This Week's [in]Security - Issue 284

Welcome to This Week’s [in]Security. PCI updates. New breaches: TikTok, Holiday Inn, NATO. New Ransomware, Outages, Follow-ups: HIBP. Privacy: Advertisers and searches, Where's Facebooks data? Laws & Regs - Canada: Cellular emergencies. US: Whistleblowers, FTC lawsuit, Uber. World: Germany, IoT. Standards: RNGs. Defense - Training & events. Tools & Techniques, context, fuzzing, passwords. Vulnerabilities - Advisories: Zerodays, EOL Cisco, Chrome, BackupBuddy. Patching: QNAP, Zyxel. Roundup, Shikitega, HP firmware, GIFshell, PlexTrac. Crypto-research. Cybercrime - Trends: Phishing-as-a-service, intermittent encryption. Crime & Enforcement: Nation States and mercenaries. Other Risks - data tracking and national security, transaction safety, cyber-insurance, disinformation, health, safety, environment, economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:
• Introducing the New PCI SSC Mobile App https://blog.pcisecuritystandards.org/introducing-the-new-pci-ssc-mobile-app
• PCI DSS Quick Reference Guide https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Supporting%20Document/PCI_DSS-QRG-v4_0.pdf
• Other payment related:
• US seizes WT1SHOP market selling credit cards, credentials, and IDs https://www.bleepingcomputer.com/news/security/us-seizes-wt1shop-market-selling-credit-cards-credentials-and-ids/
• Visa, Mastercard, AmEx Add Merchant Code for Gun Retailers https://www.pymnts.com/credit-cards/2022/visa-mastercard-amex-add-merchant-code-for-gun-retailers/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• A hacker says they breached TikTok and accessed personal data, including PayPal information, from more than 1 billion users. TikTok says a breach never happened. https://www.businessinsider.com/tiktok-hacker-accessed-personal-data-payment-password-information-online-safety-2022-9
• TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users' Information https://thehackernews.com/2022/09/tiktok-denies-data-breach-reportedly.html
• Holiday Inn Hotels Hit By Cyber Attack https://packetstormsecurity.com/news/view/33813/Holiday-Inn-Hotels-Hit-By-Cyber-Attack.html
• Cyberattack brings down InterContinental Hotels' booking systems https://www.theregister.com/2022/09/06/ihg_hotels_data_breach/
• Classified NATO documents stolen from Portugal, now sold on darkweb https://www.bleepingcomputer.com/news/security/classified-nato-documents-stolen-from-portugal-now-sold-on-darkweb/
• NATO investigates after criminals claim to be selling its stolen missile plans https://www.theregister.com/2022/09/05/in-brief-secuirty/
• Indonesia's Intelligence Agency Asserts Its Data Breach Issues Hoax https://www.databreaches.net/indonesias-intelligence-agency-asserts-its-data-breach-issues-hoax/
• 200,000 North Face accounts hacked in credential stuffing attack https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/
• Ransomware gang hits second-largest US school district https://www.theregister.com/2022/09/06/lausd_ransomware_fbi_cisa_los_angeles/
• Vice Society claims LAUSD ransomware attack, theft of 500GB of data https://www.bleepingcomputer.com/news/security/vice-society-claims-lausd-ransomware-attack-theft-of-500gb-of-data/
• Late notification raises questions about a US Radiology Specialists breach last year https://www.databreaches.net/late-notification-raises-questions-about-a-us-radiology-specialists-breach-last-year/
• New Ransomware and "Incidents":
• Nearly 6,000 impacted by Franklin College hack https://www.databreaches.net/nearly-6000-impacted-by-franklin-college-hack/
• Major outages/downs:
• A utility company locked thousands of customers out of their smart thermostats in Colorado https://www.theverge.com/2022/9/5/23337864/xcel-locked-out-customers-smart-thermostats-colorado-heatwave
• Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages https://www.bleepingcomputer.com/news/security/ransomware-gangs-cobalt-strike-servers-ddosed-with-anti-russia-messages/
• Follow-ups and fall-out:
• Brand New Tube - 349,627 breached accounts https://haveibeenpwned.com/PwnedWebsites#BrandNewTube

Privacy

Articles about privacy related news, risks, and trends.

• Over 80% of the top websites leak user searches to advertisers https://www.bleepingcomputer.com/news/security/over-80-percent-of-the-top-websites-leak-user-searches-to-advertisers/
• Facebook Has No Idea What Data It Has https://www.schneier.com/blog/archives/2022/09/facebook-has-no-idea-what-data-it-has.html
• It's Time to Get Real About TikTok's Risks https://www.wired.com/story/tiktok-nationa-security-threat-why/
• Facebook Engineers Admit They Don't Know What They Do With Your Data https://packetstormsecurity.com/news/view/33820/Facebook-Engineers-Admit-They-Dont-Know-What-They-Do-With-Your-Data.html
• ‘I didn't want it anywhere near me': how the Apple AirTag became a gift to stalkers https://www.theguardian.com/technology/2022/sep/05/i-didnt-want-it-anywhere-near-me-how-the-apple-airtag-became-a-gift-to-stalkers

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Rogers outage: Major telecoms reach deal for services to be available during emergencies https://globalnews.ca/news/9111764/rogers-outage-telecoms-emergency-services-deal/
• US:
• URLs Are NOT Passwords, and Sadly, That Needed to Be Said https://www.databreaches.net/urls-are-not-passwords-and-sadly-that-needed-to-be-said/
• Social Media Firms To Testify At U.S. Senate Homeland Security Hearing https://packetstormsecurity.com/news/view/33816/Social-Media-Firms-To-Testify-At-U.S.-Senate-Homeland-Security-Hearing.html
• FTC Sues Location Data Broker https://www.eff.org/deeplinks/2022/09/ftc-sues-location-data-broker
• Investors Sue Treasury Department for Blacklisting Tornado Cash https://www.nytimes.com/2022/09/08/business/tornado-cash-treasury-sued.html
• Uber's Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57 Million Users https://packetstormsecurity.com/news/view/33819/Ubers-Ex-Security-Chief-Faces-Landmark-Trial-Over-Data-Breach-That-Hit-57-Million-Users.html
• Lawyers for Uber's Ex-Security Chief Say Company Scapegoated Him https://www.nytimes.com/2022/09/07/technology/uber-security-chief-trial.html
• World:
• Meta to Appeal $400M GDPR Fine for Mishandling Teen Data in Instagram https://www.darkreading.com/application-security/meta-appeal-400m-fine-mishandling-instagram-teen-data
• German decision may exclude US subsidiaries with cloud providers from public tenders https://www.cms-lawnow.com/ealerts/2022/09/german-decision-may-exclude-us-subsidiaries-with-cloud-providers-from-public-tenders?cc_lang=en
• LEAK: European Commission to introduce cyber requirements for Internet of Things products https://www.databreaches.net/leak-european-commission-to-introduce-cyber-requirements-for-internet-of-things-products/
• Halfords slapped on wrist for breaching email marketing laws https://www.theregister.com/2022/09/08/halfords_ico_email_breach_pecr_fine/
• UK: ICO acting against eight individuals over alleged theft of road traffic accident data from garages https://www.databreaches.net/uk-ico-acting-against-eight-individuals-over-alleged-theft-of-road-traffic-accident-data-from-garages/
• Standards News:
• AMTSO Publishes Guidance for Testing IoT Security Products https://www.securityweek.com/amtso-publishes-guidance-testing-iot-security-products
• US Gov Issues Guidance for Developers to Secure Software Supply Chain https://www.securityweek.com/us-gov-issues-guidance-developers-secure-software-supply-chain
• Discussion on the Full Entropy Assumption of the SP 800-90 Series: NIST IR 8427 Initial Public Draft until October 31 https://content.govdelivery.com/accounts/USNIST/bulletins/32b87d0
• Recommendation for Random Bit Generator Constructions: Third Public Draft of NIST SP 800-90C Available for Comment until December 7 https://content.govdelivery.com/accounts/USNIST/bulletins/32ba3b5

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• FISSEA Security and Training Awareness: Best Practices Webinar September 22, 2022, 11:00am-12:00pm ET https://content.govdelivery.com/accounts/USNIST/bulletins/32c2a25
• Journey to the NIST CSF 2.0: Workshop Summary Analysis & Recording NOW AVAILABLE https://content.govdelivery.com/accounts/USNIST/bulletins/32b7294
• "Pwned", the Book, is Finally Here! https://www.troyhunt.com/pwned-the-book-is-finally-here/
• Methods, Techniques, Tools, and Products:
• Full IT Visibility Requires Business Risk Context https://www.tenable.com/blog/full-it-visibility-requires-business-risk-context
• Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html
• Are Default Passwords Hiding in Your Active Directory? Here's how to check https://www.bleepingcomputer.com/news/security/are-default-passwords-hiding-in-your-active-directory-heres-how-to-check/
• Integrating Live Patching in SecDevOps Workflows https://thehackernews.com/2022/09/integrating-live-patching-in-secdevops.html
• Android 13 is making it easier to keep work and personal data separate https://www.theverge.com/2022/9/7/23340628/android-13-new-business-features-work-profiles-personal-data
• Apple's Killing the Password. Here's Everything You Need to Know https://www.wired.com/story/apple-passkeys-password-iphone-mac-ios16-ventura/
• This Clever Anti-Censorship Tool Lets Russians Read Blocked News https://www.wired.com/story/russia-internet-censorship-samizdat-online/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA orders agencies to patch Chrome, D-Link flaws used in attacks https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-chrome-d-link-flaws-used-in-attacks/
• Zero-day and other recent vulnerability news:
• Cisco won't fix authentication bypass zero-day in EoL routers https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-authentication-bypass-zero-day-in-eol-routers/
• Google Patches Sixth Chrome Zero-Day of 2022 https://www.securityweek.com/google-patches-sixth-chrome-zero-day-2022
• Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts https://thehackernews.com/2022/09/hackers-exploit-zero-day-in-wordpress.html
• Patching:
• QNAP patches zero-day used in new Deadbolt ransomware attacks https://www.bleepingcomputer.com/news/security/qnap-patches-zero-day-used-in-new-deadbolt-ransomware-attacks/
• Zyxel releases new NAS firmware to fix critical RCE vulnerability https://www.bleepingcomputer.com/news/security/zyxel-releases-new-nas-firmware-to-fix-critical-rce-vulnerability/
• Significant:
• Control Gap Vulnerability Roundup: August 27th to September 2nd https://www.controlgap.com/blog/vulnerability-roundup-august-27th-september-2nd-0
• Shikitega - New stealthy mutating cryptominer malware targeting Linux https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux
• New Linux malware evades detection using multi-stage deployment https://www.bleepingcomputer.com/news/security/new-linux-malware-evades-detection-using-multi-stage-deployment/
• Other Vulnerabilities:
• Firmware bugs in many HP computer models left unfixed for over a year https://www.bleepingcomputer.com/news/security/firmware-bugs-in-many-hp-computer-models-left-unfixed-for-over-a-year/
• GIFShell attack creates reverse shell using Microsoft Teams GIFs https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
• Bypassing Authentication: A PlexTrac Story https://www.controlgap.com/blog/a-plextrac-story
• New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps https://thehackernews.com/2022/09/new-vulnerabilities-reported-in-baxters.html
• The art and science behind Microsoft threat hunting: Part 1 https://www.microsoft.com/security/blog/2022/09/08/part-1-the-art-and-science-of-threat-hunting/
• Analysis of an Encoded Cobalt Strike Beacon, (Tue, Sep 6th) https://isc.sans.edu/diary/rss/29014
• Cryptography and Cryptographic Research:
• A Pragmatic Response to the Quantum Threat https://www.darkreading.com/dr-tech/a-pragmatic-response-to-the-quantum-threat
• On the computational hardness needed for quantum cryptography https://eprint.iacr.org/2022/1181
• A Third is All You Need: Extended Partial Key Exposure Attack on CRT-RSA with Additive Exponent Blinding https://eprint.iacr.org/2022/1163
• A Subexponential Quantum Algorithm for the Semidirect Discrete Logarithm Problem https://eprint.iacr.org/2022/1165
• Group-based Cryptography in the Quantum Era https://eprint.iacr.org/2022/1161
• On the security of keyed hashing based on an unkeyed block function https://eprint.iacr.org/2022/1172

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• CSA Alert (AA22-249A) #StopRansomware: Vice Society https://www.databreaches.net/csa-alert-aa22-249a-stopransomware-vice-society/
• New EvilProxy (PHaaS) service lets all hackers use advanced phishing tactics https://www.bleepingcomputer.com/news/security/new-evilproxy-service-lets-all-hackers-use-advanced-phishing-tactics/
• Ransomware gangs switching to new intermittent encryption tactic https://www.bleepingcomputer.com/news/security/ransomware-gangs-switching-to-new-intermittent-encryption-tactic/
• Cybercriminals target games popular with kids to distribute malware https://www.theregister.com/2022/09/07/gaming_threats_kaspersky/
• Lazarus Group unleashed a MagicRAT to spy on energy providers https://www.theregister.com/2022/09/08/lazarus_group_energy_firms_trade_secrets/
• Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group https://thehackernews.com/2022/09/microsoft-warns-of-ransomware-attacks.html
• Moobot botnet is coming for your unpatched D-Link router https://www.bleepingcomputer.com/news/security/moobot-botnet-is-coming-for-your-unpatched-d-link-router/
• New wave of data-destroying ransomware attacks hits QNAP NAS devices https://arstechnica.com/information-technology/2022/09/new-wave-of-data-destroying-ransomware-attacks-hits-qnap-nas-devices/
• Crime & Arrests, etc.:
• Feds claw back $30 million of cryptocurrency stolen by North Korean hackers https://arstechnica.com/information-technology/2022/09/feds-claw-back-30-million-of-cryptocurrency-stolen-by-north-korean-hackers/
• DoJ charges pair over China-linked attempt to build semi-autonomous crypto haven on nuked Pacific atoll https://www.theregister.com/2022/09/08/doj_rongelap_atoll_crypto_charges/
• Nation State Actors:
• Microsoft investigates Iranian attacks against the Albanian government https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/
• Albania Cuts Diplomatic Ties With Iran Over July Cyberattack https://www.securityweek.com/albania-cuts-diplomatic-ties-iran-over-july-cyberattack
• U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html
• Iran Strongly Condemns US Sanctions Over Albania Hacking https://www.securityweek.com/iran-strongly-condemns-us-sanctions-over-albania-hacking
• New Iranian hacking group APT42 deploys custom Android spyware https://www.bleepingcomputer.com/news/security/new-iranian-hacking-group-apt42-deploys-custom-android-spyware/
• As Cybersecurity Week begins, Beijing claims US attacked Uni doing military research https://www.theregister.com/2022/09/07/china_accuses_usa_nsa_cyberattack/
• Chinese Hackers Target Government Officials in Europe, South America, and Middle East https://thehackernews.com/2022/09/chinese-hackers-target-government.html
• TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html
• LockBit, ALPHV & Other Ransomware Gang Leak Sites Hit by DDoS Attacks https://www.darkreading.com/threat-intelligence/lockbit-alphv-ransomware-gang-leak-sites-ddos-attacks
• Monti, the New Conti: Ransomware Gang Uses Recycled Code https://www.darkreading.com/vulnerabilities-threats/monti-conti-ransomware-recycled-code
• Mysterious 'Worok' Group Launches Spy Effort With Obfuscated Code, Private Tools https://www.darkreading.com/attacks-breaches/mysterious-worok-spy-obfuscated-code-private-tools
• Profiling DEV-0270: PHOSPHORUS' ransomware operations https://www.microsoft.com/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/
• The LockBit Ransomware Gang Is Surprisingly Professional https://www.schneier.com/blog/archives/2022/09/the-lockbit-ransomware-gang-is-surprisingly-professional.html

Other Security / Risk

Articles covering other types of risks.

• General:
  • Data tracking poses a 'national security risk' FTC told https://www.theregister.com/2022/09/09/data_tracking_national_security_risk/
  • Transacting in Person with Strangers from the Internet https://krebsonsecurity.com/2022/09/transacting-in-person-with-strangers-from-the-internet/
  • Unhappy about excluding nation-state attacks from cyberinsurance? Get ready to pay https://www.theregister.com/2022/09/06/lloyds_cyber_insurance_policy/
• Disinformation and misinformation
  • Doomscrolling linked to poor physical and mental health, study finds https://www.theguardian.com/society/2022/sep/06/doomscrolling-linked-to-poor-physical-and-mental-health-study-finds
• Health:
  • America Has a Rabid-Raccoon Problem https://www.theatlantic.com/science/archive/2022/09/rabid-raccoons-rabies-oral-vaccine-packets/671347/
  • Lowering the Cost of Insulin Could Be Deadly https://www.theatlantic.com/health/archive/2022/09/diabetes-medication-insulin-cost/671333/
  • New York declares state of emergency over polio https://www.bbc.co.uk/news/world-us-canada-62857112
  • Vaccines dramatically reduce the risk of long-term effects of COVID-19 https://scienmag.com/vaccines-dramatically-reduce-the-risk-of-long-term-effects-of-covid-19/
  • Ontario receives first doses of bivalent vaccine: health minister https://toronto.ctvnews.ca/ontario-receives-first-doses-of-bivalent-vaccine-health-minister-1.6060646
  • China approves inhaled Covid vaccine https://www.bbc.co.uk/news/health-62793078
  • Outcry as Chinese lockdown traps residents during earthquake https://www.bbc.co.uk/news/world-asia-china-62804213
• Safety:
  • Google Maps glitch appears to send Coquihalla drivers down washed-out logging road https://globalnews.ca/news/9109197/google-maps-glitch-coquihalla-highway-logging-road/
  • Baggage handlers incorrectly unloaded guns into airport arrivals areas where 'anyone' could have picked them up, union documents show https://www.businessinsider.com/baggage-handlers-unloaded-guns-in-airport-arrivals-areas-union-claims-2022-9
  • Queen Elizabeth death: U.K. warns of ‘risks to public safety' due to crowds https://globalnews.ca/news/9118045/queen-elizabeth-death-public-safety-crowds/
  • U.S. tourist killed in shark attack while snorkelling in the Bahamas https://globalnews.ca/news/9110949/shark-attack-tourist-killed-snorkelling-bahamas/
• Environment:
  • Here's how much energy crypto mining gobbles up in the US https://www.theverge.com/2022/9/8/23341685/crypto-mining-bitcoin-energy-environment-impact-report-biden
  • Southern Ocean takes on the heat of climate change https://scienmag.com/southern-ocean-takes-on-the-heat-of-climate-change/
  • How do tides and turbines affect sealife? Fundy study hopes to find out https://www.cbc.ca/news/canada/nova-scotia/bay-of-fundy-tidal-power-development-force-1.6412184
  • Are “green” household consumer products less toxic than traditional products? https://scienmag.com/are-green-household-consumer-products-less-toxic-than-traditional-products/
  • A Dutch city has become the world's first to ban ads for meat in public places over climate concerns https://www.businessinsider.com/ban-meat-adverts-climate-concerns-european-city-haarlem-2022-9
  • Environmental activists say they deflated tires on SUVs in Kitchener for a 3rd time https://globalnews.ca/news/9111029/environmental-activist-suv-kitchener/
  • The World Is Not Ready For The Next Super-Eruption, Scientists Warn https://www.sciencealert.com/the-world-is-not-ready-for-the-next-super-eruption-scientists-warn
• Economy:
  • Millennials won the Great Resignation. Now they're losing the Big Firing. https://www.businessinsider.com/millennials-won-great-resignation-now-losing-the-big-firing-2022-9
  • ‘Decentralization Theater' and the Myth of DeFi https://www.pymnts.com/cryptocurrency/2022/decentralization-theater-and-the-myth-of-defi/
  • Paper Checks Pose Major Risk to Corporate Coffers https://www.pymnts.com/news/b2b-payments/2022/paper-checks-pose-major-risk-to-corporate-coffers/
  • When bitcoin plunges, Buttcoin cheers: the online community praying for the end of crypto https://www.theguardian.com/technology/2022/sep/09/bitcoin-buttcoin-online-community-praying-for-cryptos-death

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine Is Waging a New Kind of War https://www.theatlantic.com/ideas/archive/2022/09/ukraine-counteroffensive-battle-of-kherson/671364/
• Ukrainian hackers created fake profiles of attractive women to trick Russian soldiers into sharing their location, report says. Days later, the base was blown up. https://www.businessinsider.com/ukraine-hackers-create-fake-profiles-russia-troops-share-location-ft-2022-9
• Russia says it's pulling back troops from Kharkiv area as Ukraine claims major gains https://globalnews.ca/news/9119597/russia-pulls-back-troops-kharkiv-ukraine/
• Ukraine says its forces recaptured over 270 square miles of lost territory and are pushing deep into Russian lines in a surprise offensive https://www.businessinsider.com/ukraine-says-it-recaptured-miles-of-lost-territory-from-russia-2022-9
• Ukraine has retaken 1,000 square kilometres in a week - Zelensky https://www.bbc.co.uk/news/world-europe-62849235
• Ukraine war: North Korea supplying Russia with weapons, says US https://www.bbc.co.uk/news/world-europe-62804825
• Russia buying weapons from North Korea to fight Ukraine: U.S. intelligence https://globalnews.ca/news/9108308/russia-weapons-purchase-north-korea/
• Video shows Russian official trying to convince nuclear inspectors a rocket turned 180 degrees before landing near Ukraine's nuclear plant https://www.businessinsider.com/russia-official-tells-inspectors-rocket-uturned-before-hitting-ukraine-plant-2022-9
• Reaction and response:
• Ukraine war: US approves $2.6bn in aid for Ukraine and allies https://www.bbc.co.uk/news/world-europe-62832881
• Germany is now generating nearly a third of its electricity from coal as it scrambles to replace Russian gas before winter https://markets.businessinsider.com/news/commodities/europe-energy-crisis-germany-generates-third-electricity-coal-natural-gas-2022-9
• Germany makes U-turn on nuclear energy policy, keeping 2 plants as backups amid its natural-gas crisis https://markets.businessinsider.com/news/commodities/germany-u-turn-nuclear-energy-plants-back-up-energy-crisis-2022-9
• Boeing stopped buying Russian aluminum – the second time it ended sourcing a crucial metal from Russia since the Ukraine invasion https://www.businessinsider.com/boeing-stopped-buying-russian-aluminum-crucial-building-planes-titanium-2022-9
• Sanctions & economic Impact:
• 7 world powers are ramping up their economic war against Russia with a new financial weapon targeting its oil industry and Putin's war chest https://www.businessinsider.com/russia-oil-price-controls-g7-economic-war-inflation-ukraine-sanctions-2022-9
• Russia may face a domestic energy crunch as production slows following EU's oil embargo, natural-gas cuts to Europe https://markets.businessinsider.com/news/commodities/russia-domestic-energy-crunch-oil-gas-supply-cut-europe-export-2022-9
• Information, Disinformation, and Propaganda:
• Ukraine dismantles more bot farms spreading Russian disinformation https://www.bleepingcomputer.com/news/security/ukraine-dismantles-more-bot-farms-spreading-russian-disinformation/
• Cyber-attacks and the potential for cyber-war:
• Google Details Recent Ukraine Cyberattacks https://www.securityweek.com/google-details-recent-ukraine-cyberattacks
• Google: Former Conti cybercrime gang members now targeting Ukraine https://www.bleepingcomputer.com/news/security/google-former-conti-cybercrime-gang-members-now-targeting-ukraine/
• Hackers with Conti cybercrime group are repurposing tools for attacks on Ukraine https://arstechnica.com/information-technology/2022/09/hackers-with-conti-cybercrime-group-are-repurposing-tools-for-attacks-on-ukraine/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• UBC researchers say insulin pill to treat diabetes is one step closer to reality https://www.cbc.ca/news/canada/british-columbia/ubc-fast-release-insulin-pill-diabetes-1.6572355
• To Clear Deadly Land Mines, Science Turns to Drones and Machine Learning https://www.scientificamerican.com/article/to-clear-deadly-land-mines-science-turns-to-drones-and-machine-learning/
• A Smartphone That Lasts a Decade? Yes, It's Possible. https://www.nytimes.com/2022/09/08/technology/personaltech/smartphone-lasts-decade.html
• Other:
• 'Super weird': Mysterious object in sky over Calgary explained https://globalnews.ca/news/9121580/calgary-mysterious-object-in-sky-explained/
• Two super-Earths found around a tiny red dwarf star — with one in the habitable zone https://www.syfy.com/syfy-wire/bad-astronomy-red-dwarf-has-two-super-earths-one-in-habitable-zone