This Week's [in]Security - Issue 240 | insecurity

This Week's [in]Security - Issue 240

07 Nov 2021.

Tags:

insecurity
x

Welcome to This Week’s [in]Security. PCI and payments: Non-Compliance Lesson #2, Big FAQ update, PAX/WorldPay/FBI update, magecart. New breaches: Waiting for QC, Shooting the messenger, Surveillance, VPN users. New Ransomware: Evolving tricks, NL Health. Follow-ups & Fall-out: Missouri. Privacy: Phone metadata, tappigraphy, Data Privacy Protocol, 1B deleted facial images. Laws & Regs - Canada: Bill C-10, Ontario utility data, Citizen Lab. US: FISA, LEA requests, Spyware sanctions, Bounties. World: Threatening open source, Toothless fines? Standards: EU-US. Cyber labelling, Critical Infrastructure. Defense: Pwn2Own & SANS CTF, Simulation Game. Cloud VA, Security MVP, Bloom Filter Searching, ZeroTrust. Vulnerabilities, Zerodays: Other Vulnerabilities: CISA 300 patch list, APIs, More on Trojan Source, Web Assembly, Github & NPM supply-chain - coa, rc, Cisco SSH key, non-enterprise IoT. Cybercrime: Trends: Rootkits, password spraying, GitLab, Office & Exchange. Nation States. Crime: Anti-ransomware actions, SIM & BEC arrests, Squid-scam, fraud. Other Risks: Trolls, Ethical AI, Skynet? buzzwords, meta-FOMO, Open Source Risks, Cert meltdowns, Yahoo leaves China, economy. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

New/Updated Standards:
Non-Compliance Lesson No. 2: Outsource your payments/security and don't read the fine print https://controlgap.com/blog/Non-Compliance-Lesson-No-2
A new batch of PCI FAQ’s most relating to the Secure Software standards:
Our updated index of FAQ’s https://controlgap.com/index-pci-frequently-asked-questions/
Further to the PAX/WorldPay/FBI story - PAX Security Executive Resigns a Day After FBI Raids on Offices https://www.bloomberg.com/news/articles/2021-10-28/pax-security-executive-resigns-a-day-after-fbi-raids-on-offices
FBI crackdown on Chinese tech giant creates headaches for Aussie fintechs https://www.bankingday.com/fbi-crackdown-pax-tech
Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar https://threatpost.com/magecart-credit-card-skimmer-avoids-vms-to-fly-under-the-radar/175993/
Mastercard Will Make CBDCs Work if Issued by Governments https://www.pymnts.com/cbdc/2021/mastercard-will-make-cbdcs-work-if-issued-by-governments/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

New Breaches:
- Hackers are stealing data today so quantum computers can crack it in a decade https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography
- Shoot-the-Messenger, Monday edition: ActMobile threatens researcher whose only sin was trying to let them know they are leaking data https://www.databreaches.net/shoot-the-messenger-monday-edition-actmobile-threatens-researcher-whose-only-sin-was-trying-to-let-them-know-they-are-leaking-data/
- 1.8TB of Police Helicopter Surveillance Footage Leaks Online https://www.wired.com/story/ddosecrets-police-helicopter-data-leak
- US defense contractor Electronic Warfare hit by data breach https://www.bleepingcomputer.com/news/security/us-defense-contractor-electronic-warfare-hit-by-data-breach/
- Who owns this huge database of leaked VPN user details? https://www.comparitech.com/blog/information-security/vpn-database-leak/
- Jukin Media hacked and data dumped; company claims a password reset is required due to a “security upgrade” https://www.databreaches.net/jukin-media-hacked-and-data-dumped-while-company-claims-a-password-reset-is-required-due-to-a-security-upgrade/
- Black Shadow hackers leak medical records of 290,000 Israeli patients https://www.databreaches.net/black-shadow-hackers-leak-medical-records-of-290000-israeli-patients/
- Medical school exposes personal data of thousands of students https://www.zdnet.com/article/medical-school-exposes-personal-data-of-thousands-of-students
- 1,355 NUS Society members' personal data stolen, possibly put on sale on Dark Web https://www.databreaches.net/1355-nus-society-members-personal-data-stolen-possibly-put-on-sale-on-dark-web/
- ‘It made me sick': Box of medical records ends up on Gastonia man's doorstep https://www.databreaches.net/it-made-me-sick-box-of-medical-records-ends-up-on-gastonia-mans-doorstep/
New Ransomware and "Incidents":
- 7 Trends: How Ransomware Operations Continue to Evolve https://www.databreachtoday.com/7-trends-how-ransomware-operations-continue-to-evolve-a-17841
- FBI: Ransomware targets companies during mergers and acquisitions https://www.bleepingcomputer.com/news/security/fbi-ransomware-targets-companies-during-mergers-and-acquisitions/
- FBI Publishes IOCs for Hello Kitty Ransomware https://www.securityweek.com/fbi-publishes-iocs-hello-kitty-ransomware
- Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory, (Sat, Nov 6th) https://isc.sans.edu/diary/rss/28006
- Minimize Ransomware Damage by Stopping Lateral Movement https://www.databreachtoday.com/webinars/minimize-ransomware-damage-by-stopping-lateral-movement-w-3606
- Canadian province health care system disrupted by cyberattack https://www.bleepingcomputer.com/news/security/canadian-province-health-care-system-disrupted-by-cyberattack/
- Expert says N.L. cyberattack worst in Canadian history, deserves federal response https://globalnews.ca/news/8350768/nl-cyberattack-expert-deserves-federal-response/
- bZx Network Hacked for $55M https://www.databreaches.net/bzx-network-hacked-for-55m/
- Cyberattack Hits Multiple Greek Shipping Firms https://www.databreaches.net/cyberattack-hits-multiple-greek-shipping-firms/
- Domaining.com reports security incident https://www.databreaches.net/domaining-com-reports-security-incident/
- California Clinic Network Cyber Incident Affects 656,000 https://www.databreachtoday.com/california-clinic-network-cyber-incident-affects-656000-a-17839
- Locked up: UK's Labour Party data 'rendered inaccessible' on third-party systems after cyber attack https://www.theregister.com/2021/11/03/labour_party_data_rendered_inaccessible/
- Martin County tax collector still silent amid cyberattack, message to them posted on dark web https://www.databreaches.net/martin-county-tax-collector-still-silent-amid-cyberattack-message-to-them-posted-on-dark-web/
- FBI: Ransomware gangs hit several tribal-owned casinos in the last year https://www.bleepingcomputer.com/news/security/fbi-ransomware-gangs-hit-several-tribal-owned-casinos-in-the-last-year/
Follow-ups and fall-out:
- After Security Flaw Found, Missouri Hires Data Breach Group https://www.securityweek.com/after-security-flaw-found-missouri-hires-data-breach-group

Privacy

Articles about privacy related news, risks, and trends.

On Cell Phone Metadata https://www.schneier.com/blog/archives/2021/11/on-cell-phone-metadata.html
The dawn of tappigraphy: does your smartphone know how you feel before you do? https://www.theguardian.com/technology/2021/nov/07/the-dawn-of-tappigraphy-does-your-smartphone-know-how-you-feel-before-you-do
‘Our notion of privacy will be useless': what happens if technology learns to read our minds? https://www.theguardian.com/technology/2021/nov/07/our-notion-of-privacy-will-be-useless-what-happens-if-technology-learns-to-read-our-minds
Google Introduces New Open-Source Data Privacy Protocol https://www.securityweek.com/google-introduces-new-open-source-data-privacy-protocol
Face Recognition Is So Toxic, Facebook Is Dumping It https://www.eff.org/deeplinks/2021/11/face-recognition-so-toxic-facebook-dumping-it
Facebook deletes 1 billion faceprints in Face Recognition shutdown https://www.bleepingcomputer.com/news/technology/facebook-deletes-1-billion-faceprints-in-face-recognition-shutdown/
Clearview AI ordered to delete all facial recognition data belonging to Australians https://www.theverge.com/2021/11/3/22761001/clearview-ai-facial-recognition-australia-breach-data-delete
Nigeria's Digital Currency Rollout Highlights Security, Privacy Concerns https://www.pymnts.com/cbdc/2021/nigeria-digital-currency-rollout-highlights-security-privacy-concerns/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Canada:
- The Law Bytes Podcast, Episode 106: Former Canadian Heritage Committee Chair Scott Simms Goes Behind the Scenes of the Bill C-10 Hearing https://www.michaelgeist.ca/2021/11/law-bytes-podcast-episode-106/
- Ontario to require electricity, natural gas utility companies to give customers their data https://globalnews.ca/news/8340551/ontario-require-electricity-natural-gas-companies-customers-data/
- Consultation on Draft Guidance for Police Services' Privacy Obligations on the Use of Facial Recognition Technology https://citizenlab.ca/2021/10/consultation-on-draft-guidance-for-police-services-privacy-obligations-on-the-use-of-facial-recognition-technology/
US:
- No day in court: US Foreign Intelligence Surveillance Court rulings will stay a secret https://www.theregister.com/2021/11/05/fisc_secrecy_ruling/
- Signal Unveils How Far US Law Enforcement Will Go To Get Information About People https://packetstormsecurity.com/news/view/32776/Signal-Unveils-How-Far-US-Law-Enforcement-Will-Go-To-Get-Information-About-People.html
- US Blacklists NSO Group maker of Pegasus spyware https://www.schneier.com/blog/archives/2021/11/us-blacklists-nso-group.html
- US sanctions four companies selling hacking tools, including NSO Group & Candiru https://www.databreaches.net/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/
- The US Puts a $10M Bounty on DarkSide Ransomware Hackers https://www.wired.com/story/darkside-ransomware-ukraine-russia-trojan-source-security-news
- US government offers $10 million bounty for information on Colonial Pipeline hackers https://www.theverge.com/2021/11/5/22764987/darkside-hackers-bounty-10-million-colonial-pipeline
- FTC Moves to Stop Subscription Services From Deceptive Practices https://www.pymnts.com/subscriptions/2021/ftc-moves-to-stop-subscription-services-from-deceptive-practices/
- US Treasury Department Says Stablecoins Must Be Regulated https://www.databreachtoday.com/us-treasury-department-says-stablecoins-must-be-regulated-a-17840
- Another 2020 lawsuit over internet voting https://freedom-to-tinker.com/2021/11/04/another-2020-lawsuit-over-internet-voting/
- Facebook Faces New Antitrust Lawsuit https://www.nytimes.com/2021/11/04/technology/facebook-antitrust-lawsuit-phhhoto.html
World:
- Parents Built a School App. Then the City Called the Cops https://www.wired.com/story/sweden-stockholm-school-app-open-source
- UK: Are monetary penalties really a deterrent to data protection violations if few companies actually pay up? https://www.databreaches.net/uk-are-monetary-penalties-really-a-deterrent-to-data-protection-violations-if-few-companies-actually-pay-up/
- Google News to relaunch in Spain after mandatory payments to newspapers scrapped https://www.theverge.com/2021/11/3/22761041/google-news-relaunch-spain-payments-publishers-eu-copyright-directive
Standards News:
- Data transfers between the EU and the US: Still unclear on what you're supposed to do? Here's an explainer https://www.theregister.com/2021/11/01/data_transfers_europe/
- NIST & FTC Draft Baseline Criteria for Consumer Software Cybersecurity Labeling is open for comments until December 16 DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling (nist.gov)
- CISA Begins Program to Identify Critical Infrastructure https://www.databreachtoday.com/cisa-begins-program-to-identify-critical-infrastructure-a-17835
- CISA orders federal agencies to fix hundreds of exploited security flaws https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-fix-hundreds-of-exploited-security-flaws/
- CISA's Binding Operational Directive on Managing Unacceptable Risk Vulnerabilities in Federal Enterprises Is Key to Stopping Federal Cyberattacks https://www.tenable.com/blog/cisa-s-binding-operational-directive-on-managing-unacceptable-risk-vulnerabilities-in-federal

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021 https://www.securityweek.com/device-exploits-earn-hackers-over-1-million-pwn2own-austin-2021
Printers Hacked for First Time at Pwn2Own https://www.securityweek.com/printers-hacked-first-time-pwn2own
Samsung Galaxy S21 hacked on second day of Pwn2Own Austin https://www.bleepingcomputer.com/news/security/samsung-galaxy-s21-hacked-on-second-day-of-pwn2own-austin/
SANS National Capture-the-Flag Tournament's for the Beneswiss Region https://www.sans.org/blog/national-ctf-tournament-beneswiss
Simulation Game Teaches Non-Security Staff How to Handle a Cyber Crisis https://www.darkreading.com/edge-articles/simulation-game-teaches-non-security-staff-how-to-handle-a-cyber-crisis
Cloud, Remote Work Will Change How IT Uses Vulnerability Scanners https://www.darkreading.com/dr-tech/cloud-remote-work-will-change-how-it-uses-vulnerability-scanners
How InfoSec Should Use the Minimum Viable Secure Product Checklist https://www.darkreading.com/operations/how-infosec-should-use-the-minimum-viable-secure-product-checklist
5 MITRE ATT&CK Tactics Most Frequently Detected by Cisco Secure Firewalls https://www.darkreading.com/edge-threat-monitor/5-mitre-attck-tactics-most-frequently-detected-by-cisco-secure-firewalls
When Pwned Passwords Bloom! (Applying Bloom Filter/Search to the pwned password db) https://scotthelme.co.uk/when-pwned-passwords-bloom/
Mozilla Rolling Out 'Site Isolation' With Release of Firefox 94 https://www.securityweek.com/mozilla-rolling-out-site-isolation-release-firefox-94
How Is Zero Trust Different From Traditional Security? https://www.darkreading.com/edge-ask-the-experts/how-is-zero-trust-different-from-traditional-security-
Package delivery boxes could help to prevent theft from porch pirates https://toronto.ctvnews.ca/package-delivery-boxes-could-help-to-prevent-theft-from-porch-pirates-1.5654616

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Zero-day news:
- Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks https://thehackernews.com/2021/11/google-warns-of-new-android-0-day.html
Other Vulnerabilities:
- CISA Lists 300 Exploited Vulnerabilities That Organizations Need to Patch https://www.securityweek.com/cisa-lists-300-exploited-vulnerabilities-organizations-need-patch
- CISA urges vendors to patch BrakTooth bugs after exploits release https://www.databreaches.net/cisa-urges-vendors-to-patch-braktooth-bugs-after-exploits-release/
- The Threat of Insecure Interfaces and APIs https://blog.isc2.org/isc2_blog/2021/11/the-threat-of-insecure-interfaces-and-apis.html
- ‘Trojan Source' Bug Threatens the Security of All Code https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
- Hiding Vulnerabilities in Source Code https://www.schneier.com/blog/archives/2021/11/hiding-vulnerabilities-in-source-code.html
- FYI: Code compiled to WebAssembly may lack standard security defenses https://www.theregister.com/2021/11/04/webassembly_stack_canaries/
- How substitution attacks target software supply chains through Github https://www.comparitech.com/blog/information-security/dependency-confusion-supply-chain-attack/
- Popular 'coa' NPM library hijacked to steal user passwords https://www.bleepingcomputer.com/news/security/popular-coa-npm-library-hijacked-to-steal-user-passwords/ and https://www.bleepingcomputer.com/news/security/popular-npm-library-coa-hijacked-breaking-react-pipelines-worldwide/
- Two NPM Packages With 22 Million Weekly Downloads Found Backdoored https://thehackernews.com/2021/11/two-npm-packages-with-22-million-weekly.html
- Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html
- Cisco Plugs Critical Holes in Catalyst PON Enterprise Switches https://www.securityweek.com/cisco-plugs-critical-holes-catalyst-pon-enterprise-switches
- Linux Foundation Fixes 'Dangerous' Code Execution Kernel Bug https://www.securityweek.com/linux-foundation-fixes-dangerous-code-execution-kernel-bug
- Windows 11 KB5008295 OOB update fixes certificate issue breaking apps https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5008295-oob-update-fixes-certificate-issue-breaking-apps/
- Mozilla Thunderbird 91.3 released to fix high impact flaws https://www.bleepingcomputer.com/news/security/mozilla-thunderbird-913-released-to-fix-high-impact-flaws/
- Does Home IoT Compromise Enterprise Security? https://www.trendmicro.com/en_us/research/21/k/does-home-iot-compromise-enterprise-security.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Trends, Alerts, and Events (other than major breaches):
- Almost half of rootkits are used for cyberattacks against government organizations https://www.zdnet.com/article/almost-half-of-rootkits-are-used-to-strike-government-targets
- Microsoft warns of rise in password sprays targeting cloud accounts https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-rise-in-password-sprays-targeting-cloud-accounts/
- Android has its head in the sand with AbstractEmu malware rooting phones https://www.theregister.com/2021/11/01/in_brief_security/
- Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html
- Over 30,000 GitLab servers still unpatched against critical bug https://www.bleepingcomputer.com/news/security/over-30-000-gitlab-servers-still-unpatched-against-critical-bug/
- Kaspersky's stolen Amazon SES token used in Office 365 phishing https://www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/
- Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
- Researchers Uncover 'Pink' Botnet Malware That Infected Over 1.6 Million Devices https://thehackernews.com/2021/11/researchers-uncover-pink-botnet-malware.html
- Steam phishing campaign lures victims with free Discord Nitro https://www.bleepingcomputer.com/news/security/steam-phishing-campaign-lures-victims-with-free-discord-nitro/
Nation State Actors:
- Iran Suspects Israel and US Behind Fuel Cyber Attack https://www.securityweek.com/iran-suspects-israel-and-us-behind-fuel-cyber-attack
Crime & Arrests, etc.:
- Operation Cyclone deals blow to Clop ransomware operation https://www.bleepingcomputer.com/news/security/operation-cyclone-deals-blow-to-clop-ransomware-operation/
- BlackMatter ransomware claims to be shutting down due to police pressure https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-claims-to-be-shutting-down-due-to-police-pressure/
- Security Service of Ukraine identified FSB hackers who carried out more than 5,000 cyberattacks on state bodies of Ukraine https://www.databreaches.net/security-service-of-ukraine-identified-fsb-hackers-who-carried-out-more-than-5000-cyberattacks-on-state-bodies-of-ukraine/
- Ukraine identifies five members of the Gamaredon hacking group https://www.bleepingcomputer.com/news/security/ukraine-identifies-five-members-of-the-gamaredon-hacking-group/
- Alleged Twitter hacker charged with theft of $784K in crypto via SIM swaps https://www.databreaches.net/alleged-twitter-hacker-charged-with-theft-of-784k-in-crypto-via-sim-swaps/
- Atlanta Man Charged for Role in BEC Fraud Scheme https://www.securityweek.com/atlanta-man-charged-role-bec-fraud-scheme
- Squid Game token goes offline after skyrocketing 75,000% - and that means the scam is over, CoinGecko says https://markets.businessinsider.com/news/currencies/the-squid-game-token-scam-website-socials-offline-coingecko-crypto-2021-11
- FBI warns of increased use of cryptocurrency ATMs, QR codes for fraud https://www.bleepingcomputer.com/news/security/fbi-warns-of-increased-use-of-cryptocurrency-atms-qr-codes-for-fraud/
- Luton man left shocked as his house is ‘stolen' https://www.bbc.co.uk/news/uk-england-essex-59069662
- A woman convinced her husband that he had Alzheimer's. Police say she stole $600,000 from him over time. https://www.washingtonpost.com/nation/2021/11/02/woman-arrested-convinced-husband-alzheimers/

Other Security / Risk

Articles covering other types of risks.

Facebook says it just uncovered one of the largest troll farms ever - run by the government of Nicaragua https://www.businessinsider.com/facebook-said-uncovered-troll-farm-run-by-nicaraguan-government-2021-11
Ask Delphi is a research AI that answers ethical questions https://delphi.allenai.org/
Calculations Suggest It'll Be Impossible to Control a Super-Intelligent AI https://www.sciencealert.com/calculations-suggest-it-ll-be-impossible-to-control-a-super-intelligent-ai
MIT cybersecurity survey of EU executives https://start.paloaltonetworks.com/it-security-starts-with-knowing-your-assets-emea.html
11 cybersecurity buzzwords you should stop using right now https://www.csoonline.com/article/3638112/cybersecurity-buzzwords-you-should-stop-using-right-now.html
Are You Missing Out on the Metaverse? https://www.nytimes.com/2021/11/02/style/meta-facebook.html
Fireside Chat | State of Software Security: The Costly Risks of Open Source Code https://www.databreachtoday.com/webinars/fireside-chat-state-software-security-costly-risks-open-source-code-w-3619
How to Avoid Another Let's Encrypt-Like Meltdown https://www.darkreading.com/dr-tech/how-to-avoid-another-lets-encrypt-like-meltdown
SSL certificate research highlights pitfalls for company data, competition https://www.zdnet.com/article/ssl-certificate-research-highlights-pitfalls-for-company-data
Research pinpoints the role of personality in sharing of ‘fake news' https://scienmag.com/research-pinpoints-the-role-of-personality-in-sharing-of-fake-news/
Text anxiety: why too many messages make us want to throw our phones at the wall https://www.theguardian.com/lifeandstyle/2021/nov/01/phones-texting-anxiety-messages-communication
Clever Experiment Reveals The Ideal Deadline to Set to Actually Get Stuff Done https://www.sciencealert.com/clever-experiment-reveals-the-ideal-deadline-to-set-to-actually-get-stuff-done
Yahoo becomes the next US firm to pull services out of China https://www.bleepingcomputer.com/news/technology/yahoo-becomes-the-next-us-firm-to-pull-services-out-of-china/
A fake press release claiming Kroger accepts crypto reached the retailer's own webpage https://www.theverge.com/2021/11/5/22765098/kroger-bitcoin-cash-cryptocurrency-hoax-pump-dump
Canada's supply chains need overhaul amid ongoing shortages, critics say https://globalnews.ca/news/8343930/canada-supply-chains-overhaul-critics/
Good Customers Gone Bad — Retailers Lose $89B Annually to Return Policy and Promotions Abuse https://www.pymnts.com/fraud-prevention/2021/good-customers-gone-bad-retailers-lose-89-billion-dollars-annually-return-policy-promotions-abuse/
How will the US deal with a shortage of 80,000 truckers? https://www.bbc.co.uk/news/business-59136957
Tech workers warned they were going to quit. Now, the problem is spiraling out of control https://www.zdnet.com/article/tech-workers-warned-they-were-going-to-quit-now-the-problem-is-spiralling-out-of-control/
Ontario to release death registrations of 1,800 Indigenous children https://www.ctvnews.ca/canada/ontario-to-release-death-registrations-of-1-800-indigenous-children-1.5648576
Pilots kept reporting a ‘jetpack man' flying over Los Angeles. The FBI has a different theory. https://www.washingtonpost.com/nation/2021/11/03/jetpack-man-balloons-lax-airport/
Streamline Fifteen SOC 2 Controls https://www.sans.org/blog/streamline-fifteen-soc-2-controls
Microsoft resurrects Clippy in an unexpected place https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-clippy-stickers-teams-paperclip-b1949176.html
Health, Safety & Environment:
- Trust Us: Nurses Are at the Breaking Point https://www.scientificamerican.com/article/trust-us-nurses-are-at-the-breaking-point/
- ‘Social jetlag': How daylight saving time can impact our health https://globalnews.ca/news/8355922/daylight-saving-time-2021-health-effects/
- The Most Detailed Map of Cancer-Causing Industrial Air Pollution in the U.S. https://projects.propublica.org/toxmap/#1156535
- Nearly 90% of Human Genes Are Mentioned in Cancer Studies, And That's a Problem https://www.sciencealert.com/nearly-9-out-of-10-genes-are-mentioned-in-cancer-studies-and-that-s-a-problem
- Test determines antibiotic resistance in less than 90 minutes https://scienmag.com/test-determines-antibiotic-resistance-in-less-than-90-minutes/
- Achieving Type 2 Diabetes Reversal Seems Way More Common Than Scientists Realized https://www.sciencealert.com/reversing-type-2-diabetes-seems-to-be-more-common-than-scientists-realized
- Joint research on soil bacteria via McMaster University shows potential for anti-malaria drug https://globalnews.ca/news/8340076/mcmaster-university-anti-malaria-drug/
- How does an mRNA vaccine actually work? https://www.cbc.ca/documentaries/the-nature-of-things/how-does-an-mrna-vaccine-actually-work-1.6235697
- How COVID-19 mRNA vaccines were created in under a year and what it means for the future of disease https://www.cbc.ca/documentaries/the-nature-of-things/how-covid-19-mrna-vaccines-were-created-in-under-a-year-and-what-it-means-for-the-future-of-disease-1.6228796
- A Drone Tried to Disrupt the Power Grid. It Won't Be the Last https://www.wired.com/story/drone-attack-power-substation-threat
- Military helping to remove 18th century cannonballs from Fortress of Louisbourg https://globalnews.ca/news/8344157/cannonballs-remove-fortress-of-louisbourg/
- The silent build-up to a super-eruption https://scienmag.com/the-silent-build-up-to-a-super-eruption/
- An Asteroid Barely Skimmed Earth Last Week, And We Completely Missed It https://www.sciencealert.com/an-asteroid-actually-nearly-hit-earth-last-week-and-we-completely-missed-it
- Canada’s future flood zones outlined in new map https://www.ctvnews.ca/climate-and-environment/first-of-its-kind-map-outlines-canada-s-future-flood-zones-1.5655929
- The Enormous Hole That Whaling Left Behind https://www.theatlantic.com/science/archive/2021/11/whaling-whales-food-krill-iron/620604/
- Ford electrified a 1978 F-100 pickup to show off its new electric motor for DIY car projects https://www.businessinsider.com/ford-electric-pickup-truck-mustang-mach-e-motors-2021-11
- First Canadian grown genetically modified Atlantic salmon being harvested and sold https://globalnews.ca/news/8349990/genetically-modified-atlantic-salmon/
- Galapagos marine reserve: Conservationists hail expansion https://www.bbc.co.uk/news/world-latin-america-59149728
- Creating solar cells and glass from wood – or a billion tons of biowaste https://scienmag.com/creating-solar-cells-and-glass-from-wood-or-a-billion-tons-of-biowaste/
- Turning plastic grocery bags into sustainable fuel https://scienmag.com/turning-plastic-grocery-bags-into-sustainable-fuel/
- CO2 can be turned into a valuable resource https://scienmag.com/co2-can-be-turned-into-a-valuable-resource/
- Newly Discovered Symbiosis Could Power Carbon Removal in The Sea https://www.sciencealert.com/newly-discovered-symbiosis-could-power-carbon-removal-in-the-sea
- The US has big, new plans to pull CO2 out of the air https://www.theverge.com/2021/11/5/22765403/us-doe-carbon-dioxide-removal-climate-change-tech-direct-air-capture
- Can Supersonic Air Travel Fly Again? https://www.nytimes.com/2021/11/01/business/supersonic-plane-travel-concorde.html

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

The spread, curves, spikes, waves, reinfection, and variant strains:
- Polling the unvaccinated: Why Canadians say they won't get the COVID-19 vaccine https://globalnews.ca/news/8347105/poll-unvaccinated-canadians-reasons-why/
- Ontario's COVID-19 case count crosses 600,000 as province logs 422 new infections https://toronto.ctvnews.ca/ontario-s-covid-19-case-count-crosses-600-000-as-province-logs-422-new-infections-1.5646724
- As China faces its most widespread Covid outbreak since Wuhan, officials double down on zero Covid https://www.cnn.com/2021/11/04/china/china-delta-covid-outbreak-strategy-intl-hnk/index.html
- A coronavirus outbreak in Iowa deer is prompting scientists to worry if the animals could be a reservoir for the virus in the long term https://www.businessinsider.com/coronavirus-outbreak-iowa-deer-reservoir-covid-19-2021-11
- A California aquarium vaccinated 8 sea otters against COVID-19 because they might be susceptible to the virus https://www.businessinsider.com/california-aquarium-gave-8-sea-otters-covid-19-vaccines-2021-11
Guidance, Response, and Recovery:
- U.S. border is reopening to Canada. What you need to know before you travel https://globalnews.ca/news/8346872/us-canada-border-reopens-rules/
- Pricey COVID-19 test awaits travellers as lanes open Monday at Canada-U.S. land border https://globalnews.ca/news/8356276/canada-us-land-border-pcr-test/
- Air Canada suspends over 800 unvaccinated employees under new COVID-19 rules https://globalnews.ca/news/8344793/air-canada-suspends-workers-covid-vaccine-mandate/
- America Has Lost the Plot on COVID https://www.theatlantic.com/health/archive/2021/11/what-americas-covid-goal-now/620572/
Treatments, Testing, Triage, Trials, and things we Learned:
- Covid: Pfizer says antiviral pill 89% effective in high-risk cases https://www.bbc.co.uk/news/health-59178291
- Health Canada to review AstraZeneca's COVID-19 prevention drug https://globalnews.ca/news/8346400/health-canada-astrazeneca-covid-19-prevention-drug/
Immunity and Vaccinations:
- Should Booster Shots Be Required? https://www.scientificamerican.com/article/should-booster-shots-be-required/
- Ontario COVID-19 booster dose eligibility expands today https://toronto.ctvnews.ca/ontario-covid-19-booster-dose-eligibility-expands-today-1.5655083
- COVID-19: Vaccine passports improved Saskatchewan's vaccination rate, study says https://globalnews.ca/news/8348397/covid-vaccine-passports-saskatchewan-vaccination-rate-study/
- Researchers have succeeded in identifying the proteins in the coronavirus that can damage blood vessels https://scienmag.com/researchers-have-succeeded-in-identifying-the-proteins-in-the-coronavirus-that-can-damage-blood-vessels/
- Things we learned:
Masks, anti-maskers, distancing, compliance, and repercussions:
- Four Ontario doctors not co-operating with investigations into COVID-19 practices: medical regulator https://toronto.ctvnews.ca/four-ontario-doctors-not-co-operating-with-investigations-into-covid-19-practices-medical-regulator-1.5650323

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

These Engineers May Have Come Up With The Perfect Material For Unbreakable Screens https://www.sciencealert.com/new-nanocrystal-composite-material-could-enable-unbreakable-screens
The Circles in This Illusion Actually Aren't Changing Shape or Moving at All, Sorry https://www.sciencealert.com/this-colorful-new-spin-on-a-classic-illusion-has-brains-tripping-again
New Study Explains Why Dogs Do The Head Tilt, And It's Honestly Too Cute to Handle https://www.sciencealert.com/new-study-explains-why-dogs-do-the-head-tilt-and-it-s-honestly-too-cute-to-handle
Telescope contest for Manitoba's kid astronomers https://globalnews.ca/news/8353371/telescope-contest-for-manitoba-kids-astronomy/
You Can Become an Official Lord or Lady—and Help Protect the Scottish Highlands—For Less Than $50 https://www.mentalfloss.com/article/652070/become-lord-or-lady-buying-small-plot-scottish-land
Physicists discover how particles self-assemble https://scienmag.com/physicists-discover-how-particles-self-assemble/
Hubble Science Instruments are Malfunctioning, Putting the Telescope in Safe Mode https://www.universetoday.com/153215/hubble-science-instruments-are-malfunctioning-putting-the-telescope-in-safe-mode/
Moons are Planets too https://www.universetoday.com/153182/moons-are-planets-too/

previous

Non-Compliance Lesson No. 2: Outsource your payments/security and don't read the fine print

next