This Week's [in]Security - Issue 288

Welcome to This Week’s [in]Security. PCI SIGS, Union Pay, Interchange fees in Canada. New breaches: DoD. Aussies, New Ransomware: States, Lloyds. Outages, Follow-ups: Banking's bad response, disclosure notices suck. Privacy. Laws & Regs - Canada: Copyright, C-11. US: AI Bill of rights, US-EU privacy, web replay lawsuit, & covering up. World, Standards. Defense: Deepfake audio detection, Cloud, MS/LSASS. Vulnerabilities - advisories, zerodays, & patching. Significant: Microsoft's driver problem, ProxyNotShell, Browser App Mode, & in the wild. Crypto-research. Cybercrime - Trends, Crime, Nation States and mercenaries. Other Risks - Moody’s, insiders, Linkedin fakes. Health, Safety, Environment, & Economy. Russia v. Ukraine. Innovation, fat bears, and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates & News:
• PCI is open for Special Interest Group Proposals until October 28 https://www.pcisecuritystandards.org/get_involved/special_interest_groups/
• PCI Security Standards Council Bulletin: PCI DSS v3.2.1 Minor Updates Published to Include All PCI Participating Payment Brands https://www.pcisecuritystandards.org/wp-content/uploads/2022/10/PCI_DSS_3.2.1_Bulletin.pdf
• FAQ #1561 What impact does the inclusion of UnionPay in PCI DSS documents have on an entity's PCI DSS assessment? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-impact-does-the-inclusion-of-UnionPay-in-PCI-DSS-documents-have-on-an-entity-s-PCI-DSS-assessment
• Other payment related:
• Canadian businesses can now add credit card surcharges as restrictions lift https://globalnews.ca/news/9180527/businesses-credit-card-surcharge/
• Mastercard Adds Security Tool for Crypto Transactions https://www.pymnts.com/cryptocurrency/2022/mastercard-adds-security-tool-for-crypto-transactions/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Hackers stole data from US defense org using Impacket, CovalentStealer https://www.bleepingcomputer.com/news/security/hackers-stole-data-from-us-defense-org-using-impacket-covalentstealer/
• Optus confirms 2.1 million ID numbers exposed in data breach https://www.bleepingcomputer.com/news/security/optus-confirms-21-million-id-numbers-exposed-in-data-breach/
• Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data https://www.darkreading.com/attacks-breaches/aussie-telco-telstra-breached-reportedly-exposing-30-000-employees-data
• Australia's Telstra hit by data breach, two weeks after attack on Optus https://www.databreaches.net/australias-telstra-hit-by-data-breach-two-weeks-after-attack-on-optus/
• CSI Laboratories reports a second big breach this year https://www.databreaches.net/csi-laboratories-reports-a-second-big-breach-this-year/
• City of Tucson discloses data breach affecting over 125,000 people https://www.bleepingcomputer.com/news/security/city-of-tucson-discloses-data-breach-affecting-over-125-000-people/
• Internap Loses Customer Data, Shrugs, Doesn't Apologize https://www.databreaches.net/internap-loses-customer-data-shrugs-doesnt-apologize/
• TD Bank discloses data breach after employee leaks customer info https://www.bleepingcomputer.com/news/security/td-bank-discloses-data-breach-after-employee-leaks-customer-info/
• New Ransomware and "Incidents":
• Russian Hackers Shut Down US State Government Websites https://www.darkreading.com/attacks-breaches/russian-hackers-shut-down-state-government-sites
• Cyberattack on Colorado state website follows Russian hacktivist threat https://www.databreaches.net/cyberattack-on-colorado-state-website-follows-russian-hacktivist-threat/
• “CISA wasted our time, we waste CISA reputation” — Vice Society https://www.databreaches.net/cisa-wasted-our-time-we-waste-cisa-reputation-vice-society/
• Lloyd's of London reboots its network https://www.databreaches.net/lloyds-of-london-reboots-its-network/
• Huge nonprofit hospital network suffers IT meltdown after 'security incident' https://www.theregister.com/2022/10/06/commonspirit_health_cyberattack/
• Revenge telecom hacking by DESORDEN Group; third attack threatened https://www.databreaches.net/revenge-telecom-hacking-by-desorden-group-third-attack-threatened/
• State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident https://www.darkreading.com/attacks-breaches/state-bar-of-georgia-notifies-members-and-employees-of-cybersecurity-incident
• Major outages/downs:
• Massive Multi-Vector 1.37 Tbps DDoS Attack Mitigated by Imperva DDoS Protection https://www.imperva.com/blog/massive-multi-vector-1-37-tbps-ddos-attack-mitigated-by-imperva-ddos-protection/
• Follow-ups and fall-out:
• Report: Big U.S. Banks Are Stiffing Account Takeover Victims https://krebsonsecurity.com/2022/10/report-big-u-s-banks-are-stiffing-account-takeover-victims/
• Why won't they tell you that your data were leaked? Why doesn't the government make them tell you? https://www.databreaches.net/why-wont-they-tell-you-that-your-data-were-leaked-why-doesnt-the-government-make-them-tell-you/
• Bhinneka - 1,274,340 breached accounts https://haveibeenpwned.com/PwnedWebsites#Bhinneka
• Wakanim - 6,706,951 breached accounts https://haveibeenpwned.com/PwnedWebsites#Wakanim

Privacy

Articles about privacy related news, risks, and trends.

• Workforce Data Privacy in the Modern Work Era https://www.darkreading.com/endpoint/workforce-data-privacy-in-the-modern-work-era
• Here's How to Use Google's New Privacy Tool to Scrub Your Personal Info From Search Results https://www.mentalfloss.com/posts/remove-personal-info-google-search-results
• China upgrades Great Firewall to defeat censor-beating TLS tools https://www.theregister.com/2022/10/06/great_firewall_of_china_upgrades/
• Modified Version Of Tor Browser Spies On Chinese Users https://packetstormsecurity.com/news/view/33915/Modified-Version-Of-Tor-Browser-Spies-On-Chinese-Users.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Canadian Copyright Digital Lock Rules Finally Open to Reform?: Right to Repair and Interoperability Exceptions Advancing in House of Commons https://www.michaelgeist.ca/2022/10/canadian-copyright-digital-lock-rules-finally-open-to-reform-right-to-repair-and-interoperability-exceptions-advancing-in-house-of-commons/
• When Government Investigates Its Critics: Why the Bill C-11 Witness Intimidation Issue is About Far More than a Strategically Timed Leak https://www.michaelgeist.ca/2022/10/when-government-investigates-its-critics-why-the-bill-c-11-witness-intimidation-issue-is-about-far-more-than-a-strategically-timed-leak/
• The Law Bytes Podcast, Episode 141: Why the Online News Act is a Bad Solution to a Real Problem, Part Five – My Appearance Before the Standing Committee on Canadian Heritage https://www.michaelgeist.ca/2022/10/law-bytes-podcast-episode-141/
• Why the Online News Act is a Bad Solution to a Real Problem, Part Six: CBC Eligibility Harms News Competition and Its Public Interest Mandate https://www.michaelgeist.ca/2022/10/why-the-online-news-act-is-a-bad-solution-to-a-real-problem-part-six-cbc-eligibility-harms-news-competition-and-its-public-interest-mandate/
• US:
• Biden proposes new “Bill of Rights” to protect Americans from AI snooping https://arstechnica.com/information-technology/2022/10/biden-proposes-new-bill-of-rights-to-protect-americans-from-ai-snooping/
• Biden's Privacy Order Slaps a Band-Aid on the EU-US Data Crisis https://www.wired.com/story/biden-eu-us-data-privacy-executive-order/
• US issues sweeping restrictions on chip sales to China https://www.theverge.com/2022/10/7/23392860/biden-semiconductor-chips-intel-micron-china-ohio-science
• Court's Decision Upholding Disastrous Texas Social Media Law Puts The State, Rather Than Internet Users, in Control of Everyone's Speech Online https://www.eff.org/deeplinks/2022/10/courts-decision-upholding-disastrous-texas-social-media-law-puts-state-rather
• New Federal and State Court Rulings Show Courts are Divided on the Scope of Cell Phone Searches Post-Riley https://www.eff.org/deeplinks/2022/10/new-federal-and-state-court-rulings-show-courts-are-divided-scope-cell-phone
• Google will pay $85M settlement to Arizona to end user-tracking suit https://www.theverge.com/2022/10/5/23389331/google-settlement-arizona-user-tracking-privacy-suit
• Papa John's sued for 'wiretap' spying on website mouse clicks, keystrokes https://www.theregister.com/2022/10/06/papa_johns_spying_lawsuit/
• Former Uber security chief convicted for concealing a felony https://www.bbc.co.uk/news/technology-63157883
• Former Uber Security Chief Joe Sullivan Found Guilty of Hiding Hack From Authorities https://www.nytimes.com/2022/10/05/technology/uber-security-chief-joe-sullivan-verdict.html
• Covering Up Cyber Breaches https://www.databreaches.net/covering-up-cyber-breaches/
• Meta sues app dev for stealing over 1 million WhatsApp accounts https://www.bleepingcomputer.com/news/security/meta-sues-app-dev-for-stealing-over-1-million-whatsapp-accounts/
• Meta settles lawsuit for ‘significant' sum against businesses scraping Facebook and Instagram data https://www.databreaches.net/meta-settles-lawsuit-for-significant-sum-against-businesses-scraping-facebook-and-instagram-data/
• Judge says Twitter can search Musk team's texts for Twitter whistleblower details https://www.theverge.com/2022/10/4/23387286/twitter-musk-whistleblower-emails-text-messages-peiter-mudge-zatko
• World:
• Landmark U.S.-UK Data Access Agreement Enters into Force https://www.databreaches.net/landmark-u-s-uk-data-access-agreement-enters-into-force/
• The Online Safety Bill: Reboot it, or Shoot it? https://www.lightbluetouchpaper.org/2022/10/04/the-online-safety-bill-reboot-it-or-shoot-it/
• The US sanctions an 'international evasion network' for sneaking oil to North Korea via dark ship-to-ship transfers https://markets.businessinsider.com/news/commodities/us-sanctions-dark-ship-to-ship-transfers-north-korea-oil-2022-10
• Copyright Trolls Target Users in Brazil, Threatening Due Process and Data Protection Rights. Civil Society Groups Are There to Help https://www.eff.org/deeplinks/2022/10/copyright-trolls-target-users-brazil-threatening-due-process-and-data-protection
• Spyware Maker Intellexa Sued by Journalist https://www.schneier.com/blog/archives/2022/10/spyware-maker-intellexa-sued-by-journalist.html
• Standards News:
• CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities https://thehackernews.com/2022/10/cisa-orders-federal-agencies-to.html
• When will the iPhone be forced to use USB-C? https://www.theverge.com/2022/10/4/23387425/european-parliament-iphone-usb-type-c-radio-equipment-directive-lightning-rip

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Methods, Techniques, Tools, and Products:
• Detecting Deepfake Audio by Modeling the Human Acoustic Tract https://www.schneier.com/blog/archives/2022/10/detecting-deepfake-audio-by-modeling-the-human-acoustic-tract.html
• Hardening data security in the cloud https://www.theregister.com/2022/10/07/hardening_data_security_in_the/
• Detecting and preventing LSASS credential dumping attacks https://www.microsoft.com/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/
• Total TLS: one-click TLS for every hostname you have https://blog.cloudflare.com/total-tls-one-click-tls-for-every-hostname/
• Defending against future threats: Cloudflare goes post-quantum https://blog.cloudflare.com/post-quantum-for-all/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• NSA Alert: Topmost CVEs Actively Exploited By People's Republic of China State-Sponsored Cyber Actors https://blog.qualys.com/vulnerabilities-threat-research/2022/10/07/nsa-alert-topmost-cves-actively-exploited-by-peoples-republic-of-china-state-sponsored-cyber-actors
• CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability https://www.securityweek.com/cisa-warns-attacks-exploiting-recent-atlassian-bitbucket-vulnerability
• Zero-day and other recent vulnerability news:
• The Zero Day Dilemma https://www.securityweek.com/zero-day-dilemma
• Patching:
• VMware Patches Code Execution Vulnerability in vCenter Server https://www.securityweek.com/vmware-patches-code-execution-vulnerability-vcenter-server
• Significant:
• No fix in sight for mile-wide loophole plaguing a key Windows defense for years https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/
• Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers https://thehackernews.com/2022/10/hackers-exploiting-dell-driver.html
• ProxyNotShell – the New Proxy Hell? https://thehackernews.com/2022/10/proxynotshell-new-proxy-hell.html
• Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed https://www.securityweek.com/mitigation-proxynotshell-exchange-vulnerabilities-easily-bypassed
• Microsoft updates mitigation for ProxyNotShell Exchange zero days https://www.bleepingcomputer.com/news/security/microsoft-updates-mitigation-for-proxynotshell-exchange-zero-days/
• Web browsers' app mode can be abused to make desktop phishing pages https://www.bleepingcomputer.com/news/security/web-browsers-app-mode-can-be-abused-to-make-desktop-phishing-pages/
• Steam Gaming Phish Showcases Browser-in-Browser Threat https://www.darkreading.com/attacks-breaches/steam-gaming-phish-showcases-browser-in-browser-threat
• Credential Harvesting Is Retail Industry's Top Threat https://www.darkreading.com/edge-threat-monitor/credential-harvesting-is-retail-industry-s-top-threat
• Microsoft: Watch out for password spray attacks – especially you, Basic Auth https://www.theregister.com/2022/10/04/microsoft_exchange_password_spray/
• Researchers Report Supply Chain Vulnerability in Packagist PHP Repository https://thehackernews.com/2022/10/researchers-report-supply-chain.html
• Other Vulnerabilities:
• 7 IoT Devices That Make Security Pros Cringe https://www.darkreading.com/vulnerabilities-threats/7-iot-devices-that-make-security-pros-cringe
• CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy
• SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals https://www.securityweek.com/scada-systems-involved-many-breaches-suffered-us-ports-terminals
• Utility security is so bad, US DoE offers rate cuts to improve it https://www.theregister.com/2022/10/07/utility_security/
• Linux Kernel 5.19.12 bug could damage Intel laptop displays https://www.bleepingcomputer.com/news/linux/linux-kernel-51912-bug-could-damage-intel-laptop-displays/
• Loads of PostgreSQL systems are sitting on the internet without SSL encryption https://www.theregister.com/2022/10/07/postgresql_no_ssl/
• Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast https://www.darkreading.com/application-security/ikea-smart-light-system-flaw-lets-attackers-turn-bulbs-on-full-blast
• Cryptography and Cryptographic Research:
• Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses https://eprint.iacr.org/2022/1314
• Is OTP a Viable Alternative to NIST's Post-Quantum Algorithms? https://www.securityweek.com/otp-viable-alternative-nists-post-quantum-algorithms

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software https://www.darkreading.com/application-security/lofygang-100s-malicious-packages-poison-open-source-software
• Hackers Have It Out for Microsoft Email Defenses https://www.darkreading.com/remote-workforce/hackers-have-it-out-for-microsoft-email-defenses
• BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions https://thehackernews.com/2022/10/blackbyte-ransomware-abuses-vulnerable.html
• Meta Warns of Password Stealing Phone Apps https://www.securityweek.com/meta-warns-password-stealing-phone-apps
• New 'Maggie' Backdoor Targeting Microsoft SQL Servers https://www.securityweek.com/new-maggie-backdoor-targeting-microsoft-sql-servers
• NullMixer Dropper Delivers a Multimalware Code Bomb https://www.darkreading.com/remote-workforce/nullmixer-multi-malware-dropper-code-bomb
• DtSR Episode 520 - The War With Online Scammers http://podcast.wh1t3rabbit.net/dtsr-episode-520-the-war-with-online-scammers
• Hackers are breaching scam sites to hijack crypto transactions https://www.bleepingcomputer.com/news/security/hackers-are-breaching-scam-sites-to-hijack-crypto-transactions/
• Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-proxynotshell-exploits-for-sale-on-github/
• Crime & Arrests, etc.:
• NSA Employee Charged with Espionage https://www.schneier.com/blog/archives/2022/10/nsa-employee-charged-with-espionage.html
• FBI: We tracked who was printing secret documents to unmask ex-NSA suspect https://www.theregister.com/2022/10/03/nsa_worker_fbi_espionage/
• Hacker steals $566 million worth of crypto from Binance Bridge https://www.databreaches.net/hacker-steals-566-million-worth-of-crypto-from-binance-bridge/
• What Are Cross-Chain Transactions and Why Are They Being Hacked? https://www.pymnts.com/blockchain/2022/cross-chain-transactions-hack/
• FBI warns of "Pig Butchering" cryptocurrency investment schemes https://www.bleepingcomputer.com/news/security/fbi-warns-of-pig-butchering-cryptocurrency-investment-schemes/
• 19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam https://thehackernews.com/2022/10/19-year-old-hacker-arrested-for-using.html
• DoJ ‘very disappointed' with probation sentence for Capital One hacker Paige Thompson https://www.theregister.com/2022/10/05/paige_thompson_sentence_doj_unhappy/
• BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million https://thehackernews.com/2022/10/bec-scammer-gets-25-year-jail-sentence.html
• Netwalker ransomware affiliate sentenced to 20 years in prison https://www.bleepingcomputer.com/news/security/netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/
• Nation State Actors:
• FBI: Cyberattacks targeting election systems unlikely to affect results https://www.bleepingcomputer.com/news/security/fbi-cyberattacks-targeting-election-systems-unlikely-to-affect-results/
• FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html
• Russia-Linked Cybercrime Group Hawks Combo of Malicious Services With LilithBot https://www.darkreading.com/remote-workforce/russia-linked-cybercrime-group-hawks-combo-of-malicious-services-with-lilithbot
• Cheerscrypt ransomware linked to a Chinese hacking group https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/

Other Security / Risk

Articles covering other types of risks.

• General:
• October Is Cybersecurity Awareness Month https://www.schneier.com/blog/archives/2022/10/october-is-cybersecurity-awareness-month.html
• Moody's turns up the heat on 'riskiest' sectors for cyberattacks https://www.theregister.com/2022/10/03/moodys_cyber_risk_ratings/
• Microsoft publishes new report on holistic insider risk management https://www.microsoft.com/security/blog/2022/10/06/microsoft-publishes-new-report-on-holistic-insider-risk-management/
• Glut of Fake LinkedIn Profiles Pits HR Against the Bots https://krebsonsecurity.com/2022/10/glut-of-fake-linkedin-profiles-pits-hr-against-the-bots/
• Why Don't CISOs Trust Their Employees? https://www.darkreading.com/vulnerabilities-threats/why-don-t-cisos-trust-their-employees-
• Airbnb's refund policy specifically excludes hurricanes in Florida because they are 'common enough to be foreseeable' https://www.businessinsider.com/airbnb-refund-policy-booking-host-cancellations-hurricane-ian-florida-aircover-2022-10
• Whatever Happened to Those Self-Service Passport Kiosks at Airports? https://www.nytimes.com/2022/10/05/travel/customs-kiosks-facial-recognition.html
• Robot makers including Boston Dynamics pledge not to weaponize their creations https://www.theverge.com/2022/10/7/23392342/boston-dynamics-robot-makers-pledge-not-to-weaponize
• In: Arrested Russian Hacker “Helped 820 Cheat In JEE-Mains”: CBI To Court https://www.databreaches.net/in-arrested-russian-hacker-helped-820-cheat-in-jee-mains-cbi-to-court/
• Hans Niemann 'likely cheated' in more than 100 games, investigation finds in a complex and nuanced report https://www.bbc.co.uk/news/uk-63140246
• Health:
• The High Cost of Living Your Life Online https://www.wired.com/story/privacy-psychology-social-media/
• Your Dog Can Sense When You're Stressed, According to Science https://www.mentalfloss.com/posts/dogs-can-sense-stress
• Misinformation about vaccine safety drives reluctance to vaccinate children, study finds https://scienmag.com/misinformation-about-vaccine-safety-drives-reluctance-to-vaccinate-children-study-finds/
• Experts keeping close eye on new COVID subvariants in Ontario ahead of winter https://toronto.ctvnews.ca/experts-keeping-close-eye-on-new-covid-subvariants-in-ontario-ahead-of-winter-1.6097587
• Public Health Ontario says COVID cases have gradually risen https://globalnews.ca/news/9184461/public-health-ontario-covid-cases-rising/
• Yes, it's time to get your COVID booster — just look at these charts https://www.businessinsider.com/get-your-omicron-booster-shot-now-cases-rising-europe-us-2022-10
• 14-year-old's arthritis meds denied after Ariz. abortion ban, doctor says https://www.washingtonpost.com/nation/2022/10/05/abortion-arizona-arthritis-prescription-refill/
• Safety:
• Number of children hospitalized for E-scooter injuries surge from 2011-2020 https://scienmag.com/number-of-children-hospitalized-for-e-scooter-injuries-surge-from-2011-2020/
• Pretty plant is dangerous, toxic, warns Invasive Species Council of B.C. https://globalnews.ca/news/9179164/myrtle-spurge-plant-toxic-invasive-species-council-b-c/
• Swatted: A Shooting Hoax Spree Is Terrorizing Schools Across the US https://www.wired.com/story/swatting-schools-us-september-2022/
• Walmart, high school evacuated in Caledon, Ont. after threat about explosive device https://toronto.ctvnews.ca/walmart-high-school-evacuated-in-caledon-ont-after-threat-about-explosive-device-1.6097270
• Can Car-to-Car Communication Technology Save Lives? https://www.nytimes.com/2022/10/05/business/c-v2x-car-communication-technology.html
• A suspected serial killer is hunting in California. Here's what we know so far https://globalnews.ca/news/9175087/suspected-serial-killer-stockton-california/
• No way to enforce building, fire codes on First Nations: federal officials https://globalnews.ca/news/9177606/first-nations-fire-codes-federal-document/
• North Korea carries out sixth missile launch in two weeks https://www.bbc.co.uk/news/world-asia-63153903
• After Getting Slammed by DART, Asteroid Dimorphos has Grown a Tail https://www.universetoday.com/157939/after-getting-slammed-by-dart-asteroid-dimorphos-has-grown-a-tail/
• Dinosaur-Killing Asteroid Produced Global Tsunamis Up to 2.8 Miles High https://www.sciencealert.com/dinosaur-killing-asteroid-produced-global-tsunamis-up-to-2-8-miles-high
• Discovering Even Friendly Aliens Could Have Some Real Risks For Humanity https://www.sciencealert.com/discovering-even-friendly-aliens-could-have-some-real-risks-for-humanity
• How Should the World's Governments Respond if We Detect an Alien Civilization? https://www.universetoday.com/157924/how-should-the-worlds-governments-respond-if-we-detect-an-alien-civilization/
• Environment:
• 27 to 78 cm of sea Level Rise Could be Locked in From Melting Greenland ice Caps https://www.universetoday.com/157947/27-to-78-cm-of-sea-level-rise-could-be-locked-in-from-melting-greenland-ice-caps/
• 'Dark Data' Is Leaving a Huge Carbon Footprint, And We Have to Do Something About It https://www.sciencealert.com/dark-data-is-leaving-a-huge-carbon-footprint-and-we-have-to-do-something-about-it
• Deadly Heat Dome Was a 1-in-10,000-Year Event https://www.scientificamerican.com/article/deadly-heat-dome-was-a-1-in-10-000-year-event/
• Great Salt Lake on path to hyper-salinity, mirroring Iranian lake, new research shows https://scienmag.com/great-salt-lake-on-path-to-hyper-salinity-mirroring-iranian-lake-new-research-shows/
• America's 'first solar-powered town' was a hurricane success story as millions of other Floridians lost power — see inside Babcock Ranch https://www.businessinsider.com/hurricane-ian-solar-powered-florida-town-didnt-lose-power-babcock-ranch-2022-10
• Efforts underway to restore dunes washed away by Fiona in N.B. https://globalnews.ca/news/9178401/new-brunswick-sand-dunes-lost-fiona-storm/
• Ian Sinks Florida 'Dome Home' Built to Survive Hurricanes https://www.scientificamerican.com/article/ian-sinks-florida-dome-home-built-to-survive-hurricanes/
• Watch A Great White Become an Orca's Lunch in World-First Footage https://www.sciencealert.com/watch-a-great-white-become-an-orcas-lunch-in-world-first-footage
• Economy:
• Five reasons why China's economy is in trouble https://www.bbc.co.uk/news/world-asia-china-62830775
• A Russian oil price cap would fundamentally shift the balance of power between OPEC and the West, analyst says; 'the rules of the game are changing' https://markets.businessinsider.com/news/commodities/russian-oil-price-cap-opec-vs-west-balance-of-power-2022-10

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine regains Kherson villages from Russians https://www.bbc.co.uk/news/world-europe-63137061
• Ukraine: Flags being raised in retaken areas https://www.bbc.co.uk/news/world-europe-63139071
• Vladimir Putin orders seizure of Ukraine's Zaporizhzhia nuclear power plant https://globalnews.ca/news/9178689/vladimir-putin-ukraine-zaporizhzhia-nuclear-plant-order/
• Russia's artillery is faltering in some parts of Ukraine, and Moscow is using Iran's drones to fill the gap https://www.businessinsider.com/russia-uses-iranian-drones-to-make-up-for-artillery-faltering-2022-10
• Russia complains about Western arms flowing into Ukraine, but Putin's troops are giving Kyiv far more heavy weaponry as they retreat https://www.businessinsider.com/russia-complains-western-arms-ukraine-putins-troops-retreating-leaving-weapons-2022-10
• Ukraine war: Russia warns US of direct military clash risk https://www.bbc.co.uk/news/world-europe-63140098
• US intelligence believes the Ukrainian government was likely behind the assassination of the daughter of a top Putin ally: reports https://www.businessinsider.com/ukraine-may-have-authorized-killing-of-daria-dugina-us-believes-2022-10
• Ukraine war: Biden says nuclear risk highest since 1962 Cuban Missile Crisis https://www.bbc.co.uk/news/world-us-canada-63167947
• It's 'very hard to say' whether Putin is bluffing about using nuclear weapons in Ukraine, CIA director says https://www.businessinsider.com/very-hard-to-say-putin-bluffing-nuclear-weapons-cia-director-2022-10
• Reaction and response:
• Belarus, Ukraine, Russia activists win Nobel Peace Prize https://www.bbc.co.uk/news/world-europe-63175334
• The exiled Russian journalists challenging Kremlin censorship https://www.bbc.co.uk/news/world-europe-62896828
• Two Russians sail to Alaska seeking asylum in US https://www.bbc.co.uk/news/world-us-canada-63160469
• Frequent Breaks in Undersea Pipelines Mean Fixes Are Possible for Nord Stream https://www.scientificamerican.com/article/frequent-breaks-in-undersea-pipelines-mean-fixes-are-possible-for-nord-stream/
• Sanctions & economic Impact:
• The Fight to Cut Off the Crypto Fueling Russia's Ukraine Invasion https://www.wired.com/story/russia-ukraine-cryptocurrency-funding/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• Three scientists win Nobel for chemistry 'Lego' https://www.bbc.co.uk/news/science-environment-63121338
• B.C. scientists have developed a technique to restore kelp forests for future generations https://globalnews.ca/news/9174664/bc-scientists-save-kelp-forests/
• Other:
• The beefiest bears of 2022: Fat Bear Week is back with these chunky contenders https://globalnews.ca/news/9175970/fat-bear-week-2022-katmai-park/
• The Mysterious Phenomenon of Déjà Vu Is Finally Closer to Being Explained https://www.sciencealert.com/the-mysterious-phenomenon-of-dj-vu-is-finally-closer-to-being-explained
• Scientists Just Figured Out a Way to Make Beer Taste Even Better https://www.sciencealert.com/scientists-just-figured-out-a-way-to-make-beer-taste-even-better
• Earth's Moon Could Have Taken Just Hours to Form From a Shattered Mess https://www.sciencealert.com/earths-moon-could-have-taken-just-hours-to-form-from-a-shattered-mess
• A Solar Gravitational Lens Will be Humanity's Most Powerful Telescope. What are its Best Targets? https://www.universetoday.com/157983/a-solar-gravitational-lens-will-be-humanitys-most-powerful-telescope-what-are-its-best-targets/
• Black Holes Can't Trash Info About What They Swallow https://packetstormsecurity.com/news/view/33911/Black-Holes-Cant-Trash-Info-About-What-They-Swallow.html