Welcome to This Week’s [in]Security. PCI and payments: Back-to-Basics. Dotty's & NRS. New breaches: Fortinet, UN, Tesla, Israel, Morocco, Singapore, McDonalds. New Ransomware: ReVil, Afghanistan, Russia, Follow-ups & Fall-out. Espionage vs. breach? Privacy: WhatsApp, smart-dumb-glasses, Ear-buds. Laws & Regs: Canada: US: Epic v. Apple, Ransomware disclosure. World: Crypto-wars. Standards: NIST. Defense: Webinars, Webinars. Cooperation, quantum RNG. Vulnerabilities: MSHTML zero day, OWASP #1 in 2021, Node JS, Netgear. Cybercrime: Trends: Canada, Pegasus. Nation States. Crime: Other Risks: Connected-to Service Providers, Facebook, Cables, Proton Mail controversy, Elections, IPv6, Health, Safety & Environment: CO2 capture, Batteries, Fusion, Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Back-to-Basics: Choose Trusted Partners https://blog.pcisecuritystandards.org/back-to-basics-choose-trusted-partners
• Data breach at US restaurant and gambling chain Dotty's may have leaked sensitive customer information https://www.databreaches.net/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-information/ and https://portswigger.net/daily-swig/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-information
• Nevada Restaurant Services, Inc. Provides Notice Of Data Privacy Event https://www.databreaches.net/nevada-restaurant-services-inc-provides-notice-of-data-privacy-event/
• Visa to Accept Crypto as Payment in Brazil https://www.pymnts.com/visa/2021/visa-to-accept-crypto-as-payment-in-brazil/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Hackers leak passwords for 500,000 Fortinet VPN accounts https://www.databreaches.net/hackers-leak-passwords-for-500000-fortinet-vpn-accounts/
  • United Nations' Computers Breached by Hackers Earlier This Year – Resecurity https://www.databreaches.net/united-nations-computers-breached-by-hackers-earlier-this-year-resecurity/
  • Elon Musk's top-secret ‘full self-driving' AI car software leaked to hackers https://www.databreaches.net/elon-musks-top-secret-full-self-driving-ai-car-software-leaked-to-hackers/
  • Hacker claims to have stolen information of 7 million Israelis https://www.databreaches.net/hacker-claims-to-have-stolen-information-of-7-million-israelis/
  • Mass data leak after Bar Ilan University refuses to pay hacker $2.5m https://www.databreaches.net/mass-data-leak-after-bar-ilan-university-refuses-to-pay-hacker-2-5m/
  • 2 Data Leaks Reported in Indonesia's COVID-19 Tracking Apps https://www.databreachtoday.com/2-data-leaks-reported-in-indonesias-covid-19-tracking-apps-a-17478
  • Ma: Personal Data of 2 Million Moroccans Leaked Online https://www.databreaches.net/ma-personal-data-of-2-million-moroccans-leaked-online/
  • Singapore ISP, My Republic breached via third-party https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/
  • Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server https://thehackernews.com/2021/09/latest-atlassian-confluence-flaw.html
  • Texas Right to Life website exposed job applicants' resumes https://www.databreaches.net/texas-right-to-life-website-exposed-job-applicants-resumes/
  • McDonald's email blunder broadcasts database creds to comedy competition winners https://www.theregister.com/2021/09/09/mcdonalds_database_credentials_blunder/
  • SANSA breach: International hacker group claims responsibility for Space Agency leak https://www.databreaches.net/sansa-breach-international-hacker-group-claims-responsibility-for-space-agency-leak/

• New Ransomware and "Incidents":

  • REvil ransomware's servers mysteriously come back online https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/
  • Go read this report about the horrifying leaks coming from school ransomware attacks https://www.theverge.com/2021/9/10/22667637/go-read-this-ransomware-attacks-schools-student-identity-theft
  • Understanding the Cryptocurrency-Ransomware Connection https://www.securityweek.com/understanding-cryptocurrency-ransomware-connection
  • Ransomware gangs target companies using these criteria https://www.bleepingcomputer.com/news/security/ransomware-gangs-target-companies-using-these-criteria/
  • Ransomware gang threatens to leak data if victim contacts FBI, police https://www.databreaches.net/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/
  • Ransomware attacks are inevitable. Paying the ransom isn't https://www.theregister.com/2021/09/08/ransomware_attacks_are_inevitable/
  • Afghanistan becomes the primary target for ransomware attacks following Taliban takeover https://www.databreaches.net/afghanistan-becomes-the-primary-target-for-ransomware-attacks-following-taliban-takeover/
  • Hackers Hijack Russian Government Website, Prompts Ponzi Bitcoin Scheme https://www.databreaches.net/hackers-hijack-russian-government-website-prompts-ponzi-bitcoin-scheme/
  • Howard University Cancels Classes, Shuts Campus After Ransomware Attack https://www.securityweek.com/howard-university-cancels-classes-shuts-campus-after-ransomware-attack
  • KrebsOnSecurity Hit By Huge New IoT DDoS Botnet “Meris” https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/

• Follow-ups and fall-out:

  • Data Breach Lawsuit Against Sonic Will Proceed https://www.databreaches.net/data-breach-lawsuit-against-sonic-will-proceed/
  • More Detail on the Juniper Hack and the NSA PRNG Backdoor https://www.schneier.com/blog/archives/2021/09/more-detail-on-the-juniper-hack-and-the-nsa-prng-backdoor.html
  • The Difference Between Espionage and Financial Breaches https://www.databreachtoday.com/difference-between-espionage-financial-breaches-a-17469

Privacy

Articles about privacy related news, risks, and trends.

• WhatsApp “end-to-end encrypted” messages aren't that private after all https://arstechnica.com/gadgets/2021/09/whatsapp-end-to-end-encrypted-messages-arent-that-private-after-all/
• Smart Glasses Made Google Look Dumb. Now Facebook Is Giving Them a Try. https://www.nytimes.com/2021/09/09/technology/facebook-wayfarer-stories-smart-glasses.html
• Facebook debuts Ray-Ban Stories, smart glasses that record video https://www.theverge.com/2021/9/9/22662809/facebook-ray-ban-stories-camera-smart-glasses-hands-on
• Tracking People by their MAC Addresses https://www.schneier.com/blog/archives/2021/09/tracking-people-by-their-mac-addresses.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Ontario prepares to launch digital ID program and here's how it works https://toronto.ctvnews.ca/ontario-prepares-to-launch-digital-id-program-and-here-s-how-it-works-1.5577757

• US:

  • A comprehensive breakdown of the Epic v. Apple ruling https://www.theverge.com/2021/9/12/22667694/epic-v-apple-trial-fortnite-judge-yvonne-gonzalez-rogers-final-ruling-injunction-breakdown
  • Epic has appealed Friday's ruling in the Epic v. Apple case https://www.theverge.com/2021/9/12/22670269/epic-files-appeal-fortnite-legal-battle
  • LA cops told to harvest social media handles from people they stop, suspect or not https://www.theregister.com/2021/09/09/lapd_social_media_monitoring/
  • Ransomware Stopper: Mandatory Ransom Payment Disclosure https://www.databreachtoday.com/blogs/ransomware-stopper-mandatory-ransom-payment-disclosure-p-3112
  • Texas Adopts 'Censorship' Bill Aimed at Social Media Sites https://www.nytimes.com/2021/09/09/technology/texas-social-media-politics-censorship.html
  • Lawsuit: Fertility App Maker Sent Data to Google, Facebook https://www.databreachtoday.com/lawsuit-fertility-app-maker-sent-data-to-google-facebook-a-17488

• World:

  • UK.gov is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead https://www.theregister.com/2021/09/08/uk_anti_encryption_facebook_e2ee_push_begins/
  • Facebook encryption could prevent detection of child abuse, NCA says https://www.theguardian.com/technology/2021/sep/08/facebook-encryption-could-prevent-detection-of-child-abuse-nca-says
  • How China's Information Protection Law Affects Businesses https://www.databreachtoday.com/how-chinas-information-protection-law-affects-businesses-a-17498

• Standards News:

  • NIST’s Draft Ransomware Risk Management Profile NISTIR 8374 open for comment through October 8 https://csrc.nist.gov/publications/detail/nistir/8374/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars, Virtual Events, and other training related:
• 2022 NICE Conference and Expo Call for Proposals https://niceconference.org/proposals/
• DtSR Episode 463 - TPA Human Security Engineering http://podcast.wh1t3rabbit.net/dtsr-episode-463-tpa-human-security-engineering
• What Apple Can Do Next to Fight Child Sexual Abuse https://www.wired.com/story/what-apple-can-do-next-to-fight-child-sexual-abuse
• Infosec Researchers Say Apple's Bug Bounty Program Needs Work https://packetstormsecurity.com/news/view/32627/Infosec-Researchers-Say-Apples-Bug-Bounty-Program-Needs-Work.html
• Are You the KeyMaster? https://blog.isc2.org/isc2_blog/2021/09/are-you-the-keymaster.html
• Th: Hospital hack prompts call for cooperation https://www.databreaches.net/th-hospital-hack-prompts-call-for-cooperation/
• Quantum random number generation https://physicsworld.com/a/fast-quantum-random-number-generator-fits-on-a-fingertip/
• Welcoming the Czech Republic Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-czech-republic-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Microsoft: Attackers Exploiting Windows Zero-Day Flaw https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/
• Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs https://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html
• Microsoft shares temp fix for ongoing Office 365 zero-day attacks https://www.bleepingcomputer.com/news/security/microsoft-shares-temp-fix-for-ongoing-office-365-zero-day-attacks/
• Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP https://www.theregister.com/2021/09/10/owasp_top_ten_appsec_list/
• Patch now? Why enterprise exploits are still partying like it's 1999 https://www.theregister.com/2021/09/08/patch_now_why_enterprise_exploits/
• Google Android Security Update Patches 40 Vulnerabilities https://www.securityweek.com/google-android-security-update-patches-40-vulnerabilities
• How Infusion Pump Security Flaws Can Mess with Drug Dosing https://www.databreachtoday.com/interviews/how-infusion-pump-security-flaws-mess-drug-dosing-i-4960
• Microsoft fixes bug letting hackers take over Azure containers https://www.bleepingcomputer.com/news/security/microsoft-fixes-bug-letting-hackers-take-over-azure-containers/
• GitHub tackles severe vulnerabilities in Node.js packages https://www.zdnet.com/article/github-tackles-seven-vulnerabilities-in-node-js-packages
• CVE-2021-26084: Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild https://www.tenable.com/blog/cve-2021-26084-atlassian-confluence-ognl-injection-vulnerability-exploited-in-the-wild
• HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack https://thehackernews.com/2021/09/haproxy-found-vulnerable-to-critical.html
• Netgear fixes severe security bugs in over a dozen smart switches https://www.bleepingcomputer.com/news/security/netgear-fixes-severe-security-bugs-in-over-a-dozen-smart-switches/
• Researcher: Bug Allows COVID-19 Vaccination Status Spoofing https://www.databreachtoday.com/researcher-bug-allows-covid-19-vaccination-status-spoofing-a-17468
• How to Exploit SQL Server Using Registry Keys https://www.imperva.com/blog/how-to-exploit-sql-server-using-registry-keys/
• A Semi-Permanent Stuck-At Fault Analysis on AES Rijndael SBox, by Priyanka Joshi and Bodhisatwa Mazumdar https://eprint.iacr.org/2021/1124

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Canada cyber security and cyber crime statistics (2020-2021) https://www.comparitech.com/blog/information-security/canada-cyber-crime-statistics/
  • Germany Admits Police Used Controversial Pegasus Spyware https://www.securityweek.com/germany-admits-police-used-controversial-pegasus-spyware
  • Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group https://thehackernews.com/2021/09/experts-uncover-mobile-spyware-attacks.html
  • Pysa Ransomware Gang Targets Linux https://www.databreachtoday.com/pysa-ransomware-gang-targets-linux-a-17514

• Nation State Actors:

  • Chinese hackers behind July 2021 SolarWinds zero-day attacks https://www.databreaches.net/chinese-hackers-behind-july-2021-solarwinds-zero-day-attacks/
  • SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly' https://threatpost.com/sidewalk-backdoor-china-espionage-grayfly/169310/
  • Chinese company pushes back on Canada's espionage concerns following court order https://globalnews.ca/news/8182922/china-espionage-canada-court-order-mobile/
  • Russia Influences Hackers but Stops Short of Directing Them, Report Says https://www.nytimes.com/2021/09/09/us/politics/russia-ransomware-hackers.html
  • North Korean hackers breach prominent defector's accounts in targeted attack https://www.databreaches.net/north-korean-hackers-breach-prominent-defectors-accounts-in-targeted-attack/

• Crime & Arrests, etc.:

  • SEC Warns of Fraudulent Cryptocurrency Schemes https://www.databreachtoday.com/sec-warns-fraudulent-cryptocurrency-schemes-a-17479
  • “FudCo” Spam Empire Tied to Pakistani Software Firm https://krebsonsecurity.com/2021/09/fudco-spam-empire-tied-to-pakistani-software-firm/
  • Glasgow firm fined £150k after half a million nuisance calls, spoofing phone number, using false trading names https://www.theregister.com/2021/09/07/dialadeal_ico_fine/
  • Irish Police 'Significantly Disrupt' Attackers' Operations https://www.databreachtoday.com/irish-police-significantly-disrupt-attackers-operations-a-17466
  • Alleged Trickbot Developer Arrested in South Korea https://www.databreachtoday.com/alleged-trickbot-developer-arrested-in-south-korea-a-17473
  • Cybercrime Money Launderer Handed 11-Year Sentence https://www.databreachtoday.com/cybercrime-money-launderer-handed-11-year-sentence-a-17501 and https://www.securityweek.com/canadian-us-national-sentenced-prison-cybercrime-schemes
  • Three people arrested in connection with identity theft of Surfside condo victims https://www.databreaches.net/three-people-arrested-in-connection-with-identity-theft-of-surfside-condo-victims/
  • Ukrainian Cyber Criminal Extradited For Decrypting The Credentials Of Thousands Of Computers Across The World And Selling Them On A Dark Web Website https://www.databreaches.net/ukrainian-cyber-criminal-extradited-for-decrypting-the-credentials-of-thousands-of-computers-across-the-world-and-selling-them-on-a-dark-web-website/ and https://www.zdnet.com/article/ukrainian-extradited-to-the-us-to-face-botnet-data-theft-charges

Other Security / Risk

Articles covering other types of risks.

• CISA Reminds of Risks Connected to Managed Service Providers https://www.securityweek.com/cisa-reminds-risks-connected-managed-service-providers
• Facebook sent flawed data to misinformation researchers. https://www.nytimes.com/live/2020/2020-election-misinformation-distortions/facebook-sent-flawed-data-to-misinformation-researchers
• Lightning Cable with Embedded Eavesdropping https://www.schneier.com/blog/archives/2021/09/lightning-cable-with-embedded-eavesdropping.html

• Proton Mail controversy:

  • ProtonMail (Wrongly?) Criticized for Disclosing User IP to Authorities https://www.securityweek.com/protonmail-wrongly-criticized-disclosing-user-ip-authorities
  • ProtonMail deletes 'we don't log your IP' boast from website after French climate activist reportedly arrested https://www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/
  • ProtonMail Now Keeps IP Logs https://www.schneier.com/blog/archives/2021/09/protonmail-now-keeps-ip-logs.html
  • ProtonMail removed “we do not keep any IP logs” from its privacy policy https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/
  • Proton welcomes Sir Tim Berners-Lee to its advisory board – as ProtonMail suffers a privacy backlash https://www.theregister.com/2021/09/08/proton_welcomes_sir_tim_bernerslee/
• Germany Protests to Russia Over Pre-Election Cyberattacks https://www.securityweek.com/germany-protests-russia-over-pre-election-cyberattacks

• Canada's Federal election:

  • Concerns raised about voting locations as advance polls open https://globalnews.ca/news/8181587/advanced-polls-canada-election-concerns/
  • Numerous ridings in GTA see significant drop in polling stations for upcoming election https://globalnews.ca/news/8180892/gta-polling-locations-elections-canada-decrease-covid/
  • Unhappy with the federal candidates? Your voting options may be limited https://globalnews.ca/news/8177688/canada-election-unhappy-federal-candidates-none-of-the-above/
• Drones illegally flying around Cape Breton Highlands National Park https://www.cbc.ca/news/canada/nova-scotia/drones-illegally-flying-cape-breton-highlands-national-park-1.6170223
• Stricter stunt driving regulations go into effect in Ontario https://globalnews.ca/news/8184353/ontario-stunt-driving-regulations-penalties/
• If You Never Met Your Co-Workers in Person, Did You Even Work There? https://www.nytimes.com/2021/09/08/business/never-met-co-workers.html
• US-built Databases a Potential Tool of Taliban Repression https://www.securityweek.com/us-built-databases-potential-tool-taliban-repression
• Why I Gave Up on IPv6. And no, it is not because of security issues., (Tue, Sep 7th) https://isc.sans.edu/diary/rss/27814

• Health, Safety & Environment:

  • More than 47,000 Brazilians hospitalized by exposure to wildfire air pollution every year https://scienmag.com/more-than-47000-brazilians-hospitalized-by-exposure-to-wildfire-air-pollution-every-year/
  • New Algorithm Can Identify Pre-Alzheimer's Brain Changes With Over 99% Accuracy https://www.sciencealert.com/new-algorithm-predict-alzheimer-s-from-brain-images-with-99-percent-accuracy
  • Mississauga, Ont., plant tapped to make mRNA for Moderna's COVID-19 vaccines https://globalnews.ca/news/8177449/covid-vaccines-moderna-mrna-resilience-mississauga-ontario/
  • Novavax starts early trials for combined flu and COVID-19 vaccine https://globalnews.ca/news/8174546/covid-vaccine-influenza-novavax-trial/
  • ‘Havana syndrome ' and the mystery of the microwaves https://www.bbc.co.uk/news/world-58396698
  • Astronomical speed trap catches its 1000th asteroid https://www.syfy.com/syfywire/astronomical-speed-trap-catches-its-1000th-asteroid
  • How the largest direct air capture plant will suck CO2 out of the atmosphere https://www.theverge.com/2021/9/9/22663597/largest-direct-air-capture-plant-c02-climeworks-iceland
  • Almost All of The World's Coal Is Now 'Unextractable', Scientists Warn https://www.sciencealert.com/study-reveals-the-sheer-amount-of-fossil-fuels-we-need-to-keep-in-the-ground
  • Here's Lake Mead's Record Low Water Levels Seen From Space https://www.universetoday.com/152460/heres-lake-meads-record-low-water-levels-seen-from-space/
  • Your Batteries Are Due for Disruption https://www.nytimes.com/2021/09/08/technology/batteries-new-technology.html
  • A spoonful of sugar opens a path to longer lasting lithium sulfur batteries https://scienmag.com/a-spoonful-of-sugar-opens-a-path-to-longer-lasting-lithium-sulfur-batteries/
  • MIT Physicists Just Majorly Advanced The Quest Towards Actual Fusion Power https://www.sciencealert.com/mit-just-made-a-major-advance-when-it-comes-to-harnessing-fusion-energy
  • Massive carcass of endangered blue whale washes onto popular N.S. beach https://www.cbc.ca/news/canada/nova-scotia/nova-scotia-endangered-blue-whale-crystal-crescent-1.6170887
  • Plant-Based ‘Fish' Is Here (and Lab-Grown Versions Are Coming) https://www.nytimes.com/2021/09/08/business/alternative-fish-cultivated-seafood.html

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Here are the COVID-19 variants scientists are watching alongside Delta https://globalnews.ca/news/8175871/covid-variants-scientists-watching/
  • CDC: Unvaccinated people are 11 times more likely to die of COVID-19 than people who got shots https://www.businessinsider.com/unvaccinated-people-much-more-likely-to-die-cdc-data-2021-9
  • Ontario government reports 857 new COVID-19 cases, 8 deaths https://globalnews.ca/news/8182988/covid-ontario-cases-deaths-coronavirus-september-11-2021/
  • Third pandemic-altered school year gets underway in many Ontario boards https://toronto.ctvnews.ca/third-pandemic-altered-school-year-gets-underway-in-many-ontario-boards-1.5575386
  • UBC student says hundreds of people contracted COVID-19 after indoor frat party https://globalnews.ca/news/8171821/ubc-students-covid-indoor-frat-party/

• Guidance, Response, and Recovery:

  • Why the ACLU Flip-Flopped on Vaccine Mandates https://www.theatlantic.com/politics/archive/2021/09/why-aclu-supports-vaccine-mandates/619984/
  • B.C. vaccine card: Officials to outline details as registration website launched https://globalnews.ca/news/8172142/bc-vaccine-card-details-website/
  • England vaccine passport plans ditched https://www.bbc.co.uk/news/uk-58535258

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Treating COVID-19 patients in intensive care costs at least $50,000: report https://globalnews.ca/news/8177217/covid-19-treatment-cost/

• Immunity and Vaccinations:

  • NACI backs 3rd dose of COVID-19 vaccine for immunocompromised https://globalnews.ca/news/8180641/naci-3rd-dose-covid-vaccine-immunocompromised/
  • Pfizer picked a COVID-19 vaccine dose far lower than Moderna's to minimize side effects, its top scientist says https://www.businessinsider.com/pfizer-lower-dose-moderna-covid-19-vaccine-fewer-side-effects-2021-9
  • ‘Vaccine passport' or ‘immunization record'? Why experts say there's power in words https://globalnews.ca/news/8171936/vaccine-passport-language-concerns/
  • Things we learned:
  • Study finds plasma from COVID-19 survivors doesn't help seriously ill patients https://globalnews.ca/news/8180387/study-plasma-covid-19-survivors/
  • NIH Documents Provide New Evidence U.S. Funded Gain-of-Function Research in Wuhan https://theintercept.com/2021/09/09/covid-origins-gain-of-function-research/

• More of the good, the bad, and the ugly:

  • Anti-mask razor blade poster warning on London Tube https://www.bbc.co.uk/news/uk-england-london-58499899

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Face masks do not increase body temperature during exercise in the heat, according to new UConn study https://scienmag.com/face-masks-do-not-increase-body-temperature-during-exercise-in-the-heat-according-to-new-uconn-study/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• ROM discovers half-a-billion-year-old fossils of new animal species https://toronto.ctvnews.ca/rom-discovers-half-a-billion-year-old-fossils-of-new-animal-species-1.5577646
• Newly discovered dinosaur predated tyrannosaurs — and at the time was a bigger apex predator https://www.cbc.ca/news/canada/calgary/ulughbegsaurus-1.6166455
• A Smoke Alarm Just Went Off on The International Space Station https://www.sciencealert.com/a-smoke-alarm-just-went-off-in-the-international-space-station
• Perseverance Drills Another Hole, and This Time the Sample is Intact https://www.universetoday.com/152423/perseverance-drills-another-hole-and-this-time-the-sample-is-intact/
• Over 450 Previously Unknown Objects Have Been Discovered in Our Solar System https://www.sciencealert.com/over-450-new-objects-have-been-found-in-the-cold-dark-reaches-of-the-solar-system
• Astronomers Create 3D Printed Nebulae https://www.universetoday.com/152509/astronomers-create-3d-printed-nebulae/
• So, a star may have eaten a black hole and exploded https://www.syfy.com/syfywire/so-a-star-may-have-eaten-a-black-hole-and-exploded
• Researchers Generate an Entire Virtual Universe and Make it Available for Download (if you Have 100 Terabytes of Free Hard Drive Space) https://www.universetoday.com/152515/researchers-generate-an-entire-virtual-universe-and-make-it-available-for-download-if-you-have-100-terabytes-of-free-hard-drive-space/