This Week's [in]Security - Issue 290

Welcome to This Week’s [in]Security. PCI FAQs, skimming impact, surcharge backlash. New breaches: Microsoft, Web trackers. New Ransomware. Major outages: GPS, Telus mobile. Sabotaged cables? Follow-ups. Privacy: TikTok, Neighbours, Equifax. Laws & Regs - Canada: Cybersecurity law failures, Online news. US: CFPB and Junk Data, IoT labelling, AI & patents. World: Australia boosts breach fines. Standards: Caliptra, NIST drafts & updates. Defense - Resources, Supply chains, Tools & Techniques. Gadgets & Coconuts, A secure OS for IoT. Vulnerabilities - Advisories: Linux Kernel, ICS. Patching, Mark-of-the-web, Win-TLS, Significant: Roundup, Zimbra. Research & Cryptography: Alt GPS. Cybercrime - active campaigns, passwords matter, undetectable, Text4Shell, fake employees. Crimes & enforcement: SIM swaps, keyless cars, nation states and mercenaries. Other Risks - Museum Security, Snake Oil, Scanners. AI: Adversarial ML, Hype, Creativity. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• New and updated FAQ’s
• #1034 What are system-level objects, as used in PCI DSS Requirement 10? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/What-are-system-level-objects-as-used-in-PCI-DSS-Requirement-10
• #1317 What is meant by “significant change” in PCI DSS? https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/What-is-meant-by-significant-change-in-PCI-DSS
• How Card Skimming Disproportionally Affects Those Most In Need https://krebsonsecurity.com/2022/10/how-card-skimming-disproportionally-affects-those-most-in-need/
• The ugliness of credit card surcharges:
• Toronto restaurant getting bombed with one-star reviews for credit card surcharges https://www.blogto.com/eat_drink/2022/10/samosa-sweet-factory-toronto-credit/
• CRTC says it needs more time to weigh Telus' request to add credit card fee https://globalnews.ca/news/9204344/telus-credit-card-fee-crtc/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• BlueBleed: Microsoft customer data leak claimed to be 'one of the largest' in years https://www.theregister.com/2022/10/20/microsoft_data_leak_socradar/
• Microsoft Confirms Data Breach, But Claims Numbers Are Exaggerated https://www.securityweek.com/microsoft-confirms-data-breach-claims-numbers-are-exaggerated
• Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak https://thehackernews.com/2022/10/microsoft-confirms-server.html
• Microsoft under fire for response to leak of 2.4TB of sensitive customer data https://arstechnica.com/information-technology/2022/10/microsoft-under-fire-for-response-to-leak-of-2-4tb-of-sensitive-customer-data/
• Oops, web trackers may have leaked 3 million patients' info https://www.theregister.com/2022/10/20/health_group_says_tracking_pixel/
• Massy Stores investigates cyber attack information leak https://www.databreaches.net/massy-stores-investigates-cyber-attack-information-leak/
• Keystone Health notifies 235,237 patients of data security breach https://www.databreaches.net/keystone-health-notifies-235237-patients-of-data-security-breach/
• New Ransomware and "Incidents":
• MPs warned to change email passwords after cyber attack on Canadian government https://www.databreaches.net/mps-warned-to-change-email-passwords-after-cyber-attack-on-canadian-government/
• French maternity hospital hit by ransomware attack by Vice Society; attackers claim to have 150 GB of files https://www.databreaches.net/french-maternity-hospital-hit-by-ransomware-attack-by-vice-society-attackers-claim-to-have-150-gb-of-files/
• Wholesale giant METRO AG hit by IT outage after cyberattack https://www.bleepingcomputer.com/news/security/wholesale-giant-metro-hit-by-it-outage-after-cyberattack/
• EnergyAustralia hit by cyber attack in latest breach https://www.databreaches.net/energyaustralia-hit-by-cyber-attack-in-latest-breach/
• Major outages/downs:
• Cause is unknown for mysterious GPS outage that rerouted Texas air traffic https://arstechnica.com/information-technology/2022/10/cause-is-unknown-for-mysterious-gps-outage-that-rerouted-texas-air-traffic/
• Telus mobile outage in BC https://mobilesyrup.com/2022/10/19/telus-network-outage-mobile-home-b-c/
• 'Major incident' as Shetland cut off by damaged cable https://www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-63326102
• European cable cut may impact transoceanic routes https://trust.zscaler.com/zscloud.net/posts/12256
• Follow-ups and fall-out:
• Cost of a health insurance security breach? NY watchdogs say it's $4.5m https://www.theregister.com/2022/10/19/eyemed_data_breach_settlement/
• MyDeal data breach impacts 2.2M users, stolen data for sale online https://www.bleepingcomputer.com/news/security/mydeal-data-breach-impacts-22m-users-stolen-data-for-sale-online/
• Optus tells customers affected by data breach they can no longer use passports as online ID https://www.theguardian.com/business/2022/oct/17/optus-tells-customers-affected-by-data-breach-they-can-no-longer-use-passports-as-online-id
• Sonic Settles Data Breach Negligence Case https://www.databreaches.net/sonic-settles-data-breach-negligence-case/

Privacy

Articles about privacy related news, risks, and trends.

• TikTok's Chinese parent company reportedly intended to use the app to surveil specific Americans' locations https://www.businessinsider.com/bytedance-planned-track-specific-us-tiktok-user-locations-report-2022-10
• TikTok denies it could be used to track US citizens https://www.bbc.co.uk/news/business-63339878
• Can my neighbor point their security camera at my backyard https://www.msn.com/en-us/lifestyle/home-and-garden/can-my-neighbor-point-their-security-camera-at-my-backyard/ar-AA12TSbU
• Equifax Surveilled 1,000 Remote Workers, Fired 24 Found Juggling Two Jobs https://packetstormsecurity.com/news/view/33943/Equifax-Surveilled-1-000-Remote-Workers-Fired-24-Found-Juggling-Two-Jobs.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Cybersecurity Will Not Thrive in Darkness: A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act https://citizenlab.ca/2022/10/a-critical-analysis-of-proposed-amendments-in-bill-c-26-to-the-telecommunications-act/
• Liberal cybersecurity bill C-26 a 'bad law,' report warns https://www.ctvnews.ca/politics/liberal-cybersecurity-bill-a-bad-law-that-must-be-amended-research-report-warns-1.6113552
• The Law Bytes Podcast, Episode 142: CCLA's Brenda McPhail on the Privacy and Surveillance Risks in Bill C-26 https://www.michaelgeist.ca/2022/10/law-bytes-podcast-episode-142/
• Government Moves to Block Dozens of Potential Witnesses as it Shuts Down Bill C-18 Hearings https://www.michaelgeist.ca/2022/10/shutdownc18/
• Why the Real Bill C-18 Threat is Bill C-18 https://www.michaelgeist.ca/2022/10/why-the-real-bill-c-18-threat-is-bill-c-18/
• Google raises ‘serious' concerns over bill to force platforms to pay for news https://globalnews.ca/news/9207798/google-concerns-bill-news/
• US:
• CFPB Guidance: Consumer Reporting Agencies Must Eliminate ‘Junk Data' https://www.pymnts.com/news/cfpb/2022/cfpb-guidance-consumer-reporting-agencies-must-eliminate-junk-data/
• President Biden still wants his cybersecurity labels on those smart devices https://www.theregister.com/2022/10/20/biden_administration_iot_security_labels/
• US court rules, once again, that AI software can't invent a patent https://arstechnica.com/information-technology/2022/10/us-court-rules-once-again-that-ai-software-cant-hold-a-patent/
• Bots Beware: Website Chat Bots Become Latest Target for California Class Actions https://www.manatt.com/insights/newsletters/client-alert/bots-beware-website-chat-bots-become-latest-target
• Defenders beware: A case for post-ransomware investigations https://www.microsoft.com/en-us/security/blog/2022/10/18/defenders-beware-a-case-for-post-ransomware-investigations/
• Google sued over biometric data collection without consent https://www.bleepingcomputer.com/news/security/google-sued-over-biometric-data-collection-without-consent/
• Passengers killed in Boeing 737 MAX crashes are ‘crime victims': U.S. judge https://globalnews.ca/news/9218704/boeing-737-max-crash-crime-victims-united-states-judge/
• Six vaping companies are getting sued by the federal government https://www.theverge.com/2022/10/18/23411550/fda-vape-ecigarette-injunction-manufacturers-doj
• World:
• Australia to propose increased penalties for data breaches following major cyberattacks https://www.databreaches.net/australia-to-propose-increased-penalties-for-data-breaches-following-major-cyberattacks/
• Russia fines Amazon for 1st time over banned content in country https://globalnews.ca/news/9206515/russia-amazon-fine-banned-content/
• Standards News:
• Hardware Makers Standardize Server Chip Security With Caliptra https://www.darkreading.com/dr-tech/hardware-makers-standardize-server-chip-security-with-caliptra
• Draft NIST IR 8406, Cybersecurity Framework Profile for Liquefied Natural Gas open for public comment through November 17 https://csrc.nist.gov/publications/detail/nistir/8406/draft
• The 2nd draft of NIST (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment until December 5 https://csrc.nist.gov/publications/detail/sp/800-140b/rev-1/draft
• Proposal to Withdraw NIST SP 800-106, Randomized Hashing for Digital Signatures (related to SHA-1 sunset) https://csrc.nist.gov/news/2022/proposal-to-withdraw-sp-800-106

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:
• Google's GUAC Aims to Democratize Software Supply Chain Security Metadata https://www.darkreading.com/application-security/googles-guac-project-aims-to-democratize-software-supply-chain-security-metadata
• Weekly Update 318 https://www.troyhunt.com/weekly-update-318/
• Methods, Techniques, Tools, and Products:
• Gadgets that break things: our favorite hacking hardware https://www.theverge.com/23379037/hacking-gadgets-cybersecurity-penetration-testing-hardware
• The WiFi Coconut is a router's evil twin https://www.theverge.com/23404587/wifi-coconut-hak5-public-network-auto-join-vulnerability
• Google Unveils KataOS 'Verifiably-Secure' Operating System for Embedded Devices https://www.securityweek.com/google-unveils-kataos-verifiably-secure-operating-system-embedded-devices
• CISA Offers Free RedEye Analytics Tool for Red Teams https://www.darkreading.com/vulnerabilities-threats/cisa-releases-redeye-analytics-tool-for-red-teams
• Securing IoT devices against attacks that target critical infrastructure https://www.microsoft.com/en-us/security/blog/2022/10/21/securing-iot-devices-against-attacks-that-target-critical-infrastructure/
• Microsoft's PC Manager is like CCleaner for your computer https://www.theverge.com/2022/10/21/23416070/microsoft-pc-manager-app-performance-systems-clean-up
• DuckDuckGo for Mac enters public beta, now available to everyone https://www.bleepingcomputer.com/news/security/duckduckgo-for-mac-enters-public-beta-now-available-to-everyone/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware https://www.securityweek.com/cisa-tells-organizations-patch-linux-kernel-vulnerability-exploited-malware
• CISA warns of security holes in industrial Advantech, Hitachi kit https://www.theregister.com/2022/10/20/cisa_flaws_advantech_hitachi/
• Patching:
• Windows Mark of the Web bypass zero-day gets unofficial patch https://www.bleepingcomputer.com/news/microsoft/windows-mark-of-the-web-bypass-zero-day-gets-unofficial-patch/
• Microsoft fixes TLS handshake failures in Windows Server 2019 https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-tls-handshake-failures-in-windows-server-2019/
• Significant:
• Control Gap Vulnerability Roundup: October 8th to October 14th https://www.controlgap.com/blog/vulnerability-roundup-october-8th-october-14th
• Zimbra Patches Under-Attack Code Execution Bug https://www.securityweek.com/zimbra-patches-under-attack-code-execution-bug
• Other Vulnerabilities:
• Zoom for macOS Contains High-Risk Security Flaw https://www.securityweek.com/zoom-macos-contains-high-risk-security-flaw
• Apache Commons Vulnerability: Patch but Don't Panic https://www.darkreading.com/application-security/apache-commons-vulnerability-patch-but-dont-panic
• Research on new vulnerabilities:
• Researchers Detail Azure SFX Flaw That Could've Allowed Attackers to Gain Admin Access https://thehackernews.com/2022/10/researchers-detail-azure-sfx-flaw-that.html
• UT Hacked Starlink's Signal So It Can Be Used As A GPS Alternative https://packetstormsecurity.com/news/view/33962/UT-Hacked-Starlinks-Signal-So-It-Can-Be-Used-As-A-GPS-Alternative.html
• Cryptography and Cryptographic Research:
• Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware https://eprint.iacr.org/2022/1410

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• List of Common Passwords Accounts for Nearly All Cyberattacks https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks
• 'Fully undetectable' Windows backdoor gets detected https://www.theregister.com/2022/10/18/fully_undetectable_windows_powershell_backdoor/
• Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability https://thehackernews.com/2022/10/hackers-started-exploiting-critical.html
• Good news, URSNIF no longer a banking trojan. Bad news, it's now a backdoor https://www.theregister.com/2022/10/21/ursnif_trojan_shift_ransomware/
• Malware dev claims to sell new BlackLotus Windows UEFI bootkit https://www.bleepingcomputer.com/news/security/malware-dev-claims-to-sell-new-blacklotus-windows-uefi-bootkit/
• Nearly 600,000 people on LinkedIn listed Apple as their employer on one day in October. The next day, half the profiles disappeared as the platform cracks down on fake accounts. https://www.businessinsider.com/linkedin-fake-account-problem-apple-amazon-profiles-company-cracking-down-2022-10
• FBI: Scammers likely to target US Student Loan Debt Relief applicants https://www.bleepingcomputer.com/news/security/fbi-scammers-likely-to-target-us-student-loan-debt-relief-applicants/
• A parking ticket scam is targeting drivers in Mississauga and Brampton https://www.insauga.com/a-parking-ticket-scam-is-targeting-drivers-in-mississauga-and-brampton/
• Crime & Arrests, etc.:
• SIM Swappers Sentenced to Prison for Hacking Accounts, Stealing Cryptocurrency https://www.securityweek.com/two-sim-swappers-sentenced-prison-hacking-accounts-stealing-cryptocurrency
• Verizon prepaid accounts hijacked by SIM swap crooks https://www.theregister.com/2022/10/19/verizon_breach_sim_swap/
• Police dismantles criminal ring that hacked keyless cars https://www.bleepingcomputer.com/news/security/police-dismantles-criminal-ring-that-hacked-keyless-cars/
• Brazil arrests suspect linked to the Lapsus$ hacking group https://www.databreaches.net/brazil-arrests-suspect-linked-to-the-lapsus-hacking-group/
• Forty plus charges laid against Regina male in identity fraud and theft investigation https://globalnews.ca/news/9214503/forty-plus-charges-laid-regina-male-identity-fraud-theft-investigation/
• Interpol busts global 'Black Axe' cyber-fraud suspects https://www.theregister.com/2022/10/17/interpol_black_axe_fraud/
• Computer hacker of famous musicians' digital accounts is jailed https://www.databreaches.net/computer-hacker-of-famous-musicians-digital-accounts-is-jailed/
• Nation State Actors:
• Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware https://thehackernews.com/2022/10/chinese-hackers-targeting-online.html
• CISA Alert: Daixin Team https://www.databreaches.net/cisa-alert-daixin-team/
• BlackByte ransomware uses new data theft tool for double-extortion https://www.databreaches.net/blackbyte-ransomware-uses-new-data-theft-tool-for-double-extortion/
• How Vice Society got away with a global ransomware spree https://arstechnica.com/information-technology/2022/10/how-vice-society-got-away-with-a-global-ransomware-spree/
• Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens https://thehackernews.com/2022/10/hackers-using-new-version-of-furball.html

Other Security / Risk

Articles covering other types of risks.

• General:
• Museum Security https://www.schneier.com/blog/archives/2022/10/museum-security.html
• Are Cybersecurity Vendors Pushing Snake Oil? https://www.securityweek.com/are-cybersecurity-vendors-pushing-snake-oil
• Are Internet Scanning Services Good or Bad for You?, (Wed, Oct 19th) https://isc.sans.edu/diary/rss/29164
• Interview with Signal's New President https://www.schneier.com/blog/archives/2022/10/interview-with-signals-new-president.html
• A Good Chess Cheater Might Never Be Caught https://www.theatlantic.com/technology/archive/2022/10/hans-niemann-chess-cheating-artificial-intelligence/671799/
• Emerging technology, Artificial Intelligence and Machine Learning:
• Adversarial ML Attack that Secretly Gives a Language Model a Point of View https://www.schneier.com/blog/archives/2022/10/adversarial-ml-attack-that-secretly-gives-a-language-model-a-point-of-view.html
• AI in Medicine Is Overhyped https://www.scientificamerican.com/article/ai-in-medicine-is-overhyped/
• A.I.-Generated Art Is Already Transforming Creative Work https://www.nytimes.com/2022/10/21/technology/ai-generated-art-jobs-dall-e-2.html
• Generative A.I. Is Here. Who Should Control It? https://www.nytimes.com/2022/10/21/podcasts/generative-ai-is-here-who-should-control-it.html
• Disinformation and misinformation
• Disinformation Attacks Threaten US Midterm Elections https://www.darkreading.com/threat-intelligence/disinformation-attacks-threaten-us-midterm-elections
• How to Outsmart Election Disinformation https://www.propublica.org/article/misinformvation-vs-disinformation-midterm-election-guide
• Alex Jones verdict will unlikely make disinformation go away. Here's why https://globalnews.ca/news/9205843/alex-jones-disinformation/
• Health:
• Five hours' sleep is tipping point for bad health https://www.bbc.co.uk/news/health-63284305
• Gas stoves can leak cancer-causing chemical, even when turned off, study shows https://globalnews.ca/news/9214091/gas-stoves-cancer-causing-chemical-california-study-benzene/
• Science May Finally Know Why Some People Get Eaten Alive by Mosquitoes https://www.mentalfloss.com/posts/why-mosquitoes-bite-some-people-more-than-others
• Some People Who Appear to Be in a Coma May Actually Be Conscious https://www.scientificamerican.com/article/some-people-who-appear-to-be-in-a-coma-may-actually-be-conscious/
• Florida flesh-eating illness cases spike after Hurricane Ian https://www.bbc.co.uk/news/world-us-canada-63309246
• WHO switching to single-dose cholera vaccine amid ‘unprecedented' rise in outbreaks https://globalnews.ca/news/9209870/cholera-outbreaks-vaccines-who/
• Why Elephants Don't Get Cancer https://www.scientificamerican.com/article/why-elephants-don-rsquo-t-get-cancer/
• Are COVID rapid tests still reliable with new sub-variants on the rise? What experts say https://globalnews.ca/news/9218656/covid-rapid-test-omicron-subvariants/
• The COVID Data That Are Actually Useful Now https://www.theatlantic.com/health/archive/2022/10/fall-winter-covid-cases-wave-data-predictions/671768/
• Black Death 700 years ago affects your health now https://www.bbc.co.uk/news/health-63316538
• The Arctic Could Soon Unleash The Next Pandemic. Here's Why https://www.sciencealert.com/the-arctic-could-soon-unleash-the-next-pandemic-heres-why
• Safety:
• Estimate puts hurricane Fiona insured damages at $660 million https://globalnews.ca/news/9209557/fiona-insured-damages-660-million/
• Another dump truck strikes a bridge at speed with it’s bin up https://www.cbc.ca/news/canada/toronto/dump-truck-crash-mississauga-1.6621489
• Uncontrolled Rocket Reentries are a Bigger Problem Than you Think https://www.universetoday.com/158089/uncontrolled-rocket-reentries-are-a-bigger-problem-than-you-think/
• Environment:
• A Boom in Renewable Energy Has Blunted the Global Rise in Emissions https://www.scientificamerican.com/article/a-boom-in-renewable-energy-has-blunted-the-global-rise-in-emissions/
• There's about to be a big boom in carbon capture projects https://www.theverge.com/2022/10/18/23410755/global-boom-carbon-capture-storage-ccs-pipeline-oil-gas-industry
• E.V.s Start With a Bigger Carbon Footprint. But That Doesn't Last. https://www.nytimes.com/2022/10/19/business/electric-vehicles-carbon-footprint-batteries.html
• Small sulfate aerosol may have masked effects of climate change in the 1970s https://scienmag.com/small-sulfate-aerosol-may-have-masked-effects-of-climate-change-in-the-1970s/
• Ranger numbers and protected area workforce must increase fivefold to effectively safeguard 30% of the planet's wild lands by 2030 https://scienmag.com/ranger-numbers-and-protected-area-workforce-must-increase-fivefold-to-effectively-safeguard-30-of-the-planets-wild-lands-by-2030/
• Abandoned WWII Shipwreck Has Altered The Ocean's Microbiology For 80 Years https://www.sciencealert.com/abandoned-wwii-shipwreck-has-altered-the-oceans-microbiology-for-80-years
• Whale's majestic move brings dramatic end to marine rescue off Canada https://www.bbc.co.uk/news/world-us-canada-63353569
• Economy:
• Biden to release 15M barrels from U.S. strategic oil reserve after OPEC+ cuts https://globalnews.ca/news/9208755/biden-oil-reserve-15m-barrels/
• Rent going up? One company's algorithm could be why https://arstechnica.com/information-technology/2022/10/rent-going-up-one-companys-algorithm-could-be-why/
• Bitcoin Fails to Produce 1 Block for Over an Hour https://www.coindesk.com/business/2022/10/17/bitcoin-fails-to-produce-1-block-for-over-an-hour/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Photos: Kamikaze Drones Strike Kyiv https://www.theatlantic.com/photo/2022/10/photos-kamikaze-drones-strike-kyiv-ukraine/671766/
• Russian tower block in flames after deadly warplane crash https://www.bbc.co.uk/news/world-europe-63292320
• Russian jet released missile near RAF aircraft over Black Sea https://www.bbc.co.uk/news/uk-63327999
• Would Russia use tactical nuclear weapons in Ukraine? Here's its doctrine https://globalnews.ca/news/9204250/russia-nuclear-weapons-policy-ukraine/
• Reaction and response:
• Ukrainians told to 'charge everything' as power grid hit by Russia https://www.bbc.co.uk/news/world-europe-63323263
• NATO to equip Ukraine with anti-drone systems amid Russian strikes: Stoltenberg https://globalnews.ca/news/9207285/nato-ukraine-anti-drone-systems-stoltenberg/
• Sanctions & economic Impact:
• Canada imposes new sanctions on Russians spreading ‘disinformation' https://globalnews.ca/news/9204874/russia-canada-sanctions-disinformation-ukraine-war/
• The EU agreed to slap sanctions on Iran for supplying Russia drones that it used to bombard Ukraine https://www.businessinsider.com/eu-agrees-to-iran-sanctions-russia-drone-supply-2022-10
• Germany extends nuclear power amid energy crisis https://www.bbc.co.uk/news/world-europe-63294697
• Information, Disinformation, and Propaganda:
• Cyber-attacks and the potential for cyber-war:
• OldGremlin, which targets Russia, debuts new Linux ransomware https://www.databreaches.net/oldgremlin-which-targets-russia-debuts-new-linux-ransomware/
• New 'Prestige' Ransomware Targets Transportation Industry in Ukraine, Poland https://www.securityweek.com/new-prestige-ransomware-targets-transportation-industry-ukraine-poland

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• NASA is Hoping They can Break the Sound Barrier… Quietly https://www.universetoday.com/158128/nasa-is-hoping-they-can-break-the-sound-barrier-quietly/
• Other:
• How the Classic Vampire Movie 'Nosferatu' Cheated Court-Ordered Death https://www.mentalfloss.com/posts/how-nosferatu-vampire-movie-went-worldwide
• The 20 Least Scary Horror Movies of All Time, Based on Jump Scares https://www.mentalfloss.com/posts/least-scary-horror-movies-jump-scares
• A Brief History of Board Games https://www.mentalfloss.com/posts/board-games-history
• ‘White Elephant'? 10 American Phrases That Baffle the Rest of the World https://www.mentalfloss.com/posts/american-phrases-that-baffle-rest-of-world
• I hope someone makes memes out of these funny animal photos https://www.theverge.com/2022/10/21/23416479/funny-animal-photo-contest-meme
• Hope for wildlife educational resource https://www.exploringbytheseat.com/wildlife/
• The Rivals Who Cracked the Code of Ancient Egypt's Hieroglyphs https://www.mentalfloss.com/posts/race-to-decode-ancient-egyptian-hieroglyphs
• Canadian Warplane Heritage Museum acquires ownership of three aircraft on 50th anniversary https://globalnews.ca/news/9206548/canadian-warplane-heritage-museum-acquires-three-craft/
• A Nearby Star Has Completely Blasted Away the Atmosphere From its Planet https://www.universetoday.com/158217/a-nearby-star-has-completely-blasted-away-the-atmosphere-from-its-planet/