Welcome to This Week’s [in]Security. PCI WFH FAQs, Standard updates, Mercari breach, Hashes Unsafe. New breaches: 23 Android Apps, Air India, Daily Quiz. New Ransomware: Banning payouts, Double Encryption. Follow-ups & Fall-out: SolarWinds, Codecov, Water Plant. Privacy: Apple, Cams, Health tools. Laws & Regs - Canada: C-10, Vaccine Patents. US: Pipeline Bills, IRS Crypto, Lawsuit backfires, Snapchat suit, Tesla review. UK, EU, HK: Facebook probe, WhatsApp, Sanctions, Crypto wars, USK MSP regs. Standards: Data Classification. Defense: ZeroDays, Phone numbers, Passwords, Simuland, Russian Keyboards, Explorer RIP. Vulnerabilities: Android, Windows RCE, Tool Abuse, Planes, (no trains), Automobiles. Cybercrime - Trends: Apple, Stuffing, Bizarro, Lazy Ransomware? Nation States. Crime. The2011 RSA Hack. Other Risks: Stress, Critical Infrastructure, Gig risgs, Busted for weak Wi-Fi? Just daft. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Learned. Covid Ugly. Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• 3 new PCI FAQs:

  • Are entities expected to do onsite audits of personnel work-from-home environments? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Are-entities-expected-to-do-onsite-audits-of-personnel-work-from-home-environments
  • For personnel working from home, is the work-from-home environment considered a “sensitive area” for PCI DSS Requirement 9? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/For-personnel-working-from-home-is-the-work-from-home-environment-considered-a-sensitive-area-for-PCI-DSS-Requirement-9
  • Is an assessor required to visit work-from-home environments to determine if personnel are meeting PCI DSS requirements? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Is-an-assessor-required-to-visit-work-from-home-environments-to-determine-if-personnel-are-meeting-PCI-DSS-requirements
  • Updated Index of PCI FAQs https://controlgap.com/index-pci-frequently-asked-questions/

• PCI Updates for 3DS, SPoC, Secure Software:

  • New Technical FAQs for PCI 3DS Security Standards https://blog.pcisecuritystandards.org/new-technical-faqs-for-pci-3ds-security-standards
  • Just published: SPoC Unsupported Operating Systems Annex https://blog.pcisecuritystandards.org/just-published-spoc-unsupported-operating-systems-annex
  • SPoC Unsupported OS Annex https://www.pcisecuritystandards.org/documents/SPoC_Program_Guide_v1.3.pdf
  • Secure Software Standard Summary of Changes https://www.pcisecuritystandards.org/documents/PCI-Secure-Software-Standard-Summary-of-Changes-v1_0-to-v1_1.pdf
  • Request for Comments: P2PE v3.1 Draft Standard https://blog.pcisecuritystandards.org/request-for-comments-p2pe-v3-1-draft-standard
• E-commerce giant Mercari suffers major data breach in Codecov incident https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/
• How a $1200 Graphics Card Threatens Your PCI DSS Compliance and Security https://www.controlgap.com/Cracking-PAN-hashes/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Data of 100+ million Android users exposed via misconfigured cloud services https://www.bleepingcomputer.com/news/security/data-of-100-plus-million-android-users-exposed-via-misconfigured-cloud-services/
  • Air India: Data Processor Breach Affected Millions https://www.databreachtoday.com/air-india-data-processor-breach-affected-millions-a-16721
  • Daily Quiz - 8,032,404 breached accounts https://haveibeenpwned.com/PwnedWebsites#DailyQuiz
  • Moneycontrol - 762,874 breached accounts https://haveibeenpwned.com/PwnedWebsites#Moneycontrol
  • NY: Student names, vendor bank account info exposed in Buffalo Public Schools cyber attack https://www.databreaches.net/ny-student-names-vendor-bank-account-info-exposed-in-buffalo-public-schools-cyber-attack/
  • Recruiter's Cloud Snafu Exposes 20,000 CVs and ID Documents https://www.databreaches.net/recruiters-cloud-snafu-exposes-20000-cvs-and-id-documents/
  • Student health insurance carrier Guard.me suffers a data breach https://www.bleepingcomputer.com/news/security/student-health-insurance-carrier-guardme-suffers-a-data-breach/

• New Ransomware and "Incidents":

  • Ransomware: Should paying hacker ransoms be illegal? https://www.bbc.co.uk/news/technology-57173096
  • Double-Encrypting Ransomware https://www.schneier.com/blog/archives/2021/05/double-encrypting-ransomware.html
  • Ransomware's Dangerous New Trick: Double-Encrypting Your Data https://www.wired.com/story/ransomware-double-encryption
  • Could the ransomware crisis force action against Russia? https://www.technologyreview.com/2021/05/21/1025159/colonial-pipeline-russia-usa-hackers/
  • Ransomware victim shows why transparency in attacks matters https://www.bleepingcomputer.com/news/security/ransomware-victim-shows-why-transparency-in-attacks-matters/
  • Alaska Health Department Website Targeted in Malware Attack https://www.securityweek.com/alaska-health-department-website-targeted-malware-attack
  • CA: Sierra College victim of ransomware incident https://www.databreaches.net/ca-sierra-college-victim-of-ransomware-incident/
  • Conti ransomware gives HSE Ireland free decryptor, still selling data https://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/

• Follow-ups and fall-out:

  • Attackers Were Inside SolarWinds in January 2019 https://www.databreachtoday.com/attackers-were-inside-solarwinds-in-january-2019-a-16702
  • Russia spy chief suggests West behind SolarWinds cyber-attack https://www.bbc.co.uk/news/world-europe-57144297
  • Codecov hackers gained access to Monday.com source code https://www.bleepingcomputer.com/news/security/codecov-hackers-gained-access-to-mondaycom-source-code/
  • Probe Into Florida Water Plant Hack Led to Discovery of Watering Hole Attack https://www.securityweek.com/probe-florida-water-plant-hack-led-discovery-watering-hole-attack-0
  • Yam - 13,258,797 breached accounts https://haveibeenpwned.com/PwnedWebsites#Yam
  • IIMJobs - 4,216,063 breached accounts https://haveibeenpwned.com/PwnedWebsites#IIMJobs
  • Updating: CaptureRx incident impacted almost 2 million people https://www.databreaches.net/updating-capturerx-incident-impacted-almost-2-mllion-people/
  • Livpure - 269,552 breached accounts https://haveibeenpwned.com/PwnedWebsites#Livpure
  • NY: Filters Fast Settles Charges Stemming from Failure to Patch Critical Vulnerability Exploited in 2019 Data Breach https://www.databreaches.net/ny-filters-fast-settles-charges-stemming-from-failure-to-patch-critical-vulnerability-exploited-in-2019-data-breach/
  • USA Data Breach Tracker https://www.comparitech.com/blog/information-security/data-breach-tracker/

Privacy

Articles about privacy related news, risks, and trends.

• Correspondence between the Citizen Lab and NSO Group Regarding The Great iPwn https://citizenlab.ca/2021/05/correspondence-between-the-citizen-lab-and-nso-group-regarding-the-great-ipwn/
• Apple sent my data to the FBI, says boss of controversial research paper trove Sci-Hub https://www.theregister.com/2021/05/17/sci_hub_apple_fbi_claim/
• Eufycam Wi-Fi security cameras streamed video feeds from other people's homes https://www.theregister.com/2021/05/17/in_brief_security/
• People are uncomfortable with digital health tools used to control COVID-19 https://www.theverge.com/2021/5/19/22442788/digital-health-data-covid-survey-skepticism-google-apple
• Fighting Disciplinary Technologies https://www.eff.org/deeplinks/2021/05/fighting-disciplinary-technologies
• Should Alexa Read Our Moods? https://www.nytimes.com/2021/05/19/technology/alexa.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Not Just Big Tech: Government Memo Shows Bill C-10 Targets News Sites, Podcast and Workout Apps, Adult Websites, Audiobooks, and Sports Streamers for CRTC Regulation https://www.michaelgeist.ca/2021/05/not-just-big-techbillc10/
  • Debating Bill C-10 at the Canadian Heritage Committee, Part One: My Opening Statement https://www.michaelgeist.ca/2021/05/debating-bill-c-10/
  • Debating Bill C-10 at the Canadian Heritage Committee, Part Two: A Special Law Bytes Podcast https://www.michaelgeist.ca/2021/05/special-law-bytes-podcastc10/
  • Iran's downing of Flight 752 was act of terrorism, Ontario court rules https://globalnews.ca/news/7880194/iran-downing-flight-752-terrorism-ontario-court/
  • Ca: Accused Netwalker affiliate facing extradition on ransomware charges denied release https://www.databreaches.net/ca-accused-netwalker-affiliate-facing-extradition-on-ransomware-charges-denied-release/
  • The Law Bytes Podcast, Episode 88: Ellen ‘T Hoen on Waiving Patents to Support Global Access to COVID Vaccines https://www.michaelgeist.ca/2021/05/law-bytes-podcast-episode-88/

• US:

  • 2 Bills Introduced in Wake of Colonial Pipeline Attack https://www.databreachtoday.com/2-bills-introduced-in-wake-colonial-pipeline-attack-a-16666
  • The US Treasury wants every crypto transfer larger than $10,000 to be reported to the IRS https://www.businessinsider.com/us-treasury-crypto-transfer-10000-reported-irs-taxes-bitcoin-btc-2021-5
  • Colorado Makes Doxxing Public Health Workers Illegal https://www.nytimes.com/2021/05/19/us/colorado-doxxing-law.html
  • Washington State Has Sued a Patent Troll For Violating Consumer Protection Laws https://www.eff.org/deeplinks/2021/05/washington-state-has-sued-patent-troll-violating-consumer-protection-laws
  • City pays $350,000 after suing “hackers” for opening Dropbox link it sent them https://www.databreaches.net/city-pays-350000-after-suing-hackers-for-opening-dropbox-link-it-sent-them/
  • Lawsuit Against Snapchat Rightfully Goes Forward Based on “Speed Filter,” Not User Speech https://www.eff.org/deeplinks/2021/05/lawsuit-against-snapchat-rightfully-goes-forward-based-speed-filter-not-user
  • Tesla 'under review' by California DMV over whether it misleads consumers with 'full self-driving' claims (TSLA) https://www.businessinsider.com/tesla-california-dmv-review-full-self-driving-claims-mislead-consumers-2021-5

• World:

  • Ireland Rejects Facebook Bid to Block Regulatory Data Probe https://www.securityweek.com/ireland-rejects-facebook-bid-block-regulatory-data-probe
  • Argentina Orders Facebook to Suspend WhatsApp Data Sharing https://www.securityweek.com/argentina-orders-facebook-suspend-whatsapp-data-sharing
  • European Union Extends Framework for Cyberattack Sanctions https://www.securityweek.com/european-union-extends-framework-cyberattack-sanctions
  • Should encryption be curbed to combat child abuse? https://www.bbc.co.uk/news/business-57050689
  • The UK loves cybersecurity so much, it's going to regulate managed service providers' infosec practices in law https://www.theregister.com/2021/05/18/ukgov_cybersecurity_reviews_supply_chain_cma/
  • HSE hack: High Court grants orders barring use of stolen data https://www.databreaches.net/hse-hack-high-court-grants-orders-barring-use-of-stolen-data/
  • UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times https://www.theregister.com/2021/05/20/amex_fine_50m_spam/
  • If Space Junk Falls on Your House, Are There Laws to Protect You? https://www.sciencealert.com/if-space-junk-falls-on-your-house-are-there-laws-to-protect-you

• Standards News:

  • The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Data Classification Practices: Facilitating Data-Centric Security open for comment until June 21 https://csrc.nist.gov/publications/detail/white-paper/2021/05/19/data-classification-practices-data-centric-security-management/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Making Zero-Day Flaws Disappear https://www.databreachtoday.com/making-zero-day-flaws-disappear-a-16650
• Recycle Your Phone, Sure, But Maybe Not Your Number https://krebsonsecurity.com/2021/05/recycle-your-phone-sure-but-maybe-not-your-number/
• Why Password Hygiene Needs a Reboot https://thehackernews.com/2021/05/why-password-hygiene-needs-reboot.html
• Microsoft releases SimuLand, a test lab for simulated cyberattacks https://www.bleepingcomputer.com/news/security/microsoft-releases-simuland-a-test-lab-for-simulated-cyberattacks/
• ‘Privacy by design': Google to give people more power over their personal data https://www.theguardian.com/technology/2021/may/19/privacy-by-design-google-to-give-people-more-power-over-their-personal-data
• 1Password unsheathes Rusty key, hopes to unlock Linux Desktop world https://www.theregister.com/2021/05/18/1password/
• A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser https://thehackernews.com/2021/05/a-simple-1-click-compromised-password.html
• Google Photos is adding a locked folder for your private images https://www.theverge.com/2021/5/18/22442416/google-photos-locked-folder-private-hidden-pictures
• Mozilla Begins Rolling Out 'Site Isolation' Security Feature to Firefox Browser https://thehackernews.com/2021/05/mozilla-begins-rolling-out-site.html
• Cloud (Mis)Configuration: What Do You Need to Consider? https://blog.isc2.org/isc2_blog/2021/05/cloud-misconfiguration-what-do-you-need-to-consider.html
• Adding a Russian Keyboard to Protect against Ransomware https://www.schneier.com/blog/archives/2021/05/adding-a-russian-keyboard-to-protect-against-ransomware.html
• Try This One Weird Trick Russian Hackers Hate https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/
• How to Tell a Job Offer from an ID Theft Trap https://krebsonsecurity.com/2021/05/how-to-tell-a-job-offer-from-an-id-theft-trap/
• Nvidia is doubling down on making its flagship graphics cards less useful to cryptocurrency miners to help it deliver enough hardware for gamers https://www.businessinsider.com/nvidia-doubles-down-limiting-geforce-crypto-mining-performance-serve-gamers-2021-5
• Welcoming the Swedish Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-swedish-government-to-have-i-been-pwned/
• Microsoft is finally retiring Internet Explorer in 2022 https://www.theverge.com/2021/5/19/22443997/microsoft-internet-explorer-end-of-support-date
• How to disable Windows 10's News and Interests taskbar newsfeed https://www.bleepingcomputer.com/how-to/microsoft/how-to-disable-windows-10s-news-and-interests-taskbar-newsfeed/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• 4 vulnerabilities under attack give hackers full control of Android devices https://arstechnica.com/gadgets/2021/05/hackers-have-been-exploiting-4-critical-android-vulnerabilities/
• Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps https://thehackernews.com/2021/05/experts-reveal-over-150-ways-to-steal.html
• Exploit released for wormable Windows HTTP vulnerability https://www.bleepingcomputer.com/news/security/exploit-released-for-wormable-windows-http-vulnerability/
• Wormable Windows HTTP vulnerability also affects WinRM servers https://www.bleepingcomputer.com/news/security/wormable-windows-http-vulnerability-also-affects-winrm-servers/
• Windows PoC Exploit Released for Wormable RCE https://threatpost.com/windows-exploit-wormable-rce/166289/
• This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals https://www.zdnet.com/article/this-is-how-the-cobalt-strike-penetration-testing-tool-is-being-abused-by-cybercriminals
• Stop Ransomware Groups Who Weaponize Legitimate Tools https://www.trendmicro.com/en_us/research/21/e/stop-ransomware-groups-who-weaponize-legitimate-tools.html
• Emerson Patches Several Vulnerabilities in X-STREAM Gas Analyzers https://www.securityweek.com/emerson-patches-several-vulnerabilities-x-stream-gas-analyzers
• QNAP confirms Qlocker ransomware used HBS backdoor account https://www.bleepingcomputer.com/news/security/qnap-confirms-qlocker-ransomware-used-hbs-backdoor-account/
• Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners https://www.theregister.com/2021/05/21/boeing_747_ife_windows_nt4_shell_access/
• Researchers Find Exploitable Bugs in Mercedes-Benz Cars https://www.securityweek.com/researchers-find-exploitable-bugs-mercedes-benz-cars
• WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites https://threatpost.com/wp-statistics-attackers-data-wordpress/166386/
• More on frag attacks, Vulnerabilities in billions of Wi-Fi devices let hackers bypass firewalls https://arstechnica.com/gadgets/2021/05/farewell-to-firewalls-wi-fi-bugs-open-network-devices-to-remote-hacks/
• Best 11 Quotes From Cryptographers' Panel https://www.darkreading.com/edge/theedge/best-11-quotes-from-cryptographers-panel/b/d-id/1341033

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Apple Exec Calls Level of Mac Malware ‘Unacceptable' https://threatpost.com/apple-mac-malware-unacceptable/166340/
  • Credential Stuffing Reaches 193 Billion Login Attempts Annually https://www.darkreading.com/cloud/credential-stuffing-reaches-193-billion-login-attempts-annually/d/d-id/1341064
  • 2021 Attacker Dwell Time Trends and Best Defenses https://threatpost.com/2021-attacker-dwell-time-trends-and-best-defenses/166116/
  • Bizarro Banking Trojan https://www.schneier.com/blog/archives/2021/05/bizarro-banking-trojan.html
  • FBI Warns Conti Ransomware Hit 16 U.S. Health and Emergency Services https://thehackernews.com/2021/05/fbi-warns-conti-ransomware-hit-16-us.html
  • Hackers scan for vulnerable devices minutes after bug disclosure https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerable-devices-minutes-after-bug-disclosure/
  • Microsoft Build Engine Abused for Fileless Malware Delivery https://www.securityweek.com/microsoft-build-engine-abused-fileless-malware-delivery
  • Microsoft: Massive malware campaign delivers fake ransomware https://www.bleepingcomputer.com/news/microsoft/microsoft-massive-malware-campaign-delivers-fake-ransomware/
  • Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment https://www.microsoft.com/security/blog/2021/05/20/phorpiex-morphs-how-a-longstanding-botnet-persists-and-thrives-in-the-current-threat-environment/
  • Scammers Pose as Meal-Kit Services to Steal Customer Data https://threatpost.com/scammers-meal-kit-services-customer-data/166282/
  • Despite an alert from NYS DFS, some insurance companies with “instant quote” portals were victimized https://www.databreaches.net/despite-an-alert-from-nys-dfs-some-insurance-companies-with-instant-quote-portals-were-victimized/
  • Irish patients' data stolen by hackers shows up in negotiation chat https://www.databreaches.net/irish-patients-data-stolen-by-hackers-shows-up-in-negotiation-chat/
  • DarkSide affiliates claim gang's bitcoins in deposit on hacker forum https://www.bleepingcomputer.com/news/security/darkside-affiliates-claim-gangs-bitcoins-in-deposit-on-hacker-forum/
  • Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware https://thehackernews.com/2021/05/microsoft-warns-of-data-stealing.html

• Nation State Actors:

  • Apple Censorship and Surveillance in China https://www.schneier.com/blog/archives/2021/05/apple-censorship-and-surveillance-in-china.html

• Crime & Arrests, etc.:

  • FBI: IC3 Received 6 Million Cybercrime Complaints Since Inception https://www.securityweek.com/fbi-ic3-received-6-million-cybercrime-complaints-inception
  • FBI Analyst Charged With Stealing Counterterrorism and Cyber Threat Info https://thehackernews.com/2021/05/fbi-analyst-charged-with-stealing.html
  • Member of Russian Gang That Hacked Tax Prep Firms Sentenced to Prison in U.S. https://www.securityweek.com/member-russian-gang-hacked-tax-prep-firms-sentenced-prison-us
  • The Full Story of the Stunning RSA Hack Can Finally Be Told https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told

Other Security / Risk

Articles covering other types of risks.

• A Microsoft study shows that stress is causing workers to make mistakes that leave their companies' data vulnerable, but confronting them can make things worse (MSFT) https://www.businessinsider.com/insider-risk-microsoft-carnegie-mellon-confronting-exhausted-workers-research-2021-5
• Coalition Launches ‘Dark Patterns' Tip Line to Expose Deceptive Technology Design https://www.eff.org/press/releases/coalition-launches-dark-patterns-tip-line-expose-deceptive-technology-design
• Is 85% of US Critical Infrastructure in Private Hands? https://www.schneier.com/blog/archives/2021/05/is-85-of-us-critical-infrastructure-in-private-hands.html
• The Gig Economy Creates Novel Data-Security Risks https://threatpost.com/the-gig-economy-data-security-risks/166359/
• More Than Likely, Or Less Than Probable: Is a truly quantitative security analysis possible? https://blog.isc2.org/isc2_blog/2021/05/more-than-likely-or-less-than-probable-is-a-truly-quantitative-security-analysis-possible.html
• Google wants to build a useful quantum computer by 2029 https://www.theverge.com/2021/5/19/22443453/google-quantum-computer-2029-decade-commercial-useful-qubits-quantum-transistor
• 'Did weak wi-fi password lead the police to our door?' https://www.bbc.co.uk/news/technology-57156799
• FTC Warns Amazon To Crack Down On Fake Reviews https://www.pymnts.com/amazon/2021/ftc-warns-amazon-to-crack-down-on-fake-reviews/
• Google baffles AI experts with radical proposals for search engine overhaul: 'What could possibly go wrong?' https://www.businessinsider.com/google-baffles-ai-experts-with-proposals-for-search-engine-overhaul-2021-5
• How US police training compares with the rest of the world https://www.bbc.co.uk/news/world-us-canada-56834733
• I'm Not a Robot! So Why Won't Captchas Believe Me? https://www.wired.com/story/im-not-a-robot-why-captchas-hard-to-solve
• Many Cybersecurity Jobseekers Lack a Full Understanding of the Role They Seek https://blog.isc2.org/isc2_blog/2021/05/many-cybersecurity-jobseekers-lack-a-full-understanding-of-the-role-they-seek.html
• Microsoft Exchange admin portal blocked by expired SSL certificate https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-admin-portal-blocked-by-expired-ssl-certificate/
• Noncompetes and no-poach agreements have destroyed opportunities for tens of millions of American workers. Here's how one state attorney general fought back.. https://www.businessinsider.com/how-noncompete-agreements-hurt-minimum-wage-workers-2021-5
• Slack is down, massive outage blocks user logins and messages https://www.bleepingcomputer.com/news/technology/slack-is-down-massive-outage-blocks-user-logins-and-messages/
• Tesla cars are reportedly banned from parking at some Chinese government offices over security concerns https://www.businessinsider.com/tesla-china-cars-banned-from-parking-chinese-government-offices-report-2021-5
• We'd love to report on the outcome of the CREST exam cheatsheet probe, but UK infosec body won't publish it https://www.theregister.com/2021/05/17/crest_not_publishing_cert_exam_cheat_report/
• Why the White House won't define pipeline attack as terrorism https://thehill.com/opinion/white-house/553690-why-the-white-house-wont-define-darksides-pipeline-attack-as-terrorism
• Canadian snowbird stuck with $5,488 water bill because her toilet leaked while she was away https://toronto.ctvnews.ca/canadian-snowbird-stuck-with-5-488-water-bill-because-her-toilet-leaked-while-she-was-away-1.5431790
• Australian Federal Police hiring digital evidence retrieval specialists: Being a very good boy and paws required https://www.theregister.com/2021/05/19/woof_woof_whos_a_good/
• Could You Beat a Grizzly Bear in a Fight? Some People Think They Can https://www.mentalfloss.com/article/646555/yougov-poll-asks-people-which-animals-would-win-fight
• (It's a well known fact that a kid can "Why?" an adult into submission in minutes) Kindergartners' questions helped get them off hijacked school bus, driver says: ‘Enough already' https://www.washingtonpost.com/nation/2021/05/21/bus-hijacking-kindergartners-south-carolina/
• Caltech professor helps solve Hindenburg disaster https://scienmag.com/caltech-professor-helps-solve-hindenburg-disaster/
• The Filing Cabinet - A Vertical History of Information - https://www.upress.umn.edu/book-division/books/the-filing-cabinet
• This Clever Game 'Microdoses' People With The Manipulation Used to Spread Fake Facts https://www.sciencealert.com/this-online-game-helps-people-spot-misinformation-by-giving-them-a-microdose-of-its-manipulative-methods

• Health, Safety & Environment:

  • 745,000 deaths a year can be linked to long working weeks of 55 hours or more, a WHO study suggests https://www.businessinsider.com/working-long-hours-linked-to-745000-deaths-a-year-who-2021-5
  • The Global Iron-Deficiency Crisis https://www.scientificamerican.com/article/the-global-iron-deficiency-crisis/
  • Highly Pathogenic Bird Flu Outbreak Already Reported in 46 Countries, Scientists Warn https://www.sciencealert.com/highly-pathogenic-h5n8-virus-outbreak-needs-to-be-stopped-scientists-warn
  • An asthma vaccine effective in mice https://scienmag.com/an-asthma-vaccine-effective-in-mice/
  • How plankton hold secrets to preventing pandemics https://scienmag.com/how-plankton-hold-secrets-to-preventing-pandemics/
  • Scientists discover gene signature for plaque-eating microglia in Alzheimer's Disease https://scienmag.com/scientists-discover-gene-signature-for-plaque-eating-microglia-in-alzheimers-disease/
  • A peptide that allows cannabis-derived drugs to relieve pain without side effects https://scienmag.com/a-peptide-that-allows-cannabis-derived-drugs-to-relieve-pain-without-side-effects/
  • Doctors fear Google skin check app will lead to ‘tsunami of overdiagnosis' https://www.theguardian.com/society/2021/may/21/doctors-fear-google-skin-check-app-will-lead-to-tsunami-of-overdiagnosis
  • Mega-satellite constellations could lead to chain-reaction spacecraft pile-ups in orbit https://www.cbc.ca/radio/quirks/mega-satellite-constellations-could-lead-to-chain-reaction-spacecraft-pile-ups-in-orbit-1.6036322
  • NASA has led 7 asteroid-impact simulations. Only once did experts figure out how to stop the space rock from hitting Earth. https://www.businessinsider.com/nasa-asteroid-impact-simulations-difficult-to-stop-2021-5
  • A safer, greener way to make solar cells: researchers find replacement for toxic solvent https://scienmag.com/a-safer-greener-way-to-make-solar-cells-researchers-find-replacement-for-toxic-solvent/
  • New device gets power from 5G signals grabbed from the air https://www.sciencenewsforstudents.org/article/innovation-new-device-gets-power-from-5g-signals
  • World's Largest Iceberg Breaks Off of Antarctica https://www.scientificamerican.com/article/worlds-largest-iceberg-breaks-off-of-antarctica/
  • 'Whitest White' Paint Beats the Heat https://www.scientificamerican.com/article/whitest-white-paint-beats-the-heat/
  • Ethereum cryptocurrency to slash carbon emissions https://www.theguardian.com/technology/2021/may/19/ethereum-cryptocurrency-to-slash-carbon-emissions

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • 3 Wuhan lab workers were sick enough to be hospitalized in November 2019, triggering calls to reconsider theory that COVID-19 originated in a lab: WSJ https://www.businessinsider.com/3-wuhan-lab-workers-hospitalized-fall-2019-coronavirus-covid-origin-2021-5
  • Total deaths due to COVID-19 underestimated by 20% in US counties https://scienmag.com/total-deaths-due-to-covid-19-underestimated-by-20-in-us-counties/
  • Children in Brazil are dying from COVID-19 at alarmingly high rates https://www.businessinsider.com/brazil-covid-19-children-are-dying-alarmingly-high-rates-2021-5
  • Canada may see COVID-19 resurgence despite full vaccinations, experts say https://globalnews.ca/news/7883901/covid-19-resurgence-full-vaccination/
  • Canada's COVID-19 death toll reaches 25,000 https://globalnews.ca/news/7872065/canada-covid-death-toll/
  • New research maps COVID-19 dispersal dynamics in New York's first wave of epidemic https://scienmag.com/new-research-maps-covid-19-dispersal-dynamics-in-new-yorks-first-wave-of-epidemic/
  • Ontario reports 1,890 new COVID-19 cases as province hits daily high of 158K vaccinations https://globalnews.ca/news/7882995/covid-19-cases-may-21-coronavirus/
  • B.C. mink farm under COVID-19 quarantine https://globalnews.ca/news/7874109/bc-mink-farm-covid-19-quarantine/
  • Officials warn of increased COVID-19 exposure at Saskatoon airport screening https://globalnews.ca/news/7882396/increased-covid-exposure-saskatoon-airport-screening/
  • India records 300,000 Covid deaths as pandemic rages https://www.bbc.co.uk/news/world-asia-57224565

• Guidance, Response, and Recovery:

  • Numbers won't tell us when the pandemic is over https://www.theverge.com/22445906/social-end-pandemic-covid-adjustment-death-vibes
  • India reportedly orders social media platforms to remove references to “Indian variant” of COVID-19 https://www.theverge.com/2021/5/23/22449898/india-social-media-platforms-remove-indian-variant-covid-19-coronavirus
  • Majority of Canadians support COVID-19 vaccine passports for concerts, travel: Ipsos https://globalnews.ca/news/7876339/covid-vaccine-passports-canada-ipsos-poll/
  • Tokyo Olympics will ‘absolutely' go ahead despite COVID-19 state of emergency: IOC https://globalnews.ca/news/7882987/tokyo-olympics-covid-emergency-japan/
  • Covid: France and Austria reopens bars and restaurants as lockdowns ease https://www.bbc.co.uk/news/world-europe-57165881
  • France mulls tighter limits for U.K. tourists as COVID-19 variants spread https://globalnews.ca/news/7887294/france-restrictions-uk-tourists/
  • Feds extending ban on passenger flights from India, Pakistan until June 21 https://www.ctvnews.ca/politics/feds-extending-ban-on-passenger-flights-from-india-pakistan-until-june-21-1.5438169
  • Canada's privacy commissioners issue guidance as country mulls COVID-19 vaccine passports https://globalnews.ca/news/7878015/canada-privacy-commissioner-covid-passports/
  • Canadians can drive to U.S. for COVID-19 vax and avoid quarantine, Ottawa confirms https://www.ctvnews.ca/health/coronavirus/canadians-can-drive-to-u-s-for-covid-19-vax-and-avoid-quarantine-ottawa-confirms-1.5432906
  • Canada-U.S. border closure extended until June 21, Trudeau says https://globalnews.ca/news/7879835/acovid-canada-us-border-closure-june-21/
  • Ontario to resume non-urgent surgeries and procedures as COVID-19 numbers decline https://globalnews.ca/news/7875767/ontario-covid-hospitals-non-urgent-surgeries-procedures/
  • Ontario to scrap colour-coded framework as it prepares to unveil new reopening plan https://toronto.ctvnews.ca/ontario-to-scrap-colour-coded-framework-as-it-prepares-to-unveil-new-reopening-plan-1.5432897
  • Province: Household-only golf cart rules, unless barriers in between https://globalnews.ca/news/7870791/sharing-a-golf-cart-make-sure-its-with-someone-in-your-household-says-province/
  • What you can do and when under Ontario’s new 3-phase COVID-19 reopening plan https://globalnews.ca/news/7880448/covid-ontario-reopening-plan-restrictions/
  • Manitoba bans outdoor social gatherings as COVID-19 cases reach record highs https://globalnews.ca/news/7881083/manitoba-bans-outdoor-social-gatherings-as-covid-19-cases-reach-record-highs/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Shoppers Drug Mart selling rapid COVID-19 tests at stores in Ontario and Alberta https://globalnews.ca/news/7869959/shoppers-drug-mart-rapid-covid-tests/

• Immunity and Vaccinations:

  • Canada's 50% vaccinated milestone boosts optimism to keep going, experts say https://globalnews.ca/news/7886556/canada-vaccine-milestone-psychological-boost/
  • Percentage of Canadians who have 1st COVID-19 vaccine surpasses U.S. https://globalnews.ca/news/7871681/covid-vaccine-first-dose-canada-passes-us/
  • US v Canada: Who won the vaccine rollout? https://www.bbc.co.uk/news/world-us-canada-57176501
  • Canada ‘on track' to shorten 16-week interval between COVID-19 vaccine doses, Njoo says https://globalnews.ca/news/7880864/canada-shortened-covid-vaccine-dose-interval/
  • Ontarians aged 12 and up now eligible to book COVID-19 vaccine https://globalnews.ca/news/7887312/ontarians-aged-12-and-older-covid-vaccine/
  • Ontarians will be able to get receipt of 1st, 2nd COVID-19 vaccinations online May 25 https://globalnews.ca/news/7883323/ontario-covid-proof-vaccination-online/
  • Covid: UK passes 60m jabs milestone after 762,000 in a day https://www.bbc.co.uk/news/uk-57221506
  • Canadian study to look at effects of mixing COVID-19 vaccines https://globalnews.ca/news/7879273/mixing-covid-vaccines-canada-study/
  • Mix-and-Match COVID Vaccines Trigger Potent Immune Response https://www.scientificamerican.com/article/mix-and-match-covid-vaccines-trigger-potent-immune-response/
  • Albertans being sought for national study on mixing COVID-19 vaccines https://globalnews.ca/news/7880312/albertans-sought-national-covid-19-vaccine-trial/
  • Sanofi and GlaxoSmithKline say their COVID-19 vaccine triggers a strong immune response, bolstering the late-comer program's potential as a booster shot https://www.businessinsider.com/sanofi-gsk-report-covid-19-vaccine-data-booster-shot-potential-2021-5
  • ‘We've been forgotten': AstraZeneca rollback leaves out those allergic to mRNA vaccines https://globalnews.ca/news/7880801/mrna-allergies-astrazeneca-covid/
  • AstraZeneca 1st dose, Pfizer 2nd: Study says combination is safe and effective https://globalnews.ca/news/7871590/mix-match-covid-vaccines-astrazeneca-pfizer/
  • No decision yet on whether expiring AstraZeneca can be used for second doses, Ontario says https://toronto.ctvnews.ca/no-decision-yet-on-whether-expiring-astrazeneca-can-be-used-for-second-doses-ontario-says-1.5436924
  • Canadians hoping to cross U.S. border for COVID-19 vaccine could be denied entry: agency https://globalnews.ca/news/7877966/us-border-agency-canadians-vaccines/

• Things we learned:

  • Dogs Can Detect Over 90% of COVID-19 Cases, Even Asymptomatic Ones https://www.sciencealert.com/new-preprint-study-shows-dogs-can-detect-covid-19-positive-arrivals
  • Sniffer dogs may help Covid screening at UK airports https://www.bbc.co.uk/news/health-57200863
  • Rare COVID-19 response in children explained https://scienmag.com/rare-covid-19-response-in-children-explained/
  • Scientists reveal structural details of how SARS-CoV-2 variants escape immune response https://scienmag.com/scientists-reveal-structural-details-of-how-sars-cov-2-variants-escape-immune-response/

• More of the good, the bad, and the ugly:

  • Most Anti-Vaccine Conspiracies Online Come From The Same 12 People, Study Shows https://www.sciencealert.com/most-anti-vaccine-conspiracies-online-come-from-the-same-12-people-study-shows

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • The new CDC mask guidelines are confusing and could actually make the spread of COVID-19 worse, a group of leading physicians said https://www.businessinsider.com/cdc-mask-guidelines-covid-19-transmission-spread-worse-expert-2021-5
  • Toronto police issue tickets after 25 people found partying inside restaurant https://toronto.ctvnews.ca/toronto-police-issue-tickets-after-25-people-found-partying-inside-restaurant-1.5431557
  • COVID-19: N.S. food truck business fined after employees found not wearing masks https://globalnews.ca/news/7882976/yarmouth-business-fined-masks/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• A young woman's final wish to sit in the conductor's chair granted by Metrolinx https://toronto.ctvnews.ca/a-young-woman-s-final-wish-to-sit-in-the-conductor-s-chair-granted-by-metrolinx-1.5434468
• Ship to sail across Atlantic without a crew https://www.bbc.co.uk/news/technology-57088748
• Virgin Galactic reaches the space frontier over New Mexico for the first time https://www.universetoday.com/151260/virgin-galactic-reaches-the-space-frontier-over-new-mexico-for-the-first-time/
• ZIGBEE ON MARS! https://www.theverge.com/2021/5/20/22445330/zigbee-on-mars-ingenuity-helicopter-perseverance-rover
• Wormhole Tunnels in Spacetime May Be Possible, New Research Suggests https://www.scientificamerican.com/article/wormhole-tunnels-in-spacetime-may-be-possible-new-research-suggests/
• Methuselah's Star is not older than the Universe after all. But it's still pretty frakking old. https://www.syfy.com/syfywire/methuselahs-star-is-not-older-than-the-universe-after-all-but-its-still-pretty-frakking-old