This Week's [in]Security - Issue 281

Welcome to This Week’s [in]Security. Updated FAQs for v4, In-app browsers, improved Rubber Duck USB attack tool! New breaches: response backfires, healthcare, Microsoft. New Ransomware: preparedness, wrong victim, dog-pile. Outages. Follow-ups. Privacy: data brokers, health apps. Laws & Regs - Canada: AI & Data Act, spyware, ArriveCan. US: ransom bans. World: Trans-Atlantic, EU ID. NIST Key Derivation, AI bias. Defense - Cybersecurity Career Awareness, OpenSSF, harder kernels, searches, exploitability, SSDs. Vulnerabilities - advisories, zerodays, patching; Significant: roundup, bootloaders, zoom, CPUs, resonance; disclosure timelines, iOS VPNs, bitlocker. Research & Crypto-research: block ciphers, more PQC. Cybercrime - SMS & Signal, cookies & MFA, browser extensions, NPM & PyPi. Crime & Enforcement. Nation States and mercenaries. Other Risks - cyber-insurance, medical photos, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates multiple FAQs to support transition from DSS v3.2.1 to v4.0 (Aug 2022):
• #1066 What is an "inactive user account" as used in PCI DSS Requirement 8? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/What-is-an-inactive-user-account-as-used-in-PCI-DSS-Requirement-8
• #1068 Are digital leased lines considered public or private? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Are-digital-leased-lines-considered-public-or-private
• #1069 Does PCI DSS apply to paper with cardholder data (for example, receipts, reports, etc.)? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Does-PCI-DSS-apply-to-paper-with-cardholder-data-for-example-receipts-reports-etc
• #1070 Are digital images containing cardholder data and/or sensitive authentication data included in the scope of the PCI DSS? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Are-digital-images-containing-cardholder-data-and-or-sensitive-authentication-data-included-in-the-scope-of-the-PCI-DSS/
• #1073 Do PCI DSS Requirements apply to Bluetooth technology? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Do-PCI-DSS-Requirements-apply-to-Bluetooth-technology
• #1085 Can unencrypted PANs be sent over e-mail, instant messaging, SMS, or chat? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Can-unencrypted-PANs-be-sent-over-e-mail-instant-messaging-SMS-or-chat
• #1224 What does “one function per server” mean? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/What-does-one-function-per-server-mean
• #1327 Do PANs need to be masked on cardholder statements sent by issuers to customers? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Do-PANs-need-to-be-masked-on-cardholder-statements-sent-by-issuers-to-customers
• Control Gap's index of all PCI FAQ's https://www.controlgap.com/pci-frequently-asked-questions
• Payment skimmers/malware/fraud:
• Debit card fraud leaves Ally Bank customers, small stores reeling https://arstechnica.com/information-technology/2022/08/wave-of-debit-card-fraud-hits-ally-bank-customers-hacked-vendors/
• 3 suspects wanted after ATM broken open with saws in Mission, B.C. https://globalnews.ca/news/9071591/suspects-wanted-atm-broken-open-saws-mission-b-c/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• When Efforts to Contain a Data Breach Backfire https://krebsonsecurity.com/2022/08/when-efforts-to-contain-a-data-breach-backfire/
• The Alarming Financial and Reputational Costs of Healthcare Data Breaches Keep Rising https://www.pymnts.com/healthcare/2022/the-alarming-financial-and-reputational-costs-of-healthcare-data-breaches-keep-rising/
• Microsoft Employees Exposed Own Company's Internal Logins https://packetstormsecurity.com/news/view/33735/Microsoft-Employees-Exposed-Own-Companys-Internal-Logins.html
• Growing leak of Elastic db at Chinese adult content site - 14 million user accounts, 24GB https://www.hackread.com/chinese-adult-site-leaking-14-million-user-details/
• LockBit claims ransomware attack on security giant Entrust https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust/
• NY: Practice Resources, LLC notifies 942,138 patients after ransomware attack https://www.databreaches.net/ny-practice-resources-llc-notifies-942138-patients-after-ransomware-attack/
• Signal says third-party data breach exposed 1,900 phone numbers https://www.databreaches.net/signal-says-third-party-data-breach-exposed-1900-phone-numbers/
• SFERRA Fine Linens notifying individuals of breach https://www.databreaches.net/sferra-fine-linens-notifying-individuals-of-breach/
• New Ransomware and "Incidents":
• Ransomware Preparedness: Why Organizations Should Plan for Ransomware Attacks Like Disasters https://www.tenable.com/blog/ransomware-preparedness-why-organizations-should-plan-for-ransomware-attacks-like-disasters
• Hackers attack UK water supplier but extort wrong victim https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-victim/
• Argentina's Judiciary of Córdoba suffered a serious computer attack https://www.databreaches.net/argentinas-judiciary-of-cordoba-suffered-a-serious-computer-attack/
• Pl: Hackers have attacked a company that provides remote reading of water meters https://www.databreaches.net/pl-hackers-have-attacked-a-company-that-provides-remote-reading-of-water-meters/
• Once, Twice, Three Times A Ransomware Victim: unnamed auto-parts supplies company Triple-Hacked In Just 2 Weeks https://www.forbes.com/sites/daveywinder/2022/08/13/once-twice-three-times-a-ransomware-victim-triple-hacked-in-just-2-weeks/
• Atlantic Dialysis Management Services notifies patients of data security incident https://www.databreaches.net/atlantic-dialysis-management-services-notifies-patients-of-data-security-incident/
• Major outages/downs/DDoS:
• Google Blocks Third Record Breaking DDoS Attack In As Many Months https://packetstormsecurity.com/news/view/33747/Google-Blocks-Third-Record-Breaking-DDoS-Attack-In-As-Many-Months.html
• Follow-ups and fall-out:
• AT&T denies connection to database of 23 million SSNs, says it may be tied to credit agency breach https://www.databreaches.net/att-denies-connection-to-database-of-23-million-ssns-says-it-may-be-tied-to-credit-agency-breach/
• Ransomware Group Threatens to Leak Data Stolen From Security Firm Entrust https://www.securityweek.com/ransomware-group-threatens-leak-data-stolen-security-firm-entrust
• Digital Ocean dumps Mailchimp after attack leaked customer email addresses https://www.databreaches.net/digital-ocean-dumps-mailchimp-after-attack-leaked-customer-email-addresses/
• Banorte - 2,107,000 breached accounts https://haveibeenpwned.com/PwnedWebsites#Banorte
• SitePoint - 1,021,790 breached accounts https://haveibeenpwned.com/PwnedWebsites#SitePoint
• Florida Orthopaedic Institute settles lawsuit after 2020 ransomware incident https://www.databreaches.net/florida-orthopaedic-institute-settles-lawsuit-after-2020-ransomware-incident/
• Ca: St. Joe's creates new executive position for security of patient files amid backlash https://www.databreaches.net/ca-st-joes-creates-new-executive-position-for-security-of-patient-files-amid-backlash/

Privacy

Articles about privacy related news, risks, and trends.

• In-App Browser JavaScript Injection & keystroke monitoring:
• TikTok Browser Can Track Users' Keystrokes, According to New Research https://www.nytimes.com/2022/08/19/technology/tiktok-browser-tracking.html
• iOS Privacy: Announcing InAppBrowser.com - see what JavaScript commands get injected through an in-app browser https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
• This site exposes the creepy things in-app browsers from TikTok and Instagram might track https://www.theverge.com/2022/8/19/23312725/in-app-browser-tracking-facebook-instagram-privacy-tool
• New tool checks if in-app mobile browsers inject risky code on sites https://www.bleepingcomputer.com/news/security/new-tool-checks-if-in-app-mobile-browsers-inject-risky-code-on-sites/
• Bad Data “For Good”: How Data Brokers Try to Hide Behind Academic Research https://www.eff.org/deeplinks/2022/08/bad-data-good-how-data-brokers-try-hide-academic-research
• Mozilla finds 18 of 25 popular reproductive health apps share your data https://www.theregister.com/2022/08/17/mozilla_pregnancy_app/
• CIA accused of illegally spying on Americans visiting Assange in embassy https://www.theregister.com/2022/08/15/assange_cia_spyware/
• CitizenLab August Newsletter https://mailchi.mp/citizenlab.ca/pegasus-spyware-used-in-thailand-and-more-news

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• The Law Bytes Podcast, Episode 139: Florian Martin-Bariteau on the Artificial Intelligence and Data Act https://www.michaelgeist.ca/2022/08/law-bytes-podcast-episode-139/
• MPs, senators to review how security agencies use spyware during investigations https://globalnews.ca/news/9070365/security-intelligence-intercept-review/
• ArriveCAN: A look at the federal government's plan for the contentious app https://globalnews.ca/news/9064514/arrivecan-federal-governments-plan/
• US:
• US lawmakers told by House of Representatives that TikTok is 'high risk' and they should avoid using it due to privacy concerns https://www.businessinsider.com/tiktok-us-lawmakers-warned-house-of-representatives-high-risk-2022-8
• Patchwork of US State Regulations Becomes More Complex as Florida, North Carolina Ban Ransomware Payments https://www.databreaches.net/patchwork-of-us-state-regulations-becomes-more-complex-as-florida-north-carolina-ban-ransomware-payments/
• General Monitoring is not the Answer to the Problem of Online Harms https://www.eff.org/deeplinks/2022/08/general-monitoring-not-answer-problem-online-harms
• NYDFS Proposed Amendments to Its Cybersecurity Rules https://www.databreaches.net/nydfs-proposed-amendments-to-its-cybersecurity-rules/
• Def Con banned a social engineering star — now he's suing https://www.theverge.com/2022/8/18/23311573/chris-hadnagy-social-engineering-def-con-ban-lawsuit-jeff-moss
• World:
• What Is the Trans-Atlantic Data Privacy Framework? 2022 Guide to the Privacy Shield Replacement https://www.cloudwards.net/trans-atlantic-data-privacy-framework/
• The EU has introduced a new ‘digital’ ID https://www.politico.eu/article/eu-europe-digital-id/
• Standards News:
• NIST Publishes SP 800-108 Revision 1, Recommendation for Key Derivation Using Pseudorandom Functions https://csrc.nist.gov/publications/detail/sp/800-108/rev-1/final
• NCCoE Releases Draft Project Description for Mitigating AI Bias https://content.govdelivery.com/accounts/USNIST/bulletins/3285570
• Black Hat USA 2022: Are Cybersecurity Tool Standards on the Way? https://blog.isc2.org/isc2_blog/2022/08/black-hat-usa-2022.html

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• Make a Commitment to Participate in Cybersecurity Career Awareness Week https://content.govdelivery.com/accounts/USNIST/bulletins/32739dc
• General:
• OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain https://www.darkreading.com/application-security/openssf-announces-13-new-members-committed-to-strengthening-the-security-of-the-open-source-software-supply-chain
• Google Wants To Make Linux Kernel Flaws Harder To Exploit https://packetstormsecurity.com/news/view/33734/Google-Wants-To-Make-Linux-Kernel-Flaws-Harder-To-Exploit.html
• Team including Carnegie Mellon University wins DEF CON's hacking competition https://scienmag.com/team-including-carnegie-mellon-university-wins-def-cons-hacking-competition/
• Penetration Testing or Vulnerability Scanning? What's the Difference? https://thehackernews.com/2022/08/penetration-testing-or-vulnerability.html
• Methods, Techniques, Tools, and Products:
• USB “Rubber Ducky” Attack Tool https://www.schneier.com/blog/archives/2022/08/usb-rubber-ducky-attack-tool.html
• Google search updates will prioritize real reviews over clickbait https://www.theverge.com/2022/8/18/23309465/google-search-updates-reviews-clickbait
• The new USB Rubber Ducky is more dangerous than ever https://www.theverge.com/23308394/usb-rubber-ducky-review-hack5-defcon-duckyscript
• Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out https://www.darkreading.com/application-security/security-bugs-exploited-model-machine-learning
• How to Securely Erase an SSD or HDD Before Selling It or Your PC https://www.tomshardware.com/how-to/secure-erase-ssd-or-hard-drive
• Microsoft Sysmon 14 can now block the creation of executables https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-14-can-now-block-the-creation-of-executables/
• Modern security demands an empathy-first approach to insiders https://www.technologyreview.com/2022/08/16/1057500/modern-security-demands-an-empathy-first-approach-to-insiders/
• Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says https://www.theregister.com/2022/08/16/microsoft_russian_spies/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog https://thehackernews.com/2022/08/cisa-adds-7-new-actively-exploited.html
• FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks https://www.securityweek.com/fbi-warns-proxies-and-configurations-used-credential-stuffing-attacks
• Zero-day and other recent vulnerability news:
• Update Chrome now to patch actively exploited zero-day https://arstechnica.com/information-technology/2022/08/update-chrome-now-to-patch-actively-exploited-zero-day/
• Patching:
• Google, Apple squash exploitable browser bugs https://www.theregister.com/2022/08/17/google_chrome_bug/
• iOS 15.6.1—Update Now Warning Issued To All iPhone Users https://www.forbes.com/sites/kateoflahertyuk/2022/08/19/ios-1561-update-now-warning-issued-to-all-iphone-users/
• Quarterly Security Patches Released for Splunk Enterprise https://www.securityweek.com/quarterly-security-patches-released-splunk-enterprise
• Ring Patched An Android Bug That Could Have Exposed Video Footage https://packetstormsecurity.com/news/view/33748/Ring-Patched-An-Android-Bug-That-Could-Have-Exposed-Video-Footage.html
• OtheSignificant:
• Control Gap Vulnerability Roundup: August 6th to August 12th https://www.controlgap.com/blog/vulnerability-roundup-august-6th-august-12th
• Secure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade https://www.securityweek.com/secure-boot-bypass-flaws-affect-bootloaders-many-devices-made-past-decade
• Windows Vulnerability Could Crack DC Server Credentials Open https://www.darkreading.com/remote-workforce/windows-vulnerability-could-crack-dc-server-credentials-open
• Zoom Exploit on MacOS https://www.schneier.com/blog/archives/2022/08/zoom-exploit-on-macos.html
• ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors https://thehackernews.com/2022/08/pic-and-squip-vulnerabilities-found-in.html
• Janet Jackson's ‘Rhythm Nation' apparently vibed too hard for some laptops https://www.theverge.com/2022/8/17/23310033/janet-jackson-rhythm-nation-laptop-crash-windows-xp-hard-drives
• Other Vulnerabilities:
• Analyzing the Hidden Danger of Environment Variables for Keeping Secrets https://www.trendmicro.com/en_us/research/22/h/analyzing-hidden-danger-of-environment-variables-for-keeping-secrets.html
• Vulnerability Wholesaler Cuts Disclosure Times Over Poor Quality Patches https://packetstormsecurity.com/news/view/33743/Vulnerability-Wholesaler-Cuts-Disclosure-Times-Over-Poor-Quality-Patches.html
• iOS VPNs have leaked traffic for more than 2 years, researcher claims https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/
• Windows KB5012170 update causing BitLocker recovery screens, boot issues https://www.bleepingcomputer.com/news/microsoft/windows-kb5012170-update-causing-bitlocker-recovery-screens-boot-issues/
• What Exposed Open Policy Agent (OPA) Servers Can Tell You About Your Applications https://www.trendmicro.com/en_us/research/22/h/what-exposed-opa-servers-can-tell-you-about-your-applications-.html
• Security Analysis Leads to Discovery of Vulnerabilities in 18 Electron Applications https://www.securityweek.com/security-analysis-leads-discovery-vulnerabilities-18-electron-applications
• Uncovering a ChromeOS remote memory corruption vulnerability https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/
• Critical Vulnerability in Google's Titan M Chip Earns Researchers $75,000 https://www.securityweek.com/critical-vulnerability-googles-titan-m-chip-earns-researchers-75000
• Research on new vulnerabilities:
• Oh Deere: Farm hardware jailbroken to run Doom https://www.theregister.com/2022/08/16/john_deere_doom/
• Remotely Controlling Touchscreens https://www.schneier.com/blog/archives/2022/08/remotely-controlling-touchscreens-2.html
• This String Of Emojis Is Actually Malware https://packetstormsecurity.com/news/view/33732/This-String-Of-Emojis-Is-Actually-Malware.html
• Xiaomi Phone Bug Allowed Payment Forgery https://packetstormsecurity.com/news/view/33737/Xiaomi-Phone-Bug-Allowed-Payment-Forgery.html
• Cryptography and Cryptographic Research:
• A Note on the Theoretical and Practical Security of Block Ciphers https://eprint.iacr.org/2022/1065
• Breaking Category Five SPHINCS+ with SHA-256 https://eprint.iacr.org/2022/1061
• Lattice Reduction Meets Key-Mismatch: New Misuse Attack on Lattice-Based NIST Candidate KEMs https://eprint.iacr.org/2022/1064
• SIDH with masked torsion point images https://eprint.iacr.org/2022/1054
• A Study of Error Floor Behavior in QC-MDPC Codes https://eprint.iacr.org/2022/1043
• Weak Subtweakeys in SKINNY https://eprint.iacr.org/2022/1042
• Indian military ready to put long-range quantum key distribution on the line https://www.theregister.com/2022/08/15/indian_military_qkd/
• An encrypted ZIP file can have two correct passwords — here's why https://www.bleepingcomputer.com/news/security/an-encrypted-zip-file-can-have-two-correct-passwords-heres-why/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Credential Theft Is (Still) A Top Attack Method https://thehackernews.com/2022/08/credential-theft-is-still-top-attack.html
• How A Third Party SMS Service Was Used To Take Over Signal Accounts https://packetstormsecurity.com/news/view/33745/How-A-Third-Party-SMS-Service-Was-Used-To-Take-Over-Signal-Accounts.html
• Hackers are using cookies to sidestep two-factor authentication https://www.databreaches.net/hackers-are-using-cookies-to-sidestep-two-factor-authentication/
• Hackers may have exploited security flaws - Apple https://www.bbc.co.uk/news/technology-62602909
• Malicious browser extensions targeted almost 7 million people https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-targeted-almost-7-million-people/
• Android malware apps with 2 million installs found on Google Play https://www.bleepingcomputer.com/news/security/android-malware-apps-with-2-million-installs-found-on-google-play/
• 241 npm and PyPI packages caught dropping Linux cryptominers https://www.bleepingcomputer.com/news/security/241-npm-and-pypi-packages-caught-dropping-linux-cryptominers/
• Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox https://www.darkreading.com/application-security/whack-a-mole-malicious-pypi-packages-target-discord-roblox
• SAP Vulnerability Exploited in Attacks After Details Disclosed at Hacker Conferences https://www.securityweek.com/sap-vulnerability-exploited-attacks-after-details-disclosed-hacker-conferences
• AsyncRAT C2 Framework: Overview, Technical Analysis & Detection https://blog.qualys.com/vulnerabilities-threat-research/2022/08/16/asyncrat-c2-framework-overview-technical-analysis-and-detection
• Grandoreiro banking malware targets manufacturers in Spain, Mexico https://www.bleepingcomputer.com/news/security/grandoreiro-banking-malware-targets-manufacturers-in-spain-mexico/
• New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html
• SOVA Android Banking Trojan Returns With New Capabilities and Targets https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html
• WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware https://www.bleepingcomputer.com/news/security/wordpress-sites-hacked-with-fake-cloudflare-ddos-alerts-pushing-malware/
• A Quick VoIP Experiment shows attacks against SIP (Wed, Aug 17th) https://isc.sans.edu/diary/rss/28950
• $23 Million YouTube Royalties Scam https://www.schneier.com/blog/archives/2022/08/23-million-youtube-royalties-scam.html
• Crime & Arrests, etc.:
• COVID Fraud Could Hit $163B, Experts Say https://www.pymnts.com/news/security-and-risk/2022/covid-fraud-could-hit-163b-experts-say/
• SEC Charges 18 Over Scheme Involving Hacked Brokerage Accounts https://www.securityweek.com/sec-charges-18-over-scheme-involving-hacked-brokerage-accounts
• SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam https://www.theregister.com/2022/08/16/sec_hacking_fraud_charges/
• Library’s prized Galileo manuscript turns out to be a clever forgery https://arstechnica.com/science/2022/08/librarys-prized-galileo-manuscript-turns-out-to-be-a-clever-forgery/
• Russian Man Extradited to US for Laundering Ryuk Ransomware Money https://www.securityweek.com/russian-man-extradited-us-laundering-ryuk-ransomware-money
• Three Nigerian BEC Fraudsters Extradited From UK to US https://www.securityweek.com/three-nigerian-bec-fraudsters-extradited-uk-us
• Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug https://www.bleepingcomputer.com/news/security/hackers-steal-crypto-from-bitcoin-atms-by-exploiting-zero-day-bug/
• She Had an AirTag in Her Lost Luggage. It Led Police to a Baggage Handler's Home. https://www.nytimes.com/2022/08/19/us/airtags-luggage-theft.html
• Nation State Actors:
• China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure https://www.darkreading.com/threat-intelligence/china-backed-redalpha-apt-sprawling-cyberespionage-infrastructure
• Chinese Cyberspy Group 'RedAlpha' Targeting Governments, Humanitarian Entities https://www.securityweek.com/chinese-cyberspy-group-redalpha-targeting-governments-humanitarian-entities
• China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year https://thehackernews.com/2022/08/china-backed-apt41-hackers-targeted-13.html
• China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload https://www.darkreading.com/remote-workforce/china-apt41-baffling-approach-cobalt-strike-payload
• China's Winnti Group Hacked at Least 13 Organizations in 2021: Security Firm https://www.securityweek.com/chinas-winnti-group-hacked-least-13-organizations-2021-security-firm
• Winnti hackers split Cobalt Strike into 154 pieces to evade detection https://www.bleepingcomputer.com/news/security/winnti-hackers-split-cobalt-strike-into-154-pieces-to-evade-detection/
• Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers https://thehackernews.com/2022/08/researchers-link-multi-year-mass.html
• Microsoft disrupts Russian hackers' operation on NATO targets https://www.bleepingcomputer.com/news/security/microsoft-disrupts-russian-hackers-operation-on-nato-targets/
• Microsoft Warns About Phishing Attacks by Russia-linked Hackers https://thehackernews.com/2022/08/microsoft-warns-about-phishing-attacks.html
• Russian APT29 hackers abuse Azure services to hack Microsoft 365 users https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-abuse-azure-services-to-hack-microsoft-365-users/
• Cyberattack on the Presidency of Moldova compromised servers https://www.databreaches.net/cyberattack-on-the-presidency-of-moldova-compromised-servers/
• Estonia thwarts cyberattack claimed by pro-Russia KillNet following removal of Soviet monument https://www.databreaches.net/estonia-thwarts-cyberattack-claimed-by-pro-russia-killnet-following-removal-of-soviet-monument/
• North Korean hackers use signed macOS malware to target IT job seekers https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers/
• CitizenLab – eckoSpy Pegasus Spyware Used against Thailand’s Pro-Democracy Movement https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
• DtSR Episode 513 - CSO Perspective on Security Fundamentals http://podcast.wh1t3rabbit.net/dtsr-episode-513-cso-perspective-on-security-fundamentals
• Lloyd’s of London tells insurers to halt covering state-backed cyberattacks https://www.cityam.com/lloyds-of-london-tells-insurers-to-make-exclusions-for-state-backed-cyberattacks/
• Google AI flagged parents' accounts for potential abuse over nude photos of their sick kids https://www.theverge.com/2022/8/21/23315513/google-photos-csam-scanning-account-deletion-investigation
• Erik Prince wants to sell you a “secure” smartphone that's too good to be true https://www.technologyreview.com/2022/08/19/1058243/erik-prince-wants-to-sell-you-a-secure-smartphone-thats-too-good-to-be-true/
• Windows 10 and Chrome are about to make switching default browsers even less painful https://www.theverge.com/2022/8/15/23307162/windows-11-chrome-default-browser-one-click-22h2
• You can't revert from Android 13 to Android 12 on Pixel 6 devices https://www.theverge.com/2022/8/15/23306798/android-13-roll-back-android-12-pixel-6-tensor-bootloader
• “Don't touch that server. Ralf set that up, and we don't know what it does.” https://www.imperva.com/blog/dont-touch-that-server-ralf-set-that-up-and-we-dont-know-what-it-does/
• Artificial Intelligence and Machine Learning:
• AI-generated art illustrates another problem with computers | John Naughton https://www.theguardian.com/commentisfree/2022/aug/20/ai-art-artificial-intelligence-midjourney-dall-e-replacing-artists
• No code, wrapped: Our ML experiment concludes, but did the machine win? https://arstechnica.com/information-technology/2022/08/no-code-wrapped-our-ml-experiment-concludes-but-did-the-machine-win/
• Disinformation and misinformation
• ‘Hackers against conspiracies’: Cyber sleuths take aim at election disinformation https://www.politico.com/news/2022/08/15/hackers-election-disinformation-00051949
• The ‘QAnon Queen of Canada’ Told Her Followers to Arrest Cops. It Didn’t Go Well https://www.vice.com/en/article/m7gb5y/queen-romana-didulo-citizen-arrest-qanon
• Assessing the toxicity of Reddit comments https://scienmag.com/assessing-the-toxicity-of-reddit-comments/
• Health:
• Blistering CDC report says the agency cannot go on like this — it's too slow, not diverse, and not very good at giving public health advice https://www.businessinsider.com/cdc-report-agency-too-slow-not-diverse-public-health-advice-2022-8
• More than 10,000 have died from illicit drug use since B.C. declared public health emergency https://globalnews.ca/news/9063368/bc-overdose-crisis-public-health-emergency-deaths/
• Some Artificial Sweeteners May Have a Not-So-Sweet Impact on Our Bodies https://www.sciencealert.com/some-artificial-sweeteners-may-have-a-not-so-sweet-impact-on-our-bodies
• We Just Got More Evidence That Two Common Viruses Can Team Up to Trigger Alzheimer's https://www.sciencealert.com/we-just-got-more-evidence-that-two-common-viruses-can-team-up-to-trigger-alzheimers
• Gummies are the next teen nicotine threat, feds say https://www.theverge.com/2022/8/18/23311675/nicotine-gummies-fda-warning-vaping
• A Single Gram of Salt Is The Difference For Millions of Heart Attacks https://www.sciencealert.com/a-single-gram-of-salt-is-the-difference-for-millions-of-heart-attacks
• Another patient has died while waiting for care at a New Brunswick hospital https://globalnews.ca/news/9069462/another-patient-has-died-while-waiting-for-care-at-a-new-brunswick-hospital/
• Apps don't make at-home blood pressure monitoring better https://www.theverge.com/2022/8/15/23306368/home-blood-pressure-apps-cuff
• Balsam fir needles can kill ticks that cause Lyme disease, Dalhousie researcher finds https://www.cbc.ca/news/canada/nova-scotia/dalhousie-study-ticks-lyme-disease-balsam-fir-needles-1.6555304
• ‘We cannot live with 15,000 deaths a week': WHO warns on rise in COVID fatalities https://globalnews.ca/news/9065563/covid-who-deaths-increase-risks-fall/
• COVID-19: N.B. reports Omicron BA.5 subvariant makes up 86% of new cases https://globalnews.ca/news/9063522/nb-covid-19-aug-16-2022/
• New target structure against corona https://scienmag.com/new-target-structure-against-corona/
• Quebec issues 10 tickets tied to fake COVID-19 vaccine passports https://globalnews.ca/news/9069455/quebec-fake-covid-vaccine-passports-tickets/
• Ikea shoppers in China panic, try to escape flash-COVID lockdown https://globalnews.ca/news/9061741/shanghai-ikea-covid-lockdown/
• Safety:
• Tesla's 'full self-driving' controversy now features homemade mannequins and tests on real kids https://www.cnn.com/2022/08/21/business/tesla-fsd-tests-kids/index.html
• A North Carolina man is testing Tesla's Full Self-Driving by driving toward his son in the road in an attempt to refute viral videos of the EV smashing into child mannequins https://www.businessinsider.com/father-tests-tesla-full-self-driving-son-refute-viral-videos-2022-8
• More than 2 million infant swings and rockers are being recalled over strangulation risks after a 10-month-old baby died https://www.businessinsider.com/4moms-mamaroo-rokaroo-2-million-infant-swings-rockers-recall-strangulation-2022-8
• Part of a foot, in a shoe, spotted in Yellowstone hot spring https://apnews.com/article/climate-and-environment-95d895ac3fbc683c94ef1fcf7dc4eaa4
• Environment:
• Map shows 'extreme heat belt' projected to cover a quarter of the US in 30 years, where temperatures would breach 125 degrees Fahrenheit https://www.businessinsider.com/map-shows-united-states-extreme-heat-belt-study-2022-8
• ‘Forever chemicals' destroyed by simple new method https://scienmag.com/forever-chemicals-destroyed-by-simple-new-method/
• 'Extreme Heat Belt' to Snare 100 Million Americans in Decades, Scientists Warn https://www.sciencealert.com/extreme-heat-belt-to-snare-100-million-americans-in-decades-scientists-warn
• For The First Time, Scientists Have Named a Heat Wave. Here's Why It's a Big Deal https://www.sciencealert.com/for-the-first-time-scientists-have-named-a-heat-wave-heres-why-its-a-big-deal
• Hidden 'Hunger Stones' Reveal Drought Warnings From The Past https://www.sciencealert.com/hidden-hunger-stones-reveal-drought-warnings-from-the-past
• Propane – a solution for more sustainable air conditioning https://scienmag.com/propane-a-solution-for-more-sustainable-air-conditioning/
• Ontario powers ahead with Canada's first grid-scale nuclear reactor https://toronto.ctvnews.ca/ontario-powers-ahead-with-canada-s-first-grid-scale-nuclear-reactor-1.6031339
• What Megafires Can Teach Us about California Megafloods https://www.scientificamerican.com/article/what-megafires-can-teach-us-about-california-megafloods/
• Nuclear War Could Spark Global Famine https://www.scientificamerican.com/article/nuclear-war-could-spark-global-famine/
• Scientists plan to revive Tasmanian tiger that has been extinct since 1936 https://globalnews.ca/news/9065795/scientists-tasmanian-tiger-extinct-since-1936/
• Economy:
• A Chinese company accused of ripping off Apple designs unveiled a new humanoid robot that looks a lot like Tesla's https://www.businessinsider.com/xiaomi-unveils-new-bot-that-looks-like-teslabot-2022-8
• The Crypto Geniuses Who Vaporized a Trillion Dollars https://nymag.com/intelligencer/article/three-arrows-capital-kyle-davies-su-zhu-crash.html
• Crypto.com laid off 260 employees — then quietly let go of hundreds more https://www.theverge.com/2022/8/18/23309439/crypto-com-layoffs-unannounced-july-august-bear-market
• FTX's money isn't insured, FDIC says https://www.theverge.com/2022/8/20/23314401/ftx-money-isnt-insured-fdic-sam-bankman-fried-crypto-cease-and-desist

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine war: Bombardments near nuclear plant a concern for all - UN chief https://www.bbc.co.uk/news/world-europe-62608529
• Ukraine war: Russia rejects call to demilitarise Zaporizhzhia nuclear plant area https://www.bbc.co.uk/news/world-europe-62602387
• Ukraine war: Explosions rock Russian-held areas far from front https://globalnews.ca/news/9071439/ukraine-war-russia-news-aug-19/
• Ukraine war: Russian base in Crimea rocked by explosions https://globalnews.ca/news/9062882/russia-ukraine-crimea-explosions-aug-16/
• Russian military uses Chinese drones and bots in combat, over manufacturers' protests https://www.theregister.com/2022/08/17/russia_weaponizes_chinese_drones_robots/
• Reaction and response:
• Ukraine's Crimean fightback having 'psychological impact' on Russia https://www.bbc.co.uk/news/world-europe-62608526
• Sanctions & economic Impact:
• Germany inks deal with natural gas suppliers to keep terminals stocked through the winter as Europe prepares for deeper cuts to energy supplies https://markets.businessinsider.com/news/commodities/germany-russia-natural-gas-supplies-uniper-vng-energy-crisis-winter-2022-8
• Information, Disinformation, and Propaganda:
• Russian paratrooper says it was weeks before he realized that Russia hadn't been attacked and that he had actually invaded Ukraine https://www.businessinsider.com/russian-soldier-said-weeks-before-knew-he-invaded-ukraine-war-2022-8
• Cyber-attacks and the potential for cyber-war:
• 5 Russia-Linked Groups Target Ukraine in Cyberwar https://www.darkreading.com/attacks-breaches/five-russia-linked-groups-target-ukraine-in-cyberwar
• Russian hackers target Ukraine with default Word template hijacker https://www.bleepingcomputer.com/news/security/russian-hackers-target-ukraine-with-default-word-template-hijacker/
• Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware https://thehackernews.com/2022/08/russian-state-hackers-continue-to.html

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• Scientists Just Broke The World Record For The Most Powerful Stable Magnetic Field https://www.sciencealert.com/scientists-just-broke-the-world-record-for-the-most-powerful-stable-magnetic-field
• Other:
• A Snake-Lover Built Robotic Legs For a Snake, and It's Insane https://www.sciencealert.com/a-snake-lover-built-robotic-legs-for-a-snake-and-its-insane
• NASA Astronaut Nicole Aunapu Mann will be the First Indigenous Woman in Space! https://www.universetoday.com/157150/nasa-astronaut-nicole-aunapu-mann-will-be-the-first-indigenous-woman-in-space/
• NASA's SLS rocket is now ready for its August 29 Moon launch https://www.syfy.com/syfy-wire/bad-astronomy-nasa-moon-mission-artemis-1-ready-to-launch
• A Mysterious Crater Found in The Ocean May Be A New Clue to The Dinosaurs' Fate https://www.sciencealert.com/a-mysterious-crater-found-in-the-ocean-may-be-a-new-clue-to-the-dinosaurs-fate
• What is the Maximum Number of Moons that Earth Could Have? https://www.universetoday.com/157213/what-is-the-maximum-number-of-moons-that-earth-could-have/
• Over time, some stars get uncomfortably close to the Sun https://www.syfy.com/syfy-wire/bad-astronomy-several-stars-have-come-within-a-light-year-of-the-sun
• What Is the Black Hole Information Paradox? A Primer https://www.scientificamerican.com/video/what-is-the-black-hole-information-paradox-a-primer/