Welcome to This Week’s [in]Security. PCI and payments: Global Community Forum, Technical FAQs, ATM skimmers. New breaches: Brazil's Hariexpress, Missouri Teachers, Verizon/Visible, Student SSNs from 1957, Acer, Thingiverse & 3D Printers, Playbook, Accenture. New Ransomware: Payouts surge, Water plants, Olympus, Banks. Analysis. Major outages: MS DDoS, Snapchat. Follow-ups & Fall-out: Privacy: Client-side scanning backdoors, Facebook AI, Android, Gaggle, 7-11, Real faces. Laws & Regs - Canada, US: Border warrants, TSA cyber regs, Whistleblowers, Fake reviews, Responsible disclosure, lawsuits, World: privacy, anti-ransomware, domain registration, biometrics, DDoS. Standards: IETF & Cloudflare. Defense: credentials revoked, tools, techniques, products, zero-trust. Vulnerabilities, Zerodays: iOS, Windows. Other Vulnerabilities: infrastructure, certificates, WordPress, Open/Libre Office, IPTV Rickroll, NFT, password research. Cybercrime: Trends: Stealing OTP, Aircraft maintenance, HTTP probes, Ad injector, Nation States. Crime. Other Risks: critical thinking, plain speech, complexity. more FB AI failure, great resignation, crypto. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI 2021 Global Community Forum – October 26-28 https://events.pcisecuritystandards.org/global2021
• P2PE v3.x Technical FAQs https://www.pcisecuritystandards.org/documents/PCI-P2PE-v_3_x-Technical-FAQs-Oct-2021.pdf
• ATM skimmers are still a thing– stay vigilant https://www.databreaches.net/atm-skimmers-are-still-a-thing-stay-vigilant/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Informed of a data leak in July, Brazilian integrator platform continued to expose more than 1.75 billion files https://www.databreaches.net/informed-of-a-data-leak-in-july-brazilian-integrator-platform-continues-to-expose-more-than-1-75-billion-files/
  • Missouri Teachers' Social Security numbers at risk on state agency's website; state's response is to shoot the messenger? https://www.databreaches.net/missouri-teachers-social-security-numbers-at-risk-on-state-agencys-website-states-response-is-to-shoot-the-messenger/
  • Verizon digital carrier Visible customer accounts were hacked https://www.bleepingcomputer.com/news/security/verizon-digital-carrier-visible-customer-accounts-were-hacked/
  • Adult students' SSNs from more than 60 years ago caught up in Ohio breach https://www.databreaches.net/adult-students-ssns-from-more-than-60-years-ago-caught-up-in-ohio-breach/
  • Acer India hacked — again? https://www.databreaches.net/acer-india-hacked-again/ and https://www.securityweek.com/hackers-claim-have-stolen-60-gb-data-acer
  • Fertility Testing Lab Says Ransomware Breach Affects 350,000 https://www.databreachtoday.com/fertility-testing-lab-says-ransomware-breach-affects-350000-a-17728
  • Thingiverse - 228,102 breached accounts https://haveibeenpwned.com/PwnedWebsites#Thingiverse
  • Thingiverse Breach: 50,000 Printers Could Have Been Hijacked via breached OAUTH tokens https://www.databreachtoday.com/thingiverse-breach-50000-printers-could-have-been-hijacked-a-17749
  • Playbook - 50,538 breached accounts https://haveibeenpwned.com/PwnedWebsites#Playbook
  • Former Executive Accessed PHI of Nearly 38,000 Individuals https://www.databreachtoday.com/former-executive-accessed-phi-nearly-38000-individuals-a-17724
  • Accenture confirms data breach after August ransomware attack https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/
  • Osteopathic Professional Group Reports Year-Old Breach https://www.databreachtoday.com/osteopathic-professional-group-reports-year-old-breach-a-17735

• New Ransomware and "Incidents":

  • US Treasury says ransomware payouts in 2021 could top entire past decade https://www.theverge.com/2021/10/15/22728765/us-treasury-ransomware-payout-numbers-reports-2021-first-half-cybercrime
  • US links $5.2 billion worth of Bitcoin transactions to ransomware https://www.bleepingcomputer.com/news/security/us-links-52-billion-worth-of-bitcoin-transactions-to-ransomware/
  • US government discloses more ransomware attacks on water plants https://www.bleepingcomputer.com/news/security/us-government-discloses-more-ransomware-attacks-on-water-plants/
  • Olympus US systems hit by cyberattack over the weekend https://www.bleepingcomputer.com/news/security/olympus-us-systems-hit-by-cyberattack-over-the-weekend/
  • Pacific City Bank discloses ransomware attack claimed by AvosLocker https://www.bleepingcomputer.com/news/security/pacific-city-bank-discloses-ransomware-attack-claimed-by-avoslocker/
  • Cyberattack shuts down Ecuador's largest bank, Banco Pichincha https://www.bleepingcomputer.com/news/security/cyberattack-shuts-down-ecuadors-largest-bank-banco-pichincha/
  • VirusTotal Shares Analysis of 80 Million Ransomware Samples https://www.securityweek.com/virustotal-shares-analysis-80-million-ransomware-samples

• Major outages/downs:

  • Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers https://thehackernews.com/2021/10/microsoft-fended-off-record-24-tbps.html
  • Global Azure outage knocked out virtual machines, other VM-dependent services https://www.zdnet.com/article/global-azure-outage-knocked-out-virtual-machines-other-vm-dependent-services/
  • Snapchat not working - live: App was down for tens of thousands around the world https://www.independent.co.uk/life-style/gadgets-and-tech/snapchat-down-not-working-live-b1937620.html
  • Why does the internet keep breaking? https://www.bbc.co.uk/news/business-58873472

• Follow-ups and fall-out:

  • Understanding How Facebook Disappeared from the Internet https://blog.cloudflare.com/october-2021-facebook-outage/

Privacy

Articles about privacy related news, risks, and trends.

• Client-side content scanning as an unworkable, insecure disaster for democracy https://www.theregister.com/2021/10/15/clientside_side_scanning/
• Cybersecurity Experts Sound Alarm on Apple and E.U. Phone Scanning Plans https://www.nytimes.com/2021/10/14/business/apple-child-sex-abuse-cybersecurity.html
• Bugs in our pockets? The risks of client side scanning https://www.lightbluetouchpaper.org/2021/10/15/bugs-in-our-pockets/
• Facebook is researching AI systems that see, hear, and remember everything you do https://www.theverge.com/2021/10/14/22725894/facebook-augmented-reality-ar-glasses-ai-systems-ego4d-research
• Facebook is working on AI tech that will monitor your every move https://www.businessinsider.com/facebook-tech-that-watches-your-every-move-2021-10
• Study reveals Android phones constantly snoop on their users https://www.bleepingcomputer.com/news/security/study-reveals-android-phones-constantly-snoop-on-their-users/
• A boy wrote about his suicide attempt. He didn't realize his school's Gaggle software was watching https://www.theguardian.com/education/2021/oct/12/school-surveillance-dragnet-suicide-attempt-healing
• 7-11 Breached Privacy By Collecting Facial Imagery Without Consent https://packetstormsecurity.com/news/view/32726/7-11-Breached-Privacy-By-Collecting-Facial-Imagery-Without-Consent.html
• Recovering Real Faces from Face-Generation ML System https://www.schneier.com/blog/archives/2021/10/recovering-real-faces-from-face-generation-ml-system.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • EPIC Urges Canadian Privacy Commissioner to Ban Facial Recognition https://epic.org/2021/10/epic-urges-canadian-privacy-co.html

• US:

  • Come Back with a Warrant: Congress Should Pass the Protecting Data at the Border Act https://www.eff.org/deeplinks/2021/10/come-back-warrant-congress-should-pass-protecting-data-border-act
  • TSA to issue cybersecurity requirements for US rail, aviation sectors https://www.csoonline.com/article/3636408/tsa-to-issue-cybersecurity-requirements-for-us-rail-aviation-sectors.html
  • US DOJ to Fine Contractors for Failure to Report Incidents https://www.databreachtoday.com/us-doj-to-fine-contractors-for-failure-to-report-incidents-a-17695
  • Silenced no more: A new era of tech whistleblowing? https://www.bbc.co.uk/news/technology-58850064
  • A second Facebook whistleblower says she's willing to testify before Congress, and that she's shared documents with a US law agency https://www.businessinsider.com/facebook-whistleblower-sophie-zhang-willing-to-testify-congress-2021-10
  • Facebook ‘repeatedly lied' to Oversight Board about secret VIP list that let users break rules, whistleblower says https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-whistleblower-lied-haugen-oversight-board-xcheck-cross-check-b1936673.html
  • FTC fires warning shot at 700 leading companies about fake reviews https://www.bleepingcomputer.com/news/technology/ftc-fires-warning-shot-at-700-leading-companies-about-fake-reviews/
  • Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/
  • Zero-Day Hunters Seek Laws To Prevent Vendors Suing Them For Helping Out And Doing Their Jobs https://packetstormsecurity.com/news/view/32718/Zero-Day-Hunters-Seek-Laws-To-Prevent-Vendors-Suing-Them-For-Helping-Out-And-Doing-Their-Jobs.html
  • Dozens of U.S. lawsuits demand unproven ivermectin for hospitalized COVID-19 patients https://globalnews.ca/news/8271939/ivermectin-covid-hospitalized-us-lawsuits/
  • Parents sue Wisconsin schools after their children catch covid: ‘Recklessly exposing the public' https://www.washingtonpost.com/nation/2021/10/12/parents-sue-wisconsin-schools-covid-masks/
  • Canon sued for disabling scanner when printers run out of ink https://www.bleepingcomputer.com/news/legal/canon-sued-for-disabling-scanner-when-printers-run-out-of-ink/
  • Suing Infrastructure Companies for Copyright Violations https://www.schneier.com/blog/archives/2021/10/suing-infrastructure-companies-for-copyright-violations.html

• World:

  • Are You Ready for the Privacy Laws Tsunami? https://www.darkreading.com/application-security/are-you-ready-for-the-privacy-laws-tsunami-
  • Russia and China left out of global anti-ransomware meetings https://www.bleepingcomputer.com/news/security/russia-and-china-left-out-of-global-anti-ransomware-meetings/
  • Australia Plans Ransomware Attack Reporting Requirement https://www.databreachtoday.com/australia-plans-ransomware-attack-reporting-requirement-a-17731
  • Australian to tackle ransomware includes deleting stolen files https://www.bleepingcomputer.com/news/security/australia-to-tackle-ransomware-data-breaches-by-deleting-stolen-files/
  • EU legislation introduced to ban anonymous domain registration https://www.bleepingcomputer.com/news/government/eu-legislation-introduced-to-ban-anonymous-domain-registration/
  • The European Parliament Voted to Ban Remote Biometric Surveillance https://www.schneier.com/blog/archives/2021/10/the-european-parliament-voted-to-ban-remote-biometric-surveillance.html
  • Dutch police send warning letters to customers of DDoS booter service https://www.databreaches.net/dutch-police-send-warning-letters-to-customers-of-ddos-booter-service/
  • TechScape: UK online safety bill could set tone for global social media regulation https://www.theguardian.com/technology/2021/oct/13/techscape-uk-online-safety-bill-could-set-tone-for-social-media-regulation-worldwide-facebook-google
  • Belarus: Joining banned Telegram channels will land you in prison https://www.bleepingcomputer.com/news/legal/belarus-joining-banned-telegram-channels-will-land-you-in-prison/
  • Human rights activist suing Twitter for allegedly giving Saudi spies access to his info https://www.theverge.com/2021/10/15/22728121/human-rights-activist-suing-twitter-saudi-spies

• Standards News:

  • Cloudflare and the IETF https://blog.cloudflare.com/cloudflare-and-the-ietf/
  • Exported Authenticators: The long road to RFC https://blog.cloudflare.com/exported-authenticators-the-long-road-to-rfc/
  • Pairings in CIRCL https://blog.cloudflare.com/circl-pairings-update/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Microsoft revokes insecure SSH keys for Azure DevOps customers https://www.bleepingcomputer.com/news/microsoft/microsoft-revokes-insecure-ssh-keys-for-azure-devops-customers/
• Deepfence Open Sources Vulnerability Mapping Tool 'ThreatMapper' https://www.securityweek.com/deepfence-open-sources-vulnerability-mapping-tool-threatmapper
• Sysinternals apps can now auto-update via the Microsoft Store https://www.bleepingcomputer.com/news/microsoft/sysinternals-apps-can-now-auto-update-via-the-microsoft-store/
• The Importance of Correctly Scoping Your Information Systems https://blog.isc2.org/isc2_blog/2021/10/correctly-scoping-your-information-systems.html
• Port-Forwarding with Windows for the Win, (Thu, Oct 14th) https://isc.sans.edu/diary/rss/27934
• Brave web browser will add bounce tracking privacy protection https://www.bleepingcomputer.com/news/software/brave-web-browser-will-add-bounce-tracking-privacy-protection/
• Microsoft Defender for Identity to detect Windows Bronze Bit attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-identity-to-detect-windows-bronze-bit-attacks/
• Mandating a Zero-Trust Approach for Software Supply Chains https://threatpost.com/mandate-zero-trust-software-supply-chains/175333/
• Google Launches Security Advisory Service, Security to Workspaces https://www.darkreading.com/cloud/google-launches-security-advisory-service-security-to-workspaces
• Tenacity 2.0 – Emulating Threat groups https://blog.qualys.com/vulnerabilities-threat-research/2021/10/13/tenacity-2-0-emulating-threat-groups

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks https://www.bleepingcomputer.com/news/security/emergency-apple-ios-1502-update-fixes-zero-day-used-in-attacks/
  • Microsoft Fixes Zero-Day Flaw in Win32 Driver https://www.darkreading.com/vulnerabilities-threats/microsoft-october-patch-update-includes-fix-for-0-day-flaw-in-win32-driver

• Other Vulnerabilities:

  • Patch Tuesday, October 2021 Edition https://krebsonsecurity.com/2021/10/patch-tuesday-october-2021-edition/
  • Critical infrastructure security dubbed 'abysmal' by researchers https://www.zdnet.com/article/critical-infrastructure-security-dubbed-abysmal-by-researchers
  • NSA warns of wildcard certificate risks, provides mitigations https://www.bleepingcomputer.com/news/security/nsa-warns-of-wildcard-certificate-risks-provides-mitigations/
  • Working around expired Root Certificates https://scotthelme.co.uk/should-clients-care-about-the-expiration-of-a-root-certificate/
  • Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers https://threatpost.com/brizy-wordpress-plugin-exploit-site-takeovers/175463/
  • Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice https://thehackernews.com/2021/10/digital-signature-spoofing-flaws.html
  • Rickroll (still a thing) Grad Prank Exposes Exterity IPTV Bug https://threatpost.com/rickroll-exterity-iptv-bug/175491/
  • Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace https://www.zdnet.com/article/bugs-allowing-malicious-nft-uploads-uncovered-in-opensea-marketplace
  • Research Directions in Password Security https://blog.cloudflare.com/research-directions-in-password-security/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • How Coinbase Phishers Steal One-Time Passwords https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/
  • Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly https://www.databreaches.net/woman-allegedly-hacked-flight-school-cleared-planes-with-maintenance-issues-to-fly/
  • Attackers Behind Trickbot Expanding Malware Distribution Channels https://thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html
  • 'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks https://www.darkreading.com/threat-intelligence/-clumsy-blackbyte-malware-reuses-crypto-keys-worms-into-networks
  • Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers, (Mon, Oct 11th) https://isc.sans.edu/diary/rss/27924
  • Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013, (Sat, Oct 16th) https://isc.sans.edu/diary/rss/27940
  • Ad-blocking browser extension actually adds ads, say Imperva researchers https://www.theregister.com/2021/10/14/ad_blocker_injects_bad_ads/
  • International cryptocurrency scam ring targets European dating app users https://www.zdnet.com/article/international-cryptocurrency-scam-ring-targets-european-dating-app-users

• Nation State Actors:

  • Google Warns Government-Backed Hackers Are on the Rise https://www.pymnts.com/news/security-and-risk/2021/google-warns-government-backed-hackers-are-on-the-rise/
  • Office 365 Spy Campaign Targets US Military Defense https://threatpost.com/military-defense-spy-campaign/175425/
  • A Close Look at Russia's Ghostwriter Campaign https://www.darkreading.com/vulnerabilities-threats/a-close-look-at-russia-s-ghostwriter-campaign
  • Russian cybercrime gang targets finance firms with stealthy macros https://www.bleepingcomputer.com/news/security/russian-cybercrime-gang-targets-finance-firms-with-stealthy-macros/
  • A Telegram Bot Told Iranian Hackers When They Got a Hit https://www.wired.com/story/apt35-iran-hackers-phishing-telegram-bot

• Crime & Arrests, etc.:

  • Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices https://thehackernews.com/2021/10/ukraine-arrests-operator-of-ddos-botnet.html
  • A bitcoin miner was jailed in England for stealing $44,000 of electricity to run his operation https://markets.businessinsider.com/news/currencies/bitcoin-miner-prison-england-stealing-44000-dollars-electricity-cryptocurrency-trader-2021-10
  • The cost of hiring a hacker on the dark web: report https://www.comparitech.com/blog/information-security/hiring-hacker-dark-web-report/

Other Security / Risk

Articles covering other types of risks.

• People Who Jump to Conclusions Show Other Kinds of Thinking Errors https://www.scientificamerican.com/article/people-who-jump-to-conclusions-show-other-kinds-of-thinking-errors/
• When Talking to the Public, Please Speak Plainly https://www.scientificamerican.com/article/scientists-when-talking-to-the-public-please-speak-plainly/
• It Only Takes 100 Seconds to Get an Identifiable 'Fingerprint' of Your Brain https://www.sciencealert.com/our-brains-unique-fingerprints-change-across-different-time-scales
• Overly Complex IT Infrastructures Pose Security Risk https://www.darkreading.com/operations/overly-complex-it-infrastructures-pose-security-risk
• Airline Passenger Mistakes Vintage Camera for a Bomb https://www.schneier.com/blog/archives/2021/10/airline-passenger-mistakes-vintage-camera-for-a-bomb.html
• Facebook claims it uses AI to identify and remove posts containing hate speech and violence, but the technology doesn't really work, report says https://www.businessinsider.com/facebook-ai-doesnt-work-to-remove-hate-speech-and-violence-2021-10
• Facebook disputes report that its AI can't detect hate speech or violence consistently https://www.theverge.com/2021/10/17/22731214/facebook-disputes-report-artificial-intelligence-hate-speech-violence
• 40% of Canadians have a negative view of Facebook, say it amplifies hate: poll https://globalnews.ca/news/8261937/canadians-negative-view-facebook-hate-poll/
• Call of Duty's new anti-cheat system includes a kernel-level driver to catch PC cheaters https://www.theverge.com/2021/10/13/22724037/call-of-duty-ricochet-anti-cheat-system-kernel-level-driver
• Amazon copied products and rigged search results to promote its own brands, documents show https://www.reuters.com/investigates/special-report/amazon-india-rigging/
• Amazon textbook rental service scammed for $1.5m https://www.theregister.com/2021/10/15/amazon_textbook_rental/
• The Great Resignation Is Accelerating https://www.theatlantic.com/ideas/archive/2021/10/great-resignation-accelerating/620382/
• Jamie Dimon calls bitcoin 'worthless' and questions its 21 million supply cap https://markets.businessinsider.com/news/currencies/jamie-dimon-bitcoin-worthless-questions-21-million-supply-cap-2021-10
• BlackRock CEO Larry Fink says he's likely in the same camp as Jamie Dimon in seeing bitcoin as worthless, though there are opportunities in blockchain https://markets.businessinsider.com/news/currencies/bitcoin-larry-fink-jamie-dimon-worthless-opportunities-blockchain-crypto-blackrock-2021-10
• A crypto collapse is 'plausible' and regulation of the market is urgently needed, Bank of England's deputy governor says https://markets.businessinsider.com/news/currencies/cryptocurrency-collapse-plausible-boe-deputy-governor-cunliffe-defi-regulation-crash-2021-10
• Self-driving Waymo cars are flocking to the same dead-end street in San Francisco, and residents have no idea why https://www.businessinsider.com/self-driving-cars-waymo-google-stuck-end-street-san-francisco-2021-10
• They're putting guns on robot dogs now https://www.theverge.com/2021/10/14/22726111/robot-dogs-with-guns-sword-international-ghost-robotics

• Health, Safety & Environment:

  • Drone delivers lungs for transplant to Toronto hospital in world 1st, health network says https://www.cbc.ca/news/canada/toronto/first-lung-transplant-drone-1.6208057
  • Canada could be heading for flu season amid 4th wave of COVID-19, Tam says https://globalnews.ca/news/8269206/canada-flu-season-covid-fourth-wave/
  • Experts Warn of a 'Twindemic' as Flu Could Rise Sharply Along With COVID in Winter https://www.sciencealert.com/expect-a-sharp-flu-rebound-after-distancing-measures-lift-potentially-creating-a-twindemic
  • Troubling birth findings show importance of timely flu vaccination https://scienmag.com/troubling-birth-findings-show-importance-of-timely-flu-vaccination/
  • Wellington-Dufferin-Guelph has 1st flu case in 18 months: public health https://globalnews.ca/news/8265557/flu-wellington-dufferin-guelph/
  • Salk scientists reveal most commonly mutated gene in all cancers https://scienmag.com/salk-scientists-reveal-most-commonly-mutated-gene-in-all-cancers/
  • Widely Used Chemical Linked to 100,000 American Deaths Every Year, Study Finds https://www.sciencealert.com/study-suggests-widely-used-hormone-disrupter-chemical-linked-to-100-000-us-deaths-a-year
  • Why Do We Wake Up at 3am And Dwell on Our Fears? A Psychologist Explains https://www.sciencealert.com/why-do-we-wake-up-at-3am-and-dwell-on-our-fears-a-psychologist-explains
  • Father charged after toddler fatally shot mother during Zoom call https://www.bbc.co.uk/news/world-us-canada-58920322
  • Kongsberg: Five dead in Norway bow and arrow attack https://www.bbc.co.uk/news/world-europe-58906165
  • Tesla Under Scrutiny Over Lack of Recall After Autopilot Update https://www.nytimes.com/2021/10/13/business/tesla-autopilot-recall-safety.html
  • Some airline pilots say they're making midair mistakes because of a lack of practice during COVID-19. One called it a 'critical situation.' https://www.businessinsider.com/pilot-error-mistakes-covid-safety-reports-2021-10
  • Former Boeing 737 Max pilot charged with fraud https://www.bbc.co.uk/news/business-58926196
  • Long Hauls in Space Seem to Increase Brain Damage Risk, Study Finds https://www.sciencealert.com/long-hauls-in-space-seems-to-increase-brain-damage-risk-study-finds
  • A Russian spacecraft pushed the space station out of position and sent astronauts into emergency mode - again https://www.businessinsider.com/russian-spaceship-pushed-space-station-out-of-position-again-2021-10
  • Not Just Sitting Ducks. Maybe Satellites Could Dodge Almost all Space Junk https://www.universetoday.com/152967/not-just-sitting-ducks-maybe-satellites-could-dodge-almost-all-space-junk/
  • A half-mile installation just took 20,000 pounds of plastic out of the Pacific - proof that ocean garbage can be cleaned https://www.businessinsider.com/ocean-cleanup-device-removed-plastic-pacific-garbage-patch-2021-10
  • A new single-atom catalyst can produce hydrogen from urea at an exceptional rate https://scienmag.com/a-new-single-atom-catalyst-can-produce-hydrogen-from-urea-at-an-exceptional-rate/
  • Save the Right Whales by Cutting through the Wrong Noise https://www.scientificamerican.com/article/save-the-right-whales-by-cutting-through-the-wrong-noise/
  • Canada among highest energy consumers as countries move to net zero emissions https://globalnews.ca/news/8267006/canada-energy-use-consumers/
  • America's Next Great Migrations Are Driven by Climate Change https://www.scientificamerican.com/article/americas-next-great-migrations-are-driven-by-climate-change/
  • Interactive: What rising sea levels will do to popular Canadian sites https://www.ctvnews.ca/climate-and-environment/interactive-what-rising-sea-levels-will-do-to-popular-canadian-sites-1.5621167
  • This Is The Devastating Global Effect a Nuclear War Would Have on Earth's Air https://www.sciencealert.com/these-are-the-devastating-effects-that-smoke-from-a-nuclear-war-would-have

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Delta and Delta Plus evade the antibody response https://scienmag.com/delta-and-delta-plus-evade-the-antibody-response/
  • Ontario reports 306 new COVID-19 cases, as seven-day average continues to drop https://globalnews.ca/news/8262082/ontario-covid-cases-october-13-coronavirus/
  • Most COVID-19 cases at shuttered Toronto school are result of student-to-student transmission https://toronto.ctvnews.ca/most-covid-19-cases-at-shuttered-toronto-school-are-result-of-student-to-student-transmission-1.5620318

• Guidance, Response, and Recovery:

  • Canada-U.S. land border to open for fully vaccinated on Nov. 8: official https://globalnews.ca/news/8268245/canada-u-s-land-open-nov-8-official/
  • U.S. to reopen Canada, Mexico land border to vaccinated travellers in early November https://globalnews.ca/news/8261521/us-canada-border-reopening-november-covid/
  • U.S. to accept mixed COVID-19 vaccine doses for international travellers, CDC says https://globalnews.ca/news/8270376/us-cdc-covid-mixed-vaccine-international/
  • 29% of Americans fearful about reopening Canada-U.S. border, poll suggests https://globalnews.ca/news/8259797/americans-fearful-reopening-canada-u-s-border-poll/
  • Saskatchewan prepared to send critical COVID-19 patients to Ontario https://globalnews.ca/news/8262515/saskatchewan-triage-protocol-intensive-care/
  • A Florida school says students who get vaxxed must stay home for 30 days due to unfounded claim that they'll infect others https://www.businessinsider.com/florida-school-says-vaxxed-kids-quarantine-30-days-each-dose-2021-10

• Immunity and Vaccinations:

  • Combating COVID-19 misinformation: Brief infographic exposure may increase trust in science https://scienmag.com/combating-covid-19-misinformation-brief-infographic-exposure-may-increase-trust-in-science/
  • How to tell if a vaccine card is real or fake, according to a physician who specializes in authenticating them https://www.businessinsider.com/how-to-tell-covid19-vaccine-card-fake-real-doctor-2021-10
  • How to get your Ontario vaccine certificate QR code https://toronto.ctvnews.ca/how-to-get-your-ontario-vaccine-certificate-qr-code-1.5624531
  • Ontario's online proof-of-vaccination portal inaccessible outside of North America https://globalnews.ca/news/8260193/covid-travel-vaccine-passport-ontario-abroad/
  • 90,000 US COVID-19 deaths could have been prevented by vaccines in 4 months, 2 leading US nonprofits estimate https://www.businessinsider.com/covid-vaccine-effectiveness-deaths-severe-disease-kaiser-family-foundation-cdc-2021-10
  • AstraZeneca says its COVID-19 drug cuts the risk of severe disease in half. It's the first antibody cocktail shown to both prevent and treat the disease in late-stage trials. https://www.businessinsider.com/astrazeneca-antibody-drug-azd7442-reduced-severe-covid-19-risk-study-2021-10
  • Scientists gave J&J vaccine recipients different booster shots in a highly anticipated trial, and found they got a much better immune response with Moderna and Pfizer https://www.businessinsider.com/jj-boosters-moderna-pfizer-provide-better-response-new-study-2021-10
  • Most past vaccine reactions don't warrant exemptions to COVID-19 shots: experts https://globalnews.ca/news/8272187/past-allergic-reaction-covid-vaccine-exmeption/
  • How a failed deal with China to produce a made-in-Canada COVID-19 vaccine wasted months and millions https://www.cbc.ca/news/canada/cansino-deal-canada-nrc-fifth-estate-1.6208241
  • Things we learned:
  • Researchers demonstrate a more effective personal protective equipment strategy for COVID-19 https://scienmag.com/researchers-demonstrate-a-more-effective-personal-protective-equipment-strategy-for-covid-19/
  • The needle-free COVID-19 treatments undergoing testing right now https://www.businessinsider.com/insiders-top-healthcare-stories-for-october-12-2021-10
  • Immune response to COVID-19 vaccine different with prior infection https://scienmag.com/immune-response-to-covid-19-vaccine-different-with-prior-infection/
  • Reimagining our pandemic problems with the mindset of an engineer https://www.technologyreview.com/2021/10/15/1037195/engineering-epidemiology-pandemic-problem-solving/
  • Study reveals why some people get Covid toe condition https://www.bbc.co.uk/news/health-58801462

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Beethoven's Unfinished 10th Symphony Brought to Life by Artificial Intelligence https://www.scientificamerican.com/podcast/episode/beethovens-unfinished-10th-symphony-brought-to-life-by-artificial-intelligence/
• Astronaut Sally Ride will be one of the women featured on a 2022 US quarter https://www.theverge.com/2021/10/11/22720495/sally-ride-us-mint-quarter-space-maya-angelou-wilma-mankiller
• ‘I've never been so scared in my life:' Golden, B.C. woman nearly hit by meteorite https://globalnews.ca/news/8259952/meteorite-hits-home-b-c/
• Blue Origin successfully sends William Shatner and crew to edge of space and back https://www.theverge.com/2021/10/13/22724058/blue-origin-william-shatner-new-shepard-flight-success
• Asteroids, the Universe, and Everything: Meet 42 space rocks https://www.syfy.com/syfywire/asteroids-the-universe-and-everything-meet-42-space-rocks
• There's No Way Venus Could Ever Have Had Oceans, Astronomers Say https://www.sciencealert.com/there-s-no-way-venus-could-ever-have-had-oceans-new-research-finds
• NASA's Mission to Visit 8 Asteroids, Lucy, Launches on October 16th https://www.universetoday.com/152960/nasas-mission-to-visit-8-asteroids-lucy-launches-on-october-16th/
• The Universe May Have Never Begun, Physicists Say https://www.sciencealert.com/the-universe-may-have-never-begun-physicists-say