Welcome to This Week’s [in]Security. PCI: 8-digit BINS, Back-to-basics, Controlling Scope, POS breach. New breaches, New Ransomware: food, agriculture, hospitals, holidays, bandwidth, partial encryption. Follow-ups & Fall-out: Bangkok Air, solarwinds, Dallas Police, Juniper. Privacy: Apple photo-scanning, DNA Collection, Tattleware, Browsers. Bluetooth headphones. Laws & Regs: Canada: Covid class actions. US: Software Copyright, AI Inventors, Clearview. CMA Reform, WhatsApp fine, Apple Store, China's kids. Standards: NIST Telehealth, integrity. Defense: People, VPN audit, Downloads, APK Downloader. Vulnerabilities: CISA warns of 1FA, BrakTooth, AS-REP Roasting, Cisco, OpenSSL, STARTTLS, Trains, GitHub Copilot, NPM pac-resolver, WordPress, QNAP, WhatsApp photos. Fortress Home Security, Linphone, Vaccine Passports, Quantum Crypto & Key generation. Canonicalization Attacks. Cybercrime: Trends: Nation States. Crime: Off-boarding? Gift-cards, Banksy, Other Risks: Gut Instinct, digital advocate, Cryptographic voting, Windows 11, War-surplus. Misinformation, Health, Safety & Environment: Ida, Virgin Galactic, PHAs. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• 8-digit BINs and PCI DSS: What You Need to Know https://blog.pcisecuritystandards.org/8-digit-bins-and-pci-dss-what-you-need-to-know
• Back-to-Basics: Think Before You Click https://blog.pcisecuritystandards.org/back-to-basics-think-before-you-click
• Why did my PCI DSS Scope Explode?! https://www.controlgap.com/Why-did-my-PCI-DSS-Scope-Explode/
• Dallas-Based Restaurant Chain Confirms POS Breach https://www.databreachtoday.com/dallas-based-restaurant-chain-confirms-pos-breach-a-17433
• (Article that tells you nothing about a product that sounds a lot like other tokenization solutions) Solving the Payments Data Security and Compliance Problem By Getting Rid of the Data https://www.pymnts.com/safety-and-security/2021/payments-data-security-compliance-problem-solution/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • LockBit gang leaks Bangkok Airways data, hits Accenture customers https://www.bleepingcomputer.com/news/security/lockbit-gang-leaks-bangkok-airways-data-hits-accenture-customers/
  • Cream Finance loses $25 million in another security breach https://www.databreaches.net/cream-finance-loses-25-million-in-another-security-breach/
  • Hackers Steal Data from Neuchâtel Cantonal Bank https://www.databreaches.net/hackers-steal-data-from-neuchatel-cantonal-bank/
  • 700,000 French pharmacy Covid test results left publicly available https://www.databreaches.net/700000-french-pharmacy-covid-test-results-left-publicly-available/
  • Career Group, Inc. notifies more than 49,000 after paying ransom to threat actors https://www.databreaches.net/career-group-inc-notifies-more-than-49000-after-paying-ransom-to-threat-actors/
  • DuPage Medical Group notifying 600,000 patients that their personal information may have been compromised in cyberattack https://www.databreaches.net/dupage-medical-group-notifying-600000-patients-that-their-personal-information-may-have-been-compromised-in-cyberattack/
  • Switzerland: Citizen and municipality data published on Darknet https://www.databreaches.net/switzerland-citizen-and-municipality-data-published-on-darknet/

• New Ransomware and "Incidents":

  • FBI warns of ransomware gangs targeting food, agriculture orgs https://www.bleepingcomputer.com/news/security/fbi-warns-of-ransomware-gangs-targeting-food-agriculture-orgs/
  • Code Red: Hospitals Are Facing a Major Ransomware Threat https://blog.isc2.org/isc2_blog/2021/08/hospitals-facing-ransomware-threat.html
  • CISA Warns of Holiday Ransomware Attacks https://www.databreachtoday.com/cisa-warns-holiday-ransomware-attacks-a-17431
  • Cyberattackers are now quietly selling off their victim's internet bandwidth https://www.zdnet.com/article/cyberattackers-are-now-quietly-selling-off-their-victims-internet-bandwidth
  • LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection https://threatpost.com/lockfile-ransomware-avoid-detection/169042/
  • Sault Ste. Marie Police Service victim of ransomware attack https://www.databreaches.net/sault-ste-marie-police-service-victim-of-ransomware-attack/
  • Ransomware attacks on US schools and colleges cost $6.62bn in 2020 https://www.comparitech.com/blog/information-security/school-ransomware-attacks/
  • US farm loses $9 million in the aftermath of a ransomware attack https://www.databreaches.net/us-farm-loses-9-million-in-the-aftermath-of-a-ransomware-attack/
  • UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies https://www.theregister.com/2021/09/02/uk_voip_telcos_revil_ransom/

• Follow-ups and fall-out:

  • LockBit Gang to Publish 103GB of Bangkok Air Customer Data https://threatpost.com/lockbit-bangkok-airways-breach/169019/
  • Excellent Write-up of the SolarWinds Security Breach https://www.schneier.com/blog/archives/2021/08/excellent-write-up-of-the-solarwinds-security-breach.html
  • Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation: Microsoft https://www.securityweek.com/microsoft-hacked-solarwinds-ftp-software-lacked-basic-anti-exploit-mitigation
  • Dallas police data loss nearly triple initial estimate https://www.databreaches.net/dallas-police-data-loss-nearly-triple-initial-estimate/
  • Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role https://www.databreaches.net/juniper-breach-mystery-starts-to-clear-with-new-details-on-hackers-and-u-s-role/
  • Wawa paying $9-million in cash, gift cards in data breach settlement; Nov. deadline to file claim https://www.databreaches.net/wawa-paying-9-million-in-cash-gift-cards-in-data-breach-settlement-nov-deadline-to-file-claim/
  • Beaumont Health notifies patients of Accellion breach https://www.databreaches.net/beaumont-health-notifies-patients-of-accellion-breach/

Privacy

Articles about privacy related news, risks, and trends.

• 25,000 EFF Supporters Have Told Apple Not To Scan Their Phones https://www.eff.org/deeplinks/2021/08/25000-eff-supporters-have-told-apple-not-scan-their-phones
• Apple Backs Down on Its Controversial Photo-Scanning Plans https://www.wired.com/story/apple-icloud-photo-scan-csam-pause-backlash
• Delays Aren't Good Enough—Apple Must Abandon Its Surveillance Plans https://www.eff.org/deeplinks/2021/09/delays-arent-good-enough-apple-must-abandon-its-surveillance-plans
• Preservation of DNA Privacy During the Large Scale Detection of COVID https://eprint.iacr.org/2021/1108
• Video Briefing Wednesday: EFF and Partners Will Deliver to Apple Petitions with 50,000 Signatures Demanding End to Phone Scanning Program https://www.eff.org/press/releases/video-briefing-wednesday-eff-and-partners-will-deliver-apple-petitions-50000
• Bosses turn to ‘tattleware' to keep tabs on employees working from home https://www.theguardian.com/us-news/2021/sep/05/covid-coronavirus-work-home-office-surveillance
• Change these browser settings immediately to protect your privacy in Chrome, Firefox and more https://www.cnet.com/tech/services-and-software/change-these-browser-settings-immediately-to-protect-your-privacy-in-chrome-firefox-and-more/
• Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle https://www.theregister.com/2021/09/04/bluetooth_headphones_tracking_oslo/
• (Aren't there already enough false activations?) Quick phrases could let you skip ‘Hey, Google' for common tasks https://www.theverge.com/2021/9/2/22653614/google-assistant-quick-phrases-guacamole-salsas-wake-word-phrase
• Microsoft 365 Usage Analytics now anonymizes user info by default https://www.bleepingcomputer.com/news/microsoft/microsoft-365-usage-analytics-now-anonymizes-user-info-by-default/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Ontario court certifies class action against insurers related to COVID-19 losses https://toronto.ctvnews.ca/ontario-court-certifies-class-action-against-insurers-related-to-covid-19-losses-1.5566777

• US:

  • The Federal Circuit Has Another Chance to Get it Right on Software Copyright https://www.eff.org/deeplinks/2021/08/federal-circuit-has-another-chance-get-it-right-software-copyright
  • AI computers can't patent their own inventions — yet — a US judge rules https://www.theverge.com/2021/9/3/22656039/ai-inventor-patent-copyright-uspto-federal-court-ruling
  • FTC bans spyware app SpyFone, orders it to delete illegally harvested data https://www.theverge.com/2021/9/2/22653859/ftc-bans-spyware-app-spyfone-delete-data-stalkerware
  • SEC Sanctions 8 Firms for 'Deficient Cybersecurity Procedures' https://www.databreachtoday.com/sec-sanctions-8-firms-for-deficient-cybersecurity-procedures-a-17423
  • Victory! Lawsuit Proceeds Against Clearview's Face Surveillance https://www.eff.org/deeplinks/2021/08/victory-lawsuit-proceeds-against-clearviews-face-surveillance
  • Student files class action lawsuit against Syracuse University over data breach that affected 10,000 https://www.databreaches.net/student-files-class-action-lawsuit-against-syracuse-university-over-data-breach-that-affected-10000/
  • The computer repairman with Hunter Biden's laptop lost his lawsuit against Twitter and has to pay the company's legal fees https://www.businessinsider.com/hunter-biden-computer-repairman-lost-defamation-suit-against-twitter-2021-9
  • A judge asked a mother if she got the coronavirus vaccine. She said no, and he revoked custody of her son. https://www.washingtonpost.com/nation/2021/08/30/chicago-vaccine-custody-rebecca-firlit/

• World:

  • Rapid7 says Computer Misuse Act should include 'good faith' infosec research exemption https://www.theregister.com/2021/09/03/rapid7_computer_misuse_act_reform_plans/
  • WhatsApp to appeal $266 million fine for violating EU privacy laws https://www.bleepingcomputer.com/news/security/whatsapp-to-appeal-266-million-fine-for-violating-eu-privacy-laws/
  • Apple and Google must allow developers to use other payment systems, new Korean law declares https://www.theverge.com/2021/8/31/22643800/apple-google-south-korea-app-store-payment-legislation-passes
  • Apple concedes to let apps like Netflix, Spotify, and Kindle link to the web to sign up https://www.theverge.com/2021/9/1/22653264/apple-reader-app-exception-anti-steering-signup-page
  • China bans exams for six-year-old school children https://www.bbc.co.uk/news/world-asia-china-58380792?at_medium=RSS&at_campaign=KARANGA
  • China limits children to no more than 3 hours of video games a week https://globalnews.ca/news/8152345/china-online-video-games-children-rules/

• Standards News:

  • NIST/NCCoE draft project Mitigating Cybersecurity Risk in Telehealth Smart Home Integration is open for comment through October 4th https://csrc.nist.gov/publications/detail/white-paper/2021/08/31/mitigating-cyber-risk-in-telehealth-smart-home-integration/draft
  • NIST/NCCoE has released a draft (SP) 1800-34 Validating the Integrity of Computing Devices Volume B for laptops (end-user) computing devices open for comment through September 29 https://csrc.nist.gov/publications/detail/sp/1800-34/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• CCSP Certification vs. CCAK Certificate: What Are the Distinctions? https://blog.isc2.org/isc2_blog/2021/09/ccsp-certification-vs-ccak-certificate.html
• Computer science is a rapidly growing field, so Codecademy launched an affordable online computer science certificate program that only takes 6 months to complete https://www.businessinsider.com/codecademy-computer-science-path-online-certificate-program
• U.S. Justice Department Introduces Cyber Fellowship Program https://www.securityweek.com/us-justice-department-introduces-cyber-fellowship-program
• Mozilla VPN Security Audit https://blog.mozilla.org/security/2021/08/31/mozilla-vpn-security-audit/
• Microsoft shares guidance on securing Azure Cosmos DB accounts https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-guidance-on-securing-azure-cosmos-db-accounts/
• How to block Windows Plug-and-Play auto-installing insecure apps https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-and-play-auto-installing-insecure-apps/
• How Does MTA-STS Improve Your Email Security? https://thehackernews.com/2021/08/how-does-mta-sts-improve-your-email.html
• Firefox follows Chrome and prepares to block insecure downloads https://therecord.media/firefox-follows-chrome-and-prepares-to-block-insecure-downloads/
• Twitter adds new ‘Safety Mode' that will automatically block people who are abusive https://www.independent.co.uk/life-style/gadgets-and-tech/twitter-safety-mode-block-abuse-b1912581.html
• Logitech's Bolt USB dongle bolsters encryption for its new wireless mice and keyboards https://www.theverge.com/2021/9/1/22651973/logitech-logi-bolt-usb-dongle-bluetooth-security-le-keyboard-mouse-accessories
• Introducing “apkeep,” EFF Threat Lab's new APK Downloader https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• CISA: Don't use single-factor auth on Internet-exposed systems https://www.bleepingcomputer.com/news/security/cisa-don-t-use-single-factor-auth-on-internet-exposed-systems/
• New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable https://thehackernews.com/2021/09/new-braktooth-flaws-leave-millions-of.html
• The AS-REP Roasting attack- why you need AD Preauthentication https://thehackernews.com/2021/09/what-is-as-rep-roasting-attack-really.html
• Cisco Patches Critical Authentication Bypass Bug https://www.databreachtoday.com/cisco-patches-critical-authentication-bypass-bug-a-17459
• Cisco Patches Critical Enterprise NFVIS Vulnerability for Which PoC Exploit Is Available https://www.securityweek.com/cisco-patches-critical-enterprise-nfvis-vulnerability-which-poc-exploit-available
• Vendors Issue Security Advisories for OpenSSL Flaws https://www.databreachtoday.com/vendors-issue-security-advisories-for-openssl-flaws-a-17438
• Bulletproof TLS #80 https://www.feistyduck.com/bulletproof-tls-newsletter/issue_80_vulnerabilities_show_fragility_of_starttls
• Flaws in Moxa Railway Devices Could Allow Hackers to Cause Disruptions https://www.securityweek.com/flaws-moxa-railway-devices-could-allow-hackers-cause-disruptions
• Windows 10 KB5005101 Cumulative Update released with 35 fixes https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5005101-cumulative-update-released-with-35-fixes/
• Windows 11 may not get security updates on unsupported devices https://www.bleepingcomputer.com/news/microsoft/windows-11-may-not-get-security-updates-on-unsupported-devices/
• Zero-Click iPhone Exploits https://www.schneier.com/blog/archives/2021/09/zero-click-iphone-exploits.html
• Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers
• NPM package with 3 million weekly downloads had a severe vulnerability https://arstechnica.com/information-technology/2021/09/npm-package-with-3-million-weekly-downloads-had-a-severe-vulnerability/
• Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites https://threatpost.com/gutenberg-template-library-redux-bugs-wordpress/169111/
• QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout https://threatpost.com/qnap-openssl-bugs/169054/
• WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers https://thehackernews.com/2021/09/whatsapp-photo-filter-bug-could-have.html
• Fortress Home Security Open to Remote Disarmament https://threatpost.com/fortress-home-security-remote-disarmament/169069/
• Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices https://thehackernews.com/2021/09/linphone-sip-stack-bug-could-let.html

• Vaccine Passports:

  • Vaccine Passport Missteps We Should Not Repeat https://www.eff.org/deeplinks/2021/08/vaccine-passport-missteps-we-should-not-repeat
  • VaxiCode flaw: Quebec refused to give immunity to the whistleblower https://www.databreaches.net/vaxicode-flaw-quebec-refused-to-give-immunity-to-the-whistleblower/
  • Ontario should prevent the 'hack' that hit Quebec's vaccine passport app, expert warns https://toronto.ctvnews.ca/ontario-should-prevent-the-hack-that-hit-quebec-s-vaccine-passport-app-expert-warns-1.5569981
  • Why is Ontario developing its own vaccine passport app? https://globalnews.ca/news/8163588/ontario-developing-own-vaccine-passport-app/
• Researchers Propose Machine Learning-based Bluetooth Authentication Scheme https://thehackernews.com/2021/08/researchers-propose-machine-learning.html
• NSA: We 'don't know when or even if' a quantum computer will ever be able to break today's public-key encryption https://www.theregister.com/2021/09/01/nsa_quantum_computing_faq/
• Scott Aaronson Talks About What Makes Quantum Computing So Hard to Explain and Why Your Expectations are probably wrong https://www.quantamagazine.org/why-is-quantum-computing-so-hard-to-explain-20210608/
• AWS researcher merges the power of two quantum computers to help make cryptography keys stronger https://www.zdnet.com/article/aws-researcher-merges-the-power-of-two-quantum-computers-to-help-make-cryptography-keys-stronger/
• How not to hash, encryption modes, and more - Canonicalization Attacks Against MACs and Signatures https://soatok.blog/2021/07/30/canonicalization-attacks-against-macs-and-signatures/
• History of the HX-63 Rotor Machine https://www.schneier.com/blog/archives/2021/09/history-of-the-hx-63-rotor-machine.html
• More Military Cryptanalytics, Part III https://www.schneier.com/blog/archives/2021/08/more-military-cryptanalytics-part-iii.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Kaspersky Detects 1.5B IoT Cyberattacks This Year https://www.pymnts.com/news/security-and-risk/2021/kaspersky-detects-iot-cyberattacks-double-last-year/
  • Cheap and nasty: How for $100 low-skilled ransom DDoS extortionists can cripple your business https://www.imperva.com/blog/cheap-and-nasty-how-for-100-low-skilled-ransom-ddos-extortionists-can-cripple-your-business/
  • Analysis: The Latest Data Breach Trends https://www.databreachtoday.com/interviews/analysis-latest-data-breach-trends-i-4959
  • Analyzing SSL/TLS Certificates Used by Malware https://www.trendmicro.com/en_us/research/21/i/analyzing-ssl-tls-certificates-used-by-malware.html
  • 15-Year-Old Malware Proxy Network VIP72 Goes Dark https://krebsonsecurity.com/2021/09/15-year-old-malware-proxy-network-vip72-goes-dark/
  • Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/
  • Fake DMCA and DDoS complaints lead to BazaLoader malware https://www.bleepingcomputer.com/news/security/fake-dmca-and-ddos-complaints-lead-to-bazaloader-malware/
  • This New Malware Family Using CLFS Log Files to Avoid Detection https://thehackernews.com/2021/09/this-new-malware-family-using-clfs-log.html
  • Atlassian Vulnerability Being Exploited in the Wild https://www.databreachtoday.com/atlassian-vulnerability-being-exploited-in-wild-a-17457
  • Recently Patched Confluence Vulnerability Exploited in the Wild https://www.securityweek.com/recently-patched-confluence-vulnerability-exploited-wild

• Nation State Actors:

  • Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack https://thehackernews.com/2021/09/microsoft-says-chinese-hackers-were.html
  • China linked to takeover of Italian drone plant https://www.bbc.co.uk/news/world-europe-58426878
  • Autodesk reveals it was targeted by Russian SolarWinds hackers https://www.bleepingcomputer.com/news/security/autodesk-reveals-it-was-targeted-by-russian-solarwinds-hackers/

• Crime & Arrests, etc.:

  • Fired NY credit union employee nukes 21GB of data in revenge https://www.bleepingcomputer.com/news/security/fired-ny-credit-union-employee-nukes-21gb-of-data-in-revenge/
  • Gift Card Gang Extracts Cash From 100k Inboxes Daily https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/
  • Scam artists are recruiting English speakers for business email campaigns https://www.zdnet.com/article/scam-artists-are-recruiting-english-speakers-for-business-email-campaigns
  • Scammers Impersonate OpenSea Customer Support https://www.databreachtoday.com/scammers-impersonate-opensea-customer-support-a-17414
  • Fake Banksy NFT sold through artist's website for £244k https://www.bbc.co.uk/news/technology-58399338
  • Banksy Was Warned About Website Flaw Before NFT Hack Scam https://packetstormsecurity.com/news/view/32616/Banksy-Was-Warned-About-Website-Flaw-Before-NFT-Hack-Scam.html
  • An IRS agent pretended to be a crypto trader called 'Mr. Coins' in a $180,000 dark-web drug sting https://markets.businessinsider.com/news/currencies/crypto-bitcoin-irs-trader-mr-coins-dark-web-drug-monero-2021-09
  • Crypto Exchange Bilaxy Loses $21M in Hack https://www.pymnts.com/cryptocurrency/2021/crypto-exchange-bilaxy-loses-21m-in-hack/

Other Security / Risk

Articles covering other types of risks.

• Why Trusting Your Gut Instinct Isn't Always The Best Move, According to Science https://www.sciencealert.com/why-trusting-your-gut-instinct-isn-t-always-the-best-move
• Maybe You Missed It, but the Internet ‘Died' Five Years Ago https://www.theatlantic.com/technology/archive/2021/08/dead-internet-theory-wrong-but-feels-true/619937/
• We need a personal digital advocate https://freedom-to-tinker.com/2021/08/31/we-need-a-personal-digital-advocate/
• Internet shutdowns by governments have ‘proliferated at a truly alarming pace' https://www.theverge.com/2021/9/1/22649909/internet-sthudowns-government-freedom-speech-data-access-now-jigsaw
• Over 60,000 domains parked at MarkMonitor could be taken over https://www.bleepingcomputer.com/news/security/over-60-000-domains-parked-at-markmonitor-could-be-taken-over/
• Canada's Tech Companies Expect Months' Delay in Supply Chains https://www.pymnts.com/news/b2b-payments/2021/canada-tech-companies-expect-months-delay-in-supply-chains/
• And Paper-Based is Better? Towards Comparability of Classic and Cryptographic Voting Schemes, by Marc Nemes and Rebecca Schwerdt and Dirk Achenbach and Bernhard Löwe and Jörn Müller-Quade https://eprint.iacr.org/2021/1122
• Windows 11 arrives on October 5, Android apps will come later https://arstechnica.com/gadgets/2021/08/windows-11s-months-long-public-rollout-begins-on-october-5/
• Canada accepted 7,300 more immigration applications due to technical bug https://www.bleepingcomputer.com/news/security/canada-accepted-7-300-more-immigration-applications-due-to-technical-bug/
• What was left behind by US forces? https://www.bbc.co.uk/news/world-58393763
• New study will show misinformation on Facebook gets way more engagement than news https://www.theverge.com/2021/9/3/22656036/nyu-researchers-study-facebook-misinformation-engagement-election

• Health, Safety & Environment:

  • Drug Overdose Deaths in 2020 Were Horrifying https://www.scientificamerican.com/article/drug-overdose-deaths-in-2020-were-horrifying/
  • Substance being sold as Xanax contains unknown opioid: Nova Scotia Health https://globalnews.ca/news/8162495/nova-scotia-xanax-bars-opioid-contamination/
  • A Marine Bacteria Species Shows Promise for Curing an Aggressive Brain Cancer https://www.smithsonianmag.com/innovation/marine-bacteria-shows-promise-for-curing-aggressive-brain-cancer-180978552/
  • The Atlantic Daily: Why Hurricane Ida Caught America Off Guard https://www.theatlantic.com/newsletters/archive/2021/08/why-hurricane-ida-caught-america-off-guard/619936/
  • The moment flash floods hit NY subway https://www.bbc.co.uk/news/world-us-canada-58418627
  • Wheatley explosion could be 'tip of the iceberg' in Ontario given number of abandoned wells: expert https://www.cbc.ca/news/canada/windsor/wheatley-explosion-gas-wells-1.6161023
  • FAA investigating off-course descent of Virgin Galactic's flight with Richard Branson https://www.theverge.com/2021/9/1/22652887/faa-investigating-virgin-galactic-richard-branson
  • Orbits of Potentially Hazardous Asteroids https://apod.nasa.gov/apod/ap210829.html
  • If You See a Spotted Lanternfly, Officials Say ‘Kill It! Squash it, Smash it … Just Get Rid Of It!' https://www.mentalfloss.com/article/649917/spotted-lanternflies-invasive-species
  • It's official: You can't buy leaded gasoline for cars anywhere on Earth https://www.cbc.ca/news/science/un-leaded-gasoline-1.6158216
  • Plant Absorbs Toxic RDX Contamination https://www.scientificamerican.com/article/plant-absorbs-toxic-rdx-contamination/
  • Dalhousie grad develops artificial reefs that could help save Nova Scotia's ocean ecosystems https://www.cbc.ca/news/canada/nova-scotia/dalhousie-grad-artificial-reefs-save-ecosystems-1.6164003
  • Physicists Have Successfully Advanced a Key Device For Producing Fusion Power https://www.sciencealert.com/there-s-been-a-significant-advance-in-harnessing-the-power-of-nuclear-fusion
  • Paddle boarder's close encounter with two curious whales https://www.bbc.co.uk/news/world-latin-america-58430264

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Scientists Monitoring New Coronavirus Variant With Unusually High Mutation Rate https://www.sciencealert.com/south-africa-scientists-are-monitoring-a-potential-new-coronavirus-variant
  • WHO says it's watching Mu, a new COVID-19 variant of interest https://globalnews.ca/news/8158935/mu-variant-covid-19-coronavirus-who/
  • Canada on course for worst wave of COVID-19 yet, new modelling data shows https://www.ctvnews.ca/health/coronavirus/canada-on-course-for-worst-wave-of-covid-19-yet-new-modelling-data-shows-1.5572673
  • COVID-19: New Ontario modelling predicts ‘substantial' 4th wave https://globalnews.ca/news/8160354/ontario-covid-modelling-fourth-wave/
  • Modelling table co-chair says late fall lockdown 'unavoidable' if Ontarians don't reduce contacts https://toronto.ctvnews.ca/modelling-table-co-chair-says-late-fall-lockdown-unavoidable-if-ontarians-don-t-reduce-contacts-1.5571505
  • Ontario marks highest daily COVID-19 case count in months with more than 900 new infections https://toronto.ctvnews.ca/ontario-marks-highest-daily-covid-19-case-count-in-months-with-more-than-900-new-infections-1.5573644
  • More than 1,300 new COVID-19 cases identified in Alberta as hospitalizations continue to rise https://globalnews.ca/news/8159911/alberta-covid-19-cases-hospitalizations-soar-september-1/
  • Quebec reports 778 COVID-19 cases as province says 6 million people have received their second vaccine https://globalnews.ca/news/8169042/quebec-covid-sep-5-2021-vaccine/
  • There are just 99 ICU beds left in all of Tennessee as a record-breaking COVID-19 spike ravages the state https://www.businessinsider.com/tennessee-has-99-icu-beds-in-record-covid-19-surge-2021-9

• Guidance, Response, and Recovery:

  • Reddit banned an anti-vaccine, anti-mask community after 135 of its biggest forums protested https://www.businessinsider.com/reddit-bans-nonewnormal-subreddit-that-spread-covid-19-vaccine-misinformation-2021-9
  • Level 3, not Level 4: U.S. mistakenly tells Americans ‘do not travel' to Canada https://globalnews.ca/news/8154807/covid-coronavirus-united-states-canada-travel-advisory/
  • How do I prove my COVID-19 vaccination status in Ontario? https://toronto.ctvnews.ca/how-do-i-prove-my-covid-19-vaccination-status-in-ontario-1.5569629
  • Toronto now using retrofitted TTC buses as mobile vaccination clinics https://toronto.ctvnews.ca/toronto-now-using-retrofitted-ttc-buses-as-mobile-vaccination-clinics-1.5570938
  • Unvaccinated Ontario teachers must submit to twice weekly COVID-19 testing https://toronto.ctvnews.ca/unvaccinated-ontario-teachers-must-submit-to-twice-weekly-covid-19-testing-1.5574333
  • GTA school boards express concern about on-site voting for federal election https://toronto.ctvnews.ca/gta-school-boards-express-concern-about-on-site-voting-for-federal-election-1.5570110
  • Anger over pandemic election rises as some Canadians feel unsafe voting in person: poll https://globalnews.ca/news/8148373/canada-election-polling-unsafe-ipsos-poll/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Halifax doctor invents new device to help COVID-19 patients breathe better https://globalnews.ca/news/8169054/steve-beed-covid-19-pronator/

• Immunity and Vaccinations:

  • CDC advisors raise concerns about 'over-vaccination' and ask the White House for more data to show boosters are needed https://www.businessinsider.com/cdc-advisors-over-vaccination-concern-need-more-data-on-boosters-2021-9
  • WHO's EU head backs COVID-19 boosters — but only for the vulnerable https://globalnews.ca/news/8151388/cornavirus-covid-vaccine-booster-vulnerable-third-who/
  • COVID-19: Quebec Health Department recommends third vaccine dose for immunocompromised https://globalnews.ca/news/8152848/quebec-covid-third-dose-immunocompromised/
  • COVID-19: Ontario doctors' groups speak out against anti-vaccine protests https://globalnews.ca/news/8165431/ontario-anti-covid-19-vaccine-protests/
  • Ontario businesses express concerns over introduction of COVID-19 vaccine passports https://globalnews.ca/news/8159207/covid-ontario-vaccine-passports-certificates-businesses/
  • Ontario COVID-19 vaccine appointments double after province announces passport program https://toronto.ctvnews.ca/ontario-covid-19-vaccine-appointments-double-after-province-announces-passport-program-1.5571427
  • Ontario government to require COVID-19 vaccine certificates for many indoor public settings https://globalnews.ca/news/8158345/covid-ontario-vaccine-certificates-passport-restaurants-gyms-clubs/
  • Quebec's vaccine passport comes into effect today. Here's what you need to know https://globalnews.ca/news/8140146/quebec-vaccine-passport-what-to-know/
  • Things we learned:
  • Rogue Antibodies Involved In Nearly One Fifth of COVID Deaths https://www.scientificamerican.com/article/rogue-antibodies-involved-in-nearly-one-fifth-of-covid-deaths1/
  • Long-Haulers Are Fighting for Their Future https://www.theatlantic.com/science/archive/2021/09/covid-19-long-haulers-pandemic-future/619941/
  • Being fully vaccinated halves the risk of getting long COVID after infection, large UK study suggests https://www.businessinsider.com/full-vaccination-halves-long-covid-risk-post-infection-lancet-study-2021-9
  • Fully vaccinated people are almost twice as likely to have no symptoms than unvaccinated people if they catch COVID-19, a study suggests https://www.businessinsider.com/fully-vaccinated-two-doses-vaccine-asymptomatic-unvaccinated-covid-zoe-study-2021-9

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • The Masks Were Working All Along https://www.theatlantic.com/ideas/archive/2021/09/masks-were-working-all-along/619989/
  • Fake ‘Maderna' vaccine card leads to woman's arrest in Hawaii https://globalnews.ca/news/8158147/fake-maderna-vaccine-card-hawaii/
  • New Jersey Woman Charged With Selling Fake Vaccine Cards https://www.nytimes.com/2021/08/31/nyregion/fake-vaccine-cards-woman-charged.html
  • Anti-vaxxers forced a mobile COVID-19 vaccine site in Georgia to shut down after threatening health workers: official https://www.businessinsider.com/anti-vaxxers-georgia-shut-down-vaccine-site-by-bullying-workers-2021-8

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Hacker-Themed Board Game https://www.schneier.com/blog/archives/2021/09/hacker-themed-board-game.html
• 11 NASA Inventions We Use Every Day https://www.mentalfloss.com/article/649985/nasa-inventions-we-use-every-day
• A Bird in an Australian Zoo Has Learned to Perfectly Mimic a Crying Human Baby https://www.sciencealert.com/listen-to-this-bird-perfectly-mimic-the-wailing-sobs-of-a-human-baby
• Man Can Change His Pupil Size on Demand, Something Scientists Thought Was Impossible https://www.sciencealert.com/this-german-student-can-dilate-his-pupils-on-command
• 70,000 iconic Independent images now available on digital image outlet Alamy https://www.independent.co.uk/arts-entertainment/photography/independent-alamy-digital-photo-archive-b1859768.html
• I swear these illusions aren't moving. Your brain will say otherwise. https://www.syfy.com/syfywire/i-swear-these-illusions-arent-moving-your-brain-will-say-otherwise
• Can you build a satellite made out of… wood? https://www.syfy.com/syfywire/can-you-build-a-satellite-made-out-of-wood
• A Human Mission to Mars Should Last a Maximum of 4 Years https://www.universetoday.com/152371/a-human-mission-to-mars-should-last-a-maximum-of-4-years/
• An ancient space object is fast, faint, and there may be billions more like it https://www.syfy.com/syfywire/an-ancient-space-object-is-fast-faint-and-there-may-be-billions-more-like-it