Welcome to This Week’s [in]Security. PCI and payments: CHD Truncation rules, Holiday warnings, Costco skimmer, Contactless. New breaches: Indian Securities, Robinhood. New Ransomware: WordPress Plugin, MediaMarkt, Ronmor, Queensland. Major outages: DDoS, Citrix, Google, Follow-ups & Fall-out: ICS & OT incident costs, NL Health, SolarWinds, Maxim Health, TTC. Privacy: Microsoft, Meta/FaceBook, PrivacyRaven, Rollercoaster. Laws & Regs - Canada: 5G. US: Crypto sanctions. Hack-back, NSO suit. World: No-hack pact. Defense: Webinars, Webinars. New certifications, Playbooks, Trojan Source, ClusterFuzzLite. Vulnerabilities, Zerodays: Other Vulnerabilities: Beg Bounties, AMD, Palo Alto, AWS, Siemens, BusyBox, Patch Tuesday, Zoho. Legacy MacOS, Web Cache Poisoning, Cybercrime: Trends: FBI email takeover, Initial Access Brokers, techniques, phones, gmail, HTML smuggling. Nation States: US accused, Iran, Korea. Crime: Big ransomware crackdown, Pegasus arrest, DNA and faces. Other Risks: Shadow IT, Azure mistakes, IT/OT, QRL-jacking, Biometrics, Pets, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI FAQ #1091 on acceptable truncation was updated again for Discover, MasterCard, and Visa who have radically revised their position on how much of PAN can be kept their own cards https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-are-acceptable-formats-for-truncation-of-primary-account-numbers
• Be On Alert This Holiday Season https://blog.pcisecuritystandards.org/be-on-alert-this-holiday-season
• Costco discloses data breach after finding credit card skimmer https://www.bleepingcomputer.com/news/security/costco-discloses-data-breach-after-finding-credit-card-skimmer/
• The POS Terminal Backlog Is Opening the Door to Merchant Adoption of Tap-to-Mobile Tech https://www.digitaltransactions.net/the-pos-terminal-backlog-is-opening-the-door-to-merchant-adoption-of-tap-to-mobile-tech/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Indian securities depository exposed 44 million investors' personal info – twice https://www.theregister.com/2021/11/09/cdsl_data_leak/
  • Robinhood Trading App Suffers Data Breach Exposing 7 Million Users' Information https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html
  • Screenshots reveal what extra information the Robinhood hackers accessed https://www.theverge.com/2021/11/10/22774954/robinhood-hack-screenshots-information-devices-bank-transfers-balance-phone-number
  • ActMobile (unverified) - 1,583,193 breached accounts https://haveibeenpwned.com/PwnedWebsites#ActMobile
  • Russians Who Bought Fake Vaccine Certificates Targeted in Data Leak – Kommersant https://www.databreaches.net/russians-who-bought-fake-vaccine-certificates-targeted-in-data-leak-kommersant/
  • HPE says hackers breached Aruba Central using stolen access key https://www.bleepingcomputer.com/news/security/hpe-says-hackers-breached-aruba-central-using-stolen-access-key/
  • Human error blamed for Eastern Ontario school board data breach https://www.databreaches.net/human-error-blamed-for-eastern-ontario-school-board-data-breach/
  • Not Punny: Angling Direct Breach Cripples Retailer for Days https://threatpost.com/angling-direct-breach-cripples-retailer/176144/

• New Ransomware and "Incidents":

  • Critical Flaw in WordPress Plugin Leads to Database Wipe https://www.securityweek.com/critical-flaw-wordpress-plugin-leads-database-wipe
  • Electronics retail giant MediaMarkt hit by ransomware attack https://www.bleepingcomputer.com/news/security/electronics-retail-giant-mediamarkt-hit-by-ransomware-attack/
  • Calgary real estate developer, Ronmor, hit by ransomware https://www.itworldcanada.com/article/calgary-real-estate-developer-hit-by-ransomware/463870
  • Hackers undetected on Queensland water supplier server for 9 months https://www.bleepingcomputer.com/news/security/hackers-undetected-on-queensland-water-supplier-server-for-9-months/

• Major outages/downs:

  • DDoS Attacks Shatter Records in Q3, Report Finds https://threatpost.com/ddos-attacks-records-q3/176082/
  • Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack https://blog.cloudflare.com/cloudflare-blocks-an-almost-2-tbps-multi-vector-ddos-attack/
  • Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access https://threatpost.com/critical-citrix-bug-etwork-cloud-app-access/176183/
  • Google, YouTube and Gmail down: Outages reported across Europe as multiple services go down https://www.independent.co.uk/life-style/gadgets-and-tech/google-down-youtube-gmail-broken-b1956462.html

• Follow-ups and fall-out:

  • ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million: Survey https://www.securityweek.com/ics-ot-cybersecurity-incidents-cost-some-us-firms-over-100-million-survey
  • N.L. patient, employee data stolen in health-care cyberattack https://www.databreaches.net/n-l-patient-employee-data-stolen-in-health-care-cyberattack/
  • Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks https://www.bleepingcomputer.com/news/security/clop-gang-exploiting-solarwinds-serv-u-flaw-in-ransomware-attacks/
  • Maxim Healthcare notifies patients of breach that occurred in October, 2020 https://www.databreaches.net/maxim-healthcare-notifies-patients-of-breach-that-occurred-in-october-2020/
  • Medical software firm urges password resets after ransomware attack https://www.bleepingcomputer.com/news/security/medical-software-firm-urges-password-resets-after-ransomware-attack/
  • TTC cyberattack may have stolen information from up to 25K employees, former employees https://globalnews.ca/news/8358094/ttc-cyber-attack-investigation-employee-information/

Privacy

Articles about privacy related news, risks, and trends.

• Microsoft will now snitch on you at work like never before https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/
• Meta Plans to Remove Thousands of Sensitive Ad-Targeting Categories https://www.nytimes.com/2021/11/09/technology/meta-facebook-ad-targeting.html
• PrivacyRaven: Implementing a proof of concept for model inversion and machine learning assurance https://blog.trailofbits.com/2021/11/09/privacyraven-implementing-a-proof-of-concept-for-model-inversion/
• Rollercoaster: Communicating Efficiently and Anonymously in Large Groups https://www.lightbluetouchpaper.org/2021/11/09/rollercoaster-communicating-efficiently-and-anonymously-in-large-groups/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 107: Addison Cameron-Huff on the State of Crypto and Blockchain Regulation in Canada https://www.michaelgeist.ca/2021/11/law-bytes-podcast-episode-107/
  • Will Canada bar Huawei from 5G mobile networks? Experts say it's pretty clear https://globalnews.ca/news/8372765/canada-huawei-5g-network-experts/

• US:

  • US sanctions Chatex cryptoexchange used by ransomware gangs https://www.bleepingcomputer.com/news/security/us-sanctions-chatex-cryptoexchange-used-by-ransomware-gangs/
  • Experts Analyze Proposed Bill Allowing Private Entities to 'Hack Back' https://www.securityweek.com/experts-analyze-proposed-bill-allowing-private-entities-hack-back%E2%80%99
  • NSO fails once again to claim foreign sovereign immunity in WhatsApp spying lawsuit https://www.theregister.com/2021/11/09/nso_foreign_immunity_whatsapp_decision/
  • The Public Should Know Who Profits From Patent Troll Lawsuits https://www.eff.org/deeplinks/2021/11/public-should-know-who-profits-patent-troll-lawsuits

• World:

  • USA signs internet freedom and no-hack pact it's ignored since 2018 https://www.theregister.com/2021/11/11/usa_supports_paris_call/
  • Top UK court blocks legal action against Google over internet tracking https://www.theguardian.com/law/2021/nov/10/top-uk-court-blocks-legal-action-against-google-over-internet-tracking
  • Surveillance firm pays $1 million fine after 'spy van' scandal https://www.bleepingcomputer.com/news/security/surveillance-firm-pays-1-million-fine-after-spy-van-scandal/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars, Virtual Events, and other training related:

  • NICE Witnessing an Evolution- The NICE Framework and its Role in Building a Better Cybersecurity Workforce (December 15) https://www.nist.gov/news-events/events/2021/12/nice-webinar-witnessing-evolution-nice-framework-and-its-role-building
  • NIST Cybersecurity and Privacy Program Registration Now Open! Privacy Framework Regulatory Crosswalks (December 1) https://www.nist.gov/privacy-framework/nist-privacy-framework-webinar
• (ISC)² Chapter Creates Space for Entry-Level Members and Professional Connections https://blog.isc2.org/isc2_blog/2021/11/chapter-creates-space.html and https://blog.isc2.org/isc2_blog/2021/11/isc2-cybersecurity-entry-level-certification-exam-topics-announced-2.html
• Motivated by WannaCry attack, group unveils medical device incident response playbook https://www.scmagazine.com/analysis/cloud/motivated-by-wannacry-attack-group-unveils-medical-device-incident-response-playbook
• 3 Ways to Deal With the Trojan Source Attack https://www.darkreading.com/dr-tech/3-ways-to-deal-with-the-trojan-source-attack
• Google debuts ClusterFuzzLite security tool for CI, CD workflows https://www.zdnet.com/article/google-debuts-clusterfuzzlite-for-ci-cd-workflows
• Qualys Response to CISA Alert: Binding Operational Directive 22-01 https://blog.qualys.com/vulnerabilities-threat-research/2021/11/08/qualys-response-to-cisa-alert-binding-operational-directive-22-01

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • MacOS Zero-Day Used against Hong Kong Activists https://www.schneier.com/blog/archives/2021/11/macos-zero-day-used-against-hong-kong-activists.html
  • Massive Zero-Day Hole Found In Palo Alto Security Appliances https://packetstormsecurity.com/news/view/32813/Massive-Zero-Day-Hole-Found-In-Palo-Alto-Security-Appliances.html
  • Zero-Days Under Attack: Microsoft Plugs Exchange Server, Excel Holes https://www.securityweek.com/zero-days-under-attack-microsoft-plugs-exchange-server-excel-holes

• Other Vulnerabilities:

  • Beg Bounties https://www.troyhunt.com/beg-bounties/
  • AMD reveals an Epyc 50 flaws – 23 of them rated high severity. Intel has 25 bugs, too https://www.theregister.com/2021/11/12/amd_and_intel_flaws/
  • Remote Code Execution Flaw in Palo Alto GlobalProtect VPN https://www.securityweek.com/remote-code-execution-flaw-palo-alto-globalprotect-vpn
  • Researcher Details Vulnerabilities Found in AWS API Gateway https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway
  • 13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment https://thehackernews.com/2021/11/13-new-flaws-in-siemens-nucleus-tcpip.html
  • Multiple BusyBox Security Bugs Threaten Embedded Linux Devices https://threatpost.com/busybox-security-bugs-linux-devices/176098/
  • Microsoft Patch Tuesday, November 2021 Edition https://krebsonsecurity.com/2021/11/microsoft-patch-tuesday-november-2021-edition/
  • Microsoft: New security updates trigger Windows Server auth issues https://www.bleepingcomputer.com/news/microsoft/microsoft-new-security-updates-trigger-windows-server-auth-issues/
  • Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/
  • Windows 10 Privilege-Escalation Zero-Day Gets an Unofficial Fix https://threatpost.com/windows-10-privilege-escalation-zero-day-unofficial-fix/176313/
  • PSA: Apple isn't actually patching all the security holes in older versions of macOS https://arstechnica.com/gadgets/2021/11/psa-apple-isnt-actually-patching-all-the-security-holes-in-older-versions-of-macos/
  • What is web cache poisoning? https://www.comparitech.com/blog/information-security/web-cache-poisoning/
  • The Client-Side Web Security Gap: Putting Your Business at Major Risk https://sourcedefense.com/resources/webinars/the-client-side-web-security-gap-putting-your-business-at-major-risk/
  • Cryptanalysis explained https://www.comparitech.com/blog/information-security/cryptanalysis/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • FBI system hacked to email 'urgent' warning about fake cyberattacks https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/
  • Hackers sent at least 100K fake emails from FBI server, threat tracker says https://globalnews.ca/news/8372354/fbi-email-hack/
  • BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups https://thehackernews.com/2021/11/blackberry-uncover-initial-access.html
  • Void Balaur hackers-for-hire sell stolen mailboxes and private data https://www.bleepingcomputer.com/news/security/void-balaur-hackers-for-hire-sell-stolen-mailboxes-and-private-data/
  • Tiny Font Size Fools Email Natural Language Filters In BEC Phishing https://packetstormsecurity.com/news/view/32815/Tiny-Font-Size-Fools-Email-Filters-In-BEC-Phishing.html
  • Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux https://thehackernews.com/2021/11/abcbot-new-evolving-wormable-botnet.html
  • Russian Cybercrime Group Exploits SolarWinds Serv-U Vulnerability https://www.securityweek.com/russian-cybercrime-group-exploits-solarwinds-serv-u-vulnerability
  • TeamTNT hackers target your poorly configured Docker servers https://www.bleepingcomputer.com/news/security/teamtnt-hackers-target-your-poorly-configured-docker-servers/
  • A stalker's wishlist: PhoneSpy malware destroys Android privacy https://www.zdnet.com/article/a-stalkers-wishlist-phonespy-malware-destroys-android-privacy
  • New Android malware targets Netflix, Instagram, and Twitter users https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/
  • New Android Spyware Poses Pegasus-Like Threat https://threatpost.com/new-android-spyware-poses-pegasus-like-threat/176155/
  • QAKBOT Loader Returns With New Techniques and Tools https://www.trendmicro.com/en_us/research/21/k/qakbot-loader-returns-with-new-techniques-and-tools.html
  • Researchers Discover PhoneSpy Malware Spying on South Korean Citizens https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html
  • Gmail accounts are used in 91% of all baiting email attacks https://www.bleepingcomputer.com/news/security/gmail-accounts-are-used-in-91-percent-of-all-baiting-email-attacks/
  • HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

• Nation State Actors:

  • Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach https://www.databreaches.net/dutch-newspaper-accuses-us-spy-agencies-of-orchestrating-2016-booking-com-breach/ and https://www.theregister.com/2021/11/11/booking_com_hacked_by_us_allegations/
  • Meet Lyceum: Iranian hackers targeting telecoms, ISPs https://www.zdnet.com/article/meet-lyceum-iranian-hackers-targeting-telecoms-isps
  • North Korean hackers target the South's think tanks through blog posts https://www.zdnet.com/article/north-korean-hackers-target-the-souths-think-tanks-through-blog-posts
  • China says a foreign spy agency hacked its airlines, stole passenger records https://www.databreaches.net/china-says-a-foreign-spy-agency-hacked-its-airlines-stole-passenger-records/

• Crime & Arrests, etc.:

  • The Biggest Ransomware Bust Yet Might Actually Make an Impact https://www.wired.com/story/ransomware-revil-arrest-kaseya
  • An alleged member of the REvil ransomware gang has been arrested in Poland https://www.theverge.com/2021/11/8/22770701/revil-ransomware-arrest-kaseya-crypto-europol-cybersecurity
  • Cybersecurity firms provide threat intel for Clop ransomware group arrests https://www.zdnet.com/article/cybersecurity-firms-provide-threat-intel-in-clop-ransomware-group-arrests
  • Europol Announces Arrests of 7 People Linked to REvil, GandCrab Ransomware https://www.securityweek.com/europol-announces-arrests-7-people-linked-revil-gandcrab-ransomware
  • Five Affiliates of Sodinokibi/REvil Have Been Arrested by Now https://www.databreaches.net/five-affiliates-of-sodinokibi-revil-have-been-arrested-by-now/
  • REvil ransomware affiliates arrested in Romania and Kuwait https://www.bleepingcomputer.com/news/security/revil-ransomware-affiliates-arrested-in-romania-and-kuwait/
  • U.S. Charges Two Suspected Major Ransomware Operators https://www.securityweek.com/us-charges-two-suspected-major-ransomware-operators
  • US seizes $6 million from REvil ransomware, arrest Kaseya hacker https://www.bleepingcomputer.com/news/security/us-seizes-6-million-from-revil-ransomware-arrest-kaseya-hacker/
  • Mexico Arrests Suspect in Pegasus Spyware Case https://www.securityweek.com/mexico-arrests-suspect-pegasus-spyware-case
  • U.S. Accuses Russian of Money Laundering for Ryuk Ransomware Gang https://www.databreaches.net/u-s-accuses-russian-of-money-laundering-for-ryuk-ransomware-gang/
  • Russian 'King of Fraud' sentenced to 10 years for Methbot botnet https://www.bleepingcomputer.com/news/legal/russian-king-of-fraud-sentenced-to-10-years-for-methbot-botnet/
  • Criminal group dismantled after forcing victims to be money mules https://www.bleepingcomputer.com/news/security/criminal-group-dismantled-after-forcing-victims-to-be-money-mules/
  • How recreating faces from DNA can help solve cold cases https://www.businessinsider.com/forensic-sculpture-facial-reconstruction-dna-technology-2021-10

Other Security / Risk

Articles covering other types of risks.

• Shadow IT Makes People More Vulnerable to Phishing, (Wed, Nov 10th) https://isc.sans.edu/diary/rss/28022
• 5 Common Security Mistakes When Moving to Azure https://cloudsecurityalliance.org/blog/2021/10/28/5-common-security-mistakes-when-moving-to-azure/
• The future of OT security in an IT-OT converged world https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
• Tor Browser 11 removes V2 Onion URL support, adds new UI https://www.bleepingcomputer.com/news/software/tor-browser-11-removes-v2-onion-url-support-adds-new-ui/
• What is QRL-jacking and how can you prevent it? https://www.comparitech.com/blog/information-security/what-is-qrljacking/
• "Like" buttons face a big thumbs-down https://www.axios.com/youtube-dislike-count-like-button-disappearing-640e8cd1-a9cd-41ed-b383-116db1f532d9.html
• Biometric Data Protection and Compliance https://www.datex.ca/blog/biometric-data-protection-and-compliance
• Students, faculty question Western University's new ID system https://globalnews.ca/news/8358966/students-faculty-question-western-university-id-system/
• Spotify now frustratingly defaults to autoplay for connected devices https://www.theverge.com/2021/11/10/22774897/spotify-connect-autoplay-default-speaker-music-streaming
• Google launches new feature to find your pet's lookalike in historical paintings (awww, cute, what's their gain?) https://www.independent.co.uk/life-style/gadgets-and-tech/google-pet-lookalike-painting-arts-culture-b1954505.html
• Crypto gains may be fueling the labor shortage as people buck low-paying work and take their chances on risky digital assets, research firm says https://markets.businessinsider.com/news/currencies/cryptocurrency-gains-fueling-labor-shortage-us-digital-assets-stocks-trading-2021-11
• Drivers being warned about important warranty issue for cars not being used enough https://toronto.ctvnews.ca/drivers-being-warned-about-important-warranty-issue-for-cars-not-being-used-enough-1.5659134
• Santas are in short supply because of the labor shortage and fears among older men of catching COVID-19 https://www.businessinsider.com/labor-shortage-santas-short-supply-covid-19-fears-christmas-2021-11
• Toronto city council approves plan to make CafeTO permanent https://globalnews.ca/news/8364100/toronto-city-council-cafeto-permanent/
• What Will Become of America's Veterans' Halls? https://www.theatlantic.com/culture/archive/2021/11/maureen-drennan-vfw-american-legion-photos/620648/

• Health, Safety & Environment:

  • The US had a Lyme disease vaccine decades ago - but the CDC, lawsuits, and conspiracy theories derailed it https://www.businessinsider.com/lyme-disease-vaccine-what-happened-lawsuits-conspiracy-theories-2021-11
  • Engineered Bacteria Use Air Bubbles as Acoustically Detonated Tumor TNT https://www.scientificamerican.com/podcast/episode/engineered-bacteria-use-air-bubbles-as-acoustically-detonated-tumor-tnt/
  • In treating sepsis, Lawson researchers find promise in carbon monoxide-releasing molecules https://globalnews.ca/news/8361851/sepsis-treatment-lawson-co-research-london-ont/
  • Investigating Antidepressants' Surprising Effect on COVID Deaths https://www.scientificamerican.com/article/investigating-antidepressants-surprising-effect-on-covid-deaths/
  • Brain Implant Translates Paralyzed Man's Thoughts Into Text With 94% Accuracy https://www.sciencealert.com/brain-implant-enables-paralyzed-man-to-communicate-thoughts-via-imaginary-handwriting
  • Rare Genetic Mutation in Utah Family Traced Across Continents And Over Centuries https://www.sciencealert.com/a-rare-genetic-mutation-in-a-large-utah-family-traced-back-to-1700s-denmark
  • Silent hand signal that helped rescue U.S. teen was originally created in Canada https://toronto.ctvnews.ca/silent-hand-signal-that-helped-rescue-u-s-teen-was-originally-created-in-canada-1.5657711
  • Tesla vehicle in ‘Full Self-Driving' beta mode ‘severely damaged' after crash in California https://www.theverge.com/2021/11/12/22778135/tesla-full-self-driving-beta-crash-fsd-california
  • This 'Tree of Death' Is So Toxic, You Can't Even Stand Under It When It Rains https://www.sciencealert.com/this-tree-of-death-is-so-toxic-you-can-t-even-stand-under-it-when-it-rains
  • A treasure hunter got lost in Yellowstone looking for a millionaire's hidden trove. He must repay the rescue costs. https://www.washingtonpost.com/nation/2021/11/10/forrest-fenn-treasure-hunter-yellowstone-helicopter-rescue/
  • Astroworld concert deaths: Crowd surge not mentioned in security plan https://globalnews.ca/news/8363461/astroworld-deaths-security-plan-crowd-surge/
  • Drones Carrying Explosives https://www.schneier.com/blog/archives/2021/11/drones-carrying-explosives.html
  • A Chunk of Satellite Almost Hit The ISS, Requiring an 'Urgent Change of Orbit' https://www.sciencealert.com/a-chunk-of-chinese-satellite-almost-hit-the-international-space-station
  • A Trash Can From Myrtle Beach Just Washed Ashore in Ireland and is being recycled as a … trash can https://www.mentalfloss.com/article/652165/myrtle-beach-trash-can-ireland
  • Deforestation in Brazil's Amazon rises for 2nd straight month despite COP26 vows https://globalnews.ca/news/8369787/deforestation-brazil-amazon-rises/
  • Ford is already sold out of its electric crate motor but won't say how many https://www.theverge.com/2021/11/8/22770302/ford-eluminator-electric-crate-motor-sold-out
  • Most Electricity in Industrialized Nations Could Be From Wind And Solar, Study Shows https://www.sciencealert.com/almost-all-industrialized-nation-electricity-demands-can-be-met-by-wind-and-solar
  • The man turning cities into giant sponges to embrace floods https://www.bbc.co.uk/news/world-asia-china-59115753
  • Pickering community can go off-grid with nested microgrid technology https://globalnews.ca/news/8370542/off-grid-pickering-nested-microgrid-community/
  • Half of the World's Coastal Sewage Pollution Flows from Few Dozen Places https://www.scientificamerican.com/article/half-of-the-worlds-coastal-sewage-pollution-flows-from-few-dozen-places/
  • Sask. carbon capture not meeting targets, prolonging reliance on fossil fuels: U of R professor https://www.cbc.ca/news/canada/saskatchewan/carbon-capture-projects-not-meeting-targets-1.6241420
  • The Great Canadian Shoreline Cleanup is a conservation program that provides Canadians across the country the opportunity to take action in their communities wherever water meets land https://shorelinecleanup.org/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Canada saw over 19,000 ‘excess deaths' during COVID-19 pandemic: StatCan https://globalnews.ca/news/8358919/canada-excess-deaths-covid-pandemic/
  • How Easily Can Vaccinated People Spread COVID? https://www.theatlantic.com/science/archive/2021/11/vaccinated-spread-the-coronavirus/620650/
  • Doctors warned of new types of Western Canadian COVID-19 https://globalnews.ca/news/8359360/doctors-warned-of-western-canadian-covid-19/
  • Germany coronavirus: Record rise prompts warning of 100,000 deaths https://www.bbc.co.uk/news/world-europe-59234443

• Guidance, Response, and Recovery:

  • Canada-U.S. land border reopens, but PCR test still a drag on travel https://www.ctvnews.ca/health/coronavirus/canada-u-s-land-border-reopens-but-pcr-test-still-a-drag-on-travel-1.5655761
  • Canada looking ‘quite carefully' at PCR testing rules as U.S. land border reopens https://globalnews.ca/news/8357912/covid-19-coronavirus-pcr-test-land-border-canada-us/
  • Head of Ontario COVID-19 science table says capacity limits may need 'fine-tuning' https://ottawa.ctvnews.ca/head-of-ontario-covid-19-science-table-says-capacity-limits-may-need-fine-tuning-1.5657264
  • Ontario top doctor may recommend making QR code exclusive means of verifying vaccination status https://globalnews.ca/news/8364940/ontario-top-doctor-may-recommend-making-qr-code-exclusive-means-of-verifying-vaccination/
  • This is what the border was like in Ontario on the first day of reopening https://toronto.ctvnews.ca/this-is-what-the-border-was-like-in-ontario-on-the-first-day-of-reopening-1.5657122
  • Austria orders COVID-19 lockdown for unvaccinated amid surge in cases https://globalnews.ca/news/8372755/austria-covid-lockdown-unvaccinated/
  • Singaporeans who are 'unvaccinated by choice' can no longer receive free COVID-19 treatment https://www.businessinsider.com/singaporeans-unvaccinated-by-choice-no-free-covid-19-treatment-2021-11
  • Why China is still trying to achieve zero Covid https://www.bbc.co.uk/news/world-asia-china-59257496?at_medium=RSS&at_campaign=KARANGA

• Immunity and Vaccinations:

  • COVID-19 vaccine boosters for all adults is a ‘slippery slope,' expert warns https://globalnews.ca/news/8373612/neil-rau-covid-19-vaccine-booster/
  • Scientists Identify a Gene Variant That Doubles The Risk of Dying From COVID-19 https://www.sciencealert.com/scientists-identify-a-gene-variant-that-doubles-the-risk-of-dying-from-covid-19
  • Scientists Identify Gene Linked to Significantly Higher Risk of Severe COVID-19 https://www.sciencealert.com/we-might-finally-know-why-uk-s-south-asian-demographics-suffered-more-from-covid
  • Things we learned:

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• ‘It was my duty to go': Canada's oldest living veteran on why he served his country https://globalnews.ca/news/8365677/reuben-sinclair-canadas-oldest-living-veteran/
• An E. coli biocomputer solves a maze by sharing the work https://www.technologyreview.com/2021/11/09/1039107/e-coli-maze-solving-biocomputer/
• Apple's original computer fetches $400,000 at US auction https://www.bbc.co.uk/news/technology-59222749
• This graphene battery pack charges incredibly fast https://www.theverge.com/22771702/graphene-power-bank-review-price-speed
• SpaceX rocket carries 4 into orbit, including 600th human to reach space https://www.cbc.ca/news/science/spacex-launch-rocket-600th-human-reaches-space-1.6245272
• Starship: SpaceX tests all engines on S20 spacecraft for first time https://www.independent.co.uk/life-style/gadgets-and-tech/spacex-starship-s20-static-fire-test-b1956818.html
• New NASA satellite sends back its first images of a warming planet https://www.independent.co.uk/climate-change/news/nasa-satellite-images-landsat-9-b1954635.html
• A near-Earth asteroid may actually be a chunk of the Moon blasted into orbit! https://www.syfy.com/syfy-wire/bad-astronomy-kamooalewa-may-be-a-piece-of-the-moon-blasted-into-space
• The Moon's Surface Has Enough Oxygen to Keep Billions Alive For 100,000 Years https://www.sciencealert.com/moon-s-surface-has-enough-oxygen-to-keep-billions-alive-for-100-000-years
• NASA engineers expected their Mars helicopter to crash after 5 liftoffs. It just landed its 15th flight. https://www.businessinsider.com/nasa-mars-helicopter-ingenuity-15-flights-2021-11
• Where isn't Planet 9? https://www.syfy.com/syfy-wire/bad-astronomy-search-for-planet-nine-still-continues