Welcome to This Week’s [in]Security. DSS v4.0 Summary, and Secure Payment Terminal Software. New breaches: Cookies, FermiLab, Glovo, Telestra, Twillo, Peleton, … New Ransomware: Pipeline Hack, Scripps, SmileDirect, Pirate, DDoS. Follow-ups & Fall-out: Apple, Ostriches, Lawyers, Therapy, and Disputes. Privacy: Facebook, Google, and EU Cloud. Laws & Regs - Canada: C-10. US: Scraping, CryptoEx, CFAA and the Cloud, Deplatforming, Astroturfing the FTC, Fines. Standards: Healthcare, Space-cyber. Defense: Kids, Buffs, Bounty, Containers, Tools, Doxing. Vulnerabilities: DNS, Spectre. Drone v. Telsla. Cybercrime - Trends: Nation States. Crime: Defogging BitCoin. Other Risks: Password Day, Missiles, TLDs. Exploit Ban, Tabs. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Impact. Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Everything known about PCI DSS v4.0, what's coming, how we are preparing, and what we can say (without breaking our NDA) https://controlgap.com/blog/PCI-DSSv4-is-Coming
• PCI Council Expects a New Module to Make Testing Terminal Software Easier https://www.digitaltransactions.net/pci-council-expects-a-new-module-to-make-testing-terminal-software-easier/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Malware group leaks millions of stolen authentication cookies https://www.databreaches.net/malware-group-leaks-millions-of-stolen-authentication-cookies/
  • Researchers peek at proprietary data of US particle physics lab Fermilab https://arstechnica.com/gadgets/2021/05/researchers-peek-into-proprietary-data-of-us-particle-physics-lab-fermilab/
  • Hackers Break Into Glovo, Europe's $2 Billion Amazon Rival https://www.databreaches.net/hackers-break-into-glovo-europes-2-billion-amazon-rival/
  • Telstra service provider hit by cyber attack as hackers claim SIM card information stolen https://www.databreaches.net/telstra-service-provider-hit-by-cyber-attack-as-hackers-claim-sim-card-information-stolen/
  • Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms https://www.theregister.com/2021/05/05/twilio_codecov_attack/
  • Twilio discloses impact from Codecov supply-chain attack https://www.bleepingcomputer.com/news/security/twilio-discloses-impact-from-codecov-supply-chain-attack/
  • Peloton's leaky API let anyone grab rider's private account data https://www.databreaches.net/pelotons-leaky-api-let-anyone-grab-riders-private-account-data/
  • Au: 19 years of personal data was stolen from ANU. It could show up on the dark web https://www.databreaches.net/au-19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web/
  • Fr: Eco-friendly sneaker brand Veja hacked https://www.databreaches.net/fr-eco-friendly-sneaker-brand-veja-hacked/
  • Gifford says vendor had data breach https://www.databreaches.net/gifford-says-vendor-had-data-breach/
  • Massive hack exposes emails from top Lightfoot officials https://www.databreaches.net/massive-hack-exposes-emails-from-top-lightfoot-officials/
  • UK: NHS vaccination website leaks people's medical data https://www.databreaches.net/uk-nhs-vaccination-website-leaks-peoples-medical-data/
  • U.S. Agency for Global Media data breach caused by a phishing attack https://www.bleepingcomputer.com/news/security/us-agency-for-global-media-data-breach-caused-by-a-phishing-attack/
  • Ca: B.C. student loan website down after being taken over by hackers https://www.databreaches.net/ca-b-c-student-loan-website-down-after-being-taken-over-by-hackers/
  • Data leak implicates over 200,000 people in Amazon fake product review scam https://www.zdnet.com/article/data-leak-implicates-over-200000-people-in-amazon-fake-product-review-scam
  • Visa assistance agency exposes 6,500+ travelers' applications, passports on the web https://www.comparitech.com/blog/information-security/visa-assistance-agency-leak/
  • 4,700 Amazon employees had unauthorized access to private seller data https://www.databreaches.net/4700-amazon-employees-had-unauthorized-access-to-private-seller-data/

• New Ransomware and "Incidents":

  • Cyberattack Forces a Shutdown of a Top U.S. Pipeline https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html
  • Cyberattack prompts shutdown of major fuel pipeline in the US https://www.theverge.com/2021/5/8/22426158/cyberattack-forces-shutdown-major-us-fuel-colonial-pipeline
  • Largest U.S. pipeline shuts down operations after ransomware attack https://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/
  • US passes emergency waiver over fuel pipeline cyber-attack https://www.bbc.co.uk/news/business-57050690
  • Health care giant Scripps Health hit by ransomware attack https://www.bleepingcomputer.com/news/security/health-care-giant-scripps-health-hit-by-ransomware-attack/
  • SmileDirectClub reveals cybersecurity incident that could cost millions https://www.databreaches.net/smiledirectclub-reveals-cybersecurity-incident-that-could-cost-millions/
  • A student pirating software led to a full-blown Ryuk ransomware attack https://www.bleepingcomputer.com/news/security/a-student-pirating-software-led-to-a-full-blown-ryuk-ransomware-attack/
  • ATC Transportation discloses ransomware attack https://www.databreaches.net/atc-transportation-discloses-ransomware-attack/
  • Ransomware Attack On Midwest Transplant Network Affects More Than 17,000 https://www.databreaches.net/ransomware-attack-on-midwest-transplant-network-affects-more-than-17000/
  • Ca: Boutin transport company victim of a cyber attack https://www.databreaches.net/ca-boutin-transport-company-victim-of-a-cyber-attack/
  • Unidentified cyberattackers force Alaska Court System to disconnect from internet https://www.databreaches.net/unidentified-cyberattackers-force-alaska-court-system-to-disconnect-from-internet/
  • Za: VirginActive goes offline after cyberattack https://www.databreaches.net/za-virginactive-goes-offline-after-cyberattack/
  • A massive DDoS knocked offline Belgian government websites https://securityaffairs.co/wordpress/117529/hacking/belgiums-ddos-attack.html
  • Belgium's parliament and universities hit by cyber attack https://www.databreaches.net/belgiums-parliament-and-universities-hit-by-cyber-attack/
  • CISA Alert Describes FiveHands Ransomware Threat https://www.databreachtoday.com/cisa-alert-describes-fivehands-ransomware-threat-a-16543
  • CISA Analyzes FiveHands Ransomware https://www.securityweek.com/cisa-analyzes-fivehands-ransomware
  • N3TW0RM ransomware emerges in wave of cyberattacks in Israel https://www.bleepingcomputer.com/news/security/n3tw0rm-ransomware-emerges-in-wave-of-cyberattacks-in-israel/

• Follow-ups and fall-out:

  • Apple brass discussed disclosing 128-million iPhone hack, then decided not to https://arstechnica.com/gadgets/2021/05/apple-brass-discussed-disclosing-128-million-iphone-hack-then-decided-not-to/
  • 58% of organizations fail to acknowledge data breach disclosures https://www.comparitech.com/blog/information-security/data-breach-disclosures/
  • Here's the breakdown of cybersecurity stats only law firms usually see https://www.databreaches.net/heres-the-breakdown-of-cybersecurity-stats-only-law-firms-usually-see/
  • They Told Their Therapists Everything. Hackers Leaked It All https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach
  • Then a Hacker Began Posting Patients' Deepest Secrets Online https://www.databreaches.net/then-a-hacker-began-posting-patients-deepest-secrets-online/
  • The City of Chicago Provides Notice of Jones Day Incident Due to Accellion Hack https://www.databreaches.net/the-city-of-chicago-provides-notice-of-jones-day-incident-due-to-accellion-hack/
  • Exclusive: What Happened? A dispute between NightLion Security and Astoria Company Escalates https://www.databreaches.net/exclusive-what-happened-a-dispute-between-nightlion-security-and-astoria-company-escalates/

Privacy

Articles about privacy related news, risks, and trends.

• Don't Buy Into Facebook's Ad-Tracking Pressure on iOS 14.5 https://www.wired.com/story/facebook-ad-tracking-pressure-ios-14-5
• What not to expect when you're expecting: Fertility apps may be selling intimate health secrets https://www.theregister.com/2021/05/05/fertility_apps_leak_personal_information/
• Your Car Is Spying on You, and a CBP Contract Shows the Risks https://theintercept.com/2021/05/03/car-surveillance-berla-msab-cbp/
• How private is your Gmail, and should you switch? https://www.theguardian.com/technology/2021/may/09/how-private-is-your-gmail-and-should-you-switch
• 4 Major Privacy and Security Updates From Google You Should Know About https://thehackernews.com/2021/05/4-major-privacy-and-security-updates.html
• Google Play Store to add privacy information for all Android apps https://www.bleepingcomputer.com/news/google/google-play-store-to-add-privacy-information-for-all-android-apps/
• Microsoft Pledges to Store European Cloud Data in EU https://www.securityweek.com/microsoft-pledges-store-european-cloud-data-eu
• Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away https://www.theregister.com/2021/05/07/schrems_slams_microsoft_eu_data/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Speaking Out on Bill C-10 and the Regulation of User Generated Content https://www.michaelgeist.ca/2021/05/speaking-out-on-bill-c-10-and-the-regulation-of-user-generated-content/
  • The Law Bytes Podcast, Episode 86: CCLA's Cara Zwibel on the Free Speech Risks of Bill C-10 and the Guilbeault Internet Plan https://www.michaelgeist.ca/2021/05/law-bytes-podcast-episode-86/
  • Ontario court tosses vaccine-rollout discrimination lawsuit over jurisdiction https://toronto.ctvnews.ca/ontario-court-tosses-vaccine-rollout-discrimination-lawsuit-over-jurisdiction-1.5414709
  • Verbal agreements - Customer records 3 Bell reps offering same deal, then is told he can't have it https://www.cbc.ca/news/business/bell-customer-deal-recording-data-1.6004451

• US:

  • Circuit Split No More: 2nd Circuit Clarifies Article III Standing in Data Breach Cases https://www.databreaches.net/circuit-split-no-more-2nd-circuit-clarifies-article-iii-standing-in-data-breach-cases/
  • Can Evidence Collected by Cellebrite's Tools Be Trusted? https://www.databreachtoday.com/interviews/evidence-collected-by-cellebrites-tools-be-trusted-i-4889
  • Florida girl, 18, faces 16-year jail for hacking ‘homecoming queen' contest with mom's help https://www.databreaches.net/florida-girl-18-faces-16-year-jail-for-hacking-homecoming-queen-contest-with-moms-help/
  • Scraping Episodes Highlight Debate Over Anti-Hacking Law's Scope https://www.databreaches.net/scraping-episodes-highlight-debate-over-anti-hacking-laws-scope/
  • SEC Chair: Congress Should Regulate Crypto Exchanges https://www.pymnts.com/cryptocurrency/2021/sec-chair-congress-should-regulate-crypto-exchanges/
  • Does the Computer Fraud and Abuse Act Reach Cloud-Based Services and Systems? https://www.manatt.com/insights/newsletters/privacy-and-data-security/does-the-computer-fraud-and-abuse-act-reach-cloud
  • The Florida Deplatforming Law is Unconstitutional. Always has Been. https://www.eff.org/deeplinks/2021/05/florida-deplatforming-law-unconstitutional-always-has-been
  • 80% of Net Neutrality Comments to FCC Were Fudged https://threatpost.com/net-neutrality-comments-fcc-fudged/165943/
  • Fake Comments on Net Neutrality Rollback to Cost Companies Millions https://www.nytimes.com/2021/05/06/technology/internet-providers-fake-comments-net-neutrality-new-york.html
  • ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality https://www.wired.com/story/isps-funded-85-million-fake-comments-opposing-net-neutrality
  • States Push Back Against Use of Facial Recognition by Police https://www.securityweek.com/states-push-back-against-use-facial-recognition-police
  • Defense contractor Honeywell fined $13M for sharing documents with China, other countries https://thehill.com/policy/defense/552139-defense-contractor-honeywell-fined-13m-for-sharing-documents-with-china-other
  • Snap can be sued for fueling a fatal car crash with its speed filter, court rules https://www.theverge.com/2021/5/5/22420679/snapchat-speed-filter-wrongful-death-lemmon-snap-appeals-ruling-section-230
  • Tesla to pay $750k fine and build solar microgrid system to settle California air quality violations https://www.theverge.com/2021/5/8/22426190/tesla-fine-build-microgrid-system-settle-california-air-quality-violations
  • FTC report blasts manufacturers for restricting product repairs https://www.theverge.com/2021/5/7/22424363/ftc-repair-restrictions-report-nixing-the-fix-smartphones-automakers

• Standards News:

  • NIST Seeks Input on HIPAA Security Rule Guidance Update https://www.databreachtoday.com/nist-seeks-input-on-hipaa-security-rule-guidance-update-a-16519
  • NIST/NCCoE second draft of NIST Special Publication 1800-30 on Securing Telehealth Remote Patient Monitoring Ecosystem open for comments through June 7th https://csrc.nist.gov/publications/detail/sp/1800-30/draft
  • NIST hosted a cybersecurity symposium for space based assets, slide decks can be found at https://www.nist.gov/news-events/events/2021/05/inaugural-space-cybersecurity-symposium-access-start-up

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• List of Resource Links from SANS New to Cyber Summit 2021 https://www.sans.org/blog/list-of-resource-links-from-sans-new-to-cyber-summit-2021
• NSA Issues Guidance on Securing IT-OT Connectivity https://www.securityweek.com/nsa-issues-guidance-securing-it-ot-connectivity
• Teaching Cybersecurity to Children https://www.schneier.com/blog/archives/2021/05/teaching-cybersecurity-to-children.html
• Google Chrome adopts Windows 10 exploit protection feature https://www.bleepingcomputer.com/news/security/google-chrome-adopts-windows-10-exploit-protection-feature/
• Google Gets Serious About Two-Factor Authentication. Good! https://www.wired.com/story/google-two-factor-authentication-default
• DOD expands bug disclosure program to all publicly accessible systems https://www.bleepingcomputer.com/news/security/dod-expands-bug-disclosure-program-to-all-publicly-accessible-systems/
• DOD Expands Vulnerability Disclosure Program to Web-Facing Targets https://www.securityweek.com/dod-expands-vulnerability-disclosure-program-web-facing-targets
• 'Hack the Pentagon' Program Expands https://www.databreachtoday.com/hack-pentagon-program-expands-a-16533
• Making the Internet more secure one signed container at a time https://security.googleblog.com/2021/05/making-internet-more-secure-one-signed.html
• MITRE ATT&CK for Containers: Why It Matters https://www.trendmicro.com/en_us/research/21/e/mitre-attach-for-containers-why-it-matters.html
• Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation https://www.microsoft.com/security/blog/2021/05/05/stopping-carbanakfin7-how-microsoft-led-in-the-mitre-engenuity-attck-evaluation/
• AI security risk assessment using new tool 'Counterfit' https://www.microsoft.com/security/blog/2021/05/03/ai-security-risk-assessment-using-counterfit/
• Defending Against Web Scraping Attacks https://www.darkreading.com/endpoint/defending-against-web-scraping-attacks/a/d-id/1340846
• Keeping Excess Out of Access https://blog.isc2.org/isc2_blog/2021/05/keeping-excess-out-of-access.html
• Mitigating the Risks of Malicious OAuth Apps https://www.databreachtoday.com/mitigating-risks-malicious-oauth-apps-a-16532
• Anti-DOXing Checklist: How to protect your data online https://www.kaspersky.com/blog/anti-doxing-checklist/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Apple Fixes Zero‑Day Security Bugs Under Active Attack https://threatpost.com/apple-zero%e2%80%91days-active-attack/165842/
• Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs https://threatpost.com/pulse-secure-vpns-fix-critical-zero-day-bugs/165850/
• Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild https://thehackernews.com/2021/05/top-11-security-flaws-russian-spy.html
• ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking https://thehackernews.com/2021/05/alert-new-21nails-exim-bugs-expose.html
• Anti-Spam WordPress Plugin Could Expose Website User Data https://threatpost.com/anti-spam-wordpress-plugin-expose-data/165901/
• Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands https://www.theregister.com/2021/05/07/cisco_hyperflex_critical_flaw/
• Foxit Reader bug lets attackers run malicious code via PDFs https://www.bleepingcomputer.com/news/security/foxit-reader-bug-lets-attackers-run-malicious-code-via-pdfs/
• New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers https://thehackernews.com/2021/05/new-tsuname-flaw-could-let-attackers.html
• Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications https://www.imperva.com/blog/software-supply-chain-risks-and-attack/
• BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html
• Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs https://threatpost.com/dell-kernel-privilege-bugs/165843/
• New Spectre-Like Attacks https://www.schneier.com/blog/archives/2021/05/new-spectre-like-attacks.html
• Intel, AMD Dispute Findings on Chip Vulnerabilities https://www.databreachtoday.com/intel-amd-dispute-findings-on-chip-vulnerabilities-a-16535
• New Attacks Slaughter All Spectre Defenses https://threatpost.com/attacks-slaughter-spectre-defenses/165809/
• Is your password too easy to guess? Experts say the most popular password this year is '123456' https://toronto.ctvnews.ca/is-your-password-too-easy-to-guess-experts-say-the-most-popular-password-this-year-is-123456-1.5417576
• The Wages of Password Re-use: Your Money or Your Life https://krebsonsecurity.com/2021/05/the-wages-of-password-re-use-your-money-or-your-life/
• Android Updates for May 2021 Patch Over 40 Vulnerabilities https://www.securityweek.com/android-updates-may-2021-patch-over-40-vulnerabilities
• Fix for critical Qualcomm chip flaw is making its way to Android devices https://arstechnica.com/gadgets/2021/05/fix-for-critical-qualcomm-chip-flaw-is-making-its-way-to-android-devices/
• Microsoft to fully remove Adobe Flash from Windows 10 in July https://www.theverge.com/2021/5/4/22418889/adobe-flash-player-windows-10
• Windows Defender bug fills Windows 10 boot drive with thousands of files https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/
• Tesla Remotely Hacked from a Drone https://www.schneier.com/blog/archives/2021/05/tesla-remotely-hacked-from-a-drone.html
• Tesla Car Hacked Remotely From Drone via Zero-Click Exploit https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit
• Researchers Find Bugs Using Single-Codebase Inconsistencies https://www.darkreading.com/application-security/researchers-find-bugs-using-single-codebase-inconsistencies/d/d-id/1340892

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Malicious Office 365 Apps Are the Ultimate Insiders https://krebsonsecurity.com/2021/05/malicious-office-365-apps-are-the-ultimate-insiders/
  • Malware Loader Abuses Google SEO to Expand Payload Delivery https://threatpost.com/malware-loader-google-seo-payload/164377/
  • Microsoft: Business email compromise attack targeted dozens of orgs https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attack-targeted-dozens-of-orgs/
  • New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations https://thehackernews.com/2021/05/new-stealthy-rootkit-infiltrated.html
  • New Windows 'Pingback' malware uses ICMP for covert communication https://www.bleepingcomputer.com/news/security/new-windows-pingback-malware-uses-icmp-for-covert-communication/
  • New Panda Stealer Targets Cryptocurrency Wallets https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html
  • Don't click the link! Scam threatens website with copyright legal action https://www.comparitech.com/blog/information-security/copyright-infringement-scam/

• Nation State Actors:

  • US and UK Issue Joint Alert on Russian Cyber Activity https://www.databreachtoday.com/us-uk-issue-joint-alert-on-russian-cyber-activity-a-16547
  • Chinese Group Apparently Targeted Russian Defense Contractor https://www.databreachtoday.com/chinese-group-apparently-targeted-russian-defense-contractor-a-16510
  • New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer https://thehackernews.com/2021/05/new-chinese-malware-targeted-russias.html
  • Iran's Military Reportedly Backs Ransomware Campaign https://www.databreachtoday.com/irans-military-reportedly-backs-ransomware-campaign-a-16517
  • Researchers Uncover Iranian State-Sponsored Ransomware Operation https://thehackernews.com/2021/05/researchers-uncover-iranian-state.html

• Crime & Arrests, etc.:

  • Bulletproof hosting admins plead guilty to running cybercrime safe haven https://www.bleepingcomputer.com/news/security/bulletproof-hosting-admins-plead-guilty-to-running-cybercrime-safe-haven/
  • Identifying the Person Behind Bitcoin Fog https://www.schneier.com/blog/archives/2021/05/identifying-the-person-behind-bitcoin-fog.html

Other Security / Risk

Articles covering other types of risks.

• Cybersecurity Experts Share Thoughts for World Password Day https://www.securityweek.com/cybersecurity-experts-share-thoughts-world-password-day
• We Should All Be More Afraid of Driving https://www.theatlantic.com/ideas/archive/2021/05/car-accident/618766/
• Troy Hunt: Organizations Make Security Choices Tough for Users https://www.darkreading.com/operations/troy-hunt-organizations-make-security-choices-tough-for-users/d/d-id/1340950
• U.S. Missile Defense Agency Cancels Cyber Tests Year After Year https://www.secureworldexpo.com/industry-news/missile-defense-agency-cybersecurity-problems
• Penetration testing leaving organizations with too many blind spots https://www.helpnetsecurity.com/2021/04/29/penetration-testing-blind-spots/
• White House Launches Website for National AI Initiative, AI.Gov https://epic.org/2021/05/white-house-launches-website-f.html
• Who is Probing the Internet for Research Purposes?, (Sat, May 8th) https://isc.sans.edu/diary/rss/27400
• Why a Shortage Has Made Computer Chips the New Toilet Paper https://www.nytimes.com/2021/05/07/technology/computer-chip-shortages-toilet-paper-pandemic.html
• Network Solutions and Register.com hit by ongoing DNS outage https://www.bleepingcomputer.com/news/technology/network-solutions-and-registercom-hit-by-ongoing-dns-outage/
• Newer Generic Top-Level Domains a Security 'Nuisance' https://www.darkreading.com/threat-intelligence/newer-generic-top-level-domains-a-security-nuisance-/d/d-id/1340922
• EPIC, Coalition Urge Spotify to Abandon Speech-Recognition Technology https://epic.org/2021/05/epic-coalition-urge-spotify-to.html
• Risky Business #622 -- GitHub weighs exploit ban https://risky.biz/RB622
• We're Getting Buried in Browser Tabs And Scientists Want to Fix It https://www.sciencealert.com/tab-overload-is-a-common-problem-for-people-browsing-the-internet-survey-finds
• Border Police Wants a Bite of Burgeoning Anti-Drone Industry https://theintercept.com/2021/05/03/cbp-border-drones-military/
• The NYPD's Robot Dog Was a Really Bad Idea: Here's What Went Wrong https://www.scientificamerican.com/article/the-nypds-robot-dog-was-a-really-bad-idea-heres-what-went-wrong/
• IBM's new chip breakthrough may ‘quadruple' phone battery life, company claims https://www.independent.co.uk/life-style/gadgets-and-tech/ibm-chip-quadruple-phone-battery-b1843561.html
• How Should the Service Desk Reset Passwords? https://thehackernews.com/2021/05/how-should-service-desk-reset-passwords.html
• Idaho school shooting: Girl in Rigby wounds three, police say https://www.bbc.co.uk/news/world-us-canada-57018329
• Most Ontarians unaware of hydro pricing options: poll https://globalnews.ca/news/7836212/most-ontarians-unaware-of-hydro-pricing-options-poll/
• The Story of Colossus https://www.schneier.com/blog/archives/2021/05/the-story-of-colossus.html

• Health, Safety & Environment:

  • How we created the ‘perfect storm' for pandemics https://scienmag.com/how-we-created-the-perfect-storm-for-pandemics/
  • Fauci said it's 'quite possible' people will continue wearing masks during 'seasonal periods' to prevent the flu https://www.businessinsider.com/fauci-face-masks-seasonal-flu-2021-5
  • ‘Drive very slowly': UBCO research looks at speed bumps and pregnancy https://globalnews.ca/news/7841283/ubco-research-speed-bumps-pregnancy/
  • New research sets stage for development of salmonella vaccine https://scienmag.com/new-research-sets-stage-for-development-of-salmonella-vaccine/
  • New Strep A human challenge model paves the way to test vaccines against the deadly bacteria https://scienmag.com/new-strep-a-human-challenge-model-paves-the-way-to-test-vaccines-against-the-deadly-bacteria/
  • Ticks a growing problem in Ontario, experts warn https://toronto.ctvnews.ca/ticks-a-growing-problem-in-ontario-experts-warn-1.5419147
  • Fear Is the Key to Convincing Residents to Evacuate before a Storm https://www.scientificamerican.com/article/fear-is-the-key-to-convincing-residents-to-evacuate-before-a-storm/
  • Nasa criticises ‘irresponsible' China after rocket crashes into Indian Ocean https://www.independent.co.uk/news/world/asia/chinese-rocket-crash-land-nasa-b1844514.html
  • Uncontrolled Rocket Segment Finally Re-Entered Earth's Atmosphere https://www.sciencealert.com/long-march-5b-rocket-segments-re-enters-atmosphere-disintegrates-over-indian-ocean
  • China's emissions now exceed all the developed world's combined https://phys.org/news/2021-05-china-emissions-world-combined.html
  • Shiitake Diapers: Team of Toronto High-School Girls win $30,000 in North American STEM competition https://toronto.ctvnews.ca/shiitake-diapers-toronto-teens-win-30-000-in-north-american-stem-competition-1.5419065
  • Carbon Capture Technologies Are Improving Nicely https://www.scientificamerican.com/article/carbon-capture-technologies-are-improving-nicely/
  • Transforming atmospheric carbon into industrially useful materials https://scienmag.com/transforming-atmospheric-carbon-into-industrially-useful-materials/
  • Toronto launches dog waste pilot project https://toronto.ctvnews.ca/toronto-launches-dog-waste-pilot-project-1.5413603

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • A 'more rapidly spreading virus' is fueling India's mega COVID-19 surge, WHO chief scientist says https://www.businessinsider.com/india-coronavirus-variant-more-transmissible-who-says-2021-5
  • CDC website now emphasizes coronavirus spreads in the air - CNN https://apple.news/AvZhbpljATEmErcGaz-GVOw
  • Droplet, aerosol, airborne: The confusion over how COVID-19 spreads https://globalnews.ca/news/7838988/droplet-aerosol-airborne-how-covid-19-spreads/
  • How the world missed more than half of all Covid-19 deaths https://www.vox.com/22422794/covid-19-death-numbers-total-us-vaccine-ihme
  • We may never know the exact toll of the pandemic https://www.theverge.com/2021/5/8/22424422/pandemic-covid-coronavirus-death-toll-estimate-antivirus
  • Despite COVID-19 vaccine ramp up, experts say Canada still in for ‘summer of uncertainty' https://globalnews.ca/news/7845381/covid-summer-canada-vaccinations/
  • ‘Are we in trouble? Absolutely’: Alberta battles worst Covid rate in North America https://www.theguardian.com/world/2021/may/06/canada-alberta-pandemic-north-america-coronavirus-covid
  • Ontario teen dies with COVID-19 on same day he was admitted to hospital https://toronto.ctvnews.ca/ontario-teen-dies-with-covid-19-on-same-day-he-was-admitted-to-hospital-1.5418209
  • An Oregon church sued over covid-19 restrictions. Now, an outbreak there has sickened 74. https://www.washingtonpost.com/nation/2021/05/07/oregon-peoples-church-covid-outbreak/

• Guidance, Response, and Recovery:

  • Bees Have Been Trained to Smell COVID-19 And Identify a Case Within Seconds https://www.sciencealert.com/bees-can-smell-covid-19-and-they-can-identify-a-case-within-seconds

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Why is COVID-19 so hard to treat? Growing evidence points to unique infectious profile https://scienmag.com/why-is-covid-19-so-hard-to-treat-growing-evidence-points-to-unique-infectious-profile/
  • Hand dermatitis in two thirds of public due to stringent hand hygiene during COVID https://scienmag.com/hand-dermatitis-in-two-thirds-of-public-due-to-stringent-hand-hygiene-during-covid/

• Immunity and Vaccinations:

  • Canada's vaccination rate is eclipsing the U.S. Experts say the comparison is complicated https://globalnews.ca/news/7841461/canada-us-vaccine-rates/
  • Herd immunity for COVID-19 may not be reached in Canada, experts say https://globalnews.ca/news/7838870/covid-herd-immunity-canada-not-reached/
  • Herd immunity: How it works and why it's a lofty goal for COVID-19 https://globalnews.ca/news/7842580/coronavirus-herd-immunity-vaccine/
  • Millions Are Saying No to the Vaccines. What Are They Thinking? https://www.theatlantic.com/ideas/archive/2021/05/the-people-who-wont-get-the-vaccine/618765/
  • Tam warns that full vaccination does not equal full protection from COVID-19 https://www.ctvnews.ca/health/coronavirus/tam-warns-that-full-vaccination-does-not-equal-full-protection-from-covid-19-1.5419843
  • Front-line medical workers call for vaccine prioritization as many remain with one dose https://www.ctvnews.ca/health/coronavirus/front-line-medical-workers-call-for-vaccine-prioritization-as-many-remain-with-one-dose-1.5417511
  • Canadians companies offer freebies, discounts to customers vaccinated against COVID-19 https://globalnews.ca/news/7846879/canadian-companies-discounts-vaccinated/
  • 'Hold onto the light': Toronto to vaccinate 50% of all adults with first doses this weekend https://toronto.ctvnews.ca/hold-onto-the-light-toronto-to-vaccinate-50-of-all-adults-with-first-doses-this-weekend-1.5419727
  • In Shocking Move, U.S. Backs Waiving Patents on COVID Vaccines https://www.scientificamerican.com/article/in-shocking-move-u-s-backs-waiving-patents-on-covid-vaccines/
  • Sinopharm: Chinese Covid vaccine gets WHO emergency approval https://www.bbc.co.uk/news/world-asia-china-56967973
  • WHO experts cite ‘low confidence' in Sinopharm's COVID-19 vaccine data https://globalnews.ca/news/7836084/who-sinopharm-covid-vaccine-china/
  • Pfizer, AstraZeneca vaccines 87% effective in 60+ age group after one dose: data https://globalnews.ca/news/7842318/pfizer-astrazeneca-vaccines-effectiveness-data/
  • Why your 1st COVID-19 shot is more protective than you might think https://www.cbc.ca/news/health/covid-19-vaccine-first-dose-protection-canada-1.6009822
  • Not available in Canada: A look at COVID-19 vaccine tech from China, India and Cuba https://www.cbc.ca/news/science/inactivated-conjugate-covid-19-vaccines-1.6011962
  • Some universities say no to proof of vaccination requirement https://www.680news.com/2021/05/09/some-universities-say-no-to-proof-of-vaccination-requirement-2/

• Impact:

  • Canada lost 207,000 jobs in April amid renewed COVID-19 restrictions https://globalnews.ca/news/7842060/april-jobs-data-statistics-canada/
  • Ontario sheds 153,000 jobs in April following tightening of public health restrictions https://toronto.ctvnews.ca/ontario-sheds-153-000-jobs-in-april-following-tightening-of-public-health-restrictions-1.5418542
  • Feds Shut Down Fake COVID-19 Vaccine Phishing Website https://threatpost.com/feds-fake-covid-19-vaccine-phishing-website/165872/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Where do all the masks go? One Quebec company says it shouldn't be the garbage https://globalnews.ca/news/7818074/disposable-covid-masks-quebec-recycling/
  • Two travellers slapped with hefty fines for presenting fake COVID-19 test results at Toronto airport: Transport Canada https://toronto.ctvnews.ca/two-travellers-slapped-with-hefty-fines-for-presenting-fake-covid-19-test-results-at-toronto-airport-transport-canada-1.5416514
  • Hundreds of charges laid in Toronto this week after police bust 'concerningly high' number of parties https://toronto.ctvnews.ca/hundreds-of-charges-laid-in-toronto-this-week-after-police-bust-concerningly-high-number-of-parties-1.5418723

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• A Skull From the 1845 Franklin Expedition Was Just Identified Using a Descendant's DNA https://www.mentalfloss.com/article/646289/franklin-expedition-victim-identified-using-dna-analysis
• A test subject who spent 40 days in a cave for science breaks down what it was like, from weird sleep patterns to generating power with a bike https://www.businessinsider.com/test-subject-cave-40-days-lombrives-time-isolation-2021-5
• Hologram experts can now create real-life images that move in the air https://scienmag.com/hologram-experts-can-now-create-real-life-images-that-move-in-the-air/
• SpaceX Sticks the Landing in Latest Starship Test Flight https://www.scientificamerican.com/article/spacex-sticks-the-landing-in-latest-starship-test-flight/
• Can You Guess Which Odd Items Humanity Has Sent to Space? https://www.mentalfloss.com/article/646170/quiz-space-items-nasa
• NASA Mars Helicopter Makes One-Way Flight to New Mission https://www.nytimes.com/2021/05/07/science/mars-helicopter-nasa.html
• We Could Detect Extraterrestrial Satellite Megaconstellations Within a few Hundred Light-Years https://www.universetoday.com/151114/we-could-detect-extraterrestrial-satellite-megaconstellations-within-a-few-hundred-light-years/
• Why Are There No Green Stars? https://www.mentalfloss.com/article/646261/why-are-there-no-green-stars