quiet submarines could give Russia even more headaches https://www.businessinsider.com/sweden-new-blekinge-class-submarines-could-give-russia-headaches-2022-7
• Russia to pull out of International Space Station https://www.bbc.co.uk/news/world-europe-62308069
• Russia reportedly tells NASA it's staying with the International Space Station until at least 2028 https://www.theverge.com/2022/7/27/23281086/nasa-roscosmos-russia-international-space-station-2028-partnership
• Sanctions & economic Impact:
• Russia faces 'economic oblivion' as Western sanctions continue to eat away at GDP, new study says https://markets.businessinsider.com/news/commodities/russia-economic-oblivion-western-sanctions-gdp-ukraine-war-oil-crude-2022-7
• Ukraine war: UK sanctions leaders of Ukraine breakaway regions https://www.bbc.co.uk/news/uk-62308191
• Gazprom stops Latvia's gas in latest Russian cut to EU https://www.bbc.co.uk/news/world-europe-62359890
• Kraken, a U.S. Crypto Exchange, Is Suspected of Violating Sanctions https://www.nytimes.com/2022/07/26/technology/kraken-crypto-iran.html
• Information, Disinformation, and Propaganda:
• How Tor Is Fighting—and Beating—Russian Censorship https://www.wired.com/story/tor-browser-russia-blocks/
• Russia is quietly ramping up its Internet censorship machine https://arstechnica.com/information-technology/2022/07/russia-is-quietly-ramping-up-its-internet-censorship-machine/
• Russia is trying to convince African nations that food shortages caused by the invasion of Ukraine are not its fault https://www.businessinsider.com/russia-ukraine-invasion-food-shortages-says-not-its-fault-2022-7

Off-Topic / Science & Tech / Lighter Side

• Innovations & Inventions:
• Scientists Invent a Paper Battery--Just Add Water https://www.scientificamerican.com/article/scientists-invent-a-paper-battery-just-add-water/
• US regulators will certify first small nuclear reactor design https://arstechnica.com/science/2022/07/us-regulators-will-certify-first-small-nuclear-reactor-design/
• Ex-SpaceX Engineer Builds Martian Nuclear Reactor To Tackle Earth's Power Crisis https://www.autoevolution.com/news/ex-spacex-engineer-builds-martian-nuclear-reactor-to-tackle-earth-s-power-crisis-194798.html
• Other:
• The Elusive Origin of Zero https://www.scientificamerican.com/article/the-elusive-origin-of-zero/
• ESA's EnVision Mission Doesn't Have a lot of Fuel, so it's Going to Aerobrake in the Atmosphere of Venus https://www.universetoday.com/156940/esas-envision-mission-doesnt-have-a-lot-of-fuel-so-its-going-to-aerobrake-in-the-atmosphere-of-venus/
• Planet 9 is Running out of Places to Hide https://www.universetoday.com/156975/planet-9-is-running-out-of-places-to-hide/
• New Phase of Matter Opens Portal to Extra Time Dimension https://www.scientificamerican.com/article/new-phase-of-matter-opens-portal-to-extra-time-dimension/
• A Black Hole can Tear a Neutron Star Apart in Less Than 2 Seconds https://www.universetoday.com/156811/a-black-hole-can-tear-a-neutron-star-apart-in-less-than-2-seconds/