This Week’s [in]Security – Issue 160
26 Apr 2020.
Welcome to This Week’s [in]Security. Trending: Coronavirus update. The spread, the curve, and aftermath. Guidance, Response and Recovery. The good, the bad, and the ugly. Peaking? Food processing crisis. Disinfectants. Antibody tests. Ingenuity and invention. Testing at scale. Payments and CPEs under lockdown. More PCI FAQ updates. Payment breaches at Paay and $2M in card details for sale. Breaches: Facebook (267M), Nintendo, gene lab, Vianet, WHO, Gates foundation, King Crimson distributor, CISI, Danish Agro. Privacy telehealth and contact tracing. Wi-Fi 6E. CFAA in Supreme Court. DoH-eh! Suing China. Scam defense. Disinformation and FB unfriends pseudoscience. Verified Advertisers. Windows broke Chrome. Vulnerabilities: iPhone email zero-day, OpenSSL, FGPAs, AV as weapon, Foxit & Phantom PDF, Bluetooth, and IBM flubs response. Zoom fixes. Wuhan hacked. Fraud and crisis. Cutting scientific corners. Negative oil. Meteorite death. Bulletproof breast? And more.
Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.
New - Emerging Issues and Trending Stories
Coronavirus updates. We recently change the way we report COVID articles to you so it is less overwhelming. Many COVID articles will appear within our normal blog section headings each with a sub-group dedicated to COVID-19. For example:
- Facts about its spread, direct impact, and how people react will continue under Trending.
- Regulations and restrictions to counter the virus will be under Regulations.
- Privacy Implications, PCI/Payments, Cybercrime under their respective sections
- Treatments, Vaccines, Innovations, Coping methods under Defense
- Information on how/why it spreads, improvements understanding it, etc. under Vulnerabilities
- Economic impact and articles that don't fit into the other categories will be under Other Risk.
- Breaches (and Ransomware) under Breaches.
Our first regular reports on coronavirus can be found at https://controlgap.com/blog/this-weeks-insecurity-issue-147. And our first use of the trending topic section can be found https://controlgap.com/blog/this-weeks-insecurity-issue-149.
-
The spread, the curve, and aftermath:
- COVID-19 peaks in Ontario and elsewhere in the country, with fewer people dying than feared https://nationalpost.com/news/covid-19-pandemic-in-ontario-peaks-early-fewer-people-dying-than-feared
- More than 2,500 coronavirus deaths in Canada as confirmed cases cross 46K https://globalnews.ca/news/6870804/canada-coronavirus-cases-april-26/
- New York state’s daily coronavirus death toll drops below 400 for 1st time in April https://globalnews.ca/news/6870928/new-york-coronavirus-april/
- Spectrum Employees Are Getting Sick Amid Debate Over Working From Home https://www.nytimes.com/2020/04/21/business/spectrum-employees-coronavirus.html
- U.S. COVID-19 deaths up to 3 weeks earlier than first reported https://globalnews.ca/news/6856758/coronavirus-california-early-deaths/
- Italy records first fall in active virus cases https://www.bbc.co.uk/news/live/world-52349779
- CDC Adds 6 New Coronavirus Symptoms https://www.forbes.com/sites/alexandrasternlicht/2020/04/26/cdc-adds-6-new-coronavirus-symptoms/
- ‘COVID toes’ could be another symptom of coronavirus infection: experts https://globalnews.ca/news/6848644/covid-toes-skin-rash-coronavirus-symptom/
- Coronavirus: Immunity passports ‘could increase virus spread’ - https://www.bbc.co.uk/news/world-52425825
- Chile to introduce controversial certificate https://www.bbc.com/news/world-latin-america-52436330
- 13.9% Of New Yorkers Test Positive For Coronavirus Antibodies—Nowhere Near Enough For Herd Immunity https://www.forbes.com/sites/alexandrasternlicht/2020/04/23/139-of-new-yorkers-test-positive-for-coronavirus-antibodies-still-not-enough-to-foster-herd-immunity/
- Was Sweden right to stay largely open? https://www.bbc.com/news/world-europe-52395866
- Sweden has nearly 10 times the number of COVID-19-related deaths than its Nordic neighbors https://www.businessinsider.com/how-sweden-and-norway-handled-coronavirus-differently-2020-4
- How New Zealand relied on science and empathy https://www.bbc.co.uk/news/world-asia-52344299
- Tokyo hospitals trying to stay ahead https://www.bbc.com/news/av/world-asia-52400084/coronavirus-tokyo-hospitals-trying-to-stay-ahead
- 2 Alberta meat plants affected by COVID-19 make up 70% of Canada’s beef processing capabilities https://globalnews.ca/news/6857867/alberta-covid-19-meat-processing-beef-production/
- 'The Food Supply Chain Is Breaking.' Tyson Foods Warns of Meat Shortage as Plants Close Due to COVID-19 https://time.com/5827631/tyson-foods-meat-shortage/
- COVID-19 may spread through building ventilation, say Canadian researchers working on an HVAC fix https://nationalpost.com/health/covid-19-likely-spread-by-building-ventilation-say-canadian-researchers-working-on-an-hvac-fix
-
Guidance, Response and Recovery:
- Disinfectant firm issues warning after Trump comments - https://www.bbc.co.uk/news/world-us-canada-52411706
- Calls To Poison Centers Spike After The President’s Comments About Using Disinfectants To Treat Coronavirus https://www.forbes.com/sites/robertglatter/2020/04/25/calls-to-poison-centers-spike--after-the-presidents-comments-about-using-disinfectants-to-treat-coronavirus/
- Accidental Poisoning Is on The Rise in The US as People Try to Sanitise Their Homes https://www.sciencealert.com/in-an-attempt-to-protect-against-covid-19-some-americans-are-accidentally-poisoning-themselves
- Australia’s COVIDSafe contact tracing app already has more than a million downloads https://www.theverge.com/2020/4/26/21237598/australia-coronavirus-contact-tracing-privacy
- Australia’s contact-tracing app regulation avoids ‘woolly' principles in comparable cyber-laws https://www.theregister.co.uk/2020/04/27/covidsafe_australia_contact_tracing_app/
- 5 decommissioned TTC buses converted to Toronto Paramedics transport vehicles https://globalnews.ca/news/6849361/coronavirus-ttc-toronto-paramedics-buses/
- Coronavirus: Air Canada suspending flights to U.S. for 4 weeks after April 26 https://globalnews.ca/news/6846844/air-canada-suspending-flights-us/
- Germany's states make face masks compulsory https://www.bbc.com/news/world-europe-52382196
- Germany is conducting Europe's first nationwide COVID-19 antibody testing https://www.businessinsider.com/germany-covid-19-antibody-testing-nationwide-2020-4
- Work of Los Alamos scientists suggests COVID-19 can turn really bad again much faster than it got better https://www.zdnet.com/article/work-of-los-alamos-scientists-suggests-covid-19-can-turn-really-bad-again-much-faster-than-it-got-better/
- Several U.S. states prepare to ease coronavirus restrictions despite experts’ worries https://globalnews.ca/news/6871187/us-coronavirus-states-lockdown/
- Coronavirus could kill more than 300,000 people if US restrictions are lifted prematurely, federal documents show. Experts say even that's optimistic. https://www.businessinsider.com/coronavirus-kill-300000-people-restrictions-lifted-prematurely-2020-4
- What Germany’s Soft Reopen Portends For The US Market https://www.pymnts.com/coronavirus/2020/what-germanys-soft-reopen-portends-for-the-us-market/
- Photos show how San Francisco emerged from a lockdown too soon during the 1918 Spanish flu pandemic, leading to an even deadlier second wave https://www.businessinsider.com/what-san-francisco-can-learn-spanish-flu-pandemic-coronavirus-1918
- The Man Who Beat the 1957 Flu Pandemic https://blogs.scientificamerican.com/observations/the-man-who-beat-the-1957-flu-pandemic/
- (Really?) Hundreds of People Volunteer to Be Infected with Coronavirus https://www.scientificamerican.com/article/hundreds-of-people-volunteer-to-be-infected-with-coronavirus/
-
Behaviour - the good, the bad, and the ugly:
- They lived in a factory for 28 days to make millions of pounds of raw PPE materials to help fight coronavirus https://www.washingtonpost.com/nation/2020/04/23/factory-masks-coronavirus-ppe/
- Peterborough police dealing with calls over suspected emergency order violations https://globalnews.ca/news/6852006/coronavirus-peterborough-police-emergency-order-calls/
- The US resistance to a continued lockdown https://www.bbc.co.uk/news/world-us-canada-52417610
- Who’s Behind the “Reopen” Domain Surge? https://krebsonsecurity.com/2020/04/whos-behind-the-reopen-domain-surge/
- 3M files first lawsuit against Canadian company accused of selling N95 masks for $17 each https://business.financialpost.com/pmn/business-pmn/3m-files-lawsuit-in-canada-against-firm-accused-of-price-gouging-on-n95-masks
- Ticketmaster, other ticket portals still selling access to cancelled concerts https://globalnews.ca/news/6855167/ticketmasters-ticketweb-concerts-coronavirus/
- Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies https://krebsonsecurity.com/2020/04/unproven-coronavirus-therapy-proves-cash-cow-for-shadow-pharmacies/
- Ruth’s Chris Steak House Returns $20 Million PPP Loan Amid Public Backlash As Treasury Issues New Guidance https://www.forbes.com/sites/sarahhansen/2020/04/23/ruths-chris-steak-house-returns-20-million-ppp-loan-as-treasury-issues-new-guidance/
- Harvard says it won't be returning an $8 million stimulus check https://www.businessinsider.com/harvard-keeping-stimulus-check-trump-wants-back-2020-4
- A New York hospital struggling against the coronavirus says PPE price gouging is so bad that it's paying $7 for gowns worth 50 cents, and $25 for shields worth $1.25 https://www.businessinsider.com/ny-hospital-faces-ppe-price-gouging-in-coronavirus-crisis-2020-4
- Insider 'Sabotaged' Medical Equipment Shipments https://www.bankinfosecurity.com/prosecutors-insider-sabotaged-medical-equipment-shipments-a-14172
PCI Compliance and Payments
News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.
- 8 Tips for Small Merchants: Protecting Payment Data During COVID-19 https://blog.pcisecuritystandards.org/8-tips-for-small-merchants-protecting-payment-data-during-covid-19
- 7 Common Questions about CPEs During COVID-19 https://blog.pcisecuritystandards.org/7-common-questions-about-cpes-during-covid-19
- PCI Updated Guidance: Responding to a Data Breach https://blog.pcisecuritystandards.org/updated-guidance-responding-to-a-data-breach
-
PCI FAQs: 7 Updated:
- 1162 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Can-merchants-use-encryption-solutions-not-listed-on-the-PCI-Council-s-website-to-reduce-their-PCI-DSS-validation-effort
- 1164 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Is-the-PCI-P2PE-Standard-applicable-for-merchants-that-have-developed-implemented-their-own-encryption-solution
- 1166 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Which-PCI-PTS-point-of-interaction-POI-devices-can-be-used-in-a-validated-P2PE-solution
- 1247 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Who-can-use-SAQ-P2PE
- 1248 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/In-P2PE-how-do-hybrid-decryption-environments-differ-from-hardware-decryption-environments
- 1358 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Which-version-of-the-P2PE-Standard-should-be-used-for-a-P2PE-assessment
- 1367 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Can-PCI-listed-P2PE-v1-1-applications-be-used-in-PCI-P2PE-v2-solutions
- Updated index of PCI FAQ's https://controlgap.com/index-pci-frequently-asked-questions/
- Payments Startup Paay Left Credit Card Info Exposed https://www.pymnts.com/news/security-and-risk/2020/payments-startup-paay-left-credit-card-info-exposed/
- South Korean and US payment card details worth nearly $2M up for sale in the underground https://www.databreaches.net/south-korean-and-us-payment-card-details-worth-nearly-2m-up-for-sale-in-the-underground/
Breaches / Ransomware / Leaks
Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.
- 267 Million Facebook User Records for Sale on Dark Net https://www.bankinfosecurity.com/267-million-facebook-user-records-for-sale-on-dark-net-a-14158
- Genetic Testing Lab Hack Affects 233,000 https://www.bankinfosecurity.com/genetic-testing-lab-hack-affects-233000-a-14182
- Nintendo Confirms Some 160,000 Accounts Might’ve Been Hacked https://www.databreaches.net/nintendo-confirms-some-160000-accounts-mightve-been-hacked/ and https://threatpost.com/nintendo-confirms-breach-of-160000-accounts/155110/
- Vianet - 94,353 breached accounts added to HIBP https://haveibeenpwned.com/PwnedWebsites#Vianet
- King Crimson distributor Burning Shed breached https://www.theregister.co.uk/2020/04/21/burning_shed_hacked/
- WHO, Gates Foundation Credentials Dumped Online https://www.bankinfosecurity.com/who-gates-foundation-credentials-dumped-online-report-a-14167
- Almost 8,000 could be affected by federal emergency loan data breach https://arstechnica.com/tech-policy/2020/04/sba-says-data-breach-may-have-affected-almost-8000-loan-applicants/
- CISI payment breach leaves members vulnerable to fraud https://www.databreaches.net/cisi-payment-breach-leaves-members-vulnerable-to-fraud/
- Danish Agro’s computer systems hacked https://www.databreaches.net/danish-agros-computer-systems-hacked/
- UniCredit Hackers Try to Sell Employee Data on Cyber-Crime Forums https://www.databreaches.net/unicredit-hackers-try-to-sell-employee-data-on-cyber-crime-forums/
- Valve says it's safe to play CS:GO and TF2 after source code leaked online |https://www.zdnet.com/article/valve-says-its-safe-to-play-csgo-and-tf2-after-source-code-leaked-online/
- Equifax Settles With Massachusetts, Indiana Over 2017 Breach https://www.bankinfosecurity.com/equifax-settles-massachusetts-indiana-over-2017-breach-a-14152
- LA County Hit with DoppelPaymer Ransomware Attack https://threatpost.com/la-county-hit-with-doppelpaymer-ransomware-attack/155024/
Privacy
Articles about privacy related news, risks, and trends.
- Alberta privacy commissioner to investigate Telus virtual health-care app https://calgaryherald.com/news/alberta-privacy-commissioner-launches-investigation-into-telus-virtual-health-care-app
- Coronavirus tests Germans’ devotion to privacy https://www.codastory.com/authoritarian-tech/coronavirus-germany-privacy/
- OECD Releases New Guidance on Privacy and Contact Tracing https://epic.org/2020/04/oecd-releases-new-guidance-on-.html
- Twitter Fails to Obtain Permission to Disclose Surveillance Requests https://www.securityweek.com/twitter-fails-obtain-permission-disclose-surveillance-requests
- GDPR and COVID-19: Privacy Regulator Promises 'Flexibility' https://www.bankinfosecurity.com/gdpr-covid-19-privacy-regulator-promises-flexibility-a-14177
- Copyright and Crisis: Filters Are Not the Answer https://www.eff.org/deeplinks/2020/04/copyright-and-crisis-filters-are-not-answer
- Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and many more https://www.theregister.co.uk/2020/04/23/uk_snoopers_charter_sequel/
Laws & Regulations / Standards
News about laws, regulations, and standards affecting security, privacy, technology, and public interest.
- The FCC ratified Wi-Fi 6E https://arstechnica.com/gadgets/2020/04/the-fcc-ratified-wi-fi-6e-this-morning/
- The CFAA Is Finally Being Reviewed By The Supreme Court https://packetstormsecurity.com/news/view/31138/The-CFAA-Is-Finally-Being-Reviewed-By-The-Supreme-Court.html and https://epic.org/2020/04/supreme-court-to-consider-whet.html
- ICANN Delays .ORG Sale After California Attorney General Objects https://epic.org/2020/04/icann-delays-org-sale-after-ca.html
- Canada's .ca overlord rolls out free privacy-protecting DNS-over-HTTPS service for folks in Great White North https://www.theregister.co.uk/2020/04/23/canada_dns_over_https/
- France is banning firms registered in offshore tax havens from its government coronavirus bailout https://www.businessinsider.com/france-coronavirus-bailout-tax-haven-registered-subsidies-ineligible-020-4
- PPP Loans Could Trigger Treasury Investigation https://www.pymnts.com/coronavirus/2020/ppp-loans-could-trigger-treasury-investigation/
- NY’s Jobless Claims Site Crashes From High Volume https://www.pymnts.com/coronavirus/2020/new-york-jobless-claims-site-crashes/
- Coronavirus: Missouri sues Chinese government over virus handling https://www.bbc.co.uk/news/business-52364797
- Facebook asks judge to toss Canadian privacy chief’s findings on personal data probe https://globalnews.ca/news/6844272/facebook-canada-personal-data/
Defense / Techniques / Solutions
Covering developments and opportunities that may help improve security.
-
COVID-19 countermeasures:
- Ventilators available with the flip of a switch https://scienmag.com/ventilators-available-with-the-flip-of-a-switch/
- NASA designed a cheap, simple ventilator to prevent shortages during a potential second wave of COVID-19 infections https://www.businessinsider.com/nasa-designs-cheap-simple-coronavirus-ventilator-mass-production-2020-4
- Snorkeling Mask Apparatus Might Help COVID-19 Patients Avoid Intubation https://www.scientificamerican.com/article/snorkeling-mask-apparatus-might-help-covid-19-patients-avoid-intubation/
- B.C. doctor develops COVID-19 vacuum chamber to protect hospitals https://globalnews.ca/news/6861552/bc-doctor-covid-19-vacuum-chamber/
- Engineers design UV stations to aid healthcare workers during COVID-19 pandemic https://scienmag.com/engineers-design-uv-stations-to-aid-healthcare-workers-during-covid-19-pandemic/
- Ground breaking development in rapid large-scale testing of COVID-19 https://scienmag.com/groundbreaking-development-in-rapid-large-scale-testing-of-covid-19/
- Oxford University Just Injected The First Participants in a COVID-19 Vaccine Trial https://www.sciencealert.com/oxford-university-has-just-launched-a-human-trial-of-a-potential-covid-19-vaccine
- Three Ways to Make Coronavirus Drugs in a Hurry https://www.scientificamerican.com/article/three-ways-to-make-coronavirus-drugs-in-a-hurry/
- Scientists May Have Found The Human Cell Types Most Vulnerable to The New Coronavirus https://www.sciencealert.com/the-cell-types-most-vulnerable-to-infection-by-coronavirus-may-have-been-identified
- US, UK Authorities Crack Down on Suspicious COVID-19 Domains https://www.bankinfosecurity.com/us-uk-authorities-crack-down-on-suspicious-covid-19-domains-a-14171
- Stemming The SIM-Swapping Tide In Fraud Friendlier Times https://www.pymnts.com/news/security-and-risk/2020/stemming-sim-swapping-tide-in-fraud-friendlier-times/
- When in Doubt: Hang Up, Look Up, & Call Back https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/
- How Can I Help My Users Spot Disinformation? https://www.darkreading.com/theedge/how-can-i-help-my-users-spot-disinformation/b/d-id/1337603
- Facebook just killed its ‘pseudoscience’ category for ad targeting https://www.theverge.com/2020/4/23/21232547/facebook-pseudoscience-ad-targeting-coronavirus
- Vulnerability Finding Using Machine Learning https://www.schneier.com/blog/archives/2020/04/vulnerability_f.html
- Google will make all of its advertisers verify their identities https://www.theverge.com/2020/4/23/21232572/google-advertisement-identity-country-origin-verification-announcement
- Forget the tabletop, we have an actual exercise for BCP! https://blog.isc2.org/isc2_blog/2020/04/forget-the-tabletop-we-have-an-actual-exercise-for-bcp.html
- Deploying Gateway using a Raspberry Pi, DNS over HTTPS and Pi-hole https://blog.cloudflare.com/deploying-gateway-using-a-raspberry-pi-dns-over-https-and-pi-hole/
- Protecting yourself from "Sextortion" https://scienmag.com/protecting-yourself-from-the-latest-internet-sex-crime/
- Crypto-agility is a relatively new concept that people will be hearing more and more about https://en.wikipedia.org/wiki/Crypto-agility
Bugs / Design Flaws / Vulnerabilities / Research
Articles about newly discovered vulnerabilities and research.
- You Won't Believe what this One Line Change Did to the Chrome Sandbox https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
- Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html
- GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps https://www.theregister.co.uk/2020/04/23/gcc_openssl_vulnerability/
- NSA shares list of vulnerabilities commonly exploited to plant web shells https://www.zdnet.com/article/nsa-shares-list-of-vulnerabilities-commonly-exploited-to-plant-web-shells/
-
IBM mishandles vulnerability reports in security product:
- No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report https://www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/
- Security researcher discloses four IBM zero-days after company refused to patch https://www.databreaches.net/security-researcher-discloses-four-ibm-zero-days-after-company-refused-to-patch/
- RCE Exploit Released for IBM Data Risk Manager https://threatpost.com/rce-exploit-ibm-data-risk-manager-no-patch/154986/
- Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers https://thehackernews.com/2020/04/fpga-chip-vulnerability.html
- Researchers Turn Antivirus Software Into Destructive Tools https://www.securityweek.com/researchers-turn-antivirus-software-destructive-tools
- Foxit PDF Reader, PhantomPDF Open to Remote Code Execution https://threatpost.com/foxit-pdf-reader-phantompdf-remote-code-execution/154942/
- Contact tracing apps unsafe if Bluetooth vulnerabilities not fixed https://www.zdnet.com/article/contact-tracing-apps-unsafe-if-bluetooth-vulnerabilities-not-fixed/
- 'Zoombombing' targeted with new version of app - Better Encryption, Other Security Improvements https://www.bbc.co.uk/news/business-52392084 and https://www.securityweek.com/zoom-announces-better-encryption-other-security-improvements
- IOT: Connected Home Hubs Open Houses to Full Remote Takeover https://threatpost.com/connected-home-hubs-full-remote-takeover/155037/
- Deepfakes and AI: Fighting Cybersecurity Fire with Fire https://www.datex.ca/blog/deepfakes-and-ai-fighting-cybersecurity-fire-with-fire
- Another Story of Bad 1970s Encryption https://www.schneier.com/blog/archives/2020/04/another_story_o.html
- Valorant's anti-cheat software loads kernel-based driver on system boot https://www.techspot.com/community/topics/valorants-anti-cheat-software-loads-kernel-based-driver-on-system-boot.261983/
Hacking / Malware / Cybercrime / Exploitation
News covering active trends and events.
- Spike in Company Compromises Correlates With Lockdowns https://www.securityweek.com/spike-company-compromises-correlates-lockdowns
- Cybercriminals Using Zoom, WebEx as Phishing Lures https://www.bankinfosecurity.com/cybercriminals-using-zoom-webex-as-phishing-lures-report-a-14162
- Fake Skype, Signal Apps Used to Spread Surveillanceware https://threatpost.com/fake-skype-signal-apps-used-to-spread-surveillanceware/155053/
- Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks https://www.wired.com/story/google-state-sponsored-hackers-coronavirus-phishing-malware/
- Hackers Have Breached 60 Ad Servers To Load Their Own Malicious Ads https://packetstormsecurity.com/news/view/31143/Hackers-Have-Breached-60-Ad-Servers-To-Load-Their-Own-Malicious-Ads.html
- Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html
- This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
- Hackers target oil producers as they struggle with a record glut of crude https://arstechnica.com/information-technology/2020/04/hackers-target-oil-producers-as-they-struggle-with-a-record-glut-of-crude/
- Fraud Thrives in a Crisis - Why The Insurance Community Needs to Stay Vigilant https://www.bankinfosecurity.com/blogs/fraud-thrives-in-crisis-insurance-community-needs-to-stay-vigilant-p-2896
- ‘Pure Hell for Victims’ as Stimulus Programs Draw a Flood of Scammers https://www.nytimes.com/2020/04/22/technology/stimulus-checks-hackers-coronavirus.html
- Will Telehealth Fraud Grow Amid the COVID-19 Crisis? https://www.bankinfosecurity.com/will-telehealth-fraud-grow-amid-covid-19-crisis-a-14153
- Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html
- Vernon RCMP warn of growing theft trend targeting community mailboxes https://globalnews.ca/news/6845747/vernon-rcmp-theft-community-mailboxes/
- Record Scotch Sale Postponed After Cyber Attack on Auctioneer https://www.bloomberg.com/news/articles/2020-04-25/record-scotch-sale-postponed-after-cyber-attack-auctioneer-says
Other Security / Risk
Articles covering other types of risks.
-
COVID-19 Other risks and impact:
- Scientists cut peer review corners as demand for COVID-19 information grows https://globalnews.ca/news/6845984/coronavirus-scientists-peer-review/
- World risks 'biblical' famines due to pandemic, 5 countries most at risk https://www.bbc.co.uk/news/world-52373888 and https://www.bbc.co.uk/news/world-52379956
- US oil prices turn negative as demand dries up - https://www.bbc.co.uk/news/business-52350082
- Chinese COVID-19 Disinformation Campaign https://www.schneier.com/blog/archives/2020/04/chinese_covid-1.html
- Some anti-vaxxers are changing their minds because of the coronavirus pandemic https://www.cnn.com/2020/04/20/health/anti-vaxxers-coronavirus-intl/index.html
- Last cruise ship at sea finally reaches port https://www.cnn.com/travel/article/final-cruise-ships-port/index.html
- How to cut your hair at home without ruining it https://globalnews.ca/news/6841353/cut-hair-at-home-coronavirus/
- ‘We’re very hopeful’: Manitoba drive-in theatres looking at a renaissance https://globalnews.ca/news/6869734/coronavirus-manitoba-drive-ins/
- 61% of Toronto businesses would close down in 3 months https://globalnews.ca/news/6851513/toronto-businesses-landlords-survey-coronavirus/
- Terahash Buys L0phtCrack in Password Merger https://www.darkreading.com/endpoint/terahash-buys-l0phtcrack-in-password-merger/d/d-id/1337608
- We Have The First-Ever Credible Evidence of Someone Killed by a Falling Meteorite https://www.sciencealert.com/we-finally-have-credible-evidence-of-someone-being-killed-by-a-falling-meteorite
- Woman's Breast Implant Saved Her Life by Deflecting a Bullet https://www.sciencealert.com/woman-s-life-saved-after-her-breast-implant-deflects-bullet-study-suggests
Off-Topic / Science & Tech / Lighter Side
A variety of scientific, technical, historical, and more light-hearted news.
- Standard transmission stumps would-be Winnipeg carjackers https://globalnews.ca/news/6853457/standard-transmission-stumps-would-be-winnipeg-carjackers-say-police/
- Coronavirus: Kelowna woman teaches science experiments to kids https://globalnews.ca/news/6870991/coronavirus-kelowna-woman-teaches-science-experiments-to-kids/
- How to use your Nvidia graphics card to improve the quality of your calls https://www.theverge.com/2020/4/21/21229508/nvidia-rtx-voice-background-noise-reduce-graphics-card-improve-call-quality
- Finally: IKEA Is Sharing Its Swedish Meatball Recipe With the World https://www.mentalfloss.com/article/623593/ikea-swedish-meatball-recipe
- Surreal Footage Shows 'Glowing' Dolphins Surf Through Bioluminescent Algae https://www.sciencealert.com/watch-these-dolphins-turn-into-glowing-torpedos-scaring-algae-so-bad-they-poop-light
- You Can Take a Virtual Tour of Fallingwater and More of Frank Lloyd Wright's Most Famous Buildings https://www.mentalfloss.com/article/623629/virtual-tours-frank-lloyd-wright-buildings-fallingwater-taliesin
- Why researchers believe one of Canada's largest caves went undetected for so long https://www.cbc.ca/news/canada/british-columbia/bc-cave-discovery-wells-gray-provincial-park-why-it-went-undetected-1.5536359
- Will anyone ever find Shackleton's lost ship? https://www.bbc.co.uk/news/science-environment-52376090
- BepiColombo captured images of Earth during its recent flyby https://www.universetoday.com/145739/bepicolombo-captured-images-of-earth-during-its-recent-flyby/
- 19 More Asteroids They Think Are Interstellar https://www.sciencealert.com/astronomers-have-just-identified-19-more-asteroids-they-think-are-interstellar
- First Ever Image of Nearby Exoplanet Proxima C https://www.scientificamerican.com/article/astronomers-may-have-captured-the-first-ever-image-of-nearby-exoplanet-proxima-c1/
- The Exoplanet that Disappeared From Hubble Observations https://www.syfy.com/syfywire/fomalhauts-planet-may-actually-be-a-dust-cloud-from-a-giant-asteroid-collision and https://www.sciencealert.com/astronomers-have-solved-the-mystery-of-a-disappearing-exoplanet
- Nova Observed From Start to Finish for the First Time https://www.universetoday.com/145720/astronomers-watch-a-nova-go-from-start-to-finish-for-the-first-time/
- The Theorem That Applies to Everything from Search Algorithms to Epidemiology https://blogs.scientificamerican.com/roots-of-unity/the-theorem-that-applies-to-everything-from-search-algorithms-to-epidemiology/