Welcome to This Week’s [in]Security. PCI FAQs. Magecart surge. COVID test data. New breaches: 320M dating records. influencers. Access keys. New Ransomware. Facebook. Facial Recognition. IoT. TikTok. NIST Updates, Drafts & Workshops. Phish Scale. OneFuzz. Elections. Severe Vulnerability. MobileIron. Bluetooth. Firefox. Malicious QR. Wifi pwnage. Iranian, Chinese, and Russian hacking. @Failure to learn. IP Theft. Security Questions with Attitude. Quantum. Number Stations. Deepfake arms race. Boarding Passes. Hurricanes. Wildfires. Glaciers. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. Lockdown, Reopening, & The New Normal. More of the Good, Bad, and Ugly. And more.

Note: The COVID section appears later in the article.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI SSC to Host its 2020 Community Meetings Online as Virtual Events https://blog.pcisecuritystandards.org/pci-ssc-to-host-its-2020-community-meetings-online-as-virtual-events

• 3 new PCI FAQ's:

  • 1482 Are P2PE Products (P2PE Solutions, P2PE Components, P2PE Applications) on the P2PE Expired Listings still considered “validated” per the P2PE Program Guide? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Are-P2PE-Products-P2PE-Solutions-P2PE-Components-P2PE-Applications-on-the-P2PE-Expired-Listings-still-considered-validated-per-the-P2PE-Program-Guide
  • 1483 If a P2PE Solution is on PCI’s list of Point-to-Point Encryption Solutions with Expired Validations, does the solution meet the eligibility criteria for SAQ P2PE? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/If-a-P2PE-Solution-is-on-PCI-s-list-of-Point-to-Point-Encryption-Solutions-with-Expired-Validations-does-the-solution-meet-the-eligibility-criteria-for-SAQ-P2PE
  • 1484 If a P2PE Solution is shown as red or orange on PCI’s list of Validated P2PE Solutions, does the solution meet the eligibility criteria for SAQ P2PE? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/If-a-P2PE-Solution-is-shown-as-red-or-orange-on-PCI-s-list-of-Validated-P2PE-Solutions-does-the-solution-meet-the-eligibility-criteria-for-SAQ-P2PE
  • Our updated index of all known PCI FAQ's https://controlgap.com/index-pci-frequently-asked-questions/

• PCI Updates P2PE SAQ and AOC:

  • SAQ https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2_1-SAQ-P2PE-1_1.pdf
  • AOC https://www.pcisecuritystandards.org/documents/AOC-SAQ_P2PE-v3_2_1-r1_1.pdf
• PCI DSS in Practice Case Study: PicPay https://blog.pcisecuritystandards.org/pci-dss-in-practice-case-study-picpay

• Magecart:

  • Magecart Attack Impacts More Than 10K Online Shoppers https://threatpost.com/magecart-campaign-10k-online-shoppers/159216/
  • Payment Card Skimming Hits 2,000 E-Commerce Sites https://www.databreachtoday.com/payment-card-skimming-hits-2000-e-commerce-sites-a-15000
  • Magento online stores hacked in largest campaign to date https://www.databreaches.net/magento-online-stores-hacked-in-largest-campaign-to-date/
  • Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000 https://www.theregister.com/2020/09/15/magento_1_exploit_sold_online/
• Moneris Introduces New Credit and Debit Card Processing Terminal https://go.moneris.com/monerisgo
• My stolen credit card details were used 4,500 miles away. I tried to find out how it happened https://www.zdnet.com/article/my-stolen-credit-card-details-were-used-4500-miles-away-i-tried-to-find-out-how-it-happened/
• Followup - Interesting Attack on the EMV Smartcard Payment Standard https://www.schneier.com/blog/archives/2020/09/interesting-attack-on-the-emv-smartcard-payment-standard.html

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Breach of COVID-19 Test Data Undermines Pandemic Response https://www.databreachtoday.com/blogs/breach-covid-19-test-data-undermines-pandemic-response-p-2938

• New breaches:

  • Cloud Leak Exposes 320M Dating-Site Records https://threatpost.com/cloud-leak-320m-dating-site-records/159225/
  • Chinese database details 2.4 million influential people outside of China, their kids, addresses, and how to press their buttons https://www.theregister.com/2020/09/15/china_shenzhen_zhenhua_database/
  • Research Finds Nearly 800,000 Access Keys Exposed Online https://www.darkreading.com/vulnerabilities---threats/research-finds-nearly-800000-access-keys-exposed-online/d/d-id/1338918
  • Staples US hit by data breach https://www.tomsguide.com/news/staples-data-breach
  • Hackers leak details of 1,000 high-ranking Belarus police officers https://www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers
  • A bug in Joe Biden’s campaign app gave anyone access to millions of voter files https://www.databreaches.net/a-bug-in-joe-bidens-campaign-app-gave-anyone-access-to-millions-of-voter-files/
  • Hackers Divert VA Payments Intended for Healthcare Providers https://www.databreachtoday.com/hackers-divert-va-payments-intended-for-healthcare-providers-a-14999

• New Ransomware:

  • Ontario nurses' college hit by ransomware attack; personal data at risk https://www.cp24.com/news/ontario-nurses-college-hit-by-ransomware-attack-personal-data-at-risk-1.5111009 and https://globalnews.ca/news/7344192/ontario-nurses-college-ransomware-cyberattack/
  • (Almost certainly not a first)First death reported following a ransomware attack on a German hospital https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital/
  • (A first) German prosecutors open homicide case after hacker attack on hospital leaves woman dead https://www.cbc.ca/news/technology/german-homicide-case-hacker-hospital-1.5729949
  • City of Carmel website remains down after hacking incident https://www.databreaches.net/update-city-of-carmel-website-remains-down-after-hacking-incident/
  • NC: Guilford Technical Community College hit with ransomware https://www.databreaches.net/nc-guilford-technical-community-college-hit-with-ransomware/
  • TX: School district reaches out to FBI following cyberattack https://www.databreaches.net/tx-school-district-reaches-out-to-fbi-following-cyberattack/
  • GA: Jekyll Island Authority computer system infiltrated in ransomware attack https://www.databreaches.net/ga-jekyll-island-authority-computer-system-infiltrated-in-ransomware-attack/
  • NY: Floral Park-Bellerose school district hit with ransomware attack https://www.databreaches.net/ny-floral-park-bellerose-school-district-hit-with-ransomware-attack/
  • Computer Attack Disables California School District's System https://www.securityweek.com/computer-attack-disables-california-school-districts-system

• Follow-ups:

  • Senators Demand More Details on VA Breach https://www.databreachtoday.com/senators-demand-more-details-on-va-breach-a-15023
  • Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html
  • Halifax-area man shares his experience after CRA cyberattack https://globalnews.ca/news/7337042/halifax-area-cra-cyberattack/

Privacy

Articles about privacy related news, risks, and trends.

• Facebook Accused of Watching Instagram Users Through Cameras https://www.bloomberg.com/news/articles/2020-09-18/facebook-accused-of-watching-instagram-users-through-cameras
• Facebook Plans To Launch Smart Glasses In 2021 https://www.pymnts.com/facebook/2020/facebook-plans-to-launch-smart-glasses-in-2021/
• Companies Can Track Your Phone’s Movements to Target Ads https://www.wired.com/story/companies-track-phones-movements-target-ads
• WhatsApp-tracking apps are letting people spy on when you're sleeping and who you're likely talking to on the Facebook-owned app https://www.businessinsider.com/whatsapp-tracking-apps-online-activity-sleep-interactions-2020-9
• COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic https://www.databreaches.net/covid-19-and-hipaa-hhss-troubled-approach-to-waiving-privacy-and-security-rules-for-the-pandemic/
• Workplace Surveillance in Times of Corona https://www.eff.org/deeplinks/2020/09/workplace-surveillance-times-corona
• Portland City Council Votes to Ban Facial Recognition https://epic.org/2020/09/portland-city-council-votes-to.html
• Professors Hartzog and Richards: Clearview AI Gets Privacy and First Amendment Wrong https://epic.org/2020/09/professors-hartzog-and-richard.html
• Ca: Regina clinic failed to notify patients of privacy breach https://www.databreaches.net/ca-regina-clinic-failed-to-notify-patients-of-privacy-breach-says-commissioner/
• Cyber security breach at National Informatics Centre https://www.databreaches.net/cyber-security-breach-at-national-informatics-centre-malware-attack-traced-to-bengaluru/
• Regulators Failed and Google Turned The Internet Into a Surveillance Machine https://epic.org/2020/09/regulators-failed-and-google-t.html

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• IoT Security Bill Passed in House of Representatives https://epic.org/2020/09/iot-security-bill-passed-in-ho.html
• Trump Admin to Ban TikTok, WeChat From U.S. App Stores https://www.nytimes.com/2020/09/18/business/trump-tik-tok-wechat-ban.html
• Judge blocks US ban on WeChat that was set to go into effect today https://www.theverge.com/2020/9/20/21447540/judge-blocks-ban-wechat-tiktok-trump
• After banning WeChat, the US government is turning its focus to Tencent's gaming concerns https://www.pcgamer.com/after-banning-wechat-the-us-government-is-turning-its-focus-to-tencents-gaming-concerns/ and https://www.theverge.com/2020/9/18/21445310/trump-administration-cfius-tencent-investigation-letter-epic-riot
• Facebook Could Face FTC Antitrust Suit By Year's End https://www.pymnts.com/antitrust/2020/facebook-could-face-ftc-antitrust-suit-by-years-end/
• Senate Republicans Introduce Weak "SAFE DATA Act” https://epic.org/2020/09/senate-republicans-introduce-w.html
• EFF Joins Coalition Urging Senators to Reject the EARN IT Act https://www.eff.org/deeplinks/2020/09/eff-joins-coalition-urging-senators-reject-earn-it-act
• Michigan Considers Enhanced Data Breach Notification Law https://www.databreaches.net/michigan-considers-enhanced-data-breach-notification-law/
• European Police Malware Could Harvest GPS, Messages, Passwords, More https://www.vice.com/en_us/article/k7qjkn/encrochat-hack-gps-messages-passwords-data
• Three Interactive Tools for Understanding Police Surveillance https://www.eff.org/deeplinks/2020/09/three-interactive-tools-understanding-police-surveillance
• Why It’s Time to Reboot Canada’s Failed Digital Agenda https://www.michaelgeist.ca/2020/09/why-its-time-to-reboot-canadas-failed-digital-agenda/
• US China tariffs violated trade rules, WTO says https://www.bbc.co.uk/news/business-54168419

• NIST updates and drafts:

  • Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)—NIST Publishes SP 1800-21 https://csrc.nist.gov/publications/detail/sp/1800-21/final
  • Securing Home IoT Devices Using MUD: Final Public Draft of SP 1800-15 Now Available until October 16 https://csrc.nist.gov/publications/detail/sp/1800-15/draft
  • Securing Property Management Systems: Draft SP 1800-27 is Available for Comment until October 28 https://csrc.nist.gov/publications/detail/sp/1800-27/draft

• National Cybersecurity Center of Excellence (NCCoE) Virtual Workshops:

  • Challenges with Compliance, Operations, and Security with Encrypted Protocols, in Particular TLS 1.3 (Sep 25) https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-challenges-compliance-operations-and-security-encrypted
  • Automation of the NIST Cryptographic Module Validation Program (CMVP) (Oct 5) https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-automation-nist-cryptographic-module-validation-program-cmvp
  • Considerations in Migrating to Post-Quantum Cryptographic Algorithms (Oct 7) https://www.nccoe.nist.gov/events/rescheduled-virtual-workshop-considerations-migrating-post-quantum-cryptographic-algorithms

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• The Phish Scale: NIST-Developed Method Helps IT Staff See Why Users Click on Fraudulent Emails https://www.nist.gov/news-events/news/2020/09/phish-scale-nist-developed-method-helps-it-staff-see-why-users-click
• Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/

• Election Security:

  • Twitter Taking Steps to Protect Election-Related Accounts https://www.securityweek.com/twitter-taking-steps-protect-election-related-accounts
  • Election Audits in NJ 2020 https://freedom-to-tinker.com/2020/09/16/election-audits-in-nj-2020/
  • The International Playbook for Foiling Russian Interference https://www.wired.com/story/international-playbook-foiling-russian-interference
  • A new research tool, NYU Ad Observatory, tracks political advertising on Facebook https://scienmag.com/a-new-research-tool-nyu-ad-observatory-tracks-political-advertising-on-facebook/
  • Vote-by-mail meltdowns in 2020? https://freedom-to-tinker.com/2020/09/20/vote-by-mail-meltdowns-in-2020/
  • How We’ll Know the Election Wasn’t Rigged https://www.wired.com/story/election-mass-voter-fraud-protections
• Oracle will have to pore over the TikTok's source code to make sure there are no backdoors https://www.businessinsider.com/report-oracle-proposed-tiktok-deal-includes-source-code-audit-2020-9
• Google can now scan malicious files for Advanced Protection users https://www.theverge.com/2020/9/16/21439599/google-chrome-scan-malicious-files-safe-browsing-advanced-protection
• NSA Publishes Guidance on UEFI Secure Boot Customization https://www.securityweek.com/nsa-publishes-guidance-uefi-secure-boot-customization
• Vulnerability Detection Pipeline (Beta) https://blog.qualys.com/vulnerabilities-research/2020/09/16/vulnerability-detection-pipeline-beta
• Nozomi Networks Becomes CVE Numbering Authority https://www.securityweek.com/nozomi-networks-becomes-cve-numbering-authority
• One Data Scientist’s Quest to Quash Misinformation https://www.wired.com/story/data-scientist-cybesecurity-tools-quash-misinformation

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Windows Update Gets Serious: You Have The Weekend To Comply, Homeland Security Says https://www.forbes.com/sites/daveywinder/2020/09/19/windows-updates-get-serious-you-have-the-weekend-to-comply-homeland-security-says/
• US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities https://www.tenable.com/blog/us-cybersecurity-agency-cisa-alert-foreign-threat-actors-target-unpatched-vulnerabilities
• Zerologon attack lets hackers take over enterprise networks https://www.zdnet.com/article/zerologon-attack-lets-hackers-take-over-enterprise-networks/
• Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks https://www.securityweek.com/vulnerabilities-expose-thousands-mobileiron-servers-remote-attacks
• Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
• Followup on BLURtooth attack - https://www.schneier.com/blog/archives/2020/09/new-bluetooth-vulnerability.html
• Firefox bug lets you hijack nearby mobile browsers via WiFi https://www.zdnet.com/article/firefox-bug-lets-you-hijack-nearby-mobile-browsers-via-wifi/
• QR Codes Serve Up a Menu of Security Concerns https://threatpost.com/qr-codes-menu-security-concerns/159275/
• Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame https://www.theregister.com/2020/09/17/huawei_iptv_video_encoder_security/
• (Old trick, why no defense?)Spammers use hexadecimal IP addresses to evade detection https://www.zdnet.com/article/spammers-use-hexadecimal-ip-addresses-to-evade-detection/
• Google corrects unfortunate ‘Stalkerware’ typo allowing partner-tracking apps https://www.theverge.com/2020/9/18/21441154/google-play-store-stalkerware-ban-parent-children-tracking
• Feeling bad about your last security audit? Check out what just happened to the US Department of Interior https://www.theregister.com/2020/09/17/dot_pentesers_expose_wifi/
• Far Field EM Side-Channel Attack on AES Using Deep Learning https://eprint.iacr.org/2020/1096

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• MITRE releases emulation plan for FIN6 hacking group https://www.zdnet.com/article/mitre-releases-emulation-plan-for-fin6-hacking-group-more-to-follow
• DDoS Attacks Skyrocket as Pandemic Bites https://threatpost.com/ddos-attacks-skyrocket-pandemic/159301/
• Iranian hacker group developed Android malware to steal 2FA SMS codes https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes
• 3 Iranian Hackers Charged With Targeting US Satellite Firms https://www.databreachtoday.com/3-iranian-hackers-charged-targeting-us-satellite-firms-a-15021
• US sanctions Iranian government front company hiding major hacking operations https://www.zdnet.com/article/us-sanctions-iranian-government-front-company-hiding-major-hacking-operations
• CISA Shares Details on Web Shells Employed by Iranian Hackers https://www.securityweek.com/cisa-shares-details-web-shells-employed-iranian-hackers
• Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack https://krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/
• FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List https://thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html
• Chinese Tech Giant Alibaba’s Servers Found To Be Involved In Data Theft, At-least 72 Servers Sending Data To China https://www.databreaches.net/chinese-tech-giant-alibabas-servers-found-to-be-involved-in-data-theft-at-least-72-servers-sending-data-to-china/
• Chinese Hackers 'Stole Data From Spanish Vaccine Labs' https://www.securityweek.com/chinese-hackers-stole-data-spanish-vaccine-labs-report
• How the FIN7 Cybercrime Gang Operates https://www.schneier.com/blog/archives/2020/09/how-the-fin7-cybercrime-gang-operates.html
• Due Diligence That Money Can’t Buy https://krebsonsecurity.com/2020/09/due-diligence-that-money-cant-buy/
• Dunkin' Donuts drops some dough to glaze over lawsuit accusing it of covering up customer account hacks https://www.theregister.com/2020/09/15/dunkin_donuts_cooks_up_deal/
• 13-year-old student nabbed in cyber attacks on Valpo schools https://www.databreaches.net/13-year-old-student-nabbed-in-cyber-attacks-on-valpo-schools-police-say/
• Man Pleads Guilty to Role in $600K Malware Protection Scam https://www.securityweek.com/man-pleads-guilty-role-600k-malware-protection-scam

Other Security / Risk

Articles covering other types of risks.

• Why We Don’t Learn From Our Cybersecurity Mistakes https://sector.ca/why-we-dont-learn-from-our-cybersecurity-mistakes/
• Time for CEOs to Stop Enabling China's Blatant IP Theft https://www.darkreading.com/vulnerabilities---threats/time-for-ceos-to-stop-enabling-chinas-blatant-ip-theft/a/d-id/1338879
• Nihilistic Password Security Questions https://www.schneier.com/blog/archives/2020/09/nihilistic-password-security-questions.html
• IBM Just Committed to Having a Functioning 1,000 Qubit Quantum Computer by 2023 https://www.sciencealert.com/ibm-thinks-it-ll-have-a-1-000-qubit-quantum-computer-running-within-three-years
• Matt Blaze on OTP Radio Stations https://www.schneier.com/blog/archives/2020/09/matt-blaze-on-otp-radio-stations.html
• Network Security Efficacy in the Age of Pervasive TLS Encryption https://blogs.cisco.com/security/network-security-efficacy-in-the-age-of-pervasive-tls-encryption
• Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption https://www.darkreading.com/omdia/encrypted-traffic-inference-an-alternative-to-enterprise-network-traffic-decryption/a/d-id/1338919
• Deepfake Detection Poses Problematic Technology Race https://www.darkreading.com/analytics/deepfake-detection-poses-problematic-technology-race/d/d-id/1338953
• Australia ex-PM hacked after Instagramming boarding pass https://www.bbc.co.uk/news/world-australia-54193764
• Researcher Describes Risks Posed by Posting Boarding Passes https://www.databreachtoday.com/researcher-describes-risks-posed-by-posting-boarding-passes-a-15008
• GitHub to replace 'master' with 'main' starting next month https://www.zdnet.com/article/github-to-replace-master-with-main-starting-next-month/
• On the trail of stolen photographs https://www.bbc.co.uk/news/business-53998711
• Microsoft's underwater data centre resurfaces after two years https://www.bbc.com/news/technology-54146718
• This Year's Atlantic Hurricane Season Is So Bad We Ran Out of Names Two Storms Ago https://www.sciencealert.com/this-year-s-hurricane-season-is-so-bad-we-ran-out-of-names-two-storms-ago
• The West Coast's record wildfire season has ground the real-estate industry to a halt with $8 billion of assets in danger https://www.businessinsider.com/how-west-coast-wildfires-impact-real-estate-2020-9
• Smoke From the West Coast Wildfires Has Been Reported As Far Away As the Netherlands https://www.mentalfloss.com/article/630118/west-coast-wildfire-smoke-reported-in-netherlands
• Wildfire Smoke Could Leave Lungs Vulnerable to COVID-19 And The Flu https://www.sciencealert.com/all-this-wildfire-smoke-is-going-to-leave-lungs-vulnerable-to-the-flu-and-covid-19
• What Ancient Mass Extinctions Tell Us about the Future https://www.scientificamerican.com/article/what-ancient-mass-extinctions-tell-us-about-the-future/
• Antarctica's 'Doomsday Glacier' Is in Serious Danger, New Research Confirms https://www.sciencealert.com/antarctica-s-doomsday-glacier-is-in-serious-danger-new-research-reveals
• Boeing hid design flaws in 737 Max jets from pilots and regulators https://arstechnica.com/information-technology/2020/09/boeing-hid-design-flaws-in-max-jets-from-pilots-and-regulators/
• Tesla owner in Canada charged with ‘sleeping’ while driving over 90 mph https://www.theverge.com/2020/9/18/21445168/tesla-driver-sleeping-police-charged-canada-autopilot
• Driver Charged in Uber’s Fatal 2018 Autonomous Car Crash https://www.nytimes.com/2020/09/15/technology/uber-autonomous-crash-driver-charged.html
• Toronto police to crack down on stunt driving after significant uptick in incidents https://globalnews.ca/news/7337689/stunt-driving-toronto-charges/
• (Just Lovely)This Toxic Australian Plant Injects Scorpion-Like Venom. The Pain Can Last For Days https://www.sciencealert.com/this-australian-stinging-tree-injects-a-toxin-like-spider-venom-if-you-get-too-close
• Teen 'Blasts Away' Parts of Retina by Staring Into a Pet's Laser Pointer https://www.sciencealert.com/teen-in-ohio-blasts-away-retina-by-staring-into-laser-pointer-case-study-reports
• Chinese pharma leak infects thousands with bacterial disease https://globalnews.ca/news/7341054/china-bacterial-disease-leak-pharma-brucellosis/
• A Rare Blood Type Variant Helps Prevent Malaria. Now We Finally Know How https://www.sciencealert.com/we-now-know-how-this-rare-blood-type-helps-the-body-resist-malaria
• Scientists uncover a novel approach to treating Duchenne muscular dystrophy https://scienmag.com/scientists-uncover-a-novel-approach-to-treating-duchenne-muscular-dystrophy/
• Removal of a gene could render lethal poxviruses harmless https://scienmag.com/removal-of-a-gene-could-render-lethal-poxviruses-harmless/
• This sleek futuristic off-grid smart home can cost up to $413,00 and only takes 90 minutes to install https://www.businessinsider.com/iohouse-space-smart-home-2020-9
• Anonymous Site Ramps Up 'Doxxing' Campaign Against HK Activists https://www.securityweek.com/anonymous-site-ramps-doxxing-campaign-against-hk-activists
• DOJ Releases New Material from Mueller Report https://epic.org/2020/09/breaking-justice-department-re-1.html
• Edmonton-developed idea to combat liquor store theft targets bars, restaurants who purchase stolen products https://globalnews.ca/news/7336576/edmonton-liquor-store-theft-contest-winner-macewan-university/
• Stiffer fines for ‘dooring’ cyclists go into effect Monday https://globalnews.ca/news/7347413/bc-dooring-fines-quadruple/

• COVID-19 Other risks and impact:

  • Pandemic leads to critical shortage of U.S. election workers https://globalnews.ca/news/7326335/us-election-worker-shortage/
  • Report Looks at COVID-19’s Massive Impact on Cybersecurity https://threatpost.com/cynet-report-looks-at-covid-19s-massive-impact-on-cybersecurity/159249/
  • NYC Approves Restaurant Surcharge https://www.pymnts.com/restaurant-innovation/2020/nyc-approves-restaurant-surcharge/
  • Guelph police report shows COVID-19 impact on calls for service https://globalnews.ca/news/7343920/guelph-police-coronavirus-covid-19-calls/
  • Canadians’ view of U.S. drops to lowest level in nearly 2 decades https://globalnews.ca/news/7335966/canada-view-u-s-drop-lowest-two-decades-poll/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, and waves - now reinfection:

  • Superspreader events the biggest threat in surging coronavirus cases, deaths https://globalnews.ca/news/7345157/superspreader-events-coronavirus/
  • Street-racing group stages ‘mega meet’ in Hamilton amid COVID-19 restrictions https://globalnews.ca/news/7346920/hundreds-show-up-as-street-racing-group-stages-mega-meet-at-ancaster-cineplex-parking-lot/
  • Almost 1/4 of Canadians believe coronavirus warnings from officials are overblown https://globalnews.ca/news/7335572/canadians-coronavirus-warnings-officials-overblown/
  • Canada reports 792 new coronavirus infections as global cases near 30 million https://globalnews.ca/news/7337365/canada-coronavirus-sept-15/
  • Ontario reports more than 400 new coronavirus cases for 2nd day in a row https://globalnews.ca/news/7345891/ontario-coronavirus-cases-sept-19-covid19/
  • Quebec reports over 400 new cases for 2nd consecutive day https://globalnews.ca/news/7346961/covid-19-quebec-coronavirus-sep-20/
  • Cambridge school reports COVID-19 case in kindergarten class https://globalnews.ca/news/7340814/kindergarten-covid-19-cambridge-st-anne/
  • Coronavirus cases reported at 172 schools in Quebec https://globalnews.ca/news/7336197/quebec-schools-coronavirus-cases-rise/
  • 28 Western University students test positive for coronavirus, prompting tightened restrictions https://globalnews.ca/news/7340976/28-western-university-students-coronavirus/
  • India's coronavirus infections top five million mark https://www.bbc.co.uk/news/world-asia-india-54172321
  • New fear grips Europe as cases top 30m worldwide https://www.bbc.co.uk/news/world-54199825
  • Europe’s 'alarming' rates of Covid spread - WHO https://www.cnn.com/2020/09/17/europe/coronavirus-europe-who-second-wave-intl/index.html and https://www.bbc.co.uk/news/world-europe-54189575
  • UK FM learned of data breach 11 days after health minister https://www.bbc.com/news/uk-wales-politics-54164636

• Lockdown, reopening, and The New Normal:

  • U.S. supply firm executives 'should not have been permitted' to enter Canada: Blair https://www.ctvnews.ca/politics/u-s-supply-firm-executives-should-not-have-been-permitted-to-enter-canada-blair-1.5109369
  • Canada-U.S. border closure extended through Oct. 21 amid rising coronavirus cases https://globalnews.ca/news/7343625/canada-u-s-border-closure-october-coronavirus/
  • Ontario tightens private gathering restrictions to 10 indoors, 25 outdoors in Toronto, Peel and Ottawa https://globalnews.ca/news/7340816/ontario-private-gathering-restrictions-limits-toronto-peel-region-ottawa/
  • New COVID-19 gathering restrictions expanded to all of Ontario https://globalnews.ca/news/7345932/coronavirus-ontario-gathering-restrictions-expanded/

• Guidance, Response and Recovery:

  • UK sets £10,000 fines for self-isolation breaches https://www.bbc.co.uk/news/uk-54221953
  • COVID-19 medical coverage now available even though Canadians advised to avoid international travel https://www.cbc.ca/news/business/covid-19-coverage-travel-insurance-air-canada-westjet-manulife-1.5728580
  • TDSB no longer needs extra classroom space after more parents opt students for online learning https://globalnews.ca/news/7338676/tdsb-no-longer-needs-extra-space-students-online-class/
  • How New Mexico Controlled the Spread of COVID-19 https://www.scientificamerican.com/article/how-new-mexico-controlled-the-spread-of-covid-19/

• Treatments, Testing, Triage, and Trials, and things we learned:

  • Internet Search Results Predict US COVID-19 Hotspots Weeks Later https://www.sciencealert.com/internet-search-results-predict-us-covid-hotspots-weeks-later-study-reveals
  • Around 2 percent of Red Cross blood donors have COVID-19 antibodies https://www.theverge.com/2020/9/15/21438104/red-cross-blood-donors-antibody-test-research
  • Stroke emerging as a symptom of COVID-19 in new research https://globalnews.ca/news/7338109/stroke-covid-19-symptom/
  • CDC Just Reversed Its Controversial COVID-19 Testing Guidelines https://www.sciencealert.com/cdc-walks-back-its-controversial-guidelines-of-covid-19-testing
  • CDC says asymptomatic people should get tested for COVID-19 after all https://www.theverge.com/2020/9/18/21445706/coronavirus-cdc-test-guidelines-covid-19-asymptomatic-trump
  • Canada not yet ready to deploy rapid COVID testing devices https://www.cbc.ca/news/politics/canada-covid-19-testing-devices-1.5726686
  • COVID-19 virus uses heparan sulfate to get inside cells https://scienmag.com/covid-19-virus-uses-heparan-sulfate-to-get-inside-cells/
  • Population Density Does Not Doom Cities to Pandemic Dangers https://www.scientificamerican.com/article/population-density-does-not-doom-cities-to-pandemic-dangers/
  • NIH 'Very Concerned' about Serious Side Effect in Coronavirus Vaccine Trial​ https://www.scientificamerican.com/article/nih-very-concerned-about-serious-side-effect-in-coronavirus-vaccine-trial/
  • Scientists predict that COVID-19 will become a seasonal virus – but not yet https://scienmag.com/scientists-predict-that-covid-19-will-become-a-seasonal-virus-but-not-yet/

• Behaviour - the good, the bad, and the ugly:

  • A Massachusetts teenager tested positive for the coronavirus. His parents sent him to school anyway. https://www.washingtonpost.com/nation/2020/09/18/massachusetts-high-school-student-covid/
  • Bleach touted as 'miracle cure' for Covid being sold on Amazon https://www.theguardian.com/world/2020/sep/19/bleach-miracle-cure-amazon-covid
  • Bolivians are drinking a toxic bleach, wrongly believing it will ward off COVID-19. Many end up in the hospital. https://www.businessinsider.com/bolivians-drink-toxic-bleach-mms-belieiving-combat-coronavirus-2020-9
  • A Chinese virologist claimed the coronavirus was 'intentionally' released. Turns out, she works for a group led by Steve Bannon https://www.businessinsider.com/virologist-who-said-china-released-coronavirus-works-with-steve-bannon-2020-9

• Masks, anti-maskers, and distancing:

  • Face masks ‘more guaranteed’ to work against coronavirus than vaccine, CDC director warns https://globalnews.ca/news/7338646/facemasks-work-against-coronavirus-masks-cdc/
  • Most homemade masks are doing a great job, even when we sneeze https://scienmag.com/most-homemade-masks-are-doing-a-great-job-even-when-we-sneeze-study-finds/
  • Edmonton seeing 97% compliance rate on mandatory masks https://globalnews.ca/news/7342048/edmonton-mandatory-mask-compliance-rate/
  • Anti-masker thrown out of Disney World while misquoting ‘A Bug’s Life’ https://globalnews.ca/news/7340871/disney-world-bugs-life-mask-coronavirus/
  • Guelph’s updated mandatory mask order includes places of worship https://globalnews.ca/news/7335888/guelph-updates-mask-order/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Scientists Discover What Happens in Our Brains When We Make an 'Educated Guess' https://www.sciencealert.com/scientists-figure-out-what-happens-in-the-brain-when-we-make-educated-guesses
• This cargo-ship concept is powered by gigantic wings and wants to reduce emissions by 90% https://www.businessinsider.com/wing-powered-cargo-ship-aims-reduce-emissions-oceanbird-swedish-sailing-2020-9
• Eerily Well-Preserved 17th Century Ship Found in The Dark Waters of The Baltic Sea https://www.sciencealert.com/incredibly-well-preserved-17th-century-ship-found-in-the-depths-of-the-baltic-sea
• Flypast marks Battle of Britain anniversary https://www.bbc.co.uk/news/uk-54219509
• Air Force New Fighter Jet: Secret 6th Generation Fighter Details https://www.popularmechanics.com/military/aviation/a34030586/air-force-secret-new-fighter-jet/
• New Military Aircraft Designation: Air Force Debuts e-Planes https://www.popularmechanics.com/military/aviation/a34043731/air-force-new-designation-e-series-aircraft/
• Thousands Saw a UFO in New Jersey. It was the Goodyear Blimp https://www.universetoday.com/147840/thousands-saw-a-ufo-in-new-jersey-it-was-the-goodyear-blimp/
• Why Can’t You Smell Your Own Breath? https://www.mentalfloss.com/article/629960/why-you-cant-smell-your-own-breath
• Malaysian man 'finds' monkey selfies on lost phone https://www.bbc.co.uk/news/world-asia-pacific-54157459
• Astronomers Have Discovered a 2-km Asteroid Orbiting Closer to the Sun than Venus https://www.universetoday.com/147762/astronomers-have-discovered-a-2-km-asteroid-orbiting-closer-to-the-sun-than-venus/
• Did Scientists Just Find Signs of Life on Venus? https://www.universetoday.com/147797/did-scientists-just-find-signs-of-life-on-venus/
• Missions Are Already Being Planned to Figure Out What’s Creating the Biosignature on Venus https://www.universetoday.com/147819/missions-are-already-being-planned-to-figure-out-whats-creating-the-biosignature-on-venus/
• Astronomers find the first intact planet orbiting a white dwarf… and it's far bigger than its star! https://www.syfy.com/syfywire/astronomers-find-the-first-intact-planet-orbiting-a-white-dwarf-and-its-far-bigger-than