Welcome to This Week’s [in]Security. Big-Hacks: Exchange, SolarWinds, Ubiquiti. New breaches: Facebook, MobiKwik. New Ransomware: Molson Coors, Home Hardware. Follow-ups & Fall-out: 1000 Year Breach, Refunds? Privacy. Laws & Regs: web analytics, autodialers, backdooring Facebook. NIST Hospitality. Defense: Webinars. Girls and STEM. SSL and old TLS. CoinHive. Application Security. Vulnerabilities: QNAP ZeroDay, Firmware, WordPress, ICS, PHP/GitHub, Containers, Spectre. Cryptography: Homomorphic, Lightweight, and Post-Quantum. Cybercrime Trends: Bypassing Facial, Nation States. Crime: Utility Hack, Tatoos,. Lego? Other Risks: Facial Bias, Domains, Amber Alerts, Nuke Tweet, Shipping. Health, Safety & Environment: mRNA & saRNA. The problems with NFTs. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI Updated P2PE Assessor Qualification Requirements to alighn with the PA-DSS/SSF transition https://www.pcisecuritystandards.org/documents/P2PE_Qualification_Requirements_v3_0.pdf
• Reduced Certification Requirements for PA-QSA Secure Software Assessor Candidates until 30 June 2021 https://blog.pcisecuritystandards.org/reduced-certification-requirements-for-pa-qsa-secure-software-assessor-candidates-until-30-june-2021
• Educate Your Whole Team with Corporate Group Training Classes https://blog.pcisecuritystandards.org/educate-your-whole-team-with-corporate-group-training-classes
• A Fingerprint Card Tech Advances After Achieving Compliance With Mastercard Specs https://www.digitaltransactions.net/a-fingerprint-card-tech-advances-after-achieving-compliance-with-mastercard-specs/
• PCI-HSM best practices and configuration for your IBM Crypto Express HSMs with CCA https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/richard-kisley1/2021/03/31/pci-hsm-best-practices-and-configuration

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major incidents:

  • Check Point: 50,000 Attempted Ransomware Attacks Target Exchange https://www.databreachtoday.com/check-point-50000-attempted-ransomware-attacks-target-exchange-a-16299
  • CISA gives federal agencies 5 days to find hacked Exchange servers https://www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/
  • Microsoft Exchange attacks increase while WannaCry gets a restart https://www.bleepingcomputer.com/news/security/microsoft-exchange-attacks-increase-while-wannacry-gets-a-restart/
  • SolarWinds Attackers Accessed DHS Emails, Report https://threatpost.com/solarwinds-attackers-dhs-emails/165110/
  • Whistleblower: Ubiquiti Breach “Catastrophic” https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
  • Ubiquiti All But Confirms Breach Response Iniquity https://krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/
  • Ubiquiti breach puts countless cloud-based devices at risk of takeover https://arstechnica.com/gadgets/2021/03/ubiquiti-breach-puts-countless-cloud-based-devices-at-risk-of-takeover/
  • Ubiquiti confirms extortion attempt following security breach https://www.bleepingcomputer.com/news/security/ubiquiti-confirms-extortion-attempt-following-security-breach/
  • Ubiquiti cyberattack may be far worse than originally disclosed https://www.bleepingcomputer.com/news/security/ubiquiti-cyberattack-may-be-far-worse-than-originally-disclosed/

• New Breaches:

  • Facebook - 2,529,621 breached accounts https://haveibeenpwned.com/PwnedWebsites#Facebook
  • Personal data of 533 million Facebook users leaks online https://www.theverge.com/2021/4/4/22366822/facebook-personal-data-533-million-leaks-online-email-phone-numbers
  • How to check if your info was exposed in the Facebook data leak https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/
  • Indian Mobile Phone Gateway MobiKwik Looks Into 110 Million User Data Breach https://www.pymnts.com/news/security-and-risk/2021/indian-mobile-phone-gateway-mobikwik-looks-into-110-million-user-data-breach/
  • MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed https://thehackernews.com/2021/03/mobikwik-suffers-major-breach-kyc-data.html
  • DeKalb, Austin schools notify parents about data breach https://www.databreaches.net/dekalb-austin-schools-notify-parents-about-data-breach/
  • NZ: Allied Press hit by data breach https://www.databreaches.net/nz-allied-press-hit-by-data-breach/

• New Ransomware and "Incidents":

  • Molson Coors Cyberattack, Storms Could Cost Company $140 Million https://www.securityweek.com/molson-coors-cyberattack-storms-could-cost-company-140-million
  • CompuCom Expects $28 Million Loss From Cyber Incident https://www.databreachtoday.com/compucom-expects-28-million-loss-from-cyber-incident-a-16309
  • Canadian retailer Home Hardware hit by ransomware https://www.databreaches.net/canadian-retailer-home-hardware-hit-by-ransomware/
  • Hackers threaten shipping firm ECU Worldwide with data leak https://www.databreaches.net/hackers-threaten-shipping-firm-ecu-worldwide-with-data-leak/
  • Malware attack is preventing car inspections in eight US states https://www.bleepingcomputer.com/news/security/malware-attack-is-preventing-car-inspections-in-eight-us-states/
  • Ransomware: Home Health Firm Reports 2nd Cloud Vendor Incident https://www.databreachtoday.com/ransomware-home-health-firm-reports-2nd-cloud-vendor-incident-a-16291
  • Channel Nine cyber-attack disrupts live broadcasts in Australia https://www.databreaches.net/channel-nine-cyber-attack-disrupts-live-broadcasts-in-australia/
  • DE: City administration Angermünde temporarily unavailable https://www.databreaches.net/de-city-administration-angermunde-temporarily-unavailable/
  • GA: Cyberattack on Cobb schools enabled by contractor’s weak password, police say https://www.databreaches.net/ga-cyberattack-on-cobb-schools-enabled-by-contractors-weak-password-police-say/

• Follow-ups and fall-out:

  • Capital One notifies more clients of SSNs exposed in 2019 data breach https://www.bleepingcomputer.com/news/security/capital-one-notifies-more-clients-of-ssns-exposed-in-2019-data-breach/
  • Dutch watchdog fines Booking.com €475k after it kept customer data thefts quiet for more than 3 weeks https://www.theregister.com/2021/04/01/booking_dot_com_fine/
  • Cybercriminals Publish Data Allegedly Stolen From Shell, Multiple Universities https://www.securityweek.com/cybercriminals-publish-data-allegedly-stolen-shell-multiple-universities
  • GitHub Arctic Vault captures leaked patient medical data for 1,000 years https://www.bleepingcomputer.com/news/security/github-arctic-vault-captures-leaked-patient-medical-data-for-1-000-years/
  • Analysis: Fat Face's Awkward Breach Notification https://www.databreachtoday.com/interviews/analysis-fat-faces-awkward-breach-notification-i-4863
  • Buying Breached Data: When Is It Ethical? https://www.databreachtoday.com/blogs/buying-breached-data-when-ethical-p-3008
  • Ziggy Ransomware Gang Offers Refunds to Victims https://threatpost.com/ziggy-ransomware-gang-offers-refund-to-victims/165124/

Privacy

Articles about privacy related news, risks, and trends.

• US lawmakers Press Online Ad Auctioneers Over User Data https://www.securityweek.com/us-lawmakers-press-online-ad-auctioneers-over-user-data
• Browser tracking protections won't stop tracking, warns DuckDuckGo https://www.theregister.com/2021/03/30/duckduckgo_tracking_protection_claims/
• If You Care About Privacy, It’s Time to Try a New Web Browser https://www.nytimes.com/2021/03/31/technology/personaltech/online-privacy-private-browsers.html
• Most loved programming language Rust sparks privacy concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • A first in Canada: Class action over loss of personal information dismissed on the merits https://www.databreaches.net/a-first-in-canada-class-action-over-loss-of-personal-information-dismissed-on-the-merits/
  • Parts of proposed privacy legislation worse PIPEDA, says commissioner https://www.itworldcanada.com/article/parts-of-proposed-cppa-worse-than-canadas-existing-privacy-law-says-therrien/445019
  • The Law Bytes Podcast, Episode 82: Jonathan Curtis on the CRTC’s Push to Block Botnets https://www.michaelgeist.ca/2021/03/law-bytes-podcast-episode-82/

• US:

  • Cybersecurity Framework Election Infrastructure Profile: Draft NISTIR 8310 Available for Comment https://csrc.nist.gov/publications/detail/nistir/8310/draft
  • Intel accused of wiretapping because it uses analytics to track keystrokes, mouse movements on its website https://www.theregister.com/2021/03/30/intel_wiretapping_data/ and https://threatpost.com/intel-sued-under-wiretapping-laws/165104/
  • Supreme Court says Facebook text alerts aren’t illegal robocalls https://www.theverge.com/2021/4/1/22362203/facebook-duguid-supreme-court-ruling-robocalls-tcpa and https://epic.org/2021/04/supreme-court-limits-federal-b.html
  • Senators Offer to Let NSA Hunt Cyber Actors Inside the US https://www.databreaches.net/senators-offer-to-let-nsa-hunt-cyber-actors-inside-the-us/
  • Stupid Patent of the Month: Telehealth Robots Say Goodbye https://www.eff.org/deeplinks/2021/03/stupid-patent-month-telehealth-robots-say-goodbye

• World:

  • UK may force Facebook services to allow backdoor police access https://www.theguardian.com/technology/2021/apr/01/uk-may-force-facebook-services-to-allow-backdoor-police-access
  • Covid-19: World leaders call for international pandemic treaty https://www.bbc.co.uk/news/uk-56572775

• Standards News:

  • NIST SP 1800-27 Securing Property Management Systems for the Hospitality Industry https://csrc.nist.gov/publications/detail/sp/1800-27/final
  • NIST Releases an Example Implementation Tool for NISTIR 8212: An Information Security Continuous Monitoring Program Assessment https://csrc.nist.gov/publications/detail/nistir/8212/final

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars and Virtual Events:

  • NIST Software & Supply Chain Assurance Virtual Event April 7th https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management/ssca
  • Getting Girls into STEM and Cybersecurity - Pathways to Progress https://www.nist.gov/news-events/events/2021/04/nice-webinar-getting-girls-stem-and-cybersecurity-pathways-progress
  • Cryptographic Keys: The Horseshoe Nail of Cyber Security - webinar April 20 https://www.databreachtoday.com/webinars/cryptographic-keys-horseshoe-nail-cyber-security-w-3093
• Old TLS versions - gone, but not forgotten... well, not really "gone" either, (Tue, Mar 30th) https://isc.sans.edu/diary/rss/27260
• Bulletproof TLS#75 - IETF deprecates TLS 1.0 and 1.1, Open SSL, Post-Quantum https://www.feistyduck.com/bulletproof-tls-newsletter/issue_75_ietf_formally_deprecates_tls_1_0_and_1_1
• Google Chrome for Linux is getting DNS-over-HTTPS, but there's a catch https://www.bleepingcomputer.com/news/security/google-chrome-for-linux-is-getting-dns-over-https-but-theres-a-catch/
• Google limits which apps can access the list of installed apps on your device https://thehackernews.com/2021/04/google-limits-which-apps-can-access.html
• Mozilla VPN now nudges users to put shields up on dodgy networks, adds LAN access https://www.theregister.com/2021/03/30/mozilla_vpn/
• Protecting LoRaWAN Hardware from Attacks in the Wild https://www.trendmicro.com/en_us/research/21/c/protecting-lorawan-hardware-from-attacks-in-the-wild.html
• I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies. https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
• Assessing Mainframe Compliance While Minimizing Operational Impact https://blog.qualys.com/product-tech/2021/04/01/assessing-mainframe-compliance-while-minimizing-operational-impact
• Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain https://www.darkreading.com/attacks-breaches/beyond-mitre-attandck-the-case-for-a-new-cyber-kill-chain/a/d-id/1340539
• How to build a successful application security program https://www.microsoft.com/security/blog/2021/03/29/how-to-build-a-successful-application-security-program/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack https://threatpost.com/qnap-nas-devices-zero-day-attack/165165/

• New Security Signals study shows firmware attacks on the rise

  • People aren't worrying enough about these https://www.zdnet.com/article/microsoft-firmware-attacks-are-on-the-rise-and-you-arent-worrying-about-them-enough/
  • Microsoft is working to help eliminate this entire class of threats https://www.microsoft.com/security/blog/2021/03/30/new-security-signals-study-shows-firmware-attacks-on-the-rise-heres-how-microsoft-is-working-to-help-eliminate-this-entire-class-of-threats/
• Fake jQuery files infect WordPress sites with malware https://www.bleepingcomputer.com/news/security/fake-jquery-files-infect-wordpress-sites-with-malware/
• Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks https://thehackernews.com/2021/03/flaws-in-ovarro-tbox-rtus-could-open.html
• PHP repository moved to GitHub after malicious code inserted in its source code under creator Rasmus Lerdorf's name https://www.theregister.com/2021/03/29/php_repository_infected/ and https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html
• Who Contains the Containers? https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html
• Malicious Docker Cryptomining Images Rack Up 20M Downloads https://threatpost.com/malicious-docker-cryptomining-images/165120/
• New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems https://thehackernews.com/2021/03/new-bugs-could-let-hackers-bypass.html
• VMware fixes authentication bypass in data center security software https://www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-data-center-security-software/
• Hacker Exploits Bug In Doom To Run Snake https://packetstormsecurity.com/news/view/32154/Hacker-Exploits-Bug-In-Doom-To-Run-Snake.html
• Intel HEXL: Accelerating Homomorphic Encryption with Intel AVX512-IFMA52, by Fabian Boemer and Sejun Kim and Gelila Seifu and Fillipe D.M. de Souza and Vinodh Gopal https://eprint.iacr.org/2021/420
• Lightweight Cryptography (LWC) Standardization: Finalists Announced https://csrc.nist.gov/News/2021/lightweight-crypto-finalists-announced
• Post-Quantum Cryptography: Current state and quantum mitigation https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation
• The Looming Threat of Broken Cryptography https://www.databreachtoday.com/interviews/looming-threat-broken-cryptography-i-4861

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major Exchange, SolarWinds, F5, and Accellion):

  • Pair accused of turning photos into vids to crack tax dept facial recognition system in China https://www.theregister.com/2021/03/31/tax_scammers_fool_ai_facial_recognition/
  • Hackers are implanting multiple backdoors at industrial targets in Japan https://thehackernews.com/2021/03/hackers-are-implanting-multiple.html
  • 800Gbps DDoS extortion attack hits gambling company https://www.bleepingcomputer.com/news/security/800gbps-ddos-extortion-attack-hits-gambling-company/
  • System Update: New Android Malware https://www.schneier.com/blog/archives/2021/03/system-update-new-android-malware.html
  • Malware hidden in game cheats and mods used to target gamers https://www.bleepingcomputer.com/news/security/malware-hidden-in-game-cheats-and-mods-used-to-target-gamers/

• Nation State Actors:

  • North Korean hackers are targeting researchers through fake offensive security firm in new operation https://www.zdnet.com/article/google-north-korean-hackers-targeting-researchers-now-pretend-to-be-from-offensive-security-firm and https://arstechnica.com/gadgets/2021/04/north-korean-hackers-return-target-infosec-researchers-in-new-operation/
  • FBI: APTs Actively Exploiting Fortinet VPN Security Holes https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/
  • Russian hackers stole emails from Trump’s cybersecurity team: ‘We’re talking the crown jewels’ https://www.databreaches.net/russian-hackers-stole-emails-from-trumps-cybersecurity-team-were-talking-the-crown-jewels/

• Crime & Arrests, etc.:

  • FBI: Cybercrime Shot Up in 2020 Amidst Pandemic https://blog.isc2.org/isc2_blog/2021/03/fbi-cybercrime-shot-up-in-2020-amidst-pandemic.html
  • Feds say man broke into public water system and shut down safety processes https://arstechnica.com/information-technology/2021/04/man-indicted-for-allegedly-tampering-with-computer-at-public-water-plant/
  • Fugitive Identified on YouTube By His Distinctive Tattoos https://www.schneier.com/blog/archives/2021/04/fugitive-identified-on-youtube-by-his-distinctive-tattoos.html
  • Ontario man loses more than $5,000 in credit card scam https://toronto.ctvnews.ca/ontario-man-loses-more-than-5-000-in-credit-card-scam-1.5370638
  • French police are investigating an international Lego crime ring https://www.theverge.com/2021/4/1/22362181/lego-thieves-france-robbery-toy-store-crime-gang

Other Security / Risk

Articles covering other types of risks.

• Scientists create online games to show risks of AI emotion recognition https://www.theguardian.com/technology/2021/apr/04/online-games-ai-emotion-recognition-emojify
• Ethos Capital Is Grabbing Power Over Domain Names Again, Risking Censorship-For-Profit. Will ICANN Intervene? https://www.eff.org/deeplinks/2021/04/ethos-capital-grabbing-power-over-domain-names-again-risking-censorship-profit
• ‘Rethink what’s important to you’: Winnipeg police say Amber Alert led to complaints to 911 https://globalnews.ca/news/7733180/winnipeg-police-amber-alert-complaints-to-911/
• Child tweets gibberish from US nuclear-agency account https://www.bbc.co.uk/news/technology-56578544
• Nato intercepts Russian planes '10 times in a day' https://www.bbc.co.uk/news/world-europe-56577865
• Microsoft outage caused by overloaded Azure DNS servers https://www.bleepingcomputer.com/news/microsoft/microsoft-outage-caused-by-overloaded-azure-dns-servers/
• Google proved me right, Chrome was a bloated memory hog https://www.zdnet.com/article/google-proved-me-right-chrome-was-a-bloated-memory-hog/
• Words Have Lost Their Common Meaning https://www.theatlantic.com/ideas/archive/2021/03/nation-divided-language/618461/
• Facebook is making a major change that makes it easier for you to escape the algorithm-based News Feed (FB) https://www.businessinsider.com/facebook-making-major-changes-to-news-feed-controls-2021-3
• Why the middle is neglected in politics and other spectrums https://scienmag.com/why-the-middle-is-neglected-in-politics-and-other-spectrums/
• Tesla Disputed Edmunds Tests, Edmunds Did Them Again https://insideevs.com/news/496740/tesla-disputed-edmunds-tests-results/
• How lever-action voting machines really worked https://freedom-to-tinker.com/2021/04/01/how-lever-action-voting-machines-really-worked/

• Health, Safety & Environment:

  • COVID Showed How Trials for New Drugs Could Be Faster and Better https://www.scientificamerican.com/article/covid-showed-how-trials-for-new-drugs-could-be-faster-and-better1/
  • How mRNA Technology Could Change the World https://www.theatlantic.com/ideas/archive/2021/03/how-mrna-technology-could-change-world/618431/
  • Low-cost solar-powered water filter removes lead, other contaminants https://scienmag.com/low-cost-solar-powered-water-filter-removes-lead-other-contaminants/
  • An Entire Group of Whales Has Somehow Escaped Human Attention https://www.theatlantic.com/science/archive/2021/03/beaked-whales-holding-their-breath/618455/
  • This Iceland volcano erupted for the first time in 6,000 years, and it could keep erupting for decades https://www.businessinsider.com/iceland-reykjavik-volcano-could-keep-erupting-for-decades-2021-4

• Shipping:

  • Ship stuck in Suez Canal may have caused over $1 billion in damages: official https://globalnews.ca/news/7733884/egypt-1-billion-ship-suez-canal/
  • Why Ships Keep Crashing https://www.theatlantic.com/ideas/archive/2021/03/ever-given-and-suez-why-ships-keep-crashing/618436/
• Archegos implosion — SPAC banker hiring spree — Goldman interns will work in office https://www.businessinsider.com/top-finance-stories-of-the-day-for-march-30-2021-3

• NFTs are supposed to be digitial-art with provenance on a blockchain, except they aren't. They're more like receipts for digital-art on a blockchain. The art isn't protected.

  • Go read this story on the real history of NFTs https://www.theverge.com/2021/4/2/22364240/nft-blockchain-artist-hackathon-kevin-mccoy-anil-dash
  • NFTs Weren’t Supposed to End Like This https://www.theatlantic.com/ideas/archive/2021/04/nfts-werent-supposed-end-like/618488/
  • People's Expensive NFTs Keep Vanishing. This Is Why https://www.vice.com/en/article/pkdj79/peoples-expensive-nfts-keep-vanishing-this-is-why
  • Non-Fungible Tokens: Of Course They're Attracting Scammers https://www.databreachtoday.com/blogs/non-fungible-tokens-course-theyre-attracting-scammers-p-3011
  • What Are NFTs Anyway? https://www.mentalfloss.com/article/644317/what-are-nfts
• After suing Fox News for $1.6 billion, Dominion has its eye on other media outlets as well as Donald Trump, a lawyer for the voting-machine company said https://www.businessinsider.com/dominion-voting-systems-machines-fox-news-lawsuit-defamation-trump-2021-3

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • The Threat That COVID-19 Poses Now https://www.theatlantic.com/health/archive/2021/04/fourth-surge-covid-19-unequal/618493/
  • London recorded zero COVID-19 deaths for the first time in 6 months https://www.businessinsider.com/london-records-zero-coronavirus-deaths-first-time-six-months-2021-3
  • Covid-19: CDC head warns of 'impending doom' in US https://www.bbc.co.uk/news/world-us-canada-56572452
  • 47-year-old Ontario teacher who was 'totally healthy' intubated after contracting COVID-19 https://toronto.ctvnews.ca/47-year-old-ontario-teacher-who-was-totally-healthy-intubated-after-contracting-covid-19-1.5373439
  • Ontario woman dies after contracting COVID-19 from husband who got infected at work, doctor says https://toronto.ctvnews.ca/ontario-woman-dies-after-contracting-covid-19-from-husband-who-got-infected-at-work-doctor-says-1.5374029

• Guidance, Response, and Recovery:

  • A City in Brazil's Amazon Rain Forest Is a Stark Warning about COVID to the Rest of the World https://www.scientificamerican.com/article/a-city-in-brazils-amazon-rain-forest-is-a-stark-warning-about-covid-to-the-rest-of-the-world/
  • Listen: No Shirt. No Shoes. No Shots. No Service. https://www.theatlantic.com/health/archive/2021/04/no-shirt-no-shoes-no-shots-no-service/618487/
  • About 26,000 travellers arriving in Canada were exempt from mandatory quarantine hotel https://nationalpost.com/news/canada/about-26000-travellers-arriving-in-canada-were-exempt-from-mandatory-quarantine-hotel
  • A tale of two COVID-19 hot spots: Ontario and Quebec take different approaches to confronting third wave https://www.theglobeandmail.com/canada/article-a-tale-of-two-covid-19-hot-spots-ontario-and-quebec-take-different/
  • COVID-19 lockdown, shutdown, circuit breakers: How do these terms differ? https://globalnews.ca/news/7735633/covid-lockdown-emergency-break-shutdown/
  • Ontario expected to announce month-long provincial shutdown on Thursday, sources say https://toronto.ctvnews.ca/ontario-expected-to-announce-month-long-provincial-shutdown-on-thursday-sources-say-1.5370752
  • Ontario’s COVID-19 ’emergency brake’ shutdown takes effect on Saturday https://globalnews.ca/news/7733948/covid-ontario-emergeny-brake-shutdown-saturday/
  • 'Playing politics with words': Experts confused by terms like lockdown, shutdown, circuit breakers https://toronto.ctvnews.ca/playing-politics-with-words-experts-confused-by-terms-like-lockdown-shutdown-circuit-breakers-1.5372582
  • COVID-19 vaccine ‘passports’ aren’t exactly like yellow fever certifications https://www.theverge.com/22359121/covid-vaccine-certification-ethics-equity-yellow-fever
  • U.K. to test COVID-19 passports at mass gatherings in coming weeks https://globalnews.ca/news/7737790/uk-vaccine-passport-test-coronavirus/
  • Irish pubs could become work hubs in post-pandemic plan https://www.bbc.co.uk/news/world-europe-56575266

• Treatments, Testing, Triage, Trials, and things we Learned:

  • U.S. FDA approves 2 at-home rapid COVID-19 tests. When will Canada catch up? https://globalnews.ca/news/7737814/canada-rapid-at-home-tests/
  • Canada getting 5M Pfizer doses ahead of schedule in June: Trudeau https://globalnews.ca/news/7728498/canada-pfizer-vaccine-delivery-june/
  • Covid: Australia falls 85% short of vaccine delivery goal https://www.bbc.co.uk/news/world-australia-56585365
  • Errors ruin 15 million doses of Johnson & Johnson’s COVID-19 vaccine https://www.theverge.com/coronavirus/2021/3/31/22361028/johnson-covid-vaccine-error-ruin-doses
  • How many COVID-19 vaccines can Ontario expect in April? https://toronto.ctvnews.ca/how-many-covid-19-vaccines-can-ontario-expect-in-april-1.5368594
  • Johnson & Johnson’s COVID-19 shot set to soon arrive in Canada. Here’s what we know https://globalnews.ca/news/7732989/johnson-johnsons-covid-19-vaccine-canada/
  • Johnson & Johnson’s vaccine won’t be the ‘workhorse’ in Canada’s rollout https://globalnews.ca/news/7729272/johnson-and-johnson-vaccine-shipment-reaction/
  • Real-world evidence shows that the COVID-19 vaccines work https://www.theverge.com/2021/3/30/22358085/covid-vaccines-effective-real-world-infection-protection-cdc
  • We Need to Talk About the AstraZeneca Vaccine https://www.theatlantic.com/health/archive/2021/03/astrazeneca-vaccine-blood-clot-issue-wont-go-away/618451/
  • COVID 'fuse' may have been lit weeks or months before the Wuhan market 'bomb' https://www.cbc.ca/radio/quirks/mar-27-covid-pandemic-origins-nature-sounds-good-why-humans-have-such-big-brains-and-more-1.5965083/covid-fuse-may-have-been-lit-weeks-or-months-before-the-bomb-in-wuhan-market-researcher-1.5965090
  • It's Much More Likely the Coronavirus Came from Wildlife, Not a Lab https://www.scientificamerican.com/article/its-much-more-likely-the-coronavirus-came-from-wildlife-not-a-lab1/
  • WHO Officials Have Ruled on The Likely Source of COVID-19 in a New Report https://www.sciencealert.com/who-report-concludes-covid-probably-came-to-humans-from-animals
  • A second look at sunlight and COVID https://scienmag.com/a-second-look-at-sunlight/
  • Pfizer jab 'stopping 91% of cases in first six months' https://www.bbc.co.uk/news/health-56011982
  • Older Ontarians most involved in online spread of COVID-19 myths, study finds https://www.cbc.ca/news/canada/covid-myth-ontario-1.5971220

• More of the good, the bad, and the ugly:

  • ‘Get out!’: Crowd chants health inspectors out of B.C. restaurant breaking COVID-19 health order https://globalnews.ca/news/7738185/get-hout-health-inspectors-corduroy-restaurant-covid/
  • Pandemic threats: The common threads in COVID-19 scams and criminal schemes https://www.zdnet.com/article/pandemic-threats-the-common-threads-in-covid-19-scams-criminal-schemes

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Why People Won't Rethink Holiday Plans during a Pandemic https://www.scientificamerican.com/article/why-people-wont-rethink-holiday-plans-during-a-pandemic/

• US govt warns that buying fake COVID-19 vaccine cards is a crime https://www.bleepingcomputer.com/news/security/us-govt-warns-that-buying-fake-covid-19-vaccine-cards-is-a-crime/

  • Woman accused of producing fake COVID-19 test result upon landing at Toronto airport https://toronto.ctvnews.ca/woman-accused-of-producing-fake-covid-19-test-result-upon-landing-at-toronto-airport-1.5371607

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• April Fools:

  • Let this be the year April Fools’ Day for brands dies https://www.theverge.com/2021/4/1/22359046/april-fools-day-brands-pr-bad-stop
  • April Fools pranks generated by neural nets https://aiweirdness.com/post/647186313992437760
  • Tom Brady vows to bring back the Montreal Expos on April Fool’s Day https://globalnews.ca/news/7733326/tom-brady-montreal-expos-april-fools-day-prank/
• Diamond battery powered by nuclear waste runs for 28,000 years https://www.zmescience.com/science/diamond-battery-powered-by-nuclear-waste-runs-for-28000-years/
• Study shows promise of quantum computing using factory-made silicon chips https://scienmag.com/study-shows-promise-of-quantum-computing-using-factory-made-silicon-chips/
• Scientists connect human brain to computer wirelessly for first time ever https://www.independent.co.uk/life-style/gadgets-and-tech/brain-computer-interface-braingate-b1825971.html
• This Time NASA’s SLS Hotfire Goes the Full 8 Minutes https://www.universetoday.com/150696/this-time-nasas-sls-hotfire-goes-the-full-8-minutes/
• Terrascope: The Whole Earth Telescope https://www.syfy.com/syfywire/terrascope-the-whole-earth-telescope
• Hey Mars, what's shakin'? https://www.syfy.com/syfywire/hey-mars-whats-shakin
• Ingenuity's 'Wright Stuff': A Piece of the Wright Flyer Will Soar on Mars https://www.scientificamerican.com/article/ingenuitys-wright-stuff-a-piece-of-the-wright-flyer-will-soar-on-mars/
• Venus plots a comeback https://scienmag.com/venus-plots-a-comeback/
• There Could Be a Beautiful Reason Why Constellations Are The Same in Many Cultures https://www.sciencealert.com/there-s-something-fundamentally-human-in-the-constellations-of-ancient-cultures
• A Billion Years From now There won’t be Much Oxygen in the Earth’s Atmosphere https://www.universetoday.com/150750/a-billion-years-from-now-there-wont-be-much-oxygen-in-the-earths-atmosphere/
• If Astronomers see Isoprene in the Atmosphere of an Alien World, There’s a Good Chance There’s Life There https://www.universetoday.com/150725/if-astronomers-see-isoprene-in-the-atmosphere-of-an-alien-world-theres-a-good-chance-theres-life-there/
• Astronomers find the 'safest place' to live in the Milky Way https://www.livescience.com/safest-spot-for-life-in-milky-way.html