Welcome to This Week’s [in]Security. DSSv4 RFC, PINv3 FAQ. New breaches: AIG, Raychat, LimeVPN. New Ransomware: Kaseya! Follow-ups & Fall-out: Linkedin Scraping, Microsoft, Capital One. Privacy: Inuit, Used IoT, Facial Recognition, Laws & Regs - Canada: C-10, New Ontario Privacy Law, Cyberlaw. US: Census Privacy, Secret Orders, Crypto proposal, Legal search. The world, Standards: NIST. Defense: Vulnerabilities: ZeroDay: WD My Book, PrintNightmare. Netgear, Adobe, ICS, Edge, Powershell, KVM breakout, Cloud Hijack. Cybercrime - Trends: Nation States. Crime. Other Risks: cyber-insurance, Stunt driving, Residential Schools, Win11. Health, Safety & Environment: Cholera, Malaria, sleep apnoea, back pain, heatwave, accessible EVs? Covid-19: Spread, Curves, Waves, and Variants, Response, Immunity, Learned, Impact, And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Request for Comments: PCI DSS v4.0 Draft Validation Documents https://blog.pcisecuritystandards.org/request-for-comments-pci-dss-v4.0-draft-validation-documents
• PTS PIN v3 Technical (mandatory) Frequently Asked Questions https://www.pcisecuritystandards.org/documents/PTS_PIN_Technical_FAQs_v3_June_2021.pdf
• Schneier on last weeks' NFC Flaws in POS Devices and ATMs https://www.schneier.com/blog/archives/2021/06/nfc-flaws-in-pos-devices-and-atms.html

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • US insurance giant AJG reports data breach after ransomware attack https://www.bleepingcomputer.com/news/security/us-insurance-giant-ajg-reports-data-breach-after-ransomware-attack/
  • Raychat - 938,981 breached accounts https://haveibeenpwned.com/PwnedWebsites#Raychat
  • NZ: Waikato DHB working to notify those affected by dark web leak https://www.databreaches.net/nz-waikato-dhb-working-to-notify-those-affected-by-dark-web-leak/
  • Morningstar data breach reveals KPMG deal maker lists https://www.databreaches.net/morningstar-data-breach-reveals-kpmg-deal-maker-lists/
  • FL: Physicians Dialysis Provides Notification of Data Security Incident https://www.databreaches.net/fl-physicians-dialysis-provides-notification-of-data-security-incident/
  • Hacked Data For 69K LimeVPN Users Up For Sale On Dark Web https://packetstormsecurity.com/news/view/32431/Hacked-Data-For-69K-LimeVPN-Users-Up-For-Sale-On-Dark-Web.html
  • WA: Ransomware attack may have exposed information on over 16,000 workers, state says https://www.databreaches.net/wa-ransomware-attack-may-have-exposed-information-on-over-16000-workers-state-says/

• Major incident:

  • A New Kind of Ransomware Tsunami Hits Hundreds of Companies https://www.wired.com/story/kaseya-supply-chain-ransomware-attack-msps
  • Kaseya ransomware attack could be record-setting as its scope widens https://globalnews.ca/news/8001211/kaseya-ransomware-attack/
  • Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html
  • Kaseya was fixing zero-day just as REvil ransomware sprung their attack https://www.bleepingcomputer.com/news/security/kaseya-was-fixing-zero-day-just-as-revil-ransomware-sprung-their-attack/
  • Major Swedish supermarket chain hit by cyberattack https://www.databreaches.net/major-swedish-supermarket-chain-hit-by-cyberattack/
  • A breach at a Florida-based IT firm led to ransomware attacks on 200 businesses https://www.businessinsider.com/ransomware-attack-florida-based-it-firm-breach-hit-200-businesses-2021-7

• New Ransomware and "Incidents":

  • Nl: De Mandemakers group: ‘despite adequate security' still a victim https://www.databreaches.net/nl-de-mandemakers-group-despite-adequate-security-still-a-victim/
  • Still think you can negotiate with REvil and get your files back? Read this first. https://www.databreaches.net/still-think-you-can-negotiate-with-revil-and-get-your-files-back-read-this-first/

• Follow-ups and fall-out:

  • Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/
  • LinkedIn's 1.2B Data-Scrape Victims Already Being Targeted by Attackers https://threatpost.com/linkedin-data-scrape-victims-targeted-attackers/167473/
  • Attackers Breach Microsoft Customer Service Accounts https://threatpost.com/russian-attackers-breach-microsoft/167340/
  • Capital One Breach Suspect Faces New Criminal Charges https://www.databreachtoday.com/capital-one-breach-suspect-faces-new-criminal-charges-a-16968
  • Lawsuits: Patients 'Harmed' by Scripps Health Cyberattack https://www.databreachtoday.com/lawsuits-patients-harmed-by-scripps-health-cyberattack-a-16953
  • Increase in ransomware attacks 'absolutely aligns' with rise of crypto, FireEye CEO says https://www.cnbc.com/2021/06/28/fireeye-ceo-spike-in-ransomware-attacks-absolutely-aligns-with-crypto-rise-.html

Privacy

Articles about privacy related news, risks, and trends.

• Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/
• Thinking about selling your Echo Dot—or any IoT device? Read this first https://arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them/
• GAO Finds Widespread Use of Facial Recognition Without Adequate Privacy Protections https://epic.org/2021/06/gao-finds-widespread-use-of-fa.html
• PCLOB “Book Report” Fails to Investigate or Tell the Public the Truth About Domestic Mass Surveillance https://www.eff.org/deeplinks/2021/06/pclob-book-report-fails-investigate-or-tell-public-truth-about-domestic-mass
• Special Topics on Privacy and Public Auditability Event #3: Tuesday, July 6 13:30-16:30 https://content.govdelivery.com/accounts/USNIST/bulletins/2e5d5eb

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Proposed Ontario Privacy Law Could Include Multi-Million Corporate Fines https://www.datex.ca/blog/proposed-ontario-privacy-law-could-include-multi-million-corporate-fines
  • Ontario Privacy Law Whitepaper open for public comment until August 3rd https://www.ontariocanada.com/registry/view.do?postingId=37468&language=en
  • The Senate Bill C-10 Debate Concludes: “I Don't Think This Bill Needs Amendments. It Needs a Stake Through the Heart.” https://www.michaelgeist.ca/2021/06/the-senate-bill-c-10-debate-concludes-i-dont-think-this-bill-needs-amendments-it-needs-a-stake-through-the-heart/
  • The CRTC “Will Be Picking Winners and Losers”: A Report on Day Two of the Senate Bill C-10 Debate https://www.michaelgeist.ca/2021/06/the-crtc-will-be-picking-winners-and-losers-a-report-on-day-two-of-the-senate-bill-c-10-debate/
  • Data Privacy In Canada https://www.datex.ca/blog/data-privacy-in-canada
  • Understanding Canadian Cybersecurity Laws: Privacy and Access to Information, the Acts https://www.datex.ca/blog/understanding-canadian-cybersecurity-laws-privacy-and-access-to-information-the-acts-article-2
  • Understanding Canadian Cybersecurity Laws: The Foundations https://www.datex.ca/blog/understanding-canadian-cybersecurity-laws-the-foundations-article-1
  • Understanding Canadian Cybersecurity Laws: Privacy Protection In The Modern Marketplace — PIPEDA https://www.datex.ca/blog/privacy-protection-in-the-modern-marketplace-pipeda-article-3
  • Understanding Canadian Cybersecurity Laws: Interpersonal Privacy and Cybercrime — Criminal Code of Canada https://www.datex.ca/blog/criminal-code-of-canada-article-4

• US:

  • Federal Court Rejects Challenge to Census Privacy Protections https://epic.org/2021/07/federal-court-rejects-challeng-1.html
  • Microsoft Executive Says U.S. Overuses Secret Orders For Americans' Data https://packetstormsecurity.com/news/view/32422/Microsoft-Executive-Says-U.S.-Overuses-Secret-Orders-For-Americans-Data.html
  • Court Dismisses Facebook Antitrust Suits, But Says FTC Case Could Be Revived https://epic.org/2021/06/court-dismisses-facebook-antit.html
  • Setbacks in the FTC's Antitrust Suit Against Facebook Show Why We Need the ACCESS Act https://www.eff.org/deeplinks/2021/06/setbacks-ftcs-antitrust-suit-against-facebook-show-why-we-need-access-act
  • Courts should be able to reverse crypto transactions and unmask the people behind them, US congressman says https://markets.businessinsider.com/news/cryptocurrencies/crypto-transactions-reversal-courts-criminal-fraudulent-ransomware-attacks-bill-foster-2021-7
  • Supreme Court Says You Can't Sue the Corporation that Wrongly Marked You A Terrorist https://www.eff.org/deeplinks/2021/06/supreme-court-says-you-cant-sue-corporation-wrongly-marked-you-terrorist
  • Maine Becomes First State to Enact Statewide Ban on Face Surveillance https://epic.org/2021/06/maine-becomes-first-state-to-e.html
  • Judge Blocks Florida Law Regulating Social Media Companies https://www.nytimes.com/2021/06/30/technology/florida-law-social-media-desantis.html
  • Wisconsin Supreme Court Refuses to Limit Warrantless Forensic Searches of Cell Phones https://epic.org/2021/06/wisconsin-supreme-court-refuse.html
  • Police ticket driver for sticking Starlink terminal on car's hood https://www.theverge.com/2021/7/2/22561264/california-driver-ticket-spacex-starlink-antenna
  • Robinhood ordered to pay $70 million over ‘harm' caused to ‘millions' of traders https://www.zdnet.com/article/robinhood-trading-app-ordered-to-pay-70-million-over-harm-caused-to-millions-of-customers
  • How to find the documents behind big legal cases https://www.theverge.com/22559021/recap-courtlistener-free-law-project-find-legal-filings-how-to

• World:

  • VirusTotal ordered to reveal private info of stolen HSE data downloaders https://www.bleepingcomputer.com/news/security/virustotal-ordered-to-reveal-private-info-of-stolen-hse-data-downloaders/
  • Dutch court rejects Facebook's bid to have privacy lawsuit in the Netherlands dismissed https://www.theverge.com/2021/7/3/22561949/dutch-court-rejects-facebook-privacy-lawsuit-netherlands
  • Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud https://thehackernews.com/2021/07/facebook-sues-4-vietnamese-for-hacking.html
  • China regulator orders Didi ride-hailing app removed from stores https://www.theverge.com/2021/7/4/22562912/china-regulator-orders-didi-ride-hailing-app-removed

• Standards News:

  • NIST Releases 'Critical Software' Definition for US Agencies https://www.databreachtoday.com/nist-releases-critical-software-definition-for-us-agencies-a-16952
  • NIST is seeking comments on Draft NISTIR 8270, Introduction to Cybersecurity for Commercial Satellite Operations until August 13 https://csrc.nist.gov/publications/detail/nistir/8270/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• CISA Emphasizes Urgency of Avoiding 'Bad' Security Practices https://www.databreachtoday.com/cisa-emphasizes-urgency-avoiding-bad-security-practices-a-16981
• CISA releases new ransomware self-assessment security audit tool https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/
• Data Exfiltration: What You Should Know to Prevent It https://threatpost.com/data-exfiltration-prevent-it/167413/
• Google, OpenSSF Update Scorecards Project With New Security Checks https://www.securityweek.com/google-openssf-update-scorecards-project-new-security-checks
• IBM Kestrel threat hunting language granted to Open Cybersecurity Alliance https://www.zdnet.com/article/ibm-kestrel-threat-hunting-language-donated-to-open-cybersecurity-alliance
• New Security Measures Announced for Google Play Developer Accounts https://www.securityweek.com/new-security-measures-announced-google-play-developer-accounts
• Do CAPTCHAs work and what's the alternative? https://www.imperva.com/blog/do-captchas-work-and-whats-the-alternative/
• Rethinking Application Security in the API-First Era https://thehackernews.com/2021/07/rethinking-application-security-in-api.html
• Secured-Core PCs May Mitigate Firmware Attacks, but Adoption Lags https://www.darkreading.com/vulnerabilities---threats/secured-core-pcs-may-mitigate-firmware-attacks-but-adoption-lags/d/d-id/1341473
• Securely Managing Entitlement of S3 Resources https://www.imperva.com/blog/securely-managing-entitlement-of-s3-resources/
• GitHub Launches 'Copilot' — AI-Powered Code Completion Tool https://thehackernews.com/2021/06/github-launches-copilot-ai-powered-code.html
• Google Messages will auto-delete OTPs and sort like Gmail, but only in India https://www.theverge.com/2021/6/29/22555333/google-messages-one-time-passwords-otp-delete-categories-gmail
• MITRE ATT&CK® mappings released for built-in Azure security controls https://www.microsoft.com/security/blog/2021/06/29/mitre-attck-mappings-released-for-built-in-azure-security-controls/
• Why You're Not Making the Leap from Compliance to a Database Security Strategy https://www.imperva.com/blog/why-youre-not-making-the-leap-from-compliance-to-a-database-security-strategy/
• Facebook confirms tests of a new anti-extremism warning prompt https://www.theverge.com/2021/7/2/22560108/facebook-anti-extremism-prompt-user-resources-content-moderation
• DHS Hired 300 Cybersecurity Professionals in Last Two Months https://www.securityweek.com/dhs-hired-300-cybersecurity-professionals-last-two-months
• UN Security Council Confronts Growing Threat of Cyber Attacks https://www.securityweek.com/un-security-council-confronts-growing-threat-cyber-attacks
• UK Cabinet Office's spending on cybersecurity training rises by 500% in a year https://www.theregister.com/2021/06/29/cabinet_office_cybersecurity_training/
• IBM's new quantum computing certificate can help you break into the industry, and the study materials are free https://www.businessinsider.com/ibm-quantum-computing-certification-exam-faq
• National Initiative for Cybersecurity Education Summer 2021 Newsletter - 100+ STEM Training Opportunities; Trends in AI Education; and more https://content.govdelivery.com/accounts/USNIST/bulletins/2e5966e
• DIY CD/DVD Destruction - Follow Up, (Sun, Jul 4th) https://isc.sans.edu/diary/rss/27602
• HHS OIG: Medicare Should Require Hospital Device Security https://www.databreachtoday.com/hhs-oig-medicare-should-require-hospital-device-security-a-16966

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-Day Used to Wipe My Book Live Devices https://threatpost.com/zero-day-wipe-my-book-live/167422/
• Another 0-Day Looms for Many Western Digital Users https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/
• Should Western Digital Emergency Patch Old NAS Devices? https://www.databreachtoday.com/blogs/should-western-digital-emergency-patch-old-nas-devices-p-3063
• Western Digital to provide recovery services for hacked NAS drives https://www.databreaches.net/western-digital-to-provide-recovery-services-for-hacked-nas-drives/
• CISA: Disable Windows Print Spooler on servers not used for printing https://www.bleepingcomputer.com/news/security/cisa-disable-windows-print-spooler-on-servers-not-used-for-printing/
• Microsoft shares mitigations for Windows PrintNightmare zero-day bug https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/
• CISA Offers New Mitigation for PrintNightmare Bug https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/
• CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability
• Windows Admins Scrambling to Contain 'PrintNightmare' Flaw Exposure https://www.securityweek.com/windows-admins-scrambling-contain-printnightmare-flaw-exposure
• Critical, Exploitable Flaws in NETGEAR Router Firmware https://www.securityweek.com/critical-exploitable-flaws-netgear-router-firmware
• Details of RCE Bug in Adobe Experience Manager Revealed https://threatpost.com/rce-bug-in-adobe-revealed/167382/
• High-Severity Vulnerabilities Found in Several Phoenix Contact Industrial Products https://www.securityweek.com/high-severity-vulnerabilities-found-several-phoenix-contact-industrial-products
• Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html
• Microsoft warns of critical PowerShell 7 code execution vulnerability https://www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/
• Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine https://thehackernews.com/2021/06/unpatched-virtual-machine-takeover-bug.html
• Windows 10 KB5004760 emergency update fixes PDF opening issue https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5004760-emergency-update-fixes-pdf-opening-issue/
• Windows Update bug blocks Azure Virtual Desktops security updates https://www.bleepingcomputer.com/news/microsoft/windows-update-bug-blocks-azure-virtual-desktops-security-updates/
• Subdomain security is substandard, say security researchers https://www.theregister.com/2021/06/30/subdomain_vulnerabiilties/
• An EPYC escape: Case-study of a KVM breakout https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
• You can hijack Google Cloud VMs using DHCP floods, says this guy, once the stars are aligned and... https://www.theregister.com/2021/06/30/gce_vm_vulnerability/
• Computational Records with Aging Hardware: Controlling Half the Output of SHA-256, by Mellila Bouam and Charles Bouillaguet and Claire Delaplace and Camille Noûs https://eprint.iacr.org/2021/886

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Apps with 5.8 million Google Play downloads stole users' Facebook passwords https://arstechnica.com/gadgets/2021/07/google-boots-google-play-apps-for-stealing-users-facebook-passwords/
  • Israeli researchers discover global cyberattack in over 1,300 locations https://www.databreaches.net/israeli-researchers-discover-global-cyberattack-in-over-1300-locations/
  • Microsoft approved a Windows driver booby-trapped with rootkit malware https://www.theregister.com/2021/06/28/microsoft_malware_signing/
  • Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software https://thehackernews.com/2021/07/mongolian-certificate-authority-hacked.html
  • Ransomware Increasingly Detected on Industrial Systems: Report https://www.securityweek.com/ransomware-increasingly-detected-industrial-systems-report
  • Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks https://threatpost.com/healthcare-prey-ransomware-cyberattacks/167525/
  • UK: Barrow computer hacker tapped into school network and brought down Labour website https://www.databreaches.net/uk-barrow-computer-hacker-tapped-into-school-network-and-brought-down-labour-website/
  • Malicious Browser Notifications: The New Phishing Attack Not Blocked by Your Current Cyber Defense https://www.databreachtoday.com/webinars/malicious-browser-notifications-new-phishing-attack-blocked-by-your-w-3333
  • Malware Masquerades as Privacy Tool https://www.databreaches.net/malware-masquerades-as-privacy-tool/
  • Malware Opens the Door to XMRig Cryptominer https://www.databreachtoday.com/malware-opens-door-to-xmrig-cryptominer-a-16963
  • New ransomware highlights widespread adoption of Golang language by cyberattackers https://www.zdnet.com/article/this-new-malware-highlights-widespread-adoption-of-golang-language-by-cyberattackers
  • Cobalt Strike Usage Explodes Among Cybercrooks https://threatpost.com/cobalt-strike-cybercrooks/167368/
  • Japan's “K” Line Apologizes for Second Cyberattack in Months https://www.databreaches.net/japans-k-line-apologizes-for-second-cyberattack-in-months/
  • Malvuln Project Catalogues 260 Vulnerabilities Found in Malware https://www.securityweek.com/malvuln-project-catalogues-260-vulnerabilities-found-malware
  • Nefilim Ransomware Attack Through a MITRE Att&ck Lens https://www.trendmicro.com/en_us/research/21/f/nefilim-modern-ransomware-attack-story.html
  • Google's delay in fighting online scammers is cause for shame https://www.theguardian.com/business/nils-pratley-on-finance/2021/jul/01/googles-delay-in-fighting-online-scammers-is-cause-for-shame
  • Babuk Ransomware Mystery Challenge: Who Leaked Builder? https://www.databreachtoday.com/blogs/babuk-ransomware-mystery-challenge-who-leaked-builder-p-3062
  • A string of top accounts on the new pro-Trump app GETTR were hacked and defaced on its July 4 launch day https://www.businessinsider.com/gettr-trump-allies-get-accounts-hacked-july-4-launch-day-2021-7

• Nation State Actors:

  • Fancy Bear Is Trying to Brute-Force Hundreds of Networks https://www.wired.com/story/fancy-bear-russia-brute-force-hacking
  • More Russian Hacking https://www.schneier.com/blog/archives/2021/07/more-russian-hacking.html
  • NSA: Russian GRU hackers use Kubernetes to run brute force attacks https://www.bleepingcomputer.com/news/security/nsa-russian-gru-hackers-use-kubernetes-to-run-brute-force-attacks/
  • Russian hackers had months-long access to Denmark's central bank https://www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/
  • Russian Hackers Mounted Cyber Attack on German Banks, Bild Says https://www.databreaches.net/russian-hackers-mounted-cyber-attack-on-german-banks-bild-says/
  • Germany Denies Reports Of Cyberattack On 'Critical' Infrastructure, Banks https://www.pymnts.com/news/security-and-risk/2021/germany-denies-reports-of-cyberattack-on-critical-infrastructure-banks/

• Crime & Arrests, etc.:

  • FBI Takes 'Aggressive' New Approach to Cyberattackers https://www.pymnts.com/news/security-and-risk/2021/fbi-takes-aggressive-new-approach-to-cyberattackers/
  • US Secret Service brings back its Cyber Most Wanted list https://www.databreaches.net/us-secret-service-brings-back-its-cyber-most-wanted-list/
  • Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors https://www.riskiq.com/blog/external-threat-management/media-land-bulletproof-hosting-provider-is-a-playground-for-threat-actors/
  • We Infiltrated a Counterfeit Check Ring! Now What? https://krebsonsecurity.com/2021/06/we-infiltrated-a-counterfeit-check-ring-now-what/
  • Dutch police seize server of DarkSide ransomware group https://www.databreaches.net/dutch-police-seize-server-of-darkside-ransomware-group/
  • Multinational Police Raid Seizes DoubleVPN Servers https://www.databreachtoday.com/multinational-police-raid-seizes-doublevpn-servers-a-16969
  • CDN: Mounties suspected person leaking secrets had high-level computer access, search warrants show https://www.databreaches.net/ca-mounties-suspected-person-leaking-secrets-had-high-level-computer-access-search-warrants-show/
  • CDN: Telus Public Mobile / SIM swap theft & controversy https://www.databreaches.net/ca-sim-card-theft-discount-provider-discount-protection/
  • Microsoft engineer who exploited bug and sold Xbox gift card activation codes for bitcoin sentenced for theft of $10M https://www.pcgamer.com/microsoft-engineer-stole-dollar10-million-by-selling-xbox-gift-cards-for-bitcoin/
  • A student's rape went unsolved for 14 years. Police say the suspect gave his DNA to a genealogy database. https://www.washingtonpost.com/nation/2021/06/29/tampa-police-genealogy-rape/

Other Security / Risk

Articles covering other types of risks.

• The Internet Is Rotting https://www.theatlantic.com/technology/archive/2021/06/the-internet-is-a-collective-hallucination/619320/
• Users Clueless About Cybersecurity Risks: Study https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/
• Cyber insurance model is broken, consider banning ransomware payments, says think tank https://www.theregister.com/2021/07/01/rusi_cyber_insurance_ransomware_report/
• Cyber reinsurance rates rocket at July renewals https://www.databreaches.net/cyber-reinsurance-rates-rocket-at-july-renewals/
• Ransomware Losses Drive Up Cyber-Insurance Costs https://www.darkreading.com/risk/ransomware-losses-drive-up-cyber-insurance-costs/d/d-id/1341436
• Study Finds Insurance Companies Lack Cyber Hygiene https://www.securityweek.com/study-finds-insurance-companies-lack-cyber-hygiene
• Workshop on Economics of Information Security - liveblog by Ross Anderson https://www.lightbluetouchpaper.org/2021/06/28/weis-2021-liveblog/
• Computing at the cutting edge https://www.technologyreview.com/2021/06/28/1027100/computing-at-the-cutting-edge/
• A Venture Capitalist's View of Cybersecurity https://www.databreachtoday.com/interviews/venture-capitalists-view-cybersecurity-i-4924
• Bulletproof TLS Newsletter 78 - ALPACA TLS cross-protocol attacks, GnuTLS 3.7.2, OpenSSL 3.0.0 Beta, bothe FireFox and Edge have HTTPS enforcement https://www.feistyduck.com/bulletproof-tls-newsletter/issue_78_alpaca_shows_tls_cross_protocol_attacks
• Confidential national security docs left sitting on Halifax lawyer's porch https://globalnews.ca/news/8000606/confidential-national-security-documents-porch/
• The great chip crisis threatens the promise of Moore's Law https://www.technologyreview.com/2021/06/30/1026438/global-microchip-shortage-problem-m1-apple-tsmc-intel/
• Risks of Evidentiary Software https://www.schneier.com/blog/archives/2021/06/risks-of-evidentiary-software.html
• Netflix VPN ban largely ineffective, according to 3,000+ tests https://www.comparitech.com/blog/vpn-privacy/netflix-vpn-testing/
• The auto industry is distancing itself from Tesla in response to new crash reporting rule https://www.theverge.com/2021/6/30/22557135/nhtsa-autonomous-adas-crash-rule-response-tesla
• A new piece of the quantum computing puzzle https://scienmag.com/a-new-piece-of-the-quantum-computing-puzzle/
• Microsoft and Google prepare to battle again after ending six-year truce https://www.theverge.com/2021/6/30/22557595/microsoft-google-six-year-legal-truce-end-scroogled-battles
• Drivers in Ontario will now be slapped with stunt driving charges at lower speeds https://toronto.ctvnews.ca/drivers-in-ontario-will-now-be-slapped-with-stunt-driving-charges-at-lower-speeds-1.5493233
• Ha! One of the first cars impounded under Ontario’s updated stunting law was a Smart Car! https://www.driving.ca/auto-news/crashes/one-of-the-first-cars-impounded-under-ontarios-new-laws-was-a-smart

• Residential Schools:

  • 182 human remains in unmarked graves found at site of former residential school in Cranbrook, B.C. https://globalnews.ca/news/7993173/human-remains-residential-school-cranbrook-bc/
  • Quebec teachers want Indigenous history taught differently in schools https://globalnews.ca/news/7989155/quebec-teachers-indigenous-history-education/

• Windows 11 news:

  • Windows 11 includes the DNS-over-HTTPS privacy feature - How to use https://www.bleepingcomputer.com/news/microsoft/windows-11-includes-the-dns-over-https-privacy-feature-how-to-use/
  • Windows 11 makes TPM Diagnostics tool its first optional feature https://www.bleepingcomputer.com/news/security/windows-11-makes-tpm-diagnostics-tool-its-first-optional-feature/
  • Windows 11 may switch to a Black Screen of Death crash screen https://www.bleepingcomputer.com/news/microsoft/windows-11-may-switch-to-a-black-screen-of-death-crash-screen/
  • Windows 11's Security Push Leaves Scores of PCs Behind https://www.wired.com/story/windows-11-hardware-requirements-security
• An officer played a Taylor Swift song to keep his recording off YouTube. Instead it went viral. https://www.washingtonpost.com/nation/2021/07/02/taylor-swift-california-cop/
• Using A.I. to Find Bias in A.I. https://www.nytimes.com/2021/06/30/technology/artificial-intelligence-bias.html
• Why aren't more girls in the UK choosing to study computing and technology? https://www.theguardian.com/careers/2021/jun/28/why-arent-more-girls-in-the-uk-choosing-to-study-computing-and-technology

• Health, Safety & Environment:

  • An 'Edible' Cholera Vaccine Made From Ground Rice Just Passed Phase 1 Human Trials https://www.sciencealert.com/a-cholera-vaccine-made-from-ground-rice-just-passed-phase-1-human-trials
  • China declared officially malaria-free by WHO https://www.bbc.co.uk/news/world-asia-china-57670189
  • New solution for sleep apnoea https://scienmag.com/new-solution-for-sleep-apnoea/
  • Mind-Blowing 'Inflatable' Spinal Cord Implant Could Make Pain Relief Widely Available https://www.sciencealert.com/mind-blowing-spinal-cord-implant-could-relieve-suffering-for-chronic-pain-patients
  • City of Winnipeg to provide additional mosquito surveillance https://globalnews.ca/news/7986271/winnipeg-additional-mosquito-surveillance/
  • Study on Sobering Centre's as an alternative to drunk tank released. https://globalnews.ca/news/7987675/study-on-sobering-centres-as-an-alternative-to-drunk-tank-released/
  • Escape room simulation promotes infection control adherence at the temple VA https://scienmag.com/escape-room-simulation-promotes-infection-control-adherence-at-the-temple-va/
  • Employed individuals more likely to contract the flu, study shows https://scienmag.com/employed-individuals-more-likely-to-contract-the-flu-study-shows/
  • Vaccines grown in eggs induce antibody response against an egg-associated glycan https://scienmag.com/vaccines-grown-in-eggs-induce-antibody-response-against-an-egg-associated-glycan/
  • 17 hurt in Los Angeles bomb-removal truck blast after illegal fireworks and homemade explosives found in man's home https://www.washingtonpost.com/nation/2021/07/01/fireworks-explode-los-angeles/
  • A Tesla Model S Plaid caught fire in Pennsylvania, briefly trapping the driver inside https://www.theverge.com/2021/7/2/22560662/tesla-model-s-plaid-fire-driver-battery-pennsylvania
  • Tour de France spectator arrested over sign crash https://www.bbc.co.uk/news/world-europe-57668657
  • Electric vehicles are the future for everyone — except disabled people https://www.theverge.com/2021/7/2/22550853/electric-vehicles-disabled-wheelchair-conversion-battery
  • Gigantic Antarctic Lake Suddenly Disappears in Monumental Vanishing Act https://www.sciencealert.com/gigantic-antarctic-lake-suddenly-disappears-in-monumental-vanishing-act
  • Canada Just Announced A Ban on Internal Combustion Engines https://interestingengineering.com/canada-is-banning-internal-combustion-engines-but-what-about-the-cold
  • U.K. Will Stop Using Coal Power in Just Three Years https://www.scientificamerican.com/article/u-k-will-stop-using-coal-power-in-just-three-years/
  • Detroit startup developing eco-friendly marine coating for ships and boats https://scienmag.com/detroit-startup-developing-eco-friendly-marine-coating-for-ships-and-boats/
  • Climate scientists blame Exxon lobbyists for disinformation that undermines efforts to reduce emissions and global warming https://www.businessinsider.com/climate-experts-blame-exxon-lobbyists-for-efforts-against-reducing-emissions-2021-7

• Heatwave:

  • What led to the heat dome taking over Western Canada and the U.S. https://www.cbc.ca/news/thenational/what-led-to-the-heat-dome-taking-over-western-canada-and-the-u-s-1.6087148
  • Canada heatwave: Bears take a dip in record breaking temperatures https://www.bbc.co.uk/news/world-us-canada-57651894
  • Canada heatwave: Military on standby as lightning triggers more wildfires https://www.bbc.co.uk/news/world-us-canada-57711581
  • ‘We are getting the calls as fast as we can': Okanagan paramedics see a surge during heat wave https://globalnews.ca/news/7995095/okanagan-paramedics-surge-heat-wave/
  • Alberta electricity operator declares Level 1 energy emergency amid historic heat wave https://globalnews.ca/news/7991390/alberta-aeso-heat-wave-energy-emergency/
  • Car submerged, road flooded as record-breaking B.C. heat prompts massive snow melt https://globalnews.ca/news/7994540/flooding-record-breaking-heat-rapid-snow-melt-bc-video/
  • Earth's cryosphere shrinking by 87,000 square kilometers per year https://scienmag.com/earths-cryosphere-shrinking-by-87000-square-kilometers-per-year/

• Building Safety and lessons from the Florida Condo Collapse:

  • At least 20 dead, 128 still missing in Florida condo collapse https://globalnews.ca/news/7998200/death-toll-florida-condo-collapse/
  • ‘Excruciating' search through wreckage of Florida condo collapse enters 6th day https://globalnews.ca/news/7988804/florida-condo-collapse-rescue-day-6/
  • Florida condo board president warned of ‘accelerating' damage weeks before collapse https://globalnews.ca/news/7991876/florida-condo-collapse-president-warning/
  • Miami collapse: Remaining structure demolished over safety fears https://www.bbc.co.uk/news/world-us-canada-57716934
  • 3 structural engineers explain why a building like the Surfside, Florida condo might suddenly collapse https://www.businessinsider.com/surfside-florida-building-collapse-causes-structural-engineers-2021-7
  • Condo Buildings Are at Risk. So Is All Real Estate. https://www.theatlantic.com/ideas/archive/2021/07/surfside-tower-was-just-another-condo-building/619348/
  • ‘I'm officially homeless': 2nd Florida condo evacuated as collapse site search continues https://globalnews.ca/news/8000243/florida-miami-surfside-condo-collapse-search-evacuated/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Canada's COVID-19 death toll could be thousands higher than official count: report https://globalnews.ca/news/7988172/canada-covid-19-deaths-excess/
  • Ontario reports 213 COVID-19 cases, 9 deaths; 196K more vaccines administered https://globalnews.ca/news/8001590/covid-19-ontario-cases-vaccine-july-4-coronavirus/
  • Russia marks record number of COVID-19 deaths for 5th day in a row https://globalnews.ca/news/8000467/covid-coronavirus-russia-vaccine-lockdown/
  • Why Uruguay Lost Control of COVID https://www.scientificamerican.com/article/why-uruguay-lost-control-of-covid/
  • The CDC stopped tracking most COVID-19 cases in vaccinated people. That makes it hard to know how dangerous Delta really is. https://www.businessinsider.com/risk-of-delta-variant-cdc-stopped-tracking-cases-vaccinated-2021-7
  • Covid: Misleading stat claims more vaccinated people die https://www.bbc.co.uk/news/health-57610998
  • ‘Variant factory': The unvaccinated pose a risk to more than just themselves https://globalnews.ca/news/8001735/covid-19-unvaccinated-variants/
  • Key mutations in Alpha variant enable SARS-CoV-2 to overcome evolutionary weak points https://scienmag.com/key-mutations-in-alpha-variant-enable-sars-cov-2-to-overcome-evolutionary-weak-points/
  • The Delta variant infected almost everyone at a 'superspreader' party in Australia - except the 6 vaccinated people https://www.businessinsider.com/delta-variant-infected-all-unvaccinated-guests-at-a-sydney-party-2021-6
  • Delta variant on track to be dominant COVID-19 strain in Europe by August: WHO https://globalnews.ca/news/7995773/delta-variant-europe-covid-who/
  • Graphs show where the Delta variant is surging fastest in the US, with huge spikes in Missouri, Colorado, Utah, and Arkansas https://www.businessinsider.com/delta-is-surging-fastest-in-missouri-colorado-utah-arkansas-graph-2021-7
  • Highly Infectious Delta Variant Could Already Be Dominant in The US https://www.sciencealert.com/highly-infectious-delta-coronavirus-strain-may-now-be-dominant-in-the-us-says-testing-lab

• Guidance, Response, and Recovery:

  • Border rules start to ease for fully vaccinated Canadian travellers on Monday https://globalnews.ca/news/8001587/covid-coronavirus-border-quarantine-rules-vaccinated/
  • Can't enter Canada now? Don't try on Monday, border agency warns would-be travellers https://www.cp24.com/news/can-t-enter-canada-now-don-t-try-on-monday-border-agency-warns-would-be-travellers-1.5494320
  • N.L. lifts controversial COVID-19 travel ban nearly 14 months after it began https://globalnews.ca/news/7994963/n-l-lifts-controversial-covid-19-travel-ban-nearly-14-months-after-it-began/
  • Ontario is the only place in North America where indoor dining isn't allowed https://toronto.ctvnews.ca/ontario-is-the-only-place-in-north-america-where-indoor-dining-isn-t-allowed-1.5493159
  • Fauci says he's not going to waste his time with an antibody test, and neither should you https://www.businessinsider.com/fauci-do-not-measure-covid-protection-immunity-with-antibody-test-2021-6
  • Masks will become personal choice - UK minister https://www.bbc.co.uk/news/uk-57710527
  • Sweden, noted for its lax COVID-19 response, never mandated face masks. Now it's dropping its vague recommendation to wear one at all. https://www.businessinsider.com/covid-19-sweden-drops-face-mask-recommendation-never-mandated-them-2021-7

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Scientists identify 160 new drugs that could be repurposed against COVID-19 https://scienmag.com/scientists-identify-160-new-drugs-that-could-be-repurposed-against-covid-19/
  • Researchers are using photos of toasters and fridges to train algorithms to detect COVID https://scienmag.com/researchers-are-using-photos-of-toasters-and-fridges-to-train-algorithms-to-detect-covid/

• Immunity and Vaccinations:

  • Over 270K Canadians got the Covishield vaccine. They may not be eligible for EU travel https://globalnews.ca/news/7992959/covid-coronavirus-vaccine-passport-europe-eu-travel-covishield/
  • What you need to know about the EU vaccine passport https://www.bbc.co.uk/news/explainers-57665765
  • COVID-19 vaccine reduces severity, length, viral load for those who still get infected https://scienmag.com/covid-19-vaccine-reduces-severity-length-viral-load-for-those-who-still-get-infected/
  • The Lancet Inf. Dis.: Coronavac COVID-19 vaccine safe in children and adolescents and triggers antibodies https://scienmag.com/the-lancet-inf-dis-coronavac-covid-19-vaccine-safe-in-children-and-adolescents-and-triggers-antibodies/
  • COVID-19 vaccine explainer: How protein subunit shots work, what makes them different https://www.ctvnews.ca/health/coronavirus/covid-19-vaccine-explainer-how-protein-subunit-shots-work-what-makes-them-different-1.5493274
  • Researchers find potential path to a broadly protective COVID-19 vaccine using T cells https://scienmag.com/researchers-find-potential-path-to-a-broadly-protective-covid-19-vaccine-using-t-cells/

• Things we learned:

  • Mental health of high school students during social distancing, remote schooling during COVID-19 https://scienmag.com/mental-health-of-high-school-students-during-social-distancing-remote-schooling-during-covid-19/
  • The Pandemic Did Not Affect Mental Health the Way You Think https://www.theatlantic.com/ideas/archive/2021/07/covid-19-did-not-affect-mental-health-way-you-think/619354/

• Impact:

  • Clorox Stocks Tank As Pandemic Demand Fades https://www.pymnts.com/news/retail/2021/clorox-stocks-tank-as-pandemic-demand-fades/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Making seawater drinkable in minutes https://scienmag.com/making-seawater-drinkable-in-minutes/
• New kind of molten salt reactor to be built at retiring coal plant https://bigthink.com/technology-innovation/molten-salt-reactor-replace-coal
• The US and British navies' newest submarines are equipped with totally different kinds of periscopes https://www.businessinsider.com/new-us-british-navy-submarines-have-new-kind-of-periscope-2021-6
• What happened to… the Lucky Loonie https://globalnews.ca/news/7931708/what-happened-to-the-lucky-loonie/
• In 1989, This Old House Made a Pretty Spot-On Prediction About What the "House of the Future" Would Look Like https://www.mentalfloss.com/article/648013/this-old-house-predicted-future-home
• Irony Alert: Fool's Gold Actually Contains Real Gold https://www.mentalfloss.com/article/648019/fools-gold-contains-real-gold-after-all
• Researchers explore how children learn language https://scienmag.com/researchers-explore-how-children-learn-language/
• Flying car makes successful test run between airports in Slovakia – video https://www.theguardian.com/world/video/2021/jul/01/flying-car-successful-test-run-airports-slovakia-video
• Is the use of jetpacks finally about to take off? https://www.bbc.co.uk/news/business-57652297
• The art of asking nicely - There are upsides to working with a neural net that trained on a huge... https://aiweirdness.com/post/655607559221379072
• Astronauts successfully edit genes in space for first time in experimental procedure https://www.independent.co.uk/life-style/gadgets-and-tech/gene-editing-international-space-station-crispr-astronaut-b1876139.html
• NASA Continues to Try and Rescue Failing Hubble https://www.universetoday.com/151669/nasa-continues-to-try-and-rescue-failing-hubble/
• Baby stars throw big tantrums. Very, very big tantrums. And they do it a lot. https://www.syfy.com/syfywire/baby-stars-throw-big-tantrums-very-very-big-tantrums-and-they-do-it-a-lot
• Tiny but mighty: Astronomers find the smallest but most massive white dwarf ever seen https://www.syfy.com/syfywire/tiny-but-mighty-astronomers-find-the-smallest-but-most-massive-white-dwarf-ever-seen
• Black holes swallow neutron stars like ‘Pac Man' https://scienmag.com/black-holes-swallow-neutron-stars-like-pac-man/
• The motions of 66 nearby galaxies have now been reliably measured. Not stars. Galaxies. https://www.syfy.com/syfywire/the-motions-of-66-nearby-galaxies-have-now-been-reliably-measured-not-stars-galaxies
• New type of optical illusion https://www.livescience.com/scintillating-starburst-illusion.html
• A Small Satellite With a Solar Sail Could Catch up With an Interstellar Object https://www.universetoday.com/151688/a-small-satellite-with-a-solar-sail-could-catch-up-with-an-interstellar-object/
• Scientists find entirely new kind of supernova, solving thousand-year mystery https://www.independent.co.uk/life-style/gadgets-and-tech/supernova-new-stars-explosion-crab-b1874102.html