Welcome to This Week’s [in]Security. PCI Updates PTS, P2PE, PFI. PCI eLearning. Magecart. Another mega-breach, plus: data protection, healthcare, voters, cryptocurrency, and banking. New Ransomware: planes, trains, automobiles, cameras, sewage, IoT, schools, and Kmart. Crypto-wars. Open Source. IPhone 0-0click. Google Play. DocuShare. Oracle. SD-WAN. Deja-Flash. UEFI. SS7 Espionage. Trends. Docker. NPM. CEO Spearphishing. Zoom. Nation States. Arrests. AI & AI fallibility. Quantum. Cyber-BioSecuirty. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. Vaccine Progress. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI updates to PTS, P2PE, and PFI:

  • Technical (mandatory) FAQs for PTS v6, v5, and v4 https://www.pcisecuritystandards.org/documents/PTS_POI_Technical_FAQs_v6_Nov_2020.pdf, https://www.pcisecuritystandards.org/documents/PTS_POI_Technical_FAQs_v5_Nov_2020.pdf, and https://www.pcisecuritystandards.org/documents/PTS_POI_Technical_FAQs_v4_Nov_2020.pdf
  • PFI Report changes https://www.pcisecuritystandards.org/documents/Final_PFI_Report_v3.1r1.pdf
  • P2PE Encrypted Key Loading mandate https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Bulletin_on_Encrypted_Key_Loading_-_P2PE.pdf
• PCI eLearning with Online Certification Exam https://training.pcisecuritystandards.org/elearning-with-online-certification-exam

• Magecart:

  • Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout https://threatpost.com/magecart-hijacks-paypal-transactions/161697/
  • Clop Gang Gallops Off with 2M Credit Cards from E-Land https://threatpost.com/clop-gang-2m-credit-cards-eland/161833/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New breaches:

  • Why Did Instagram Leak Minors’ Email Addresses Again? https://www.databreaches.net/why-did-instagram-leak-minors-email-addresses-again/
  • Belgium: Belgian DPA announces potential data breach at Bpost https://www.databreaches.net/belgium-belgian-dpa-announces-potential-data-breach-at-bpost/
  • Leak left 243 million Brazilians’ medical records and personal info ripe for the picking https://www.theverge.com/2020/12/3/22150973/brazilian-ministry-of-health-leak-medical-records-personal-information
  • ‘Apodis Pharma’ Leaked Over 1.7 TB of Confidential Data Online https://www.databreaches.net/apodis-pharma-leaked-over-1-7-tb-of-confidential-data-online/
  • Verizon has been leaking customers’ personal information for days (at least) https://www.databreaches.net/verizon-has-been-leaking-customers-personal-information-for-days-at-least/
  • AU: Australia’s largest cryptocurrency exchange accidentally exposed the names and emails of 270,000 customers https://www.databreaches.net/au-australias-largest-cryptocurrency-exchange-accidentally-exposed-the-names-and-emails-of-270000-customers/
  • Cayman Islands Bank Records Exposed in Open Azure Blob https://threatpost.com/cayman-islands-bank-records-exposed-azure-blob/161729/
  • NL: Koninklijke Nederlandsche Wielren Unie (KNWU) reports a data breach of legacy database https://www.databreaches.net/nl-koninklijke-nederlandsche-wielren-unie-knwu-reports-a-data-breach-of-legacy-database/
  • ZA: Absa accuses employee of leaking customer data https://www.databreaches.net/za-absa-accuses-employee-of-leaking-customer-data/
  • Conti Ransomware Gang Posts Advantech's Data https://www.databreachtoday.com/conti-ransomware-gang-posts-advantechs-data-a-15486
  • Voter registration data for 113K Alaskans exposed in breach https://www.databreaches.net/voter-registration-data-for-113k-alaskans-exposed-in-breach/
  • WhiteHat Jr faces security breach exposing personal data https://www.databreaches.net/whitehat-jr-faces-security-breach-exposing-personal-data/
  • Data Breach Affects 300,000 Mental Health Clinic Patients https://www.databreachtoday.com/data-breach-affects-300000-mental-health-clinic-patients-a-15483
  • Thousands of US lab results and medical records spilled online after a security lapse https://www.databreaches.net/thousands-of-us-lab-results-and-medical-records-spilled-online-after-a-security-lapse/
  • Colorado mental health services provider reveals September attack impacted hundreds of thousands of clients and employees https://www.databreaches.net/colorado-mental-health-services-provider-reveals-september-attack-impacted-hundreds-of-thousands-of-clients-and-employees/
  • Investigation launched after hundreds of confidential patient details from Lloyd Pharmacy were sent to a woman in the post https://www.databreaches.net/investigation-launched-after-hundreds-of-confidential-patient-details-from-lloyd-pharmacy-were-sent-to-a-woman-in-the-post/
  • Cadwalader and Bar Groups Among Latest to Report Data Breach Incidents https://www.databreaches.net/cadwalader-and-bar-groups-among-latest-to-report-data-breach-incidents/
  • Hackers calling themselves “Black Shadow” breach Israeli insurance company, steal client data https://www.databreaches.net/hackers-calling-themselves-black-shadow-breach-israeli-insurance-company-steal-client-data/
  • Three Estonian ministries had significant data breaches in November https://www.databreaches.net/three-estonian-ministries-had-significant-data-breaches-in-november/
  • NZ: Parole Board admits to privacy breach https://www.databreaches.net/nz-parole-board-admits-to-privacy-breach/

• New Ransomware and "Incidents":

  • (Vancouver Metro) TransLink investigates ‘suspicious network activity’ affecting online payment options https://globalnews.ca/news/7496864/translink-suspicious-network-activity/ and https://threatpost.com/vancouver-metro-egregor-ransomware/161892/
  • Many questions remain after TransLink’s suspicious network activity impacts IT services https://globalnews.ca/news/7499986/translink-suspicious-network-activity-update/
  • Intersport victim of cyberattack for a second time in 2020? https://www.databreaches.net/intersport-victim-of-cyberattack-for-a-second-time-in-2020/
  • Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand https://threatpost.com/conti-iot-chip-advantech-ransom-demand/161691/
  • Canon: Ransomware Attack Exposed Employee Data https://www.databreachtoday.com/canon-ransomware-attack-exposed-employee-data-a-15476
  • Kmart nationwide retailer suffers a ransomware attack https://www.databreaches.net/kmart-nationwide-retailer-suffers-a-ransomware-attack/
  • IT: Radio Azzurra hit by cyberattack, ransom demand https://www.databreaches.net/it-radio-azzurra-hit-by-cyberattack-ransom-demand/
  • Brazilian Plane Maker Embraer Targeted in Cyberattack https://www.securityweek.com/brazilian-plane-maker-embraer-targeted-cyberattack
  • Ransomware hits helicopter maker Kopter https://www.zdnet.com/article/ransomware-hits-helicopter-maker-kopter
  • K12 online schooling giant pays Ryuk ransomware to stop data leak https://www.databreaches.net/k12-online-schooling-giant-pays-ryuk-ransomware-to-stop-data-leak/
  • Ransomware attack on Hampton Roads Sanitation District knocks out billing system https://www.databreaches.net/ransomware-attack-on-hampton-roads-sanitation-district-knocks-out-billing-system/

• Follow-ups and fall-out:

  • The painful calculus of ransomware payments https://www.databreaches.net/the-painful-calculus-of-ransomware-payments/
  • The biggest hacks, data breaches of 2020 https://www.zdnet.com/article/the-biggest-hacks-data-breaches-of-2020
  • Twitter data breach decision due on December 17: Irish data regulator https://www.databreaches.net/twitter-data-breach-decision-due-on-december-17-irish-data-regulator/
  • AU: NSW scans of 186K people's passports, banking, and medical data stored in emails breached https://www.databreaches.net/au-how-paper-created-a-vulnerability-for-cyber-criminals-to-steal-186000-peoples-data/
  • Ca: Class action suit launched against Dell after data breach led to years of scam calls https://www.databreaches.net/ca-class-action-suit-launched-against-dell-after-data-breach-led-to-years-of-scam-calls/
  • Peatix - 4,227,907 (2019) breached accounts https://haveibeenpwned.com/PwnedWebsites#Peatix
  • Pluto TV - 3,225,080 (2018) breached accounts https://haveibeenpwned.com/PwnedWebsites#PlutoTV
  • Too Cheap, Too Convenient: Replicas Offering Billions of User Records https://www.databreaches.net/too-cheap-too-convenient-replicas-offering-billions-of-user-records/

Privacy

Articles about privacy related news, risks, and trends.

• Vendor of School-Based Face Surveillance Systems Lied About Bias, Accuracy https://epic.org/2020/12/vendor-of-school-based-face-su.html

• Microsoft's creepy productivity monitor:

  • Microsoft Developing Workplace Surveillance System to 'Score’ Meeting Productivity https://epic.org/2020/12/microsoft-developing-workplace.html
  • Microsoft Backpedals Over 'Productivity Score' Monitoring https://www.databreachtoday.com/microsoft-backpedals-over-productivity-score-monitoring-a-15510

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • What You Need to Know About the COVID Alert App https://www.michaelgeist.ca/2020/12/what-you-need-to-know-about-the-covid-alert-app/
  • Woman who spent years scrubbing explicit video from internet urges tech firms to make it easier to remove https://www.cbc.ca/news/canada/manitoba/canada-internet-children-abuse-pornography-1.5822042
  • The Law Bytes Podcast, Episode 71: Minister Navdeep Bains on Canada’s New Privacy Bill https://www.michaelgeist.ca/2020/11/law-bytes-podcast-episode-71/
  • Micheal Geist has authored an extensive (12 part to date) criticism of proposed Canadian Broadcasting Act Changes 'The Broadcasting Act Blunder Days' see https://www.michaelgeist.ca/tag/broadcasting-act/

• US:

  • Section 230 is Good, Actually https://www.eff.org/deeplinks/2020/12/section-230-good-actually
  • The US Used the Patriot Act to Justify Logging Website Users https://www.wired.com/story/patriot-act-website-logging-spotify-hack-twitter-two-factor-security-news
  • CBP’s warrantless use of cell phone location data is under investigation https://arstechnica.com/tech-policy/2020/12/cbps-warrantless-use-of-cell-phone-location-data-is-under-investigation/
  • Governor Cuomo: Keep Police and ICE Away from Our Contact Tracing Data https://www.eff.org/deeplinks/2020/12/governor-cuomo-keep-police-and-ice-away-our-contact-tracing-data
  • Massachusetts Poised to Ban State Use of Biometric Surveillance https://epic.org/2020/12/massachusetts-poised-to-ban-st.html
  • Facebook faces major lawsuit next week, as 40 US states ‘plan to sue’ tech giant https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-lawsuit-antitrust-market-competition-b1765573.html
  • Google illegally spied on workers before firing them, US labor board alleges https://www.theverge.com/2020/12/2/22047383/google-spied-workers-before-firing-labor-complaint
  • Justices Concerned for Privacy of Personal Information if Insiders Can Abuse Access Privileges https://epic.org/2020/12/justices-concerned-for-privacy.html
  • What does aggregation theory tell us about Google’s antitrust case? https://www.theverge.com/21790553/antitrust-google-amazon-facebook-aggregation-theory-ben-thompson-tim-wu
  • CFAA and employee fraud case https://www.databreaches.net/speaking-of-cfaa-cases-involving-employees-linda-jean-pangelinan-palacios-sentenced-for-unauthorized-access-of-a-protected-computer-in-furtherance-of-fraud/
  • Supreme Court mulls whether a cop looking up a license plate for cash is equivalent to watching Instagram at work (wrong law applied?) https://www.theregister.com/2020/12/01/cffa_supreme_court/

• World:

  • Bad Cookies: Privacy Regulator Fines Supermarket Giant https://www.databreachtoday.com/bad-cookies-privacy-regulator-fines-supermarket-giant-a-15522

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• How Organizations Can Prevent Users from Using Breached Passwords https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html
• Open Source Tool Helps Secure Siemens PCS 7 Control Systems https://www.securityweek.com/open-source-tool-helps-secure-siemens-pcs-7-control-systems
• BGP: A Broken Piece of Internet Backbone Might Finally Get Fixed https://www.wired.com/story/bgp-routing-manrs-google-fix
• Design of the CRLite Infrastructure https://blog.mozilla.org/security/2020/12/01/crlite-part-4-infrastructure-design/
• How to securely erase hard drives (HDDs) and solid state drives (SSDs) https://www.zdnet.com/article/how-to-securely-erase-hard-drives-hdds-and-solid-state-drives-ssds/
• Improvements to RSA key generation and CRT on embedded devices https://eprint.iacr.org/2020/1507
• Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up_Single-Message Credential-Hiding Login https://eprint.iacr.org/2020/1509
• Balancing Privacy and Accountability in Blockchain Transactions https://eprint.iacr.org/2020/1511
• Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years https://thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html
• This Company Uses AI to Outwit Malicious AI https://www.wired.com/story/company-uses-ai-outwit-malicious-ai
• How the human immune system inspired a new approach to email security https://www.theregister.com/2020/12/01/how_the_human_immune_system/
• Free Mobile App Measures Your Personal Cyber Risk https://www.darkreading.com/endpoint/free-mobile-app-measures-your-personal-cyber-risk/d/d-id/1339577
• Cyber escape room keeps employees’ security awareness locked in https://www.scmagazine.com/home/security-news/network-security/cyber-escape-room-locks-in-employees-security-awareness-but-can-sc-media-beat-the-clock/
• Time to upgrade your cracking rig? Nvidia announces $399 GeForce RTX 3060 Ti https://www.theverge.com/2020/12/1/21754850/nvidia-geforce-rtx-3060-ti-specs-price-release-date
• Reverse Engineering Tools: Evaluating the True Cost https://threatpost.com/hex-rays-reverse-engineering-tools-evaluating-the-true-cost/161767/
• 4 Free Online Cyber Security Testing Tools For 2021 https://thehackernews.com/2020/12/4-free-online-cyber-security-testing.html
• Former NSS Labs CEO Launches New Security Testing Organization https://www.darkreading.com/threat-intelligence/former-nss-labs-ceo-launches-new-security-testing-organization
• Google News will allow free access to paywalled articles from news sites https://www.theverge.com/2020/12/2/22149118/googles-news-showcase-free-paywall-access
• It’s December and that means winter tires are mandatory in Quebec https://globalnews.ca/news/7494298/quebec-winter-tires-mandatory-dec-2020/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Open Source Does Not Equal Secure https://www.schneier.com/blog/archives/2020/12/open-source-does-not-equal-secure.html, and https://www.zdnet.com/article/open-source-software-security-vulnerabilities-exist-for-over-four-years-before-detection-study
• Impressive iPhone Exploit https://www.schneier.com/blog/archives/2020/12/impressive-iphone-exploit.html and https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
• Google Play Source Code Flaw Makes Apps Vulnerable https://www.databreachtoday.com/google-play-source-code-flaw-makes-apps-vulnerable-a-15526
• Xerox DocuShare Bugs Allow Data Leaks https://threatpost.com/xerox-docushare-bugs/161791/
• Oracle vulnerability that executes malicious code is under active attack https://arstechnica.com/information-technology/2020/12/oracle-vulnerability-that-executes-malicious-code-is-under-active-attack/
• SD-WAN Product Vulnerabilities Allow Hackers to Steer Traffic, Shut Down Networks https://www.securityweek.com/sd-wan-product-vulnerabilities-allow-hackers-steer-traffic-shut-down-networks
• Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online https://thehackernews.com/2020/12/incomplete-go-sms-pro-patch-left.html
• Flaws in Rockwell Automation Product Expose Engineering Workstations to Attacks https://www.securityweek.com/flaws-rockwell-automation-product-expose-engineering-workstations-attacks
• Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent https://www.darkreading.com/vulnerabilities---threats/flash-dies-but-warning-signs-persist-a-eulogy-for-techs-terrible-security-precedent/a/d-id/1339466
• Researchers Bypass Next-Generation Endpoint Protection https://www.darkreading.com/endpoint/researchers-bypass-next-generation-endpoint-protection/d/d-id/1339593
• One of the Internet’s most aggressive threats could take UEFI malware mainstream https://arstechnica.com/information-technology/2020/12/dangerous-uefi-malware-is-rare-a-botnet-called-trickbot-may-change-that/
• Electronic Medical Records Cracked Open by OpenClinic Bugs https://threatpost.com/electronic-medical-records-openclinic-bugs/161722/
• Chasing Circles https://deibert.citizenlab.ca/2020/12/chasing-circles/ and https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/
• Second Swiss firm allegedly sold encrypted spying devices https://www.swissinfo.ch/eng/latest-news/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432
• Pushing the limits: acoustic side channels https://www.lightbluetouchpaper.org/2020/12/02/pushing-the-limits-acoustic-side-channels/
• Manipulating Systems Using Remote Lasers https://www.schneier.com/blog/archives/2020/12/manipulating-systems-using-remote-lasers.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• 2020's worst cryptocurrency breaches, thefts, and exit scams https://www.zdnet.com/article/2020s-worst-cryptocurrency-breaches-thefts-and-exit-scams

• Trends, Alerts, and Events:

  • Ransomware gangs are now cold-calling victims if they restore from backups without paying https://www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-paying
  • Are You Prepared for Double Extortion Attacks? https://www.sans.org/blog/are-you-prepared-for-double-extortion-attacks-
  • Docker malware is now common, so devs need to take Docker security seriously https://www.zdnet.com/article/docker-malware-is-now-common-so-devs-need-to-take-docker-security-seriously
  • Malicious npm packages caught installing remote access trojans https://www.zdnet.com/article/malicious-npm-packages-caught-installing-remote-access-trojans/
  • Pandemic, A Driving Force in 2021 Financial Crime https://threatpost.com/2021-financial-crime-covid-19/161665/
  • FBI warns of email forwarding rules being abused in recent hacks https://www.zdnet.com/article/fbi-warns-of-email-forwarding-rules-being-abused-in-recent-hacks/
  • A hacker is selling access to the email accounts of hundreds of C-level executives https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/ and https://www.theregister.com/2020/11/30/save_execs_from_themselves/
  • Zoom Impersonation Attacks Aim to Steal Credentials https://threatpost.com/zoom-impersonation-attacks-credentials/161718/
  • Hackers are targeting MacOS users with this updated malware https://www.databreaches.net/hackers-are-targeting-macos-users-with-this-updated-malware/
  • Scammers Use Home Addresses of Targets in France https://www.trendmicro.com/en_us/research/20/l/scammers-use-home-addresses-of-targets-in-france.html
  • Account Hijacking Site OGUsers Hacked, Again https://krebsonsecurity.com/2020/12/account-hijacking-site-ogusers-hacked-again/
  • New study: DNS spoofing doubles in six years ... albeit from the point of naff all https://www.theregister.com/2020/12/01/dns_spoofing_rare_but_growing/
  • London, Ont., seeing uptick in porch package thefts: police https://globalnews.ca/news/7500254/london-ont-police-increase-porch-package-thefts/
  • Check Washing is still a thing! https://www.schneier.com/blog/archives/2020/11/check-washing.html

• Nation State Actors:

  • Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners https://thehackernews.com/2020/12/nation-state-hackers-caught-hiding.html, https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/
  • Microsoft links Vietnamese state hackers to crypto-mining malware campaign https://www.zdnet.com/article/microsoft-links-vietnamese-state-hackers-to-crypto-mining-malware-campaign
  • North Korea-linked hackers targeted J&J, Novavax in hunt for COVID research https://www.databreaches.net/north-korea-linked-hackers-targeted-jj-novavax-in-hunt-for-covid-research/
  • Chinese vaccine company executives worked in program now targeted by Western intelligence agencies https://globalnews.ca/news/7483970/cansino-nrc-covid-vaccine/
  • Russian hacking group uses Dropbox to store malware-stolen data https://www.databreaches.net/russian-hacking-group-uses-dropbox-to-store-malware-stolen-data/
  • ‘Shadow Academy’ Targets 20 Universities Worldwidehttps://www.riskiq.com/blog/external-threat-management/shadow-academy/
  • Crooks posing as COVID-19 'cold chain' company phished EU for vaccine intel https://www.theregister.com/2020/12/03/ibm_phishing_covid/

• Crime:

  • “Apophis Squad” Bomb Threat, DDoS Purveyor Gets Eight Years https://krebsonsecurity.com/2020/12/bomb-threat-ddos-purveyor-gets-eight-years/
  • Ever had a bogus call from someone claiming to be the IRS? A tax scam ringleader just got sent down for 20 years https://www.theregister.com/2020/12/01/scam_call_prison/
  • Owner and Operator of India-Based Call Centers Sentenced To Prison for Scamming U.S. Victims Out Of Millions of Dollars https://www.databreaches.net/owner-and-operator-of-india-based-call-centers-sentenced-to-prison-for-scamming-u-s-victims-out-of-millions-of-dollars/
  • Hacker given three years for stealing secret Nintendo Switch blueprints, collecting child sex abuse vids https://www.theregister.com/2020/12/02/nintendo_hacker_prison/
  • Italy Says Two Arrested for Defense Data Theft https://www.securityweek.com/italy-says-two-arrested-defense-data-theft

Other Security / Risk

Articles covering other types of risks.

• AI & AI fallibility:

  • Lack of Sleep Could Be a Problem for AIs https://www.scientificamerican.com/article/lack-of-sleep-could-be-a-problem-for-ais/
  • Google parts with top AI researcher after blocking paper, faces blowback https://arstechnica.com/tech-policy/2020/12/google-embroiled-in-row-over-ai-bias-research/ and https://www.nytimes.com/2020/12/03/technology/google-researcher-timnit-gebru.html
  • Police Drones Are Starting to Think for Themselves https://www.nytimes.com/2020/12/05/technology/police-drones.html
  • Chinese Scientists Claim Breakthrough in Quantum Computing Race https://www.bloomberg.com/news/articles/2020-12-04/chinese-scientists-claim-breakthrough-in-quantum-computing-race
• Hitting the quantum ‘sweet spot’: Researchers find best position for atom qubits in silicon https://scienmag.com/hitting-the-quantum-sweet-spot-researchers-find-best-position-for-atom-qubits-in-silicon/
• AWS engineer puts Windows 10 on Arm on Apple Mac M1 and it thrashes Surface Pro X https://www.zdnet.com/article/aws-engineer-puts-windows-10-on-arm-on-apple-mac-m1-and-it-thrashes-surface-pro-x/
• Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up https://www.zdnet.com/article/four-years-after-the-dyn-ddos-attack-critical-dns-dependencies-have-only-gone-up
• Millions of mail-in ballots in pandemic election would not be a problem: Canada Post https://globalnews.ca/news/7499887/canada-post-pandemic-election-mail-in-ballots/
• Theoretical Attack on Synthetic DNA Orders Highlights Need for Better Cyber-Biosecurity https://www.securityweek.com/theoretical-attack-synthetic-dna-orders-highlights-need-better-cyber-biosecurity
• RISC-V, the Linux of the chip world, is starting to produce technological breakthroughs https://www.zdnet.com/article/risc-v-the-linux-of-the-chip-world-is-starting-to-produce-technological-breakthroughs/
• Why Vulnerable Code Is Shipped Knowingly https://www.darkreading.com/application-security/why-vulnerable-code-is-shipped-knowingly/a/d-id/1339373
• The Secret Sauce in Opinion Polling Can Also Be a Source of Spoilage https://www.scientificamerican.com/article/the-secret-sauce-in-opinion-polling-can-also-be-a-source-of-spoilage/
• £50 billion in UK banknotes is 'missing.' Nobody has an explanation https://www.cnn.com/2020/12/04/business/missing-cash-bank-of-england-50-billion/index.html
• JavaScript at 25: The programming language that makes the world go round https://www.zdnet.com/article/javascript-at-25-the-programming-language-that-makes-the-world-go-round/
• WW2 mine blown up off Scottish coast https://www.bbc.co.uk/news/uk-scotland-55165869
• Rusty but intact: Nazi Enigma cipher machine found in Baltic Sea https://arstechnica.com/gadgets/2020/12/enigma-cipher-machine-used-by-the-nazis-in-wwii-found-in-the-baltic-sea/, https://phys.org/news/2020-12-divers-nazis-enigma-code-machine.html, and https://www.schneier.com/blog/archives/2020/12/enigma-machine-recovered-from-the-baltic-sea.html
• Former BC Liberal minister and RCMP caused ‘tsunami’ of casino money laundering https://globalnews.ca/news/7493127/fred-pinnock-recordings-tsunami-cullen-commission/
• Thieves flag down motorist with high beams in North Dumfries before stealing his BMW https://globalnews.ca/news/7494391/thieves-flag-down-motorist-with-high-beams-in-north-dumfries-before-stealing-his-bmw-police/
• Facebook’s Oversight Board takes its first six cases https://www.theverge.com/2020/12/1/21755133/facebook-oversight-board-supreme-court-first-cases-hate-speech-pandemic-misinformation
• Defund the Police: Obama says 'snappy slogan' risks alienating people https://www.bbc.co.uk/news/world-us-canada-55169107

• Health, Safety & Environment:

  • Deepmind - AI Solves 50-Year-Old Biology 'Grand Challenge' Decades Before Experts Predicted https://www.sciencealert.com/ai-solves-50-year-old-biology-grand-challenge-decades-before-experts-predicted, https://www.scientificamerican.com/article/deepminds-ai-makes-gigantic-leap-in-solving-protein-structures/
  • Toxic batch of drugs circulating in Kingston and Belleville, ON https://globalnews.ca/news/7497730/toxic-drugs-kingston-belleville-public-health/
  • The Age of Testifying Wearable Devices: The Case of Intoxication Detection https://eprint.iacr.org/2020/1504
  • 'Oldest' Baby Ever Born Is a 28-Year-Old Record-Breaker Almost as Old as Her Mother https://www.sciencealert.com/oldest-baby-ever-born-is-a-27-year-old-record-breaker-almost-as-old-as-her-mother
  • Head injuries: 'Having a headache every day is normal' - ex-GB skeleton athlete on lasting effects https://www.bbc.co.uk/sport/winter-sports/55129090
  • Peanut treatment lowers risk of severe allergic reactions in preschoolers https://scienmag.com/peanut-treatment-lowers-risk-of-severe-allergic-reactions-in-preschoolers/
  • Outbreak investigation reveals “super-spreader” potential of Andes virus https://scienmag.com/outbreak-investigation-reveals-super-spreader-potential-of-andes-virus/
  • Climate change: 2020 set to be one of the three warmest years on record https://www.bbc.co.uk/news/science-environment-55150910
  • KIT and Audi are working on recycling method for automotive plastics https://scienmag.com/kit-and-audi-are-working-on-recycling-method-for-automotive-plastics/
  • Recycled concrete could be a sustainable way to keep rubble out of landfill https://scienmag.com/recycled-concrete-could-be-a-sustainable-way-to-keep-rubble-out-of-landfi/
  • Researchers discover material can store solar energy for years https://www.independent.co.uk/life-style/gadgets-and-tech/solar-energy-storage-renewable-b1766206.html
  • Lab-grown meat approved for sale for 1st time https://www.cbc.ca/news/technology/lab-grown-meat-1.5824745
• (Snake Oil, Disable Wi-Fi, or the off-switch??)People are putting their routers in jail to protect themselves from harmless Wi-Fi https://www.theverge.com/tldr/22150497/wi-fi-router-faraday-cage-electromagnetic-radiation-conspiracy-theory-scam

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, and waves - now reinfection:

  • New COVID surveillance predicts direction, speed and acceleration of virus https://scienmag.com/new-covid-surveillance-predicts-direction-speed-and-acceleration-of-virus/
  • Russia reports highest daily Covid-19 cases https://edition.cnn.com/world/live-news/coronavirus-pandemic-12-06-20-intl/h_655d07f4302142af734f6e2ea4a7dc87
  • Delhi grapples with COVID-19 surge, worsening air pollution https://www.cbc.ca/news/thenational/delhi-grapples-with-covid-19-surge-worsening-air-pollution-1.5824649
  • US coronavirus cases jumped by over 10% this past week and over 1 million were added in 5 days https://www.businessinsider.com/us-coronavirus-cases-jumped-by-over-10-percent-million-added-2020-12
  • The U.S. Has Passed the Hospital Breaking Point https://www.theatlantic.com/health/archive/2020/12/the-worst-case-scenario-is-happening-hospitals-are-overwhelmed/617301/
  • The US has exceeded 100,000 current COVID-19 hospitalizations for the first time https://www.businessinsider.com/us-sets-active-covid-19-hospitalizations-record-after-thanksgiving-2020-12
  • States With Few Coronavirus Restrictions Are Spreading the Virus Beyond Their Borders http://feeds.propublica.org/link/9499/14121905/states-with-few-coronavirus-restrictions-are-spreading-the-virus-beyond-their-borders
  • More Americans died from COVID-19 yesterday than the number of people killed on 9/11 https://www.businessinsider.com/more-americans-died-covid-19-yesterday-than-number-killed-911-2020-12
  • America Is Careening Toward a Pandemic Nightmare Scenario https://www.theatlantic.com/health/archive/2020/12/darkest-stretch-pandemic-winter/617285/
  • It Now Looks Like COVID-19 Was Already in The US in December 2019 https://www.sciencealert.com/covid-19-may-have-been-in-us-by-december-2019
  • Canada adds over 6,200 new cases as provinces post new records, health restrictions https://globalnews.ca/news/7505321/coronavirus-canada-update-dec-6/
  • Canada’s coronavirus cases surge past 380K while daily death toll average stands at 87 https://globalnews.ca/news/7495862/coronavirus-update-canada-dec-1/
  • Ontario reports over 1,900 new coronavirus cases, setting record for 2nd straight day https://globalnews.ca/news/7504778/ontario-coronavirus-cases-december-6-covid19/
  • ‘Dozens’ infected with COVID-19 after B.C. oldtimers’ hockey team travels to Alberta https://globalnews.ca/news/7498626/bc-hockey-team-alberta-covid-cluster/
  • 4 deaths, at least 80 cases tied to London, ON University Hospital outbreaks https://globalnews.ca/news/7492933/university-hospital-outbreak-update-november-30-cases-deaths/
  • 41 swingers test positive for COVID-19 after New Orleans sex convention https://globalnews.ca/news/7496623/covid-swinger-superspreader-new-orleans-sex/
  • Long-term care homes once again emerge as COVID-19 hotspots https://www.ctvnews.ca/health/coronavirus/long-term-care-homes-once-again-emerge-as-covid-19-hotspots-1.5209719
  • “We Don’t Even Know Who Is Dead or Alive”: Trapped Inside an Assisted Living Facility During the Pandemic http://feeds.propublica.org/link/9499/14119409/we-dont-even-know-who-is-dead-or-alive-trapped-inside-an-assisted-living-facility-during-the-pandemic
  • (What?)‘Healthy’ B.C. family posts ad requesting exposure to COVID-19 https://globalnews.ca/news/7497303/coronavirus-b-c-family-posts-ad-exposure-covid-19/

• Guidance, Response and Recovery:

  • Canada unveils largest economic relief package since WW2 https://www.bbc.co.uk/news/world-us-canada-55139229
  • Trudeau indicates Canada-U.S. border restrictions to last a long time https://nationalpost.com/news/canada/trudeau-indicates-canada-u-s-border-restrictions-to-last-a-long-time
  • Why some travellers get permission to cross the Canada-U.S. border and others don't https://www.cbc.ca/news/business/canada-u-s-border-rules-snowbirds-covid-19-1.5822138
  • 9 out of 10 Canadians to change, cancel holiday plans amid coronavirus https://globalnews.ca/news/7492688/coronvirus-holidays-ipsos-poll-canada-plans/
  • Toronto Public Health updates school screening tool for COVID-19 https://globalnews.ca/news/7501927/toronto-schools-new-covid-19-screening-tool/
  • COVID-19 indicators suggest lockdown could be imminent in York Region https://toronto.ctvnews.ca/covid-19-indicators-suggest-lockdown-could-be-imminent-in-york-region-1.5216066
  • Coronavirus surge leads to 1,470 new cases, 30 more deaths in Quebec https://globalnews.ca/news/7499107/quebec-coronavirus-covid-19-december-3/
  • P.E.I. to impose 2-week ‘circuit breaker’ lockdown to control coronavirus outbreak https://globalnews.ca/news/7505415/coronavirus-pei-circuit-breaker-lockdown/
  • Argentina passes tax on wealthy to pay for virus measures https://www.bbc.co.uk/news/world-latin-america-55199058
  • The US needs to prepare a full and complete account of the pandemic and response https://www.theatlantic.com/ideas/archive/2020/12/us-needs-covid-19-commission/617242/
  • New Covid tier system comes into force in England https://www.bbc.co.uk/news/uk-55153899
  • No country ‘immune’ to COVID-19 economic shock, but Asian nations will bounce back faster https://scienmag.com/no-country-immune-to-covid-19-economic-shock-but-asian-nations-will-bounce-back-faster/
  • Retailers ask Ontario government to lift COVID restrictions they say aren't working https://toronto.ctvnews.ca/retailers-ask-ontario-government-to-lift-covid-restrictions-they-say-aren-t-working-1.5213040
  • COVID-19 can linger on some surfaces. What does that mean for gift giving this holiday season? https://www.ctvnews.ca/health/coronavirus/covid-19-can-linger-on-some-surfaces-what-does-that-mean-for-gift-giving-this-holiday-season-1.5210396

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Canadian researchers turn to wastewater tests at long-term care homes to detect COVID hotspots https://www.cbc.ca/news/politics/canadian-universities-testing-long-term-care-homes-wastewater-1.5818701
  • Pandemic Data Are Stalling Out https://www.theatlantic.com/health/archive/2020/12/covid-numbers-hospitalizations-100000/617293/
  • The FBI raided a New Jersey lab and urged people who went there for COVID-19 tests to get re-tested https://www.businessinsider.com/fbi-raids-new-jersey-lab-issues-coronavirus-public-service-announcement-2020-12
  • Quarantining is based on 700 year old virus-fighting logic. Here's how to safely shorten your time in isolation https://www.businessinsider.com/14-day-quarantine-relied-on-700-year-old-disease-logic-2020-11
  • U.S. CDC set to shorten recommended length of coronavirus quarantine https://globalnews.ca/news/7496619/coronavirus-cdc-quarantine-requirements/
  • As U.S. shortens quarantine, questions swirl around Canada's 14-day rule https://www.ctvnews.ca/canada/as-u-s-shortens-quarantine-questions-swirl-around-canada-s-14-day-rule-1.5214906
  • Pods: Sorry to Burst Your Quarantine Bubble https://www.theatlantic.com/health/archive/2020/11/pandemic-pod-bubble-concept-creep/617207/
  • Lung damage 'identified' in study https://www.bbc.co.uk/news/health-55017301
  • A Baby Was Born With Protective Antibodies After Mom Had COVID-19 During Pregnancy https://www.sciencealert.com/a-baby-was-born-with-protective-antibodies-after-mom-had-covid-19-during-pregnancy
  • Think-tank finds more than 240 people died waiting for surgery in Saskatchewan https://globalnews.ca/news/7500669/240-people-died-waiting-surgery-saskatchewan/
  • New Study Reveals The Content of People's Dreams During This Weird Pandemic Time https://www.sciencealert.com/pandemic-dreaming-reflects-the-fears-we-have-while-we-re-awake-study-finds
  • Feds plan to provide Canadians with tools to fight coronavirus vaccine misinformation https://globalnews.ca/news/7497355/canada-webinars-coronavirus-vaccine/
  • Experts tell City of Toronto to change messaging to influence COVID-19 rule-breakers https://globalnews.ca/news/7498120/coronavirus-city-of-toronto-covid-19-messaging/
  • Don’t call 911 to report COVID-19-related complaints: Edmonton police https://globalnews.ca/news/7492896/covid-19-public-health-order-violations-police-alberta-911/
  • She cancelled her home insurance because of coronavirus shutdowns. Then her home caught fire https://globalnews.ca/news/7493508/she-cancelled-her-home-insurance-because-of-coronavirus-shutdowns-then-her-home-caught-fire/
  • ‘Like nothing I have felt before’: B.C. COVID-19 survivor blasts virus deniers in online post https://globalnews.ca/news/7494720/bc-covid-19-survivor-attacks-covid-deniers/
  • Facebook will remove COVID-19 vaccine misinformation https://www.theverge.com/2020/12/3/22150425/facebook-covid-19-vaccine-coronavirus-misinformation-ban
  • ‘Human experimentation’: Tory MP sponsors e-petition disputing assured coronavirus vaccine safety https://globalnews.ca/news/7497901/conservative-derek-sloan-e-petition-coronavirus-vaccine/_Vaccines Progress:
  • Britain approves Pfizer coronavirus vaccine for use, 1st in world https://globalnews.ca/news/7496464/uk-approves-pfizer-coronavirus-vaccine/
  • Moderna asking U.S., European regulators to OK its COVID-19 shots https://www.ctvnews.ca/health/coronavirus/moderna-asking-u-s-european-regulators-to-ok-its-covid-19-shots-1.5209855
  • Russia says its COVID vaccine is 95% effective. So why is there still Western resistance to it? https://www.cbc.ca/news/world/russia-vaccine-covid-19-coronavirus-chris-brown-1.5819331
  • How Moderna designed its coronavirus vaccine in 2 days https://globalnews.ca/news/7492076/moderna-coronavirus-vaccine-technology-how-it-works/
  • The people saving our lives should get vaccinated first https://www.theverge.com/21779433/covid-vaccine-priority-health-care-workers-long-term-care
  • Supply chain delays marred Pfizer's initial vaccine rollout plans https://www.businessinsider.com/pfizer-vaccine-rollout-supply-chain-problems-hinder-distribution-2020-12
  • Vaccine advisory committee recommends new ranked roll-out, with long-term care at top https://globalnews.ca/news/7495722/coronavirus-vaccine-advisory-committee-new-ranked-roll-out-long-term-care/
  • Canadian military creates ‘Operation Vector’ to help with coronavirus vaccine rollout https://globalnews.ca/news/7498914/coronavirus-vaccine-rollout-caf-operation-vector/
  • Ontario government now in direct talks with COVID-19 vaccine manufacturers https://toronto.ctvnews.ca/ontario-government-now-in-direct-talks-with-covid-19-vaccine-manufacturers-1.5211511
  • Ontario's lockdowns are effective in curbing COVID-19 transmission https://toronto.ctvnews.ca/ontario-s-lockdowns-are-effective-in-curbing-covid-19-transmission-study-finds-1.5213772
  • Tory says he would consider curfew to curb Toronto's record COVID-19 spread https://toronto.ctvnews.ca/tory-says-he-would-consider-curfew-to-curb-toronto-s-record-covid-19-spread-1.5213391

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • WHO recommends wearing masks indoors if ventilation is poor https://globalnews.ca/news/7496556/coronavirus-masks-indoors-world-health-organization/
  • Biden to ask Americans to wear masks for 100 days https://www.bbc.co.uk/news/world-us-canada-55182309
  • Netherlands makes face masks mandatory indoors https://www.bbc.co.uk/news/world-europe-55143938
  • Sweden rejects need for face masks as coronavirus deaths top 7,000 https://globalnews.ca/news/7499157/sweden-face-masks-coronavirus-deaths/
  • Snowboarder heading to Whistler after arriving from U.S fined for breaking quarantine rules https://globalnews.ca/news/7501940/whistler-snowboarder-quarantine-fine/
  • In November 2020, Burnaby RCMP shut down a rave and multiple parties https://globalnews.ca/news/7502139/november-burnaby-rcmp-covid-19-tickets/
  • A Hawaii couple knew they had coronavirus before flying. They boarded a flight anyway and were arrested https://www.washingtonpost.com/nation/2020/12/03/hawaii-couple-coronavirus-traveled-plane/
  • Ontario regulator suspends liquor licence of karaoke bar that allegedly broke COVID-19 orders https://toronto.ctvnews.ca/ontario-regulator-suspends-liquor-licence-of-karaoke-bar-that-allegedly-broke-covid-19-orders-1.5211740
  • Oregon nurse on leave after bragging of COVID-19 violations on TikTok https://globalnews.ca/news/7492355/coronavirus-nurse-tiktok/
  • Health Officials Face Death Threats From Coronavirus Deniers https://theintercept.com/2020/12/01/covid-health-officials-death-threats/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Scientists invent a new type of microscope that can see through an intact skull https://scienmag.com/scientists-invent-a-new-type-of-microscope-that-can-see-through-an-intact-skull/
• ‘I guess this is a thing’: Third metal monolith appears in California https://globalnews.ca/news/7499020/california-monolith-metal-utah-romania/
• The 300m Arecibo 'GoldenEye' radio telescope is gone in grand collapse - videos https://www.universetoday.com/149093/now-you-can-watch-actual-video-of-arecibo-collapsing-if-you-dare/, https://www.syfy.com/syfywire/watch-footage-of-the-devastating-collapse-of-the-arecibo-radio-telescope, https://www.theverge.com/22150330/arecibo-observatory-collapse-drone-footage-video
• Falling meteor causes fireball, flash of light over parts of Ontario https://toronto.ctvnews.ca/falling-meteor-causes-fireball-flash-of-light-over-parts-of-ontario-1.5214284
• Hayabusa-2: Japan asteroid sample lands safely on Earth https://www.bbc.co.uk/news/science-environment-55206621
• China’s Chang’e-5 Probe Lands on the Moon and Gets Set to Bring Back Fresh Samples https://www.universetoday.com/149027/chinas-change-5-probe-lands-on-the-moon-and-gets-set-to-bring-back-fresh-samples/
• Component failure in NASA’s deep-space crew capsule could take months to fix https://www.theverge.com/2020/11/30/21726753/nasa-orion-crew-capsule-power-unit-failure-artemis-i
• Astronomers Are Mystified by These Ghostly, Unexplained Circles Seen in Space https://www.sciencealert.com/astronomers-are-genuinely-mystified-by-these-ghostly-circles-seen-in-space
• An ancient star city circles our galactic twin. In fact... it's too ancient https://www.syfy.com/syfywire/an-ancient-star-city-circles-our-galactic-twin-in-fact-its-too-ancient