Welcome to This Week’s [in]Security. PCI and payments: Magecart, Jackpot. New breaches: IAB's, Indian Securities Depository, Stripchat, RobinHood, RedDoorz, IDC, Ducks Unlimited, GitHub/Firefox-Linux. New Ransomware, holidays, trends, analysis, response. Major outages: Google, Tesla. Follow-ups & Fall-out: FBI emails. Privacy: CitzenLab reports, Amazon, phones, Microsoft(?) Camera detectors. Laws & Regs - Canada: C-10. digital IDs. US: attack reporting, hack-back, NSO, Right to repair, Ohio v. FaceBook. World: No-Hack pact, UK Cloud providers, lawsuits. Standards: Patch Management, password rules. Defense: Cell-spam, smartphones, Duck-Duck, SugarCoat, Deepfakes, rookies, misconfigurations. Vulnerabilities, Zerodays: FatPipe, Windows. Mac. Other Vulnerabilities: Canadian passwords, Chips & firmware, ICS, IoT, GitHub/NPM, Azure AD, Chrome, Windows, Apple patch lag, LibreCAD, Blacksmith/Rowhammer, ETW attack, TOR fingerprints. Cybercrime: Trends, Nation States: Belarus, Iran, North Korea. Crime: crypto-klepto, mixers, Revil, election hacking. Other Risks: Quantum update, supply chains, dystopia & harassment, insiders, Chatbots, NFTs. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; Covid Ugly; And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Hackers deploy Linux malware, web skimmer on e-commerce servers https://www.bleepingcomputer.com/news/security/hackers-deploy-linux-malware-web-skimmer-on-e-commerce-servers/
• Diebold Nixdorf ATM Flaws Allowed Attackers to Modify Firmware, Steal Cash https://www.securityweek.com/diebold-nixdorf-atm-flaws-allowed-attackers-modify-firmware-steal-cash
• Visa Tumbles on Amazon Ban in U.K. as Fight on Card Fees Expands https://www.bloomberg.com/news/articles/2021-11-17/amazon-will-stop-accepting-visa-credit-cards-issued-in-the-u-k

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • The Troubling Rise of Initial Access Brokers https://www.darkreading.com/vulnerabilities-threats/the-troubling-rise-of-internet-access-brokers
  • Indian securities depository exposed 44 million investors' personal info – twice https://www.theregister.com/2021/11/09/cdsl_data_leak/
  • 200M Adult Cam Model, User Records Exposed in Stripchat Breach https://threatpost.com/adult-cam-model-user-records-exposed-stripchat-breach/176372/
  • Robinhood Says Thousands of Phone Numbers Also Stolen in Breach https://www.securityweek.com/robinhood-says-thousands-phone-numbers-also-stolen-breach
  • Data of 5.9m customers of RedDoorz hotel booking site leaked in Singapore's largest data breach https://www.databreaches.net/data-of-5-9m-customers-of-reddoorz-hotel-booking-site-leaked-in-singapores-largest-data-breach/
  • IDC Games - 3,966,871 breached accounts https://haveibeenpwned.com/PwnedWebsites#IDCGames
  • Ducks Unlimited (unverified) - 1,324,364 breached accounts https://haveibeenpwned.com/PwnedWebsites#DucksUnlimited
  • California Pizza Kitchen spills over 100,000 employee Social Security numbers https://www.databreaches.net/california-pizza-kitchen-spills-over-100000-employee-social-security-numbers/
  • South Korean privacy watchdog apologises for violating privacy while mediating privacy lawsuit https://www.theregister.com/2021/11/17/oops_south_korean_privacy_watchdog/
  • Indonesia probe police hack in latest cyber breach https://www.databreaches.net/indonesia-probe-police-hack-in-latest-cyber-breach/
  • Tr: MNG Kargo Hacked: User Information Stolen https://www.databreaches.net/tr-mng-kargo-hacked-user-information-stolen/
  • Brussels health authorities deny data violation on vaccination platform https://www.databreaches.net/brussels-health-authorities-deny-data-violation-on-vaccination-platform/
  • Data Breach Rule for Health Apps Leaves Developers in the Dark https://www.databreaches.net/data-breach-rule-for-health-apps-leaves-developers-in-the-dark/
  • Utah medical center hit by data breach affecting 582k patients https://www.bleepingcomputer.com/news/security/utah-medical-center-hit-by-data-breach-affecting-582k-patients/
  • Thousands of Firefox users accidentally commit login cookies on GitHub https://www.theregister.com/2021/11/18/firefox_cookies_github/

• New Ransomware and "Incidents":

  • Cyber Defenders Should Prepare for Holiday Ransomware Attacks https://www.securityweek.com/cyber-defenders-should-prepare-holiday-ransomware-attacks
  • Fake Ransomware Infection Hits WordPress Sites https://threatpost.com/fake-ransomware-infection-wordpress/176410/
  • Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions https://www.bleepingcomputer.com/news/security/moses-staff-hackers-wreak-havoc-on-israeli-orgs-with-ransomless-encryptions/
  • New Memento ransomware switches to WinRar after failing at encryption https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/
  • SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks https://www.darkreading.com/attacks-breaches/rise-in-clop-ransomware-attacks-tied-to
  • Conti Ransomware https://blog.qualys.com/vulnerabilities-threat-research/2021/11/18/conti-ransomware
  • The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox gamers https://www.theregister.com/2021/11/16/nobloxjs_typosquatting_discord/
  • The Best Ransomware Response, According to the Data https://threatpost.com/ransomware-response-data/176360/
  • WordPress sites are being hacked in fake ransomware attacks https://www.bleepingcomputer.com/news/security/wordpress-sites-are-being-hacked-in-fake-ransomware-attacks/

• Major outages/downs:

  • Google glitch triggers major internet outage https://www.zdnet.com/article/google-glitch-triggers-major-internet-outage/
  • Tesla drivers locked out of cars due to server error https://www.independent.co.uk/life-style/gadgets-and-tech/tesla-power-outage-app-musk-b1961339.html

• Follow-ups and fall-out:

  • FBI Attributes Abuse of Its Email Account to Software 'Misconfiguration' https://www.darkreading.com/application-security/fbi-attributes-fake-email-from-its-account-to-software-misconfiguration-
  • FBI Email Hoaxer ID'ed by the Guy He Allegedly Loves to Torment https://threatpost.com/fbi-email-hoaxer-ided-vinny-troia/176377/
  • More Accusations About a Canadian Hacker in the Wake of a Hoax Email from FBI Portal https://www.databreaches.net/more-accusations-about-a-canadian-hacker-in-the-wake-of-a-hoax-email-from-fbi-portal/
  • Complaining about Canada's alleged failure to extradite someone makes no sense when there's no request to extradite https://www.databreaches.net/complaining-about-canadas-alleged-failure-to-extradite-someone-makes-no-sense-when-theres-no-request-to-extradite/
  • FBI Hacker Offers to Sell Data Allegedly Stolen in Robinhood Breach https://www.securityweek.com/fbi-hacker-offers-sell-data-allegedly-stolen-robinhood-breach

Privacy

Articles about privacy related news, risks, and trends.

• CitizenLab reports on Pegasus, the great Firewall, and Privacy under COVID https://mailchi.mp/citizenlab.ca/palestinian-phones-hacked-measuring-the-great-firewall-and-pandemic-privacy
• Amazon's Dark Secret: It Has Failed to Protect Your Data https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation
• Podcast Episode: What Police Get When They Get Your Phone https://www.eff.org/deeplinks/2021/11/podcast-episode-what-police-get-when-they-get-your-phone
• Is Microsoft Stealing People's Bookmarks? https://www.schneier.com/blog/archives/2021/11/is-microsoft-stealing-peoples-bookmarks.html
• Boffins find way to use a standard smartphone to find hidden spy cams https://www.theregister.com/2021/11/18/smartphone_camera_detection/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 108: Scott Benzie on How Bill C-10 Ignored Canada's Thriving Digital First Creators https://www.michaelgeist.ca/2021/11/law-bytes-podcast-episode-108/
  • Ontario delays launch of digital ID program until next year https://toronto.ctvnews.ca/ontario-delays-launch-of-digital-id-program-until-next-year-1.5669511

• US:

  • U.S Banks Required to Report Cyberattacks to Regulators Within 36 Hours https://www.securityweek.com/us-banks-required-report-cyberattacks-regulators-within-36-hours
  • CISA releases cybersecurity response plans for federal agencies https://www.bleepingcomputer.com/news/security/cisa-releases-cybersecurity-response-plans-for-federal-agencies/
  • Experts Analyze Proposed Bill Allowing Private Entities to 'Hack Back' https://www.securityweek.com/experts-analyze-proposed-bill-allowing-private-entities-hack-back%E2%80%99
  • Ninth Circuit: Surveillance Company Not Immune from International Lawsuit https://www.eff.org/deeplinks/2021/11/ninth-circuit-surveillance-company-not-immune-international-lawsuit
  • China Telecom's US arm sues in last-ditch bid to retain license https://www.theregister.com/2021/11/16/china_telecom_us_emergency_lawsuit/
  • EFF Tells Court to Protect Anonymous Speakers, Apply Proper Test Before Unmasking Them In Trademark Commentary Case https://www.eff.org/deeplinks/2021/11/eff-tells-court-protect-anonymous-speakers-apply-proper-test-unmasking-them
  • The shareholder fight that forced Apple's hand on repair rights https://www.theverge.com/2021/11/17/22787336/apple-right-to-repair-self-service-diy-reason-microsoft
  • Apple's Self Service Repair Program Must Live Up To Its Promises https://www.eff.org/deeplinks/2021/11/apples-self-service-repair-program-must-live-its-promises
  • Locked Out of ‘God Mode,' Runners Hack Their Treadmills https://www.wired.com/story/nordictrack-ifit-treadmill-privilege-mode
  • Ohio suing Facebook, says it misled the public about the effect its products have on children https://www.theverge.com/2021/11/16/22785206/ohio-suing-facebook-instagram-meta-misled-investors-children

• World:

  • USA signs internet freedom and no-hack pact it's ignored since 2018 https://www.theregister.com/2021/11/11/usa_supports_paris_call/
  • Not only MSPs: All cloudy firms are in line for UK security law crackdown https://www.theregister.com/2021/11/16/ukgov_dcms_msp_cyber_security_crackdown_widens/
  • A mailing error with troubling potential https://www.databreaches.net/a-mailing-error-with-troubling-potential/
  • Singaporean regulator punishes biggest-ever data breach: Almost 5.9 million hotel customers' info exposed https://www.theregister.com/2021/11/18/redoorz_fined_for_massive_data_leak/

• Standards News:

  • NCCoE Releases Draft Publications on Enterprise Patch Management for comment until January 10, SP 1800-31 https://www.nccoe.nist.gov/projects/critical-cybersecurity-hygiene-patching-enterprise and SP 800-40 Rev. 4 https://csrc.nist.gov/publications/detail/sp/800-40/rev-4/draft
  • Why I Hate Password Rules https://www.schneier.com/blog/archives/2021/11/why-i-hate-password-rules.html

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• CRTC to require telecom providers to implement call authentification https://ca.finance.yahoo.com/news/crtc-require-telecom-providers-implement-223401625.html
• Securing Your Smartphone https://www.schneier.com/blog/archives/2021/11/securing-your-smartphone.html
• Securing your digital life, part three: How smartphones make us vulnerable https://arstechnica.com/information-technology/2021/11/securing-your-digital-life-part-3/
• Securing your digital life, the finale: Debunking worthless “security” practices https://arstechnica.com/information-technology/2021/11/securing-your-digital-life-part-4/
• The Old Ways Aren't Working: Let's Rethink OT Security https://www.darkreading.com/dr-tech/the-old-ways-aren-t-working-let-s-rethink-ot-security
• You wanna use GCHQ offshoot NCSC's threat intel feeds? Why not, say bosses https://www.theregister.com/2021/11/17/ncsc_annual_review/
• DuckDuckGo Wants to Stop Apps From Tracking You on Android https://www.wired.com/story/duckduckgo-android-app-tracking-block
• Microsoft adds AI-driven ransomware protection to Defender https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-ai-driven-ransomware-protection-to-defender/
• Microsoft Authenticator gets new enterprise security features https://www.bleepingcomputer.com/news/microsoft/microsoft-authenticator-gets-new-enterprise-security-features/
• Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365 https://www.microsoft.com/security/blog/2021/11/16/protect-against-phishing-with-attack-simulation-training-in-microsoft-defender-for-officer-365/
• This tool protects your private data while you browse https://scienmag.com/this-tool-protects-your-private-data-while-you-browse/
• How to Navigate the Mitigation of Deepfakes https://www.darkreading.com/attacks-breaches/how-to-navigate-the-mitigation-of-deepfakes
• Digital Rights Updates with EFFector 33.7 https://www.eff.org/deeplinks/2021/11/digital-rights-updates-effector-337
• The Importance of Security Control Baselines https://blog.isc2.org/isc2_blog/2021/11/the-importance-of-security-control-baselines.html
• Rookies Needed - Experience Required https://blog.isc2.org/isc2_blog/2021/11/rookies-needed-experience-required.html
• Critical Infrastructure Protection: Education Should Take Additional Steps to Help Protect K-12 Schools from Cyber Threats https://www.databreaches.net/critical-infrastructure-protection-education-should-take-additional-steps-to-help-protect-k-12-schools-from-cyber-threats/
• The future of OT security in an IT-OT converged world https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
• Four Things Your CISO Wants Your Board to Know https://www.securityweek.com/four-things-your-ciso-wants-your-board-know
• How to Tackle SaaS Security Misconfigurations https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
• How Open Systems uses Microsoft tools to improve security maturity https://www.microsoft.com/security/blog/2021/11/15/how-open-systems-uses-microsoft-tools-to-improve-security-maturity/
• The importance of identity and Microsoft Azure Active Directory resilience https://www.microsoft.com/security/blog/2021/11/16/the-importance-of-identity-and-microsoft-azure-active-directory-resilience/
• A Visual Summary of SANS Pen Test HackFest Summit 2021 https://www.sans.org/blog/a-visual-summary-of-sans-pen-test-hackfest-summit-2021
• Sketchy (approximation) Pwned Passwords https://scotthelme.co.uk/sketchy-pwned-passwords/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html
  • Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs https://threatpost.com/microsoft-nov-patch-tuesday-fixes-six-zero-days-55-bugs/176143/
  • Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html
  • Threat actors offer millions for zero-days, developers talk of exploit-as-a-service https://www.bleepingcomputer.com/news/security/threat-actors-offer-millions-for-zero-days-developers-talk-of-exploit-as-a-service/
  • Tales Of Zero-Day Disclosure: Tenable Researchers Reveal Recommendations for a Successful Experience https://www.tenable.com/blog/tales-of-zero-day-disclosure-tenable-researchers-reveal-recommendations-for-a-successful

• Other Vulnerabilities:

  • Do you use one of the 20 most common passwords in Canada? https://www.ctvnews.ca/mobile/sci-tech/do-you-use-one-of-the-20-most-common-passwords-in-canada-1.5675234
  • Another Intel Chip Flaw Puts a Slew of Gadgets at Risk https://www.wired.com/story/intel-chip-flaw-puts-gadgets-at-risk
  • Intel CPU Vulnerability Can Expose Cryptographic Keys https://www.securityweek.com/intel-cpu-vulnerability-can-expose-cryptographic-keys
  • High severity BIOS flaws affect numerous Intel processors https://www.bleepingcomputer.com/news/security/high-severity-bios-flaws-affect-numerous-intel-processors/
  • AMD reveals an Epyc 50 flaws – 23 of them rated high severity. Intel has 25 bugs, too https://www.theregister.com/2021/11/12/amd_and_intel_flaws/
  • ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electric-address-over-50-vulnerabilities-0
  • IoT Protocol Used by NASA, Siemens and Volkswagen Can Be Exploited by Hackers https://www.securityweek.com/iot-protocol-used-nasa-siemens-and-volkswagen-can-be-exploited-hackers
  • GitHub fixes authorisation vulnerability in the NPM JavaScript package registry https://www.theregister.com/2021/11/16/github_npm_flaw/
  • Microsoft Informs Users of High-Severity Vulnerability in Azure AD https://www.securityweek.com/microsoft-informs-users-high-severity-vulnerability-azure-ad
  • Google Chrome 96 breaks Twitter, Discord, video rendering and more https://www.bleepingcomputer.com/news/google/google-chrome-96-breaks-twitter-discord-video-rendering-and-more/
  • Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome could lead to code execution http://blog.talosintelligence.com/2021/11/vulnerability-spotlight-user-after-free.html
  • Microsoft: Windows Installer breaks apps after updates, repairs https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-installer-breaks-apps-after-updates-repairs/
  • Researcher Shows Windows Flaw More Serious After Microsoft Releases Incomplete Patch https://www.securityweek.com/researcher-shows-windows-flaw-more-serious-after-microsoft-releases-incomplete-patch
  • There's something to be said for delayed gratification when Windows 11 is this full of bugs https://www.theregister.com/2021/11/15/windows_11_insiders_bug_fixes/
  • Windows 11's Black Screen of Death is changing back to blue https://www.theverge.com/2021/11/16/22785021/microsoft-windows-11-blue-screen-of-death-black-change
  • PSA: Apple isn't actually patching all the security holes in older versions of macOS https://arstechnica.com/gadgets/2021/11/psa-apple-isnt-actually-patching-all-the-security-holes-in-older-versions-of-macos/
  • Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD http://blog.talosintelligence.com/2021/11/libre-cad-vuln-spotlight-.html
  • Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion http://blog.talosintelligence.com/2021/11/lantronix-premier-wave-vuln-spotlight.html
  • New Rowhammer Technique https://www.schneier.com/blog/archives/2021/11/new-rowhammer-technique.html
  • New ETW Attacks Can Allow Hackers to 'Blind' Security Products https://www.securityweek.com/new-etw-attacks-can-allow-hackers-blind-security-products
  • Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic https://thehackernews.com/2021/11/researchers-demonstrate-new.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts https://thehackernews.com/2021/11/sharkbot-new-android-trojan-stealing.html
  • Six million Sky routers exposed to takeover attacks for 17 months https://www.databreaches.net/six-million-sky-routers-exposed-to-takeover-attacks-for-17-months/
  • Number of cyber-attacks infiltrating critical New Zealand networks soars https://www.databreaches.net/number-of-cyber-attacks-infiltrating-critical-new-zealand-networks-soars/
  • 11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells https://thehackernews.com/2021/11/11-malicious-pypi-python-libraries.html
  • Attackers use domain fronting technique to target Myanmar with Cobalt Strike http://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html
  • Pakistan Hackers Targeted Afghan Users Amid Govt Collapse https://packetstormsecurity.com/news/view/32824/Pakistan-Hackers-Targeted-Afghan-Users-Amid-Govt-Collapse.html
  • You'll never guess who's been exploiting the ManageEngine service to steal passwords https://www.theregister.com/2021/11/08/attackers_infiltrated_password_management_service/
  • Microsoft Exchange servers hacked in internal reply-chain attacks https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-in-internal-reply-chain-attacks/
  • Microsoft warns of surge in HTML smuggling phishing attacks https://www.bleepingcomputer.com/news/security/microsoft-warns-of-surge-in-html-smuggling-phishing-attacks/
  • Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/
  • Fake TSA PreCheck sites scam US travelers with fake renewals https://www.bleepingcomputer.com/news/security/fake-tsa-precheck-sites-scam-us-travelers-with-fake-renewals/
  • Phishing Scam Aims to Hijack TikTok ‘Influencer' Accounts https://threatpost.com/phishing-scam-tiktok-influencer/176391/
  • Zoho Password Manager Flaw Torched by Godzilla Webshell https://threatpost.com/zoho-password-manager-flaw-godzilla-webshell/176063/
  • Most SS7 exploit service providers on dark web are scammers https://www.bleepingcomputer.com/news/security/most-ss7-exploit-service-providers-on-dark-web-are-scammers/

• Nation State Actors:

  • ‘Ghostwriter' Looks Like a Purely Russian Op—Except It's Not https://www.wired.com/story/ghostwriter-hackers-belarus-russia-misinformationo
  • Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/
  • Iranian Hackers Are Going After US Critical Infrastructure https://www.wired.com/story/iranian-hackers-going-after-us-critical-infrastructure
  • Iranian state hackers use upgraded malware in attacks on ISPs, telcos https://www.bleepingcomputer.com/news/security/iranian-state-hackers-use-upgraded-malware-in-attacks-on-isps-telcos/
  • Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns https://threatpost.com/exchange-fortinet-exploited-iranian-apt-cisa/176395/
  • North Korean Hacker Group Intensifies Espionage Campaigns https://www.securityweek.com/north-korean-hacker-group-intensifies-espionage-campaigns
  • North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html
  • North Korean cyberspies target govt officials with custom malware https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/
  • North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro https://thehackernews.com/2021/11/north-korean-hackers-target.html

• Crime & Arrests, etc.:

  • Ontario youth arrested, charged in $46M cryptocurrency theft https://globalnews.ca/news/8380225/ontario-youth-cryptocurrency-theft-hamilton/
  • These are the cryptomixers hackers use to clean their ransoms https://www.bleepingcomputer.com/news/security/these-are-the-cryptomixers-hackers-use-to-clean-their-ransoms/
  • Wire Fraud Scam Upgraded with Bitcoin https://www.schneier.com/blog/archives/2021/11/wire-fraud-scam-upgraded-with-bitcoin.html
  • US seizes $6 million in ransom payments and expected to charge Ukrainian over major REvil cyberattack https://www.databreaches.net/us-seizes-6-million-in-ransom-payments-and-expected-to-charge-ukrainian-over-major-revil-cyberattack/
  • Europol Announces Arrests of 7 People Linked to REvil, GandCrab Ransomware https://www.securityweek.com/europol-announces-arrests-7-people-linked-revil-gandcrab-ransomware
  • Tech CEO Pleads to Wire Fraud in IP Address Scheme https://krebsonsecurity.com/2021/11/tech-ceo-pleads-to-wire-fraud-in-ip-address-scheme/
  • U.S. Charged 2 Iranian Hackers for Threatening Voters During 2020 Presidential Election https://thehackernews.com/2021/11/us-charged-2-iranians-hackers-for.html
  • How Iran Tried to Undermine the 2020 US Presidential Election https://www.wired.com/story/iran-2020-election-interference

Other Security / Risk

Articles covering other types of risks.

• Could quantum computers be cost-effective by 2036? https://freedom-to-tinker.com/2021/11/15/could-quantum-computers-be-cost-effective-by-2036/
• Physicists achieve fault-tolerant control of an error-corrected qubit https://physicsworld.com/a/physicists-achieve-fault-tolerant-control-of-an-error-corrected-qubit/
• IBM creates largest ever superconducting quantum computer https://www.newscientist.com/article/2297583-ibm-creates-largest-ever-superconducting-quantum-computer/
• This new startup has built a record-breaking 256-qubit quantum computer https://www.technologyreview.com/2021/11/17/1040243/quantum-computer-256-bit-startup/
• Cryptographers are not happy with how you're using the word ‘crypto' https://www.theguardian.com/technology/2021/nov/18/crypto-cryptocurrency-cryptographers
• Navigating the Complexity of Today's Digital Supply Chain https://www.darkreading.com/vulnerabilities-threats/navigating-the-complexity-of-today-s-digital-supply-chain
• EFF's How to Fix the Internet Podcast Offers Optimistic Solutions to Tech Dystopias https://www.eff.org/deeplinks/2021/11/effs-how-fix-internet-podcast-offers-optimistic-solutions-tech-dystopias
• Facebook says harassment in metaverse is ‘existential threat' but moderation is ‘practically impossible' https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-meta-metaverse-harassment-moderation-b1957850.html
• Windows 10 21H2 is released, here are the new features https://www.bleepingcomputer.com/news/microsoft/windows-10-21h2-is-released-here-are-the-new-features/
• Insider Threats Can Turn Your Cloud Security Into a Storm https://blog.isc2.org/isc2_blog/2021/11/insider-threats-cloud-security.html
• After her best friend died, this programmer created an AI chatbot from his texts to talk to him again https://www.cbc.ca/documentaries/the-nature-of-things/after-her-best-friend-died-this-programmer-created-an-ai-chatbot-from-his-texts-to-talk-to-him-again-1.6252286
• Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!, (Mon, Nov 15th) https://isc.sans.edu/diary/rss/28036
• Is XDR Overhyped? https://www.darkreading.com/endpoint/is-xdr-overhyped-
• Most NFTs could end up being dead web pages according to a skeptic who just right-clicked and downloaded all of them https://markets.businessinsider.com/news/currencies/nfts-404-pages-geoffrey-huntley-right-clicked-downloaded-all-nfts-2021-11
• Bitcoin creator Satoshi Nakamoto now 15th richest person in the world https://www.independent.co.uk/life-style/gadgets-and-tech/bitcoin-satoshi-nakamoto-wealth-net-worth-b1957878.html

• Health, Safety & Environment:

  • Last year's record-breaking power outages are a red flag for public health https://www.theverge.com/2021/11/15/22782892/power-outage-health-record-covid-climate-change
  • US annual drug overdose deaths hit record levels https://www.bbc.co.uk/news/world-us-canada-59253091
  • The Most Common Pain Relief Drug in The World Induces Risky Behavior, Study Finds https://www.sciencealert.com/the-most-common-pain-relief-drug-in-the-world-induces-risky-behavior-study-finds
  • Experimental mRNA Vaccine Not Yet Tested in Humans Protects Against Lyme Disease https://www.sciencealert.com/an-mrna-vaccine-is-in-the-works-to-protect-humans-and-animals-from-tick-bites
  • Nasal vaccine to treat Alzheimer's disease to be tested in U.S. clinical trial https://globalnews.ca/news/8381266/alzheimers-disease-nasal-vaccine-clinical-trial/
  • A stealthy way to combat tumors https://scienmag.com/a-stealthy-way-to-combat-tumors/
  • An Experiment Using Human Stem Cells Ended Up Reversing Diabetes in Mice https://www.sciencealert.com/an-experiment-with-human-stem-cells-ended-up-curing-diabetes-in-mice
  • Antibody Breakthrough in Mice Could Lead to a Vaccine For Alzheimer's Disease https://www.sciencealert.com/novel-approach-to-alzheimer-s-disease-in-mice-points-to-a-possible-vaccine
  • Brain Implant Translates Paralyzed Man's Thoughts Into Text With 94% Accuracy https://www.sciencealert.com/brain-implant-enables-paralyzed-man-to-communicate-thoughts-via-imaginary-handwriting
  • Rare Genetic Mutation in Utah Family Traced Across Continents And Over Centuries https://www.sciencealert.com/a-rare-genetic-mutation-in-a-large-utah-family-traced-back-to-1700s-denmark
  • Suffering from psoriasis? Blame this trio of proteins https://scienmag.com/suffering-from-psoriasis-blame-this-trio-of-proteins/
  • The Upside of COVID Hygiene Theater https://www.theatlantic.com/ideas/archive/2021/11/covid-hygiene-theater-should-be-here-stay/620710/
  • The COVID Cancer Effect https://www.scientificamerican.com/article/the-covid-cancer-effect/
  • Rare case of woman's body ridding itself of HIV https://www.bbc.co.uk/news/health-59297311
  • Girl rescued in US after using TikTok domestic violence hand signal – video https://www.theguardian.com/technology/video/2021/nov/08/girl-rescued-in-us-after-using-tiktok-domestic-violence-hand-signal-video
  • This 'Tree of Death' Is So Toxic, You Can't Even Stand Under It When It Rains https://www.sciencealert.com/this-tree-of-death-is-so-toxic-you-can-t-even-stand-under-it-when-it-rains
  • Two people bitten by coyote in Toronto park, city says https://toronto.ctvnews.ca/two-people-bitten-by-coyote-in-toronto-park-city-says-1.5675630
  • NASA's DART Mission Could Help Cancel an Asteroid Apocalypse https://www.scientificamerican.com/article/nasas-dart-mission-could-help-cancel-an-asteroid-apocalypse/
  • Maybe Don't Blow Up Satellites in Space https://www.theatlantic.com/science/archive/2021/11/nasa-russia-anti-satellite-test-orbital-debris/620728/
  • Russia denies endangering astronauts with space junk created by weapons test https://globalnews.ca/news/8377069/russia-satellite-space-junk-iss/
  • B.C.'s record-breaking rainfall generates ‘mind-boggling' data: Environment Canada https://globalnews.ca/news/8375229/bc-atmospheric-river-data-environment-canada/
  • As more military troops head to B.C., experts call for civilian disaster response solution https://globalnews.ca/news/8381464/experts-civilian-disaster-response-bc/
  • The US finally adopts a national recycling strategy https://www.theverge.com/2021/11/15/22783450/recycling-united-states-epa-plastic-pollution-waste
  • Texas may be in danger of another major energy crisis and widespread power outages this winter, new report warns https://www.businessinsider.com/report-texas-in-danger-of-major-energy-crisis-this-winter-2021-11
  • Drilling for ‘white gold’ is happening right now at the Salton Sea https://www.latimes.com/business/story/2021-11-15/drilling-for-white-gold-is-happening-right-now-at-the-salton-sea
  • 3D-printed 'meat': Does the plant-based product pass the taste test? https://www.bbc.co.uk/news/uk-59335815

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Covid: WHO says it is very worried about Europe surge https://www.bbc.co.uk/news/world-europe-59358074
  • COVID Sure Looks Seasonal Now https://www.theatlantic.com/health/archive/2021/11/covid-seasonal-winter/620766/

• Guidance, Response, and Recovery:

  • Canada drops molecular COVID-19 test requirement for short trips abroad https://www.ctvnews.ca/health/coronavirus/canada-drops-molecular-covid-19-test-requirement-for-short-trips-abroad-1.5673390
  • City's 2022 winter rec program includes expanded list of activities as capacity limits lifted https://toronto.ctvnews.ca/city-s-2022-winter-rec-program-includes-expanded-list-of-activities-as-capacity-limits-lifted-1.5671277
  • Covid: Germany to place tighter curbs on unvaccinated https://www.bbc.co.uk/news/world-europe-59337955
  • Austria targets unvaccinated with new COVID-19 lockdown. Here's why https://globalnews.ca/news/8374790/covid-19-austria-unvaccinated-lockdown-explained/

• Immunity and Vaccinations:

  • Pfizer COVID-19 vaccine for children aged 5-11 approved by Health Canada https://globalnews.ca/news/8332426/pfizer-vaccine-covid-children/
  • Ontario will start immunizing children against COVID-19 this month: Moore https://ottawa.ctvnews.ca/ontario-will-start-immunizing-children-against-covid-19-this-month-moore-1.5669652
  • Approximately 10% of Alberta's COVID-19 vaccines wasted or expired: government department https://globalnews.ca/news/8378227/vaccine-wastage-alberta-covid/
  • Things we learned:
  • Scientists Identify Gene Linked to Significantly Higher Risk of Severe COVID-19 https://www.sciencealert.com/we-might-finally-know-why-uk-s-south-asian-demographics-suffered-more-from-covid
  • Machine learning IDs mammal species with the potential to spread SARS-CoV-2 https://scienmag.com/machine-learning-ids-mammal-species-with-the-potential-to-spread-sars-cov-2/

• More of the good, the bad, and the ugly:

  • Police say they've been inundated with calls from group of Toronto teachers saying vaccine mandates are a crime https://toronto.ctvnews.ca/police-say-they-ve-been-inundated-with-calls-from-group-of-toronto-teachers-saying-vaccine-mandates-are-a-crime-1.5670494

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• 20 of the Most Important Moments in Internet History https://www.mentalfloss.com/article/652246/most-important-moments-internet-history
• 20 of History's Most Outrageous Scientific Feuds https://www.mentalfloss.com/article/651967/scientific-feuds-in-history
• Why Do We Say 'Have a Chip on Your Shoulder'? https://www.mentalfloss.com/article/652393/chip-on-your-shoulder-meaning-origins
• Apple's first computer, a collector's dream, could fetch $500,000 at auction https://www.theguardian.com/technology/2021/nov/08/apple-1-computer-auction
• Things finally looking up for DIY astronomers https://www.cbc.ca/news/canada/ottawa/radio-astronomy-ccera-rideau-ferry-1.6249082
• Astra reaches orbit for the first time with LV0007 launch https://www.theverge.com/2021/11/20/22792942/astra-reaches-orbit-first-time-lv0007-rocket
• Proposed Nova Scotia spaceport announces payload client for initial launch https://globalnews.ca/news/8387305/proposed-nova-scotia-spaceport-announces-payload-client-for-initial-launch/
• Spacecraft using new iodine fuel could transform the space industry, study shows https://www.independent.co.uk/life-style/gadgets-and-tech/rocket-space-iodine-xenon-propellant-b1959464.html
• The Moon's Surface Has Enough Oxygen to Keep Billions Alive For 100,000 Years https://www.sciencealert.com/moon-s-surface-has-enough-oxygen-to-keep-billions-alive-for-100-000-years
• A Massive Rock Orbiting The Sun Appears to Have Originated Surprisingly Close to Us https://www.sciencealert.com/a-massive-chunk-of-rock-near-earth-s-orbit-might-once-have-been-part-of-our-moon
• Hubble takes a series of giant outer planet family portraits https://www.syfy.com/syfy-wire/bad-astronomy-hubble-spies-jupiter-saturn-uranus-and-neptune
• Mysterious Object Glimpsed Decades Ago Might Have Actually Been Planet Nine https://www.sciencealert.com/historical-data-reveals-what-may-be-a-decades-old-detection-of-planet-nine
• Scientists Plan Private Mission to Hunt for Earths around Alpha Centauri https://www.scientificamerican.com/article/scientists-plan-private-mission-to-hunt-for-earths-around-alpha-centauri/