This Week's [in]Security - Issue 244 | insecurity

This Week's [in]Security - Issue 244

05 Dec 2021.

Tags:

insecurity
x

Welcome to This Week’s [in]Security. PCI and payments: Participating brands FAQ, and 8 updates. Magecart/skimmers, Brazil, Square. New breaches: Panasonic, Planned Parenthood. New Ransomware: Critical Infrastructure, Rideau Hall. Major outages, Follow-ups & Fall-out: Gravatar HIPB. Privacy: De-anonymization. Laws & Regs - Canada: health data, Huawei. US: FBI access, TSA, SEC, Biometrics. World: Product Security, Algorithm Transparency. Standards: NIST IoT, CISA mobile. Defense: Spam calls, AI understanding, Facial fuzz, attack maps, DRP, Old tech, Faraday cages. Vulnerabilities, Zerodays: Windows. Other Vulnerabilities: Printers, Routers, NSS Crypto, XS-Leaks, Passwords, zoom, Azure Sphere, Cloud Honeypot, CISA Hitachi & Zoho, Verizon. Cryptography HKDFs, PQC signatures & performance, Quantum Computing. Cybercrime: Trends, NABs, Trojans, AT&T, WRITE, Excel Addins. Nation States: diplomats, air-gaps, fake recruiters. Crime & Enforcement. Other Risks: Cyber-insurance exclusions, long game, China, misinformation, Meta/FB, amplification, shopping bots, Edge, Food, Hype? Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Learned; And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

New and updated FAQ’s
New PCI Documents:
- PCI Forensic Investigator (PFI) Program Guidev3.2r1 https://www.pcisecuritystandards.org/documents/PFI_Program_Guide_v3.2r1.pdf
- FAQs for Card Production Security Requirements https://www.pcisecuritystandards.org/documents/Card_Prod_Security_Rqrmts_FAQs_v2_Nov_2021.pdf
- PTS HSM Technical (mandatory) Frequently Asked Questions https://www.pcisecuritystandards.org/documents/PTS_HSM_Technical_FAQs_v3_November_2021.pdf
New malware hides as legit nginx process on e-commerce servers https://www.bleepingcomputer.com/news/security/new-malware-hides-as-legit-nginx-process-on-e-commerce-servers/
Card-stealing malware on website that sells baron and duke titles https://therecord.media/hackers-plant-card-stealing-malware-on-website-that-sells-baron-and-duke-titles/
European Cybercrime Centre confident it's kicked credit card crims – again https://www.theregister.com/2021/12/02/european_cybercrime_centre_carding_action_2021/
Brazil Crime Uptick Could Result in Instant Payments Suspension https://www.pymnts.com/news/security-and-risk/2021/brazil-crime-uptick-could-result-instant-payments-suspension/
Square Inc. is Now Block; Brand to Remain https://www.pymnts.com/news/merchant-innovation/2021/square-inc-is-now-block-brand-to-remain/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

New Breaches:
- Phishing Remains the Most Common Cause of Data Breaches, Survey Says https://www.darkreading.com/edge-threat-monitor/phishing-remains-the-most-common-cause-of-data-breaches-survey-says
- Panasonic discloses data breach after network hack https://www.bleepingcomputer.com/news/security/panasonic-discloses-data-breach-after-network-hack/
- Panasonic admits intruders were inside its servers for months https://www.theregister.com/2021/11/30/panasonic_breach/
- Panasonic's Data Breach Leaves Open Questions https://threatpost.com/panasonic-data-breach-questions/176660/
- Data Hacked for 400,000 Planned Parenthood LA Patients https://www.securityweek.com/data-hacked-400000-planned-parenthood-la-patients
- DNA testing firm discloses data breach affecting 2.1 million people https://www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/
- Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data https://www.securityweek.com/ransomware-operators-threaten-leak-15tb-supernus-pharmaceuticals-data
- Planned Parenthood LA discloses data breach after ransomware attack https://www.bleepingcomputer.com/news/security/planned-parenthood-la-discloses-data-breach-after-ransomware-attack/
- Marine Services Provider Swire Pacific Offshore Discloses Data Breach https://www.securityweek.com/marine-services-provider-swire-pacific-offshore-discloses-data-breach
New Ransomware and "Incidents":
- ‘Double-Extortion' Ransomware Damage Skyrockets 935% https://threatpost.com/double-extortion-ransomware-data-leaks/176723/
- Three key ransomware actors changed jobs on October 18 – the same day REvil went dark https://www.theregister.com/2021/12/02/ransomware_forums_revealed/
- FBI: Cuba ransomware breached 49 US critical infrastructure orgs https://www.bleepingcomputer.com/news/security/fbi-cuba-ransomware-breached-49-us-critical-infrastructure-orgs/
- Rideau Hall internal cyber network hit by ‘breach' — effects unclear https://globalnews.ca/news/8419717/rideau-hall-cyber-incident-2021/
- Wind turbine maker Vestas confirms recent security incident was ransomware https://www.theregister.com/2021/11/29/wind_turbine_maker_vestas_confirms/
- Microsoft Exchange servers hacked to deploy BlackByte ransomware https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-blackbyte-ransomware/
Major outages/downs:
- Dark web market Cannazon shuts down after massive DDoS attack https://www.bleepingcomputer.com/news/security/dark-web-market-cannazon-shuts-down-after-massive-ddos-attack/
Follow-ups and fall-out:
- Gravatar - 113,990,759 breached accounts https://haveibeenpwned.com/PwnedWebsites#Gravatar

Privacy

Articles about privacy related news, risks, and trends.

New Privacy Rules Could Derail User Data Collection by Companies https://www.pymnts.com/digital-identity/2021/new-privacy-rules-could-derail-user-data-collection-by-companies/
The Verizon app might be collecting your browsing history and more https://www.theverge.com/2021/12/5/22818783/verizon-app-data-collection-browsing-history
Google Pixel mail-in repairs have allegedly twice resulted in leaked pics and a privacy nightmare https://www.theverge.com/2021/12/4/22817758/broken-google-pixel-phone-privacy-leak
Is KAX17 Performing De-Anonymization Attacks Against Tor Users? https://packetstormsecurity.com/news/view/32874/Is-KAX17-Performing-De-Anonymization-Attacks-Against-Tor-Users.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Canada:
- Ottawa, provinces must create agency to reform how health data is collected and used, report says https://www.theglobeandmail.com/canada/article-ottawa-provinces-must-create-agency-to-reform-how-health-data-is/
- The Law Bytes Podcast, Episode 110: Waiting to Connect – Karen Barnes and Catherine Middleton on the CCA's Report on Internet Access in Canadian Rural, Remote and Indigenous Communities https://www.michaelgeist.ca/2021/11/law-bytes-podcast-episode-110/
- Canada's Huawei decision was ‘picking up momentum' 2 years ago. So what is happening? https://globalnews.ca/news/8414227/canada-huawei-ban-timeline/
- Group of Canadian youth file application to challenge voting age in Canada https://globalnews.ca/news/8421262/canadian-youth-application-challenge-voting-age-canada/
US:
- FBI can gain ‘limited' access to private WhatsApp and Apple iMessage conversations, document claims https://www.independent.co.uk/life-style/gadgets-and-tech/fbi-whatsapp-apple-imessage-icloud-access-b1966933.html
- TSA Requires Rail and Airports to Strengthen Cybersecurity https://www.securityweek.com/tsa-requires-rail-and-airports-strengthen-cybersecurity
- What The SEC Requires From Businesses After A Data Breach https://packetstormsecurity.com/news/view/32861/What-The-SEC-Requires-From-Businesses-After-A-Data-Breach.html
- A newly published rule brings the SEC closer to delisting stock of Chinese firms that don't allow themselves to be audited https://markets.businessinsider.com/news/stocks/sec-moves-toward-delisting-chinese-stocks-audit-reviews-rule-markets-2021-12
- Legal Cases and Privacy Rulings Aim to Curtail Facial Biometrics https://www.darkreading.com/vulnerabilities-threats/legal-cases-and-privacy-policies-threaten-use-of-facial-biometrics
- Our Patent Review System is Ten Years Old. It's Time to Make It Stronger. https://www.eff.org/deeplinks/2021/11/our-patent-review-system-ten-years-old-its-time-make-it-stronger
World:
- New UK product security law won't be undercut by rogue traders upping and vanishing, government boasts https://www.theregister.com/2021/12/02/psti_bill_phoenixing_dcms_response/
- Working of algorithms used in government decision-making to be revealed https://www.theguardian.com/technology/2021/nov/29/working-of-algorithms-used-in-government-decision-making-to-be-revealed
- Meta ordered to sell Giphy by UK regulator https://www.theverge.com/2021/11/30/22740272/facebook-giphy-acquisition-competition-and-markets-authority-uk-regulator
- US facial recognition firm faces £17m UK fine for ‘serious breaches' https://www.theguardian.com/technology/2021/nov/29/us-facial-recognition-firm-faces-17m-uk-fine-for-serious-breaches-clearview-ai
- Russian internet watchdog announces ban of six more VPN products https://www.bleepingcomputer.com/news/legal/russian-internet-watchdog-announces-ban-of-six-more-vpn-products/
- How to arrange for your digital legacy https://www.theverge.com/22812264/digital-legacy-death-estate-google-apple-how-to
Standards News:
- NIST Updated IoT Cybersecurity Guidance | SP 800-213 & SP 800-213A https://csrc.nist.gov/publications/detail/sp/800-213a/final and https://csrc.nist.gov/publications/detail/sp/800-213/final
- CISA Releases Guidance on Securing Enterprise Mobile Devices https://www.securityweek.com/cisa-releases-guidance-securing-enterprise-mobile-devices
- The Internet Needs Fair Rules of the Road – and Competitive Drivers https://www.eff.org/deeplinks/2021/12/internet-needs-fair-rules-road-and-competitive-drivers

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

New technology will help fight spam calls, CRTC says https://globalnews.ca/news/8414200/crtc-new-technology-spam-calls/
Artificial intelligence that understands object relationships https://scienmag.com/artificial-intelligence-that-understands-object-relationships/
Facial Template Protection via Lattice-based Fuzzy Extractors, by Kaiyi Zhang and Hongrui Cui and Yu Yu https://eprint.iacr.org/2021/1559
Attack Maps now available on Radar https://blog.cloudflare.com/attack-maps-now-available-on-radar/
Rewriting your disaster recovery plan might just save your company…and could transform it https://www.theregister.com/2021/12/01/time_to_review_disaster_recovery_plan/
Intel Is Maintaining Legacy Technology for Security Research https://www.schneier.com/blog/archives/2021/11/intel-is-maintaining-legacy-technology-for-security-research.html
Frequency analysis on hundreds of billions of reports at Report URI: Top-K https://scotthelme.co.uk/frequency-analysis-on-hundreds-of-billions-of-reports-at-report-uri-top-k/
How Decryption of Network Traffic Can Improve Security https://threatpost.com/decryption-improve-security/176613/
Testing Faraday Cages https://www.schneier.com/blog/archives/2021/12/testing-faraday-cages.html
Remote Browser Isolation Stars in Content Protection Role https://www.darkreading.com/dr-tech/remote-browser-isolation-tech-stars-in-content-protection-role-
A Safe and Secure Way to Decommission https://blog.isc2.org/isc2_blog/2021/11/a-safe-and-secure-way-to-decommission.html
How Red Canary and Microsoft can help reduce your alert fatigue https://www.microsoft.com/security/blog/2021/11/29/how-red-canary-and-microsoft-can-help-reduce-your-alert-fatigue/
Facebook Will Force More At-Risk Accounts to Use Two-Factor https://www.wired.com/story/facebook-protect-two-factor-authentication-requirement
Twitch Unleashes AI Tool To Spot Banned Users https://packetstormsecurity.com/news/view/32871/Twitch-Unleashes-AI-Tool-To-Spot-Banned-Users.html
Twitter removes 3,400 accounts used in govt propaganda campaigns https://www.bleepingcomputer.com/news/security/twitter-removes-3-400-accounts-used-in-govt-propaganda-campaigns/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Zero-day news:
- Unpatched Windows Zero-Day Allows Privileged File Access https://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/
Other Vulnerabilities:
- Printing Shellz: Critical bugs impacting 150 HP printer models patched https://www.zdnet.com/article/printing-shellz-critical-bugs-impacting-150-hp-printers-patched
- 8-year-old HP printer vulnerability affects 150 printer models https://www.bleepingcomputer.com/news/security/8-year-old-hp-printer-vulnerability-affects-150-printer-models/
- Researchers Find 226 Vulnerabilities in Nine Wi-Fi Routers https://www.securityweek.com/researchers-find-226-vulnerabilities-nine-wi-fi-routers
- Netgear router flaws exploitable with authentication ... like the default creds on Netgear's website https://www.theregister.com/2021/12/03/netgear_router_flaws_patched/
- Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software https://thehackernews.com/2021/12/critical-bug-in-mozillas-nss-crypto.html
- This NSS Crypto bug shouldn't have happened: A vulnerability postmortem https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
- Researchers discover 14 new data-stealing web browser attacks https://www.bleepingcomputer.com/news/security/researchers-discover-14-new-data-stealing-web-browser-attacks/
- DtSR Episode 477 - Passwords are Dead and Other Fables http://podcast.wh1t3rabbit.net/dtsr-episode-477-passwords-are-dead-and-other-fables
- Project Zero Flags High-Risk Zoom Security Flaw https://www.securityweek.com/project-zero-flags-high-risk-zoom-security-flaw
- An Azure Sphere kernel exploit — or how I learned to stop worrying and love the IoT http://blog.talosintelligence.com/2021/11/an-azure-sphere-kernel-exploit-or-how-i.html
- These Researchers Wanted To Test Cloud Security. They Were Shocked By What They Found https://packetstormsecurity.com/news/view/32872/These-Researchers-Wanted-To-Test-Cloud-Security.-They-Were-Shocked-By-What-They-Found.html
- CISA Informs Organizations About Vulnerabilities in Hitachi Energy Products https://www.securityweek.com/cisa-informs-organizations-about-vulnerabilities-hitachi-energy-products
- CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability https://thehackernews.com/2021/12/cisa-warns-of-actively-exploited.html
- Why Everyone Needs to Take the Latest CISA Directive Seriously https://thehackernews.com/2021/12/why-everyone-needs-to-take-latest-cisa.html
- Researcher Found Way To Brute Force Verizon Customer PINs https://packetstormsecurity.com/news/view/32880/Researcher-Found-Way-To-Brute-Force-Verizon-Customer-PINs.html
- Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense https://www.microsoft.com/security/blog/2021/12/02/structured-threat-hunting-one-way-microsoft-threat-experts-prioritizes-customer-defense/
- Soatok on Understanding HMAC Key Derivation Functions (HKDF) common use/misuse, misconceptions, and nuances https://soatok.blog/2021/11/17/understanding-hkdf/
- BulletProof TLS: Post-Quantum Signatures in TLS will be challenging, Go Daddy, QUIC/OpenSSL https://www.feistyduck.com/bulletproof-tls-newsletter/issue_83_post-quantum_signatures_in_tls_will_be_challenging
- Performance Evaluation of Post-Quantum TLS 1.3 on Embedded Systems https://eprint.iacr.org/2021/1553
- Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication https://eprint.iacr.org/2021/1563
- How Much Has Quantum Computing Actually Advanced? https://spectrum.ieee.org/amp/quantum-computing-google-sycamore-2655911675
- Researchers propose a simpler design for quantum computers https://phys.org/news/2021-11-simpler-quantum.html
- Quantum Time/Memory/Data Tradeoff Attacks https://eprint.iacr.org/2021/1561

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Trends, Alerts, and Events (other than major breaches):
- Who Is the Network Access Broker ‘Babam'? https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/
- Key Characteristics of Malicious Domains: Report https://www.darkreading.com/threat-intelligence/research-outs-the-providers-more-likely-to-host-malicious-content
- Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months https://threatpost.com/banking-trojan-infections-google-play/176630/
- 4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021 https://thehackernews.com/2021/11/4-android-banking-trojan-campaigns.html
- Malicious Android app steals Malaysian bank credentials, MFA codes https://www.bleepingcomputer.com/news/security/malicious-android-app-steals-malaysian-bank-credentials-mfa-codes/
- Thousands of AT&T customers in the US infected by new data-stealing malware https://arstechnica.com/information-technology/2021/12/thousands-of-att-customers-in-the-us-infected-by-new-data-stealing-malware/
- Zoho: Patch new ManageEngine bug exploited in attacks ASAP https://www.bleepingcomputer.com/news/security/zoho-patch-new-manageengine-bug-exploited-in-attacks-asap/
- Info-Stealer Using webhook.site to Exfiltrate Data, (Wed, Dec 1st) https://isc.sans.edu/diary/rss/28088
- AT&T Takes Steps to Mitigate Botnet Found Inside Its Network https://threatpost.com/att-botnet-network/176711/
- Stealthy ‘WIRTE' Gang Targets Middle Eastern Governments https://threatpost.com/wirte-middle-eastern-governments/176688/
- Malicious Excel XLL add-ins push RedLine password-stealing malware https://www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/
- New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions https://thehackernews.com/2021/12/new-malvertising-campaigns-spreading.html
- Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns https://thehackernews.com/2021/12/researchers-warn-iranian-users-of.html
- Hackers use in-house Zoho ServiceDesk exploit to drop webshells https://www.bleepingcomputer.com/news/security/hackers-use-in-house-zoho-servicedesk-exploit-to-drop-webshells/
- Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks https://www.securityweek.com/recently-patched-apache-http-server-vulnerability-exploited-attacks
- Convincing Microsoft phishing uses fake Office 365 spam alerts https://www.bleepingcomputer.com/news/security/convincing-microsoft-phishing-uses-fake-office-365-spam-alerts/
- Phishing actors start exploiting the Omicron COVID-19 variant https://www.bleepingcomputer.com/news/security/phishing-actors-start-exploiting-the-omicron-covid-19-variant/
Nation State Actors:
- iPhones of US diplomats hacked using “0-click” exploits from embattled NSO https://arstechnica.com/information-technology/2021/12/iphones-of-us-diplomats-hacked-using-0-click-exploits-from-embattled-nso/
- 17 Malware Frameworks Target Air-Gapped Systems for Espionage https://www.securityweek.com/17-malware-frameworks-target-air-gapped-systems-espionage
- North Korean Hackers Group Posed as Samsung Recruiters To Target Security Firms https://gbhackers.com/north-korean-hackers-group-posed-as-samsung-recruiters/
- Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack https://www.microsoft.com/security/blog/2021/12/02/behind-the-unprecedented-effort-to-protect-customers-against-the-nobelium-nation-state-attack/
- APT37 targets journalists with Chinotto multi-platform malware https://www.bleepingcomputer.com/news/security/apt37-targets-journalists-with-chinotto-multi-platform-malware/
- ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks https://threatpost.com/scarcruft-apt-desktop-mobile-attacks/176620/
Crime & Arrests, etc.:
- Peterborough police warn of porch pirates following latest parcel theft https://globalnews.ca/news/8416649/peterborough-parcel-theft/
- Daily Mail claims to have located REvil threat actor wanted by FBI for ‘using ransomware to fleece millions of dollars' from Americans https://www.databreaches.net/daily-mail-claims-to-have-located-revil-threat-actor-wanted-by-fbi-for-using-ransomware-to-fleece-millions-of-dollars-from-americans/
- FBI seized $2.2M from affiliate of REvil, Gandcrab ransomware gangs https://www.databreaches.net/fbi-seized-2-2m-from-affiliate-of-revil-gandcrab-ransomware-gangs/
- Really stupid “smart contract” bug let hackers steal $31 million in digital coin https://arstechnica.com/information-technology/2021/12/hackers-drain-31-million-from-cryptocurrency-service-monox-finance/
- Bitmart hacked; Estimated loss of $200M https://www.databreaches.net/bitmart-hacked-estimated-loss-of-200m/
- Former Ubiquiti employee charged with hacking and extorting company https://www.databreaches.net/former-ubiquiti-employee-charged-with-hacking-and-extorting-company/
- Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill https://www.securityweek.com/iranians-charged-cryptojacking-after-us-firm-gets-760000-cloud-bill
- Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach” https://krebsonsecurity.com/2021/12/ubiquiti-developer-charged-with-extortion-causing-2020-breach/
- Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals https://thehackernews.com/2021/12/russian-man-gets-60-months-jail-for.html
- Two Georgia men sentenced for using Dark Web to steal identities of elderly victims https://www.databreaches.net/two-georgia-men-sentenced-for-using-dark-web-to-steal-identities-of-elderly-victims/
- Fourteen arrested over spate of Los Angeles smash-and-grab raids https://www.bbc.co.uk/news/world-us-canada-59516307

Other Security / Risk

Articles covering other types of risks.

Lloyd's Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/
The big idea: Should we worry about artificial intelligence? https://www.theguardian.com/books/2021/nov/29/the-big-idea-should-we-worry-about-artificial-intelligence
Chinese could hack data for future quantum decryption, report warns https://www.theguardian.com/technology/2021/nov/29/chinese-could-hack-data-for-future-quantum-decryption-report-warns
UK spy boss warns of China 'debt and data traps' https://www.bbc.co.uk/news/uk-59474365
Facebook, now Meta, says China created a fake Swiss scientist to spread conspiracies that the US was falsely blaming it for COVID-19 https://www.businessinsider.com/facebook-meta-china-covid-lies-swiss-wilson-edwards-2021-12
How Cute Cats Help Spread Misinformation Online https://www.nytimes.com/2021/12/01/technology/misinformation-cute-cats-online.html
Facebook's Secret “Dangerous Organizations and Individuals” List Creates Problems for the Company—and Its Users https://www.eff.org/deeplinks/2021/12/facebooks-secret-dangerous-organizations-and-individuals-list-creates-problems
Big Tech ‘Amplification': What Does That Mean? https://www.nytimes.com/2021/12/01/technology/big-tech-amplification.html
The Grinch Bot is Stealing Christmas! https://blog.cloudflare.com/grinch-bot/
Shopify has a ‘textbook pirate' problem, publishers allege https://www.theverge.com/2021/12/1/22812956/shopify-textbook-publishers-lawsuit-piracy-copyright
Microsoft Defender scares admins with Emotet false positives https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Users revolt as Microsoft bolts a short-term financing app onto Edge https://arstechnica.com/information-technology/2021/11/microsoft-plans-to-integrate-a-buy-now-pay-later-app-into-edge/
Microsoft backtracks on Windows 11's controversial default browser changes https://www.theverge.com/2021/12/3/22815209/microsoft-windows-11-default-browser-button-changes
Go read this report on how your next food delivery might be cooked up in a parking lot https://www.theverge.com/2021/11/29/22807607/go-read-ghost-kitchens-uber-eats-doordash
Global maple syrup shortage forces Quebec to release half its strategic reserve https://globalnews.ca/news/8410985/global-maple-syrup-shortage-forces-quebec-to-release-half-its-strategic-reserve/
New Quantum Computing Giant Quantinuum to Launch Cybersecurity Product (other than buzzwords, it's not clear what either of these things have to do with on another) https://www.securityweek.com/new-quantum-computing-giant-quantinuum-launch-cybersecurity-product
Health, Safety & Environment:
- Major Discovery Challenges Decades of Advice to Avoid All Saturated Fats https://www.sciencealert.com/major-discovery-challenges-decades-of-advice-to-avoid-saturated-fats
- We Could Save Up to 12 Million Lives by Retiring This Technology Right Now https://www.sciencealert.com/early-retirement-of-the-world-s-most-polluting-power-stations-could-save-12-million-lives
- Injectable gels could help repair heart tissue and spinal cord injuries https://www.cbc.ca/radio/quirks/gels-for-spinal-injuries-1.6272536
- Experimental Chewing Gum That Traps Virus Particles Could Help Fight COVID-19 https://www.sciencealert.com/experimental-chewing-gum-that-traps-virus-particles-could-help-fight-covid-19
- Scientists Have Finally Discovered Why The Brain Consumes So Much Energy, Even at Rest https://www.sciencealert.com/a-hidden-structure-in-our-neurons-could-explain-why-the-brain-guzzles-so-much-energy
- Adding sound to electric vehicles improves pedestrian safety #ASA181 https://scienmag.com/adding-sound-to-electric-vehicles-improves-pedestrian-safety-asa181/
- Why Do Semi Trucks Have Spikes On Their Wheels? https://www.mentalfloss.com/article/653143/why-semi-trucks-have-spiked-wheels
- Michigan school shooting: Parents of gunman charged with manslaughter https://www.bbc.co.uk/news/world-us-canada-59523682
- Could Malaysian MH370 plane finally be found? https://www.bbc.co.uk/news/business-59517821
- High-Speed Space Junk Risk Forces NASA Astronauts to Abandon Spacewalk https://www.sciencealert.com/nasa-delays-spacewalk-due-to-risk-of-space-junk-hitting-an-astronaut
- Russia pushes the International Space Station away from '90s US rocket debris — the 2nd space-junk scare this week https://www.businessinsider.com/international-space-station-swerves-to-avoid-rocket-debris-2021-12
- From pollutant to product: the companies making stuff from CO2 https://www.theguardian.com/environment/2021/dec/05/carbon-dioxide-co2-capture-utilisation-products-vodka-jet-fuel-protein
- Finally, a Fusion Reaction Has Generated More Energy Than Absorbed by The Fuel https://www.sciencealert.com/for-the-first-time-a-fusion-reaction-has-generated-more-energy-than-absorbed-by-the-fuel
- Ontario's Darlington nuclear plant to receive first new reactor in decades https://globalnews.ca/news/8421411/ontario-darlington-nuclear-new-reactor/
- Battery design breakthrough could make electric cars safer, cheaper and more environmentally sustainable https://www.independent.co.uk/life-style/gadgets-and-tech/battery-zinc-ion-lithium-electric-cars-b1968490.html
- Could Roads Recharge Electric Cars? The Technology May Be Close. https://www.nytimes.com/2021/11/29/technology/electric-cars-magnetic-roads.html
- U.S. Looks to Extract Lithium for Batteries from Geothermal Waste https://www.scientificamerican.com/article/u-s-looks-to-extract-lithium-for-batteries-from-geothermal-waste/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

The spread, curves, spikes, waves, reinfection, and variant strains:
- Ontario reaches 10,000 COVID-related deaths since start of pandemic https://globalnews.ca/news/8409437/ontario-covid-deaths-10000-november-30-cases-coronavirus/
- Ontario reports more than 1,000 new COVID-19 cases for second day straight https://toronto.ctvnews.ca/ontario-reports-more-than-1-000-new-covid-19-cases-for-second-day-straight-1.5693693
- Virus that causes COVID-19 found in Quebec deer https://www.cbc.ca/news/science/covid-white-tailed-deer-quebec-1.6269947
- We Opened the Schools and ... It Was Fine https://www.theatlantic.com/ideas/archive/2021/12/we-opened-schools-and-it-was-fine/620824/
- Why COVID Deaths Have Surpassed AIDS Deaths in the U.S. https://www.scientificamerican.com/article/why-covid-deaths-have-surpassed-aids-deaths-in-the-u-s/
- Omicron Is Here: A Lack of COVID Vaccines Is Partly Why https://www.scientificamerican.com/article/omicron-is-here-a-lack-of-covid-vaccines-is-partly-why1/
- Omicron variant prompts emergency G7 health meeting, including Canada https://globalnews.ca/news/8410488/omicron-variant-canada-g7-meeting/
- Why Didn't the U.S. Detect Omicron Cases Sooner? https://www.nytimes.com/2021/12/02/health/coronavirus-omicron-genetic-surveillance.html
- Omicron COVID-19 variant poses ‘very high' global risk, WHO warns https://globalnews.ca/news/8409443/omicron-covid-19-variant-very-high-global-risk-who/
- A corporate Christmas party turned into the biggest Omicron 'super spreader event' outside South Africa, with up to 60 people infected https://www.businessinsider.com/christmas-party-norway-turned-omicron-super-spreader-event-2021-12
- All 53,000 attendees of Anime NYC urged to get tested after one got Omicron https://www.theverge.com/22814974/anime-nyc-omicron-case-coronavirus-covid-19-superspreader
- The Omicron variant has landed in the US: California just reported its first case https://www.businessinsider.com/omicron-covid-variant-first-case-reported-in-us-2021-12
- Thirteen Belenenses players test positive for Omicron Covid variant - accounting for every case in Portugal https://www.bbc.co.uk/sport/football/59465983
Guidance, Response, and Recovery:
- Unvaccinated? Starting today you won't be able to board a plane, train in Canada https://globalnews.ca/news/8413040/covid-vaccine-requirement-canada-travel/
- Feds reinstating foreign air travel testing, reviewing booster strategy in light of Omicron https://www.ctvnews.ca/health/coronavirus/feds-reinstating-foreign-air-travel-testing-reviewing-booster-strategy-in-light-of-omicron-1.5687538
- Frustration emerges over new COVID-19 related travel rules https://globalnews.ca/news/8427063/frustration-covid-19-travel-rules/
- New COVID-19 testing rules could cause ‘chaos' at Canadian airports: industry groups https://globalnews.ca/news/8419477/covid-19-testing-canadian-airports-chaos/
- CBSA reminds travellers to use mandatory ArriveCAN app when entering Canada https://globalnews.ca/news/8422052/cbsa-arrivecan-canada/
- Two week quarantine imposed on Ontario woman after day trip to Buffalo https://toronto.ctvnews.ca/two-week-quarantine-imposed-on-ontario-woman-after-day-trip-to-buffalo-1.5691904
- Germany is imposing a COVID-19 lockdown for unvaccinated people only https://www.businessinsider.com/germany-announces-lockdown-unvaccinated-covid-19-2021-12
- Omicron variant: No need for wider travel restrictions at this time, Biden says https://globalnews.ca/news/8410437/omicron-variant-biden-us-canada-travel/
Immunity and Vaccinations:
- Boosters or global vaccine sharing? Canada can do both amid Omicron: experts https://globalnews.ca/news/8410578/canada-booster-global-vaccine-sharing-omicron/
- Ontario may expand third COVID-19 vaccine dose eligibility this week, health minister says https://toronto.ctvnews.ca/ontario-may-expand-third-covid-19-vaccine-dose-eligibility-this-week-health-minister-says-1.5685808
- Some sailors are getting vaccinated multiple times in an attempt to comply with the different COVID-19 regulations at ports around the world https://www.businessinsider.com/seafarers-taking-repeat-vaccinations-omicron-spooks-supply-chains-2021-12
- N.S. offering unvaccinated health staff a one-dose Janssen COVID-19 shot https://globalnews.ca/news/8410099/ns-healthcare-workers-janssen-covid-19-vaccine/
- Things we learned:
- Study on over a million people shows breakthrough COVID-19 infections occur more often and are more severe in immunocompromised https://scienmag.com/study-on-over-a-million-people-shows-breakthrough-covid-19-infections-occur-more-often-and-are-more-severe-in-immunocompromised/
- Covid: Trigger of rare blood clots with AstraZeneca jab found by scientists https://www.bbc.co.uk/news/health-59418123

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

You Could Spend the Night in the Home Alone House for Just $25 https://www.mentalfloss.com/article/653086/home-alone-house-chicago-airbnb
AI Is Discovering Patterns in Pure Mathematics That Have Never Been Seen Before https://www.sciencealert.com/ai-is-discovering-patterns-in-pure-mathematics-that-have-never-been-seen-before
Bizarre Creatures Are World's First Self-Replicating 'Living Robots', Scientists Say https://www.sciencealert.com/world-s-first-self-replicating-living-robots-look-like-pac-man-but-are-much-weirder
Scientists claim big advance in using DNA to store data https://www.bbc.co.uk/news/science-environment-59489560
Physicists Detect Elusive 'Ghost Particles' in The LHC For The Very First Time https://www.sciencealert.com/for-the-first-time-neutrinos-may-have-been-detected-at-the-large-hadron-collider
NASA funds three companies to develop commercial space stations https://www.theverge.com/2021/12/3/22815695/nasa-space-act-award-recipients-commercial-space-development
SpinLaunch hurls satellites into space using a spinning machine https://bigthink.com/the-future/spinlaunch-company-hurls-satellites-into-space-using-giant-spinning-machine/
New study shows the largest comet ever observed was active at near-record distance https://scienmag.com/new-study-shows-the-largest-comet-ever-observed-was-active-at-near-record-distance/
A superhot superdense superfast mini-Earth… and it's practically next door https://www.syfy.com/syfy-wire/bad-astronomy-exoplanet-gj-367b-is-nearly-all-iron-and-extremely-hot
How massive is the Milky Way? https://www.syfy.com/syfy-wire/bad-astronomy-the-milky-way-galaxys-mass-has-been-measured
2021 Hubble Space Telescope Advent Calendar https://www.theatlantic.com/photo/2021/12/2021-hubble-space-telescope-advent-calendar/620865/

previous

This Week's [in]Security - Issue 243

next