Welcome to This Week’s [in]Security. PCI and payments: Remote assessments, magecart. New breaches: Thai visitors, Event Builder, Exchange. New Ransomware: Alert, Exabyte. Major outages: voip.ms, Trello. Follow-ups & Fall-out: Revil FBI Sting & backdoor cheat, Epik. Privacy: Amazon, Ant, creepy? QR, ewwww! Laws & Regs: Canada: US: Infrastructure, Facebook, Warrants. World: China bans crypto, Huawei, USB-C. Standards: CISA IPv6, NIST drafts. Defense: SSNs, AppSec, Quad, Ransomware action, Medical IoT, passwordless, tools, Cyber-insurance, Autodiscover, Bug bounties. Vulnerabilities, Zerodays: record zerodays, IoT, IoS, MacOS. Chrome. Other Vulnerabilities: OWASP update, API credentials, Ryzen, hack a mainframe demo, OpenOffice, Cisco, smartphones, Nagios, VMware. SonicWall, Routers, ROT13-NG. Cybercrime: Trends: Nation States. Crime: Mafia, DeFi, undone. Other Risks: Quantum Risk, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Security Standards Council Issues Remote Assessment Guidelines https://www.pcisecuritystandards.org/documents/PCI-SSC-Remote-Assessment-Guidelines-Procedures-v1_0.pdf
• “Bom” Skimmer is Magecart Group 7's Latest Model https://www.riskiq.com/blog/external-threat-management/magecart-bom-skimmer/
• A New Report Shows How the Growth in E-Commerce Is Fueling a Big Rise in CNP Fraud https://www.digitaltransactions.net/a-new-report-shows-how-the-growth-in-e-commerce-is-fueling-a-big-rise-in-cnp-fraud/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Researcher Finds Exposed Data of 106 Million Thai Visitors https://www.databreachtoday.com/researcher-finds-exposed-data-106-million-thai-visitors-a-17591
  • EventBuilder misconfiguration exposes Microsoft event registrant data https://www.bleepingcomputer.com/news/security/eventbuilder-misconfiguration-exposes-microsoft-event-registrant-data/
  • Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw https://www.securityweek.com/hundreds-thousands-credentials-leaked-due-microsoft-exchange-protocol-flaw
  • Illinois discloses breach involving access control to Illinois Integrated Eligibility System https://www.databreaches.net/illinois-discloses-breach-involving-access-control-to-illinois-integrated-eligibility-system/
  • Republican Governors Association email server breached by state hackers https://www.bleepingcomputer.com/news/security/republican-governors-association-email-server-breached-by-state-hackers/
  • Desorden Group claims to have stolen 200 GB of data from ABX Express https://www.databreaches.net/desorden-group-claims-to-have-stolen-200-gb-of-data-from-abx-express/
  • FocaLeaks claims to have hacked El Salvador Police, gained access to records on civilians, agents, and criminal investigations https://www.databreaches.net/focaleaks-claims-to-have-hacked-el-salvador-police-gained-access-to-records-on-civilians-agents-and-criminal-investigations/
  • Ajarn - 266,399 breached accounts https://haveibeenpwned.com/PwnedWebsites#Ajarn
  • Afghanistan: MoD shared more than 250 Afghan interpreters' details on email https://www.bbc.co.uk/news/uk-58629592
  • African Bank warns of data breach with personal details compromised https://www.databreaches.net/african-bank-warns-of-data-breach-with-personal-details-compromised/

• New Ransomware and "Incidents":

  • CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware https://www.databreaches.net/cisa-fbi-and-nsa%e2%80%afrelease-joint-cybersecurity-advisory%e2%80%afon-conti-ransomware%e2%80%af/
  • Exabytes Falls Victim To Ransomware Attack: Causes Disruptions To Certain Services https://www.databreaches.net/exabytes-falls-victim-to-ransomware-attack-causes-disruptions-to-certain-services/
  • Golden Entertainment notification of malware incident https://www.databreaches.net/golden-entertainment-notification-of-malware-incident/
  • Ransomware Group Demands Millions From U.S. Farmer Cooperative https://www.securityweek.com/ransomware-group-demands-millions-us-farmer-cooperative

• Major outages/downs:

  • Canadian VoIP provider hit by massive DDoS extortion https://arstechnica.com/gadgets/2021/09/canadian-voip-provider-hit-by-ddos-attack-phone-calls-disrupted/
  • Atlassian Trello is down — second outage this week https://www.bleepingcomputer.com/news/technology/atlassian-trello-is-down-second-outage-this-week/

• Follow-ups and fall-out:

  • Ransomware victims panicked while FBI secretly held REvil decryption key https://arstechnica.com/information-technology/2021/09/ransomware-victims-panicked-while-fbi-secretly-held-revil-decryption-key/
  • REvil ransomware devs added a backdoor to cheat affiliates https://www.bleepingcomputer.com/news/security/revil-ransomware-devs-added-a-backdoor-to-cheat-affiliates/
  • Reported Rates of Major Security Incidents by Market https://www.darkreading.com/edge-threat-monitor/reported-rates-of-major-security-incidents-by-market
  • Reports of ePHI breaches are everywhere, but not always were you might look https://www.databreaches.net/reports-of-ephi-breaches-are-everywhere-but-not-always-were-you-might-look/
  • Web Hoster Epik's Breach Exposes 15 Million Email Addresses https://www.databreachtoday.com/web-hoster-epiks-breach-exposes-15-million-email-addresses-a-17572
  • Alaska's Department of Health and Social Services Hack https://www.schneier.com/blog/archives/2021/09/alaskas-department-of-health-and-social-services-hack.html
  • NZ: Reserve Bank hit with compliance notice from Privacy Commissioner over data breach https://www.databreaches.net/nz-reserve-bank-hit-with-compliance-notice-from-privacy-commissioner-over-data-breach/

Privacy

Articles about privacy related news, risks, and trends.

• ‘Privacy is at stake': what would you do if you controlled your own data? https://www.theguardian.com/artanddesign/2021/sep/23/refik-anadol-machine-hallucinations-installation-new-york
• Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate https://threatpost.com/amazon-driver-surveillance-cameras/174843/
• Ant to Turn Over Consumer Credit Info to Chinese Government https://www.pymnts.com/news/international/2021/ant-to-turn-over-consumer-credit-info-to-chinese-government/
• Apple working on technology to allow iPhone to know when its owner is depressed or anxious, report says https://www.independent.co.uk/life-style/gadgets-and-tech/apple-iphone-health-depression-study-b1924213.html
• Landlords Use Secret Algorithms to Screen Potential Tenants. Find Out What They've Said About You. https://www.propublica.org/article/landlords-use-secret-algorithms-to-screen-potential-tenants-find-out-what-theyve-said-about-you#1123694
• QR codes temporarily removed from Sask. COVID-19 vaccine records due to ‘privacy breach' https://www.databreaches.net/qr-codes-temporarily-removed-from-sask-covid-19-vaccine-records-due-to-privacy-breach/
• The smart toilet era is here! Are you ready to share your analprint with big tech? https://www.theguardian.com/lifeandstyle/2021/sep/23/the-smart-toilet-era-is-here-are-you-ready-to-share-your-analprint-with-big-tech

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Vaccine mandates permissible as long as those with exemptions are accommodated: Ontario commission https://globalnews.ca/news/8214207/vaccine-mandates-generally-permissible-ontario-human-rights-commission/

• US:

  • CISA Must Update Critical Infrastructure Protection Plans https://www.databreachtoday.com/cisa-must-update-critical-infrastructure-protection-plans-a-17575
  • Facebook ‘overpaid in data settlement to avoid naming Zuckerberg' https://www.theguardian.com/technology/2021/sep/24/facebook-overpaid-in-data-settlement-to-avoid-naming-zuckerberg
  • Ninth Circuit Says Warrantless Search of Google Files Automatically Reported to Police Violated Fourth Amendment https://epic.org/2021/09/ninth-circuit-says-warrantless.html
  • Colorado Supreme Court Rules Three Months of Warrantless Video Surveillance Violates the Constitution https://www.eff.org/deeplinks/2021/09/colorado-supreme-court-rules-three-months-warrantless-video-surveillance-violates
  • Kentucky Bars Crypto Firm Celsius From Offering Accounts https://www.pymnts.com/cryptocurrency/2021/kentucky-bars-crypto-firm-celsius-from-offering-accounts/
  • NJ Court Denies Dog Owners' Privacy Rights (But Appears to Recognize Privacy Rights of Dogs) https://epic.org/2021/09/nj-court-denies-dog-owners-pri.html

• World:

  • China says all cryptocurrency transactions are illegal and launches huge bitcoin crackdown https://www.independent.co.uk/life-style/gadgets-and-tech/crypto-china-ban-bitcoin-latest-b1926228.html
  • Facebook Comments Can Get Media Firms Sued in Australia https://www.nytimes.com/2021/09/24/technology/facebook-australia-comments.html
  • The cases of Huawei’s Meng Wanzhou and Canada’s two Michaels imprisoned in China are resolved https://www.economist.com/united-states/2021/09/25/as-canada-frees-a-huawei-boss-china-lets-two-canadians-out-of-jail
  • EU proposes mandatory USB-C on all devices, including iPhones https://www.theverge.com/2021/9/23/22626723/eu-commission-universal-charger-usb-c-micro-lightning-connector-smartphones
  • Apple opposes EU plans to make common charger port for all devices https://www.theguardian.com/world/2021/sep/23/apple-opposes-eu-plans-to-make-common-charger-port-for-all-devices

• Standards News:

  • CISA Opens IPv6 Guidance to Public Feedback https://www.securityweek.com/cisa-opens-ipv6-guidance-public-feedback
  • NIST (SP) Draft 1800-10 Cybersecurity Practice Guide for Protecting Information and System Integrity in ICS Environments available for comment until through November 7 https://csrc.nist.gov/publications/detail/sp/1800-10/draft
  • NIST (SP) Draft 1800-32 Securing the IIoT—Cybersecurity for Distributed Energy Resources available for comment until October 20 https://csrc.nist.gov/publications/detail/sp/1800-32/draft
  • NIST pre-draft call for comments on SP 800-50, Building an Information Technology Security Awareness and Training Program (NIST is also considering merging SP 800-16 into SP 800-50) is open until November 5 https://csrc.nist.gov/publications/detail/sp/800-50/rev-1/draft
  • NIST/NICE announces Implementation Plan for the NICE Strategic Plan https://www.nist.gov/document/nice-implementation-plan-2021

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Social Security Numbers Aren't Secure: What Should We Use Instead? https://www.scientificamerican.com/article/social-security-numbers-arent-secure-what-should-we-use-instead/
• Application Security a Growing Priority Among Security Pros https://www.darkreading.com/application-security/application-security-a-growing-priority-among-security-pros
• 'Quad' group seeks to set security standards for global tech industry https://www.theregister.com/2021/09/27/quad_communqiue_technology_announcements/
• White House Blacklists Russian Ransomware Payment ‘Enabler' https://www.securityweek.com/white-house-blacklists-russian-ransomware-payment-%E2%80%98enabler%E2%80%99
• A new cybersecurity center wants to protect medical devices against hacks https://www.theverge.com/2021/9/21/22686000/medical-device-cybersecurity-hack-minnesota
• Siemens Launches AI Solution To Fight Industrial Cybercrime https://packetstormsecurity.com/news/view/32654/Siemens-Launches-AI-Solution-To-Fight-Industrial-Cybercrime.html
• Why a Strong Security Culture? https://www.sans.org/blog/why-strong-security-culture
• HTTPS Is Actually Everywhere https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
• How to Go Passwordless on Your Microsoft Account https://www.wired.com/story/how-to-no-password-microsoft-account
• 10 top API security testing tools https://www.csoonline.com/article/3632856/10-top-api-security-testing-tools.html
• Improving Security Posture to Lower Insurance Premiums https://www.securityweek.com/improving-security-posture-lower-insurance-premiums
• Ransomware Resources for HIPAA Regulated Entities https://www.databreaches.net/ransomware-resources-for-hipaa-regulated-entities/
• Mēris: How to Stop the Most Powerful Botnet on Record https://www.databreachtoday.com/meris-how-to-stop-most-powerful-botnet-on-record-a-17574
• Russians Prevent Mēris Botnet From Hijacking 45,000 Devices https://www.databreachtoday.com/russians-prevent-meris-botnet-from-hijacking-45000-devices-a-17595
• Microsoft rushes to register Autodiscover domains leaking credentials https://www.bleepingcomputer.com/news/microsoft/microsoft-rushes-to-register-autodiscover-domains-leaking-credentials/
• Even the CIA and NSA Use Ad Blockers to Stay Safe Online https://www.wired.com/story/security-roundup-even-cia-nsa-use-ad-blockers
• HackerOne expands Internet Bug Bounty project to tackle open source bugs https://www.zdnet.com/article/hackerone-expands-internet-bug-bounty-project-to-tackle-open-source-bugs
• No Bounty for Bug Hunters in India https://www.databreachtoday.com/no-bounty-for-bug-hunters-in-india-a-17571
• Does Your Organization Have a Security.txt File? https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • 2021 has broken the record for zero-day hacking attacks https://www.technologyreview.com/2021/09/23/1036140/2021-record-zero-day-hacks-reasons/
  • The Proliferation of Zero-days https://www.schneier.com/blog/archives/2021/09/the-proliferation-of-zero-days.html
  • 100M IoT Devices Exposed By Zero-Day Bug https://threatpost.com/100m-iot-devices-zero-day-bug/174963/
  • Three iOS 0-days revealed by researcher frustrated with Apple's bug bounty https://arstechnica.com/information-technology/2021/09/three-ios-0-days-revealed-by-researcher-frustrated-with-apples-bug-bounty/
  • New macOS zero-day bug lets attackers run commands remotely https://www.bleepingcomputer.com/news/apple/new-macos-zero-day-bug-lets-attackers-run-commands-remotely/
  • Emergency Google Chrome update fixes zero-day exploited in the wild https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-exploited-in-the-wild/
  • Zero-Day Vulnerability Found in UK Virgin Media Routers https://www.databreachtoday.com/zero-day-vulnerability-found-in-uk-virgin-media-routers-a-17589

• Other Vulnerabilities:

  • OWASP Reshuffles Its Top 10 List, Adds New Categories https://www.darkreading.com/application-security/owasp-reshuffles-its-top-10-list-adds-new-categories
  • Payment Devs API Credential Bungling Exposes Millions of Users' Payment Data https://threatpost.com/payment-api-exposes-payment-data/174825/
  • 6 Lessons From Major Data Breaches This Year https://www.darkreading.com/attacks-breaches/six-takeaways-from-major-breaches-and-attacks-this-year
  • A Single Vulnerability Affects All AMD Ryzen Processors https://www.databreachtoday.com/single-vulnerability-affects-all-amd-ryzen-processors-a-17577
  • How to hack a mainframe demo https://www.krisecurity.com/hack-demo/
  • Apache OpenOffice can be hijacked by malicious documents, fix still in beta https://www.theregister.com/2021/09/20/apache_openoffice_rce/
  • Cisco fixes highly critical vulnerabilities in IOS XE Software https://www.bleepingcomputer.com/news/security/cisco-fixes-highly-critical-vulnerabilities-in-ios-xe-software/
  • Lithuanian Agency Warns Against Use of Chinese-made Phones https://www.securityweek.com/lithuanian-agency-warns-against-use-chinese-made-phones
  • US agencies reportedly split over blacklisting Huawei hardware spinoff https://www.theverge.com/2021/9/20/22684274/huawei-honor-blacklist-entity-list-commerce-pentagon-energy-state
  • Microsoft Autodiscover abused to collect web requests, credentials https://www.zdnet.com/article/design-flaw-in-microsoft-autodiscover-abused-to-leak-windows-domain-credentials
  • New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures https://thehackernews.com/2021/09/new-nagios-software-bugs-could-let.html
  • Security audit raises severe warnings on Chinese smartphone models https://arstechnica.com/information-technology/2021/09/security-audit-raises-severe-warnings-on-chinese-smartphone-models/
  • VMware Calls Attention to High-Severity vCenter Server Flaw https://www.securityweek.com/vmware-calls-attention-high-severity-vcenter-server-flaw
  • Google tests if 'Chrome/100.0' user agent breaks websites https://www.bleepingcomputer.com/news/google/google-tests-if-chrome-1000-user-agent-breaks-websites/
  • An update on Memory Safety in Chrome https://security.googleblog.com/2021/09/an-update-on-memory-safety-in-chrome.html
  • SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices https://thehackernews.com/2021/09/sonicwall-issues-patches-for-new.html
  • Netgear fixes dangerous code execution bug in multiple routers https://www.bleepingcomputer.com/news/security/netgear-fixes-dangerous-code-execution-bug-in-multiple-routers/
  • Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router https://blog.talosintelligence.com/2021/09/vuln-spotlight-d-link-.html
  • EasyPQC: Verifying Post-Quantum Cryptography https://eprint.iacr.org/2021/1253
  • Quantum Linearization Attacks https://eprint.iacr.org/2021/1239
  • Filed under "everything old is new again" , "fool me twice", and obfuscation - ROT8000 https://www.schneier.com/blog/archives/2021/09/rot8000.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • A New Wave of Malware Attack Targeting Organizations in South America https://thehackernews.com/2021/09/a-new-wave-of-malware-attack-targeting.html
  • Attacks on Russian Government Orgs Exploit Recent Microsoft Office Zero-Day https://www.securityweek.com/attacks-russian-government-orgs-exploit-recent-microsoft-office-zero-day
  • FamousSparrow APT Wings in to Spy on Hotels, Governments https://threatpost.com/famoussparrow-spy-hotels-governments/174948/
  • Hacked sites push TeamViewer using fake expired certificate alert https://www.bleepingcomputer.com/news/security/hacked-sites-push-teamviewer-using-fake-expired-certificate-alert/
  • Hacking group used ProxyLogon exploits to breach hotels worldwide https://www.bleepingcomputer.com/news/security/hacking-group-used-proxylogon-exploits-to-breach-hotels-worldwide/
  • New advanced hacking group targets governments, engineers worldwide https://www.zdnet.com/article/new-advanced-hacking-group-targets-governments-engineers-worldwide
  • Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug https://thehackernews.com/2021/09/cring-ransomware-gang-exploits-11-year.html
  • ISMG Editors' Panel: The Rise of Quadruple Extortion Attacks https://www.databreachtoday.com/ismg-editors-panel-rise-quadruple-extortion-attacks-a-17612
  • Phishing-as-a-service operation uses double theft to boost profits https://www.bleepingcomputer.com/news/microsoft/phishing-as-a-service-operation-uses-double-theft-to-boost-profits/
  • TangleBot Malware Reaches Deep into Android Device Functions https://threatpost.com/tanglebot-malware-device-functions/174999/
  • Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
  • Malware devs trick Windows validation with malformed certs https://www.bleepingcomputer.com/news/security/malware-devs-trick-windows-validation-with-malformed-certs/
  • Google Says Threat Actors Using New Code Signing Tricks to Evade Detection https://www.securityweek.com/google-says-threat-actors-using-new-code-signing-tricks-evade-detection
  • Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows https://thehackernews.com/2021/09/google-warns-of-new-way-hackers-can.html
  • Catching the big fish: Analyzing a large-scale phishing-as-a-service operation https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/
  • Hackers Are Going ‘Deep-Sea Phishing,' So What Can You Do About It? https://threatpost.com/hackers-deep-sea-phishing/174868/

• Nation State Actors:

  • Chinese APT Data-Harvesting Campaign Analyzed https://www.databreachtoday.com/chinese-apt-data-harvesting-campaign-analyzed-a-17581
  • Nation-state espionage group breaches Alaska Department of Health https://arstechnica.com/information-technology/2021/09/nation-state-espionage-group-breaches-alaska-department-of-health/
  • Port of Houston Target of Suspected Nation-State Hack https://www.securityweek.com/port-houston-target-suspected-nation-state-hack
  • Russia-Linked Turla APT Uses New Backdoor in Latest Attacks https://www.securityweek.com/russia-linked-turla-apt-uses-new-backdoor-latest-attacks
  • Indonesia Says No Evidence of Alleged Chinese Intel Hack https://www.securityweek.com/indonesia-says-no-evidence-alleged-chinese-intel-hack

• Crime & Arrests, etc.:

  • Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters https://thehackernews.com/2021/09/europol-busts-major-cybercrime-ring.html
  • Mafia works remotely, too, it seems: 100+ people suspected of phishing, SIM swapping, email fraud cuffed https://www.theregister.com/2021/09/21/europol_arrests/
  • Spanish and Italian Police Break Up Phishing Gang https://www.databreachtoday.com/spanish-italian-police-break-up-phishing-gang-a-17576
  • Hacker Makes Off With $12 Million in Latest DeFi Breach https://www.databreaches.net/hacker-makes-off-with-12-million-in-latest-defi-breach/
  • Password hunting botnet operator undone by vape receipts https://www.ehackingnews.com/2021/09/this-aspiring-hacker-was-caught-in.html
  • Scammers allegedly earned $195,000 referring fake drivers to delivery apps https://www.theverge.com/2021/9/20/22683912/brazilian-nationals-charged-delivery-ride-hailing-apps-fake-accounts-wire-fraud
  • The NFT scammers are here https://www.theverge.com/22683766/nft-scams-theft-social-engineering-opensea-community-recovery

Other Security / Risk

Articles covering other types of risks.

• Internet freedom on the decline in US and globally, study finds https://www.theguardian.com/technology/2021/sep/21/internet-freedom-decline-free-speech-study
• Quantum Cryptography for Risk Managers or Shor, Grover, and the Crypto-Apocalypse https://controlgap.com/blog/Quantum-Cryptography-for-Risk-Managers
• Why I dislike what “quantum supremacy” is doing to computing research https://arstechnica.com/science/2019/12/optical-quantum-computer-goes-big-in-new-quest-for-quantum-supremacy/
• Let's Encrypt's Root Certificate is expiring! https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
• Google apologizes for scaring Cloud users with 'past due' emails https://www.bleepingcomputer.com/news/google/google-apologizes-for-scaring-cloud-users-with-past-due-emails/
• I Am Not Satoshi Nakamoto https://www.schneier.com/blog/archives/2021/09/i-am-not-satoshi-nakamoto.html
• Watch a raven take out a Google drone mid-air as the tech giant is forced to ground its home delivery service due to bird attacks https://www.businessinsider.com/watch-australias-google-delivery-drone-attacked-by-raven-mid-air-2021-9
• Spyware ‘found on phones of five French cabinet members' https://www.theguardian.com/news/2021/sep/23/spyware-found-on-phones-of-five-french-cabinet-members
• Crypto is not a viable long-term form of private money and stablecoins are equivalent to poker chips at the casino, SEC chief says https://markets.businessinsider.com/news/currencies/sec-crypto-stablecoins-poker-chips-wild-west-sec-gary-gensler-2021-9
• Senate Republicans are on the verge of backing a default on the national debt https://www.businessinsider.com/senate-republicans-mitch-mcconnell-about-to-back-a-debt-default-2021-9

• Health, Safety & Environment:

  • A Vaccine against Poison Ivy Misery Is in the Works as Scientists Also Explore New Treatment Paths https://www.scientificamerican.com/article/a-vaccine-against-poison-ivy-misery-is-in-the-works-as-scientists-also-explore-new-treatment-paths/
  • DNA sensor quickly determines whether viruses are infectious https://scienmag.com/dna-sensor-quickly-determines-whether-viruses-are-infectious/
  • Having 'Good' Gut Bacteria Could Really Help if You're Trying to Lose Weight https://www.sciencealert.com/good-gut-bacteria-really-could-help-you-lose-weight
  • There's a Pretty Glaring Issue With Tesla's Autopilot, Says New Study https://www.sciencealert.com/study-shows-that-tesla-autopilot-reduces-the-attention-levels-of-drivers
  • Murders Are Spiking in America https://www.theatlantic.com/ideas/archive/2021/09/2020-homicide-spike-was-real/620183/
  • Give black bears lots of personal space as they prepare for hibernation, conservationist says https://www.cbc.ca/news/canada/british-columbia/black-bears-need-space-1.6186288
  • Asteroid 2021 SG came from the sun’s direction https://earthsky.org/space/asteroid-2021-sg-closest-to-earth-sep21-2021/
  • Maritime rope could be adding billions of microplastics to the ocean every year https://scienmag.com/maritime-rope-could-be-adding-billions-of-microplastics-to-the-ocean-every-year/
  • The world's biggest carbon-removal plant just opened. In a year, it'll negate just 3 seconds' worth of global emissions. https://www.businessinsider.com/carbon-capture-storage-expensive-climate-change-2021-9
  • These Engineers Have Invented an Entirely New Approach to Recycling Plastic https://www.sciencealert.com/scientists-have-come-up-with-a-way-of-recycling-plastics-more-efficiently
  • Want to save the Earth? Then don't buy that shiny new iPhone | John Naughton https://www.theguardian.com/commentisfree/2021/sep/18/want-to-save-the-earth-then-dont-buy-that-shiny-new-iphone
  • A new solid-state battery surprises the researchers who created it https://scienmag.com/a-new-solid-state-battery-surprises-the-researchers-who-created-it/
  • How Could we Light our Cities and Still See the Night Sky? https://www.universetoday.com/152625/how-could-we-light-our-cities-and-still-see-the-night-sky/
  • Rechargeable 'Glow in The Dark' Plants Are The Green Light We've Been Waiting For https://www.sciencealert.com/rechargeable-glow-in-the-dark-plants-could-soon-be-used-for-ambient-lighting
  • Manta rays inspire new device to filter microplastics https://www.bbc.co.uk/news/science-environment-58573451
  • Tiny electronic fliers could float like seeds on the breeze to monitor the environment https://www.theverge.com/2021/9/22/22685569/electronic-microfliers-seed-dispersal-environmental-monitoring
  • (Impressive) Mountain goat 'turned the tables,' killed grizzly bear in Yoho National Park https://www.cbc.ca/news/canada/british-columbia/mountain-goat-kills-grizzly-bear-1.6184779

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • The Pandemic's Hidden Toll Is Revealed in Excess Death Counts https://www.scientificamerican.com/article/the-pandemics-hidden-toll-is-revealed-in-excess-death-counts/
  • COVID-19 has killed as many Americans as the Spanish flu https://globalnews.ca/news/8205678/covid-19-spanish-flu-death-toll/
  • No, Vaccinated People Are Not ‘Just as Likely' to Spread the Coronavirus as Unvaccinated People https://www.theatlantic.com/ideas/archive/2021/09/the-vaccinated-arent-just-as-likely-to-spread-covid/620161/
  • The Evidence Is in – One Mask Type Stands Out as The Best Protection Against COVID-19 https://www.sciencealert.com/the-evidence-is-in-one-mask-type-stands-out-as-the-best-protection-against-covid-19
  • Albertan’s have COVID party to achieve herd immunity and end up in ICU https://www.forbes.com/sites/victoriaforster/2021/09/23/people-end-up-in-icu-after-attending-covid-party/?sh=30ce9c8676af
  • Ontario reports 463 new COVID-19 cases, smallest increase in five weeks https://globalnews.ca/news/8211799/ontario-covid-cases-september-22-coronavirus/
  • Ontario's COVID-19 rates lower than expected due to public health measures, experts say https://globalnews.ca/news/8221987/ontario-covid-rates-lower-than-expected/
  • Virginia's hospitals are filling up with COVID patients. Its rural, unvaccinated population may be the cause. https://www.businessinsider.com/rural-virginia-hospitalization-covid-19-political-2021-9

• Guidance, Response, and Recovery:

  • Covid: US opens up to fully vaccinated travellers https://www.bbc.co.uk/news/world-us-canada-58628491
  • U.S. extends land border rules to Canada and Mexico, eases other travel measures https://globalnews.ca/news/8204564/u-s-extends-land-border-rules-canada-mexico-eases-other-international-travel-measures/
  • Princeton researchers discover new way to encourage vaccinations and masking https://scienmag.com/princeton-researchers-discover-new-way-to-encourage-vaccinations-and-masking/
  • Amazon has handed $100,000 cash prizes or cars worth as much as $40,000 to 8 employees who proved they were vaccinated against COVID-19 https://www.businessinsider.com/amazon-prizes-cars-cash-covid-vaccine-workers-max-your-vax-2021-9
  • The New Zealand government is talking to KFC, Pizza Hut, and Taco Bell about offering people COVID-19 vaccines when they buy meals https://www.businessinsider.com/new-zealand-discuss-kfc-pizza-hut-include-vaccine-with-meals-2021-9
  • Ontario COVID-19 vaccine certificate program for many indoor public settings now in effect https://globalnews.ca/news/8209565/covid-ontario-vaccine-passports-certificates/
  • How long will Ontario's COVID-19 vaccine certificate program last? https://toronto.ctvnews.ca/how-long-will-ontario-s-covid-19-vaccine-certificate-program-last-1.5595636
  • COVID-19: 140 unvaccinated staff at Windsor, Ont., hospital placed on leave https://globalnews.ca/news/8213516/unvaccinated-staff-placed-on-leave-windsor-hospital/
  • Ontario still undecided on making COVID-19 vaccines mandatory for long-term care staff https://toronto.ctvnews.ca/ontario-still-undecided-on-making-covid-19-vaccines-mandatory-for-long-term-care-staff-1.5597879

• Immunity and Vaccinations:

  • Fully Vaccinated Is Suddenly a Much Less Useful Phrase https://www.theatlantic.com/health/archive/2021/09/fully-vaccinated-mandates-boosters/620192/
  • The verdict is in: Pregnant women pass COVID-fighting antibodies to their unborn children https://www.businessinsider.com/pregnant-women-pass-covid-vaccine-antibodies-to-children-2021-9
  • Pfizer Canada eyeing urgent COVID-19 vaccine approval for children aged 5 to 11 https://globalnews.ca/news/8205649/pfizer-covid-vaccine-canada-children-5-to-11/
  • Pfizer's COVID Vaccine Is Safe For Younger Children, New Results Show https://www.sciencealert.com/clinical-trials-demonstrate-pfizer-vaccine-is-safe-for-children-aged-5-to-11
  • FDA backs Pfizer COVID-19 booster shots. Should Canada do the same? https://globalnews.ca/news/8216138/covid-vaccine-booster-canada-fda/
  • Things we learned:
  • Even Mild Cases of COVID May Leave a Mark on the Brain https://www.scientificamerican.com/article/even-mild-cases-of-covid-may-leave-a-mark-on-the-brain/
  • Hospital Reports a Scary Effect of Severe COVID-19 Is Far More Common Than Thought https://www.sciencealert.com/severe-cases-of-covid-19-are-very-often-followed-by-delirium
  • The Closest Related Virus to SARS-CoV-2 Has Just Been Discovered, And It's in Bats https://www.sciencealert.com/new-study-discovers-closest-relative-to-sars-cov-2-in-laos-bats
  • The Lab-Leak Debate Just Got Even Messier https://www.theatlantic.com/science/archive/2021/09/lab-leak-pandemic-origins-even-messier/620209/
  • Mathematical constructions of COVID virus activity could provide new insight for vaccines, treatment https://scienmag.com/mathematical-constructions-of-covid-virus-activity-could-provide-new-insight-for-vaccines-treatment/

• Impact:

  • Office vacancies continue to soar as many Canadians still working from home https://globalnews.ca/news/8214619/office-vacancies-continue-soar-canadians-work-from-home-amid-pandemic/

• More of the good, the bad, and the ugly:

  • Anti-vaxxers in Vancouver delayed an ambulance carrying someone bleeding out from getting to the hospital https://www.businessinsider.com/anti-vaxxers-delayed-an-ambulance-2021-9
  • Anti-vaxxers are gargling iodine in the latest ill-advised attempt at DIY anti-COVID care, say reports https://www.businessinsider.com/anti-vaxxers-are-gargling-iodine-try-and-stop-covid-19-2021-9
  • Quebec warns against fake COVID-19 vaccine passport apps in circulation https://globalnews.ca/news/8221143/quebec-fake-covid-vaccine-passport-apps/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Mathematician Answers ‘n-Queens’ Chess Problem About Attacking https://chessnews.com/2021/09/22/mathematician-explains-the-n-queens-problems/
• Airbus created a new plane concept with wings modeled off how eagles soar designed to increase efficiency https://www.businessinsider.com/airbus-launches-new-wing-concept-modeled-off-eagles-2021-9
• By Using Dashcams and Security Cameras, Astronomers Were Able to Track Down the Location of a Meteorite https://www.universetoday.com/152640/by-using-dashcams-and-security-cameras-astronomers-were-able-to-track-down-the-location-of-a-meteorite/
• Elon Musk says there was ‘challenges' with the toilet during SpaceX's Inspiration4 trip to space https://www.independent.co.uk/life-style/gadgets-and-tech/elon-musk-spacex-inspiration4-toilet-twitter-b1924247.html
• NASA's VIPER Rover Will Hunt for Water Near Nobile Crater at Moon's South Pole https://www.universetoday.com/152629/nasas-viper-rover-will-hunt-for-water-near-nobile-crater-at-moons-south-pole/
• There Could Be an Extremely Simple Reason Why Mars Isn't as Suitable For Life https://www.sciencealert.com/there-s-a-simple-reason-mars-might-have-limited-habitability-its-tiny-size
• Lucy's wild ride to Jupiter's orbit… but not to Jupiter https://www.syfy.com/syfywire/lucys-wild-ride-to-jupiters-orbit-but-not-to-jupiter
• Astronomers Have Made an Unprecedented Detection of Clouds on a Far-Off Exoplanet https://www.sciencealert.com/astronomers-have-detected-clouds-on-a-distant-exoplanet-and-measured-their-altitude
• Astronomers Have Discovered a Giant, Empty Cavity Lurking in Space https://www.sciencealert.com/astronomers-have-found-a-giant-spherical-cavity-in-space
• A Proposed Clockwork Solar System Made out of LEGO https://www.universetoday.com/152666/a-proposed-clockwork-solar-system-made-out-of-lego/