Welcome to This Week’s [in]Security. PCI and payments: PCI updates: FAQ, HSM. Magecart, Sportsgear, ATMs, PAX. Supply-Chain Backdoors: Log4J/Log4shell continues! Underfunding! New breaches: Scraping, Finite Recruitment, ProTemps, GumTree. New Ransomware: Kronos, Virginia, logistics, medical. Major outages: AWS. Follow-ups & Fall-out: schools, delays, Desjardins settles. Privacy: Staying signed in. Laws & Regs - Canada: Repair, Harms. US: Data Protection, National Security, Chinese Tech, Takedowns. World: trade disputes, Japan, UK, EU. Standards: NIST drafts. Defense: Webinars, bans, Bug bounties, Internet Hall-of-Fame. Vulnerabilities, Zerodays. Other Vulnerabilities: chips, Ubuntu, Dell, Firefox, Adobe, Apple, Chrome, and MS. ECDSA keys. Cybercrime: Trends, log-ins, Contact Forms, Anubis, Seedworm. Nation States. NSO, Huawei, Nobelium. Crime & Enforcement. Obit pirates, Arrests, Assassins. Other Risks: Data life cycles, AI diagnosis, Shadows, Printers, virtual assault, crypto currency. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Impact; Covid Ugly; And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:

  • FAQ #1091 has been updated again https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-are-acceptable-formats-for-truncation-of-primary-account-numbers
  • PCI Security Standards Council Updates PTS Hardware Security Module Standard v4.0 https://www.pcisecuritystandards.org/documents/PCI_HSM_Security_Requirements_v4.pdf
  • Q&A with Ralph Spencer Poore https://blog.pcisecuritystandards.org/q-and-a-with-ralph-spencer-poore
• Sites hacked with credit card stealers undetected for months https://www.bleepingcomputer.com/news/security/sites-hacked-with-credit-card-stealers-undetected-for-months/
• Credit card info of 1.8 million people stolen from sports gear sites https://www.bleepingcomputer.com/news/security/credit-card-info-of-18-million-people-stolen-from-sports-gear-sites/
• Visa Warns of Dishonest 'Cashless ATM' Schemes https://www.pymnts.com/news/security-and-risk/2021/visa-warns-of-dishonest-cashless-atm-schemes/
• PAX announces results of investigation on network communications of PAX terminals conducted by Palo Alto finds no issues (we do not expect this is the end of the story) https://www.paxtechnology.com/blog/independent-investigation-on-network-communications-of-pax-terminals
• Rethinking paying with plastic https://www.mastercard.com/news/perspectives/2021/sustainable-card-recyclable-plastic-bioplastic-ocean-waste/
• SWIFT Outlines Strategies for Global Adoption of Frictionless Transactions in 2022 https://www.pymnts.com/news/cross-border-commerce/cross-border-payments/2021/swift-outlines-strategies-global-adoption-frictionless-transactions-2022/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major attacks, supply-chain compromises and widely used backdoors:

  • Addressing Log4Shell https://staging.controlgap.com/blog/Addressing-Log4Shell
  • As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others https://www.theregister.com/2021/12/15/log4j_latest_cisa/
  • Log4j: List of vulnerable products and vendor advisories https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/
  • On the Log4j Vulnerability https://www.schneier.com/blog/archives/2021/12/on-the-log4j-vulnerability.html
  • More Log4j News https://www.schneier.com/blog/archives/2021/12/more-log4j-news.html
  • Apache Log4j Vulnerability https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html
  • Log4J and patch Tuesday https://krebsonsecurity.com/2021/12/microsoft-patch-tuesday-december-2021-edition/
  • Log4j Vulnerability Causes Nearly 900K Cyberattacks in Four Days https://www.pymnts.com/news/security-and-risk/2021/log4j-vulnerability-causes-nearly-900000-cyberattacks-four-days/
  • As Log4Shell wreaks havoc, payroll service reports ransomware attack https://arstechnica.com/information-technology/2021/12/as-log4shell-wreaks-havoc-payroll-service-reports-ransomware-attack/
  • Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html
  • Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html
  • Industrial Organizations Targeted in Log4Shell Attacks https://www.securityweek.com/industrial-organizations-targeted-log4shell-attacks
  • Log4j vulnerability now used by state-backed hackers, access brokers https://www.bleepingcomputer.com/news/security/log4j-vulnerability-now-used-by-state-backed-hackers-access-brokers/
  • Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks https://www.securityweek.com/ransomware-trojans-ddos-malware-and-crypto-miners-delivered-log4shell-attacks
  • Relentless Log4j Attacks Include State Actors, Possible Worm https://threatpost.com/log4j-attacks-state-actors-worm/177088/
  • Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16 https://www.theregister.com/2021/12/14/apache_log4j_2_16_jndi_disabled/
  • Apache's Fix for Log4Shell Can Lead to DoS Attacks https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/
  • Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html
  • Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability https://thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html
  • How to Buy Precious Patching Time as Log4j Exploits Fly https://threatpost.com/patching-time-log4j-exploits-vaccine/177017/
  • Log4Shell: 5 Steps The OT Community Should Take Right Now https://www.tenable.com/blog/log4shell-5-steps-the-ot-community-should-take-right-now
  • Log4J and open source exploitation https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/
  • The internet runs on free open-source software. Who pays to fix it? https://www.technologyreview.com/2021/12/17/1042692/log4j-internet-open-source-hacking/

• New Breaches:

  • When is a Scrape a Breach? https://www.troyhunt.com/when-is-a-scrape-a-breach/
  • Coles, Westpac, AMP and Department of Defence caught up in ‘significant' data breach of Finite Recruitment https://www.databreaches.net/coles-westpac-amp-and-department-of-defence-caught-up-in-significant-data-breach-of-finite-recruitment/
  • Protemps - 49,591 breached accounts https://haveibeenpwned.com/PwnedWebsites#Protemps
  • US federal agency compromised in suspected APT attack https://www.databreaches.net/us-federal-agency-compromised-in-suspected-apt-attack/
  • Gumtree classifieds site leaked personal info via the F12 key https://www.databreaches.net/gumtree-classifieds-site-leaked-personal-info-via-the-f12-key/
  • Woman finds medical records stacked next to recycling bin in Sharpstown neighborhood https://www.databreaches.net/woman-finds-medical-records-stacked-next-to-recycling-bin-in-sharpstown-neighborhood/

• New Ransomware and "Incidents":

  • Timekeeping biz Kronos hit by ransomware and warns customers to engage biz continuity plans https://www.theregister.com/2021/12/13/ultimate_kronos_group_ransomware_attack/
  • Officials: Virginia IT agency hit with ransomware attack https://www.databreaches.net/officials-virginia-it-agency-hit-with-ransomware-attack/
  • Logistics Firm Hellmann Scrambling to Recover From Cyberattack https://www.securityweek.com/logistics-firm-hellmann-scrambling-recover-cyberattack
  • Propane Gas Distributor Hit With Ransomware https://www.darkreading.com/attacks-breaches/propane-distributor-hit-with-ransomware
  • Oregon anesthesiology group notifies 750,000 about ransomware incident; FBI seized threat actors' account with their files https://www.databreaches.net/oregon-anesthesiology-group-notifies-750000-about-ransomware-incident-fbi-seized-threat-actors-account-with-their-files/

• Major outages/downs:

  • AWS down again, outage impacts Twitch, Zoom, PSN, Hulu, others https://www.bleepingcomputer.com/news/technology/aws-down-again-outage-impacts-twitch-zoom-psn-hulu-others/

• Follow-ups and fall-out:

  • US schools leaked 28.6 million records in 1,851 data breaches since 2005 https://www.databreaches.net/us-schools-leaked-28-6-million-records-in-1851-data-breaches-since-2005/
  • Za: Standard Bank on delay in telling public about data breach: ‘We complied with the law' https://www.databreaches.net/za-standard-bank-on-delay-in-telling-public-about-data-breach-we-complied-with-the-law/
  • Desjardins reaches $200M class action settlement in wake of data breach https://www.databreaches.net/desjardins-reaches-200m-class-action-settlement-in-wake-of-data-breach/

Privacy

Articles about privacy related news, risks, and trends.

• Staying signed in by default to email services poses serious privacy concerns for users accessing their email on a public or shared computer, Yahoo/Rogers & PIPEDA  https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2021/pipeda-2021-005/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 112: Aaron Perzanowski on the Right to Repair https://www.michaelgeist.ca/2021/12/law-bytes-podcast-episode-112/
  • The (Still Secret) Online Harms Consultation: What the Government Heard, Part One https://www.michaelgeist.ca/2021/12/the-still-secret-online-harms-consultation-what-the-government-heard-part-one/

• US:

  • Ground Labs Research Reveals 71% of American Consumers are Unaware of Data Protection Laws https://www.darkreading.com/risk/ground-labs-research-reveals-71-of-american-consumers-are-unaware-of-data-protection-laws
  • Why Classifying Ransomware as a National Security Threat Matters https://www.darkreading.com/dr-tech/why-classifying-ransomware-as-a-national-security-threat-matters
  • The US will put 8 more Chinese companies including dronemaker DJI on an investment blacklist, report says https://markets.businessinsider.com/news/stocks/us-blacklist-chinese-companies-uyghur-muslim-minority-biotech-dji-biden-2021-12
  • This Is Not the Privacy Bill You're Looking For https://www.eff.org/deeplinks/2021/12/not-privacy-bill-youre-looking
  • Takedown notices are threatening online thrift shops — just as business is exploding https://www.theverge.com/2021/12/13/22826114/takedown-notices-online-thrift-shops-copyright-trademark
  • EFF to Court: Deny Foreign Sovereign Immunity to DarkMatter for Hacking Journalist https://www.eff.org/deeplinks/2021/12/eff-court-deny-foreign-sovereign-immunity-darkmatter-hacking-journalist
  • JPMorgan hit with $200 million in fines for letting employees use WhatsApp to evade regulators’ reach https://www.cnbc.com/2021/12/17/jpmorgan-agrees-to-125-million-fine-for-letting-employees-use-whatsapp-to-evade-regulators.html

• World:

  • Should Have Seen This Coming: U.S. Raises Prospect of Retaliation Over Canada's Digital Services Tax Plans https://www.michaelgeist.ca/2021/12/should-have-seen-this-coming-u-s-raises-prospect-of-retaliation-over-canadas-digital-services-tax-plans/
  • Canada Threatens to Delay Copyright Term Extension in Response to U.S. Electronic Vehicle Tax Credit Plan https://www.michaelgeist.ca/2021/12/canada-threatens-to-delay-copyright-term-extension-in-response-to-u-s-electronic-vehicle-tax-credit-plan/
  • Japan draws a LINE: web giants must reveal where they store user data https://www.theregister.com/2021/12/16/japan_data_location_requirement/
  • Big Tech firms could face criminal sanctions if they don't police unsolicited dick pics https://www.businessinsider.com/unsolicited-dick-pics-illegal-online-safety-bill-2021-12
  • Grindr fined £5.5m for sharing users' data https://www.bbc.co.uk/news/technology-59651703
  • EU's Digital Identity Framework Endangers Browser Security https://www.eff.org/deeplinks/2021/12/eus-digital-identity-framework-endangers-browser-security

• Standards News:

  • NIST has released three draft items related to the Workforce Framework for Cybersecurity open for comment until January 31 https://www.nist.gov/system/files/documents/2021/12/15/NFupdateprocess_summary14dec2021_clean.pdf, https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8355-draft2.pdf, and https://www.nist.gov/system/files/documents/2021/12/15/NICEabiliitystatements_refactored_15dec2021.xlsx

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars, Virtual Events, and other training related:

  • Join NIST and our co-host, Tetrate, for our third annual all-virtual Multi-Cloud Conference on January 27, 2022 from 11:00 AM – 5:00 https://www.nist.gov/news-events/events/2022/01/zta-and-devsecops-cloud-native-applications-virtual
  • Join NIST's NCCoE for an Interactive Virtual Workshop on the Cybersecurity of Genomic Data on January 26, 2022, from 11:00 AM – 4:30 PM https://www.nccoe.nist.gov/get-involved/attend-events/nccoe-virtual-workshop-cybersecurity-genomic-data
• DtSR Episode 479 - Productivity of Jump Boxes and Bastion Hosts http://podcast.wh1t3rabbit.net/dtsr-episode-479-productivity-of-jump-boxes-and-bastion-hosts
• Microsoft rolls out end-to-end encryption for Teams calls https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-end-to-end-encryption-for-teams-calls/
• Empowering the next generation of Android Application Security Researchers https://security.googleblog.com/2021/12/empowering-next-generation-of-android.html
• Facebook Bans 7 'Cyber Mercenary' Companies for Spying on 50,000 Users https://thehackernews.com/2021/12/facebook-bans-7-cyber-mercenaries.html
• Bug-Bounty Programs Shift Focus to Most Critical Flaws https://www.darkreading.com/application-security/bug-bounty-programs-shift-focus-to-most-critical-flaws
• DHS announces 'Hack DHS' bug bounty program for vetted researchers https://www.bleepingcomputer.com/news/security/dhs-announces-hack-dhs-bug-bounty-program-for-vetted-researchers/
• Facebook expands bug bounty program to include scraping attacks, two years after it was scraped – hard https://www.theregister.com/2021/12/16/facebook_scraping_bug_bounties/
• Dan Kaminsky Inducted into Internet Hall of Fame https://www.securityweek.com/dan-kaminsky-inducted-internet-hall-fame

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Other Zero-day news:

  • Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery https://threatpost.com/exploited-microsoft-zero-day-spoofing-malware/177045/

• Other Vulnerabilities:

  • Bugs in billions of WiFi, Bluetooth chips allow password, data theft https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/
  • Attackers can get root by crashing Ubuntu's AccountsService https://www.bleepingcomputer.com/news/security/attackers-can-get-root-by-crashing-ubuntu-s-accountsservice/
  • Dell driver fix still allows Windows Kernel-level attacks https://www.bleepingcomputer.com/news/security/dell-driver-fix-still-allows-windows-kernel-level-attacks/
  • Firefox users can't reach Microsoft.com — here's what to do https://www.bleepingcomputer.com/news/security/firefox-users-cant-reach-microsoftcom-heres-what-to-do/
  • Adobe Joins Security Patch Tuesday Frenzy https://www.securityweek.com/adobe-joins-security-patch-tuesday-frenzy
  • Apple Patches Vulnerabilities That Earned Hackers $600,000 at Chinese Contest https://www.securityweek.com/apple-patches-vulnerabilities-earned-hackers-500000-chinese-contest
  • Google pushes emergency Chrome update to fix zero-day used in attacks https://www.bleepingcomputer.com/news/security/google-pushes-emergency-chrome-update-to-fix-zero-day-used-in-attacks/
  • Microsoft & Adobe Patch Tuesday (December 2021) – Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical. https://blog.qualys.com/vulnerabilities-threat-research/2021/12/14/microsoft-adobe-patch-tuesday-december-2021-microsoft-83-vulnerabilities-with-7-critical-1-actively-exploited-adobe-60-vulnerabilities-28-critical
  • Microsoft fixes bug blocking Defender for Endpoint on Windows Server https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-blocking-defender-for-endpoint-on-windows-server/
  • Who me: Ooh, an update. Let's install it. What could possibly go wrong https://www.theregister.com/2021/12/13/who_me/
  • Alpha-Rays: Key Extraction Attacks on Threshold ECDSA Implementations, by Dmytro Tymokhanov and Omer Shlomovits https://eprint.iacr.org/2021/1621

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • New research reveals that one third of all log-in attempts on eCommerce sites are malicious https://www.imperva.com/blog/new-research-reveals-that-one-third-of-all-log-in-attempts-on-ecommerce-sites-are-malicious/
  • How the "Contact Forms" campaign tricks people, (Thu, Dec 16th) https://isc.sans.edu/diary/rss/28142
  • Hackers steal Microsoft Exchange credentials using IIS module https://www.bleepingcomputer.com/news/security/hackers-steal-microsoft-exchange-credentials-using-iis-module/
  • 400 Banks' Customers Targeted with Anubis Trojan https://threatpost.com/400-banks-targeted-anubis-trojan/177038/
  • Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan https://thehackernews.com/2021/12/microsoft-details-building-blocks-of.html
  • ‘Seedworm' Attackers Target Telcos in Asia, Middle East https://threatpost.com/seedworm-attackers-telcos-asia-middle-east/176992/
  • Malicious PyPI packages with over 10,000 downloads taken down https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-with-over-10-000-downloads-taken-down/
  • Phishing campaign uses PowerPoint macros to drop Agent Tesla https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-powerpoint-macros-to-drop-agent-tesla/
  • Simple but Undetected PowerShell Backdoor, (Wed, Dec 15th) https://isc.sans.edu/diary/rss/28138
  • Threat actors pose as pharmacists, get business associates to send them patient records https://www.databreaches.net/threat-actors-pose-as-pharmacists-get-business-associates-to-send-them-patient-records/
  • Indian PM's Twitter Hacked Again by Crypto Scammers https://www.securityweek.com/indian-pms-twitter-hacked-again-crypto-scammers

• Nation State Actors:

  • Google warns that NSO hacking is on par with elite nation-state spies https://arstechnica.com/information-technology/2021/12/google-warns-that-nso-hacking-is-on-par-with-elite-nation-state-spies/
  • US distrust of Huawei linked in part to malicious software update in 2012 https://www.theregister.com/2021/12/18/us_huawei_malware/
  • A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
  • Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
  • The final report on NOBELIUM's unprecedented nation-state attack https://www.microsoft.com/security/blog/2021/12/15/the-final-report-on-nobeliums-unprecedented-nation-state-attack/

• Crime & Arrests, etc.:

  • 'A strange and sad game of whack a mole': Ontario agency calls out 'obituary pirates' https://toronto.ctvnews.ca/a-strange-and-sad-game-of-whack-a-mole-ontario-agency-calls-out-obituary-pirates-1.5707542
  • CA: Man Charged With Hacking Student Accounts, Interrupting High School Classes https://www.databreaches.net/ca-man-charged-with-hacking-student-accounts-interrupting-high-school-classes/
  • Arrest in Romania of a ransomware affiliate scavenging for sensitive data https://www.databreaches.net/arrest-in-romania-of-a-ransomware-affiliate-scavenging-for-sensitive-data/
  • Ukraine arrests 51 for selling data of 300 million people in US, EU https://www.databreaches.net/ukraine-arrests-51-for-selling-data-of-300-million-people-in-us-eu/
  • Germany Jails Operators of 'Cyberbunker' Darknet Hub https://www.securityweek.com/germany-jails-operators-cyberbunker-darknet-hub
  • Meet the man who accidentally started an assassin hiring website https://www.theguardian.com/lifeandstyle/2021/dec/17/bob-innes-rent-a-hitman-assassin-services-website
  • FL: Detectives discover child porn on suspect's computer during Polk State College data breach investigation https://www.databreaches.net/fl-detectives-discover-child-porn-on-suspects-computer-during-polk-state-college-data-breach-investigation/
  • IP-Stealing Artist Gets Burned by His Own Game as Cyber-Sleuths Pirate ‘MetaBirkin' NFTs https://www.pymnts.com/nfts/2021/ip-stealing-artist-gets-burned-by-his-own-game-as-cyber-sleuths-pirate-metabirkin-nfts/

Other Security / Risk

Articles covering other types of risks.

• Google's Manifest V3 Still Hurts Privacy, Security, and Innovation https://www.eff.org/deeplinks/2021/12/googles-manifest-v3-still-hurts-privacy-security-innovation
• Is Data Security Worthless if the Data Life Cycle Lacks Clarity? https://www.darkreading.com/risk/is-data-security-worthless-if-the-data-lifecycle-lacks-clarity-
• Algorithms that detect cancer can be fooled by hacked images https://www.theverge.com/2021/12/14/22831966/hackers-mammogram-ai-cancer-fake-images
• The Other Type of Shadow IT https://blog.isc2.org/isc2_blog/2021/12/the-other-type-of-shadow-it.html
• It's Your Printer's Fault https://www.nytimes.com/2021/12/16/technology/printer-router-modem-consumer-electronics.html
• Meta launched an investigation after a woman said she was groped by a stranger in the metaverse https://www.businessinsider.com/meta-investigated-woman-claims-she-was-groped-in-metas-metaverse-2021-12
• 90% of all bitcoins have now been mined — but the remaining 10% will take over 100 years to reach open market https://markets.businessinsider.com/news/currencies/bitcoin-price-outlook-90-percent-supply-mined-open-market-btc-miners-blockchain
• The Stablecoin Problem https://www.pymnts.com/cryptocurrency/2021/the-stablecoin-problem/
• Car involved in Niagara Falls rescue attempt has gone over the brink https://toronto.ctvnews.ca/car-involved-in-niagara-falls-rescue-attempt-has-gone-over-the-brink-1.5705701
• Thousands of JFK assassination documents have just been made public https://www.businessinsider.com/jfk-assassination-documents-released-to-public-2021-12

• Health, Safety & Environment:

  • Waiting 60 Seconds Before Cutting The Umbilical Cord Can Save Lives, Study Finds https://www.sciencealert.com/waiting-60-seconds-to-cut-umbilical-cords-is-a-life-saving-decision-for-premature-babies-study-finds
  • Alzheimer's drug aducanumab not approved for use in EU https://www.bbc.co.uk/news/health-59699907
  • Massive cost, meager benefit https://scienmag.com/massive-cost-meager-benefit/
  • New Maze-Like Surface Kills Bacteria in 2 Minutes: 120x Faster Than Normal Copper https://www.sciencealert.com/new-copper-surface-kills-bacteria-in-2-minutes-120x-faster-than-normal-copper
  • Carbon Monoxide From Generators Poisons Thousands of People a Year. The U.S. Has Failed to Force Safety Changes. https://www.propublica.org/article/carbon-monoxide-from-generators-poisons-thousands-of-people-a-year-the-u-s-has-failed-to-force-safety-changes#1203690
  • ‘Anti-5G' necklaces are radioactive and dangerous, Dutch nuclear experts say https://www.theguardian.com/technology/2021/dec/17/anti-5g-necklaces-radioactive-dutch-nuclear-experts-quantum-pendants
  • Amazon driver was warned she'd be fired for returning with packages during a tornado https://www.theverge.com/2021/12/17/22841667/amazon-delivery-driver-illinois-tornado-warehouse-destruction
  • Altered carbon: A carbon-air battery as a next-generation energy storage system https://scienmag.com/altered-carbon-a-carbon-air-battery-as-a-next-generation-energy-storage-system/
  • Plastic-degrading enzymes increasing in correlation with pollution https://scienmag.com/plastic-degrading-enzymes-increasing-in-correlation-with-pollution/
  • Quad-State Tornado May Be Longest-Lasting Ever https://www.scientificamerican.com/article/quad-state-tornado-may-be-longest-lasting-ever/
  • Survivors of deadly tornadoes may go weeks without heat, water, electricity, Kentucky officials say https://www.cbc.ca/news/world/tornado-kentucky-storm-dec13-2021-1.6283500

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • New York reports 21,027 new COVID-19 cases in a single day, the highest the state has ever recorded https://www.businessinsider.com/new-york-state-covid-19-record-breaking-daily-cases-2021-12
  • Ontario reports highest case count since April with 4,177 new infections, two deaths https://toronto.ctvnews.ca/ontario-reports-highest-case-count-since-april-with-4-177-new-infections-two-deaths-1.5713354
  • Provinces break COVID-19 case records as new restrictions set in https://globalnews.ca/news/8461897/canada-covid-19-cases-dec-19/
  • Ontario could see 10,000 new COVID-19 cases daily by Dec. 31 as Omicron variant takes over, science table head says https://toronto.ctvnews.ca/ontario-could-see-10-000-new-covid-19-cases-daily-by-dec-31-as-omicron-variant-takes-over-science-table-head-says-1.5708496
  • Omicron symptoms: Is a runny nose a cold or Covid? https://www.bbc.co.uk/news/health-54145299
  • Don't Be Surprised When You Get Omicron https://www.theatlantic.com/health/archive/2021/12/omicron-breakthrough-vaccine-testing/621014/
  • 800,000 Deaths https://www.theatlantic.com/ideas/archive/2021/12/america-800000-dead-covid-19/620997/

• Guidance, Response, and Recovery:

  • COVID-related travel insurance not guaranteed for trips abroad: specialist https://globalnews.ca/news/8457439/omicron-covid-international-travel-insurance/
  • Quebec, Ontario, P.E.I., introduce new measures to slow Omicron spread https://globalnews.ca/news/8452182/quebec-ontario-p-e-i-omicron-spread/
  • Ontario entertainment venues slash capacity over COVID-19 resurgence https://globalnews.ca/news/8458364/ontario-entertainment-venues-slash-capacity-covid-resurgence/
  • City of Toronto extends mandatory mask bylaw to April 2022 amid rise in COVID cases https://globalnews.ca/news/8452951/toronto-mask-bylaw-covid-extension-april-2022/
  • Vaccinated close contacts of COVID-19 cases should self-isolate but province needs 'backup' plan for health-care workers: Moore https://toronto.ctvnews.ca/vaccinated-close-contacts-of-covid-19-cases-should-self-isolate-but-province-needs-backup-plan-for-health-care-workers-moore-1.5707532
  • Ontario runs out of COVID-19 rapid tests handed out at LCBO retailers in less than a day https://toronto.ctvnews.ca/ontario-runs-out-of-covid-19-rapid-tests-handed-out-at-lcbo-retailers-in-less-than-a-day-1.5712839
  • Dalhousie University, King's to begin winter semester online as COVID-19 spreads in N.S. https://globalnews.ca/news/8459971/dal-kings-online-winter-term-covid-19/
  • UK removes all 11 countries from red list https://www.bbc.co.uk/news/business-59653236
  • British people have cancelled restaurant bookings and parties in a desperate attempt to keep Christmas with family https://www.businessinsider.com/brits-cancel-bookings-to-avoid-pandemic-restrictions-before-christmas-2021-12

• Treatments, Testing, Triage, Trials, and things we Learned:

  • High pressure (hyperbaric) oxygen resolves severe COVID-19 breathing difficulties faster than standard therapy https://scienmag.com/high-pressure-hyperbaric-oxygen-resolves-severe-covid-19-breathing-difficulties-faster-than-standard-therapy/

• Immunity and Vaccinations:

  • Ontario expands eligibility for COVID-19 booster shots, cuts capacity limits in some indoor spaces https://toronto.ctvnews.ca/ontario-expands-eligibility-for-covid-19-booster-shots-cuts-capacity-limits-in-some-indoor-spaces-1.5708047
  • This is what it could look like to produce a vaccine that works on all COVID-19 variants https://www.cbc.ca/news/health/operation-warp-speed-vaccines-covid-1.6284038
  • Africa might hit 70% COVID-19 vaccination goal in late 2024, WHO warns https://globalnews.ca/news/8449134/africa-covid-19-vaccination-2024-who/
  • Things we learned:
  • Why Is Omicron So Contagious? https://www.scientificamerican.com/article/why-is-omicron-so-contagious/
  • Omicron variant multiplies 70 times faster in airways than Delta: study https://globalnews.ca/news/8455426/omicron-variant-multiplies-70-times-faster-airways/
  • Scientists develop an RNA-based breath test to detect COVID-19 https://scienmag.com/scientists-develop-an-rna-based-breath-test-to-detect-covid-19/

• Impact:

  • Omicron may cause 100,000 cancelled operations in England this winter https://scienmag.com/omicron-may-cause-100000-cancelled-operations-in-england-this-winter/

• More of the good, the bad, and the ugly:

  • The great COVID-19 infodemic: How disinformation networks are radicalizing Canadians https://globalnews.ca/news/8450263/infodemic-covid-19-disinformation-canada-pandemic/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• It's Official: With 1306 Legs, This Millipede Has the Most of Any Animal https://www.mentalfloss.com/article/653618/1306-legged-millipede-has-most-legs-of-any-animal
• An Ancient Greek Astronomical Calculation Machine Reveals New Secrets https://www.scientificamerican.com/article/an-ancient-greek-astronomical-calculation-machine-reveals-new-secrets/
• This Robot Learned to Solve a Maze Using Mammal-Like 'Brain' Circuits For Memory https://www.sciencealert.com/a-human-like-brain-is-helping-robots-escape-from-mazes
• Magnetic ‘hedgehogs' could store big data in a small space https://scienmag.com/magnetic-hedgehogs-could-store-big-data-in-a-small-space/
• Astronomers See a Star Crash Through the Planetary Disk of Another Star https://www.universetoday.com/153706/astronomers-see-a-star-crash-through-the-planetary-disk-of-another-star/
• This Incredible Photo of the Sun is Made up of 150,000 Individual Photographs https://www.universetoday.com/153683/this-incredible-photo-of-the-sun-is-made-up-of-150000-individual-photographs/