Welcome to This Week’s [in]Security. PCI and payments: PCI SSF Web, ATM rootkit, Bitcoin ATMs. Training & events. New breaches: more Samsung, TransUnion, Bridgestone, Texas. New Ransomware: avoslocker, decryptor, more Conti. Major outages: Israel. Follow-ups & Fall-out. Privacy: Laws & Regs - Canada: Privacy and Mobility. US: New reporting, DHS, FTC, exam cheats. World: Cyber convention, crypto wars, ICO sued. Standards: new NIST. Defense. passwordless, deepfakes, red/purple teams, dev tools. Vulnerabilities, Other Vulnerabilities: SATCOM, Human factors, Bandaids, BIND, Dirty Pipe. HTMLtoPDF, TLS rollback. Patching: Spectre, OpenSSL. Crypto-research: RSA keys. Cybercrime: Trends: Captchas, Blink, DirtyMoe, B1txor20, Gh0stCringe. Nation States and mercenaries: Alerts. China, Russia. Crime & Enforcement: theft, scams, convictions. Other Risks: Street signs, Splinternet, forgery, Disinformation, Brazil. Health, Safety & Environment. Permanent DST? Russia v. Ukraine. Innovation and more. New qubits.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Request for Comments: Web Software Module for the PCI Secure Software Standard https://blog.pcisecuritystandards.org/request-for-comments-web-software-module-for-the-pci-secure-software-standard
• New Unix rootkit used to steal ATM banking data https://www.bleepingcomputer.com/news/security/new-unix-rootkit-used-to-steal-atm-banking-data/
• Bitcoin Cash Machines Ordered To Shut Down In UK https://packetstormsecurity.com/news/view/33206/Bitcoin-Cash-Machines-Ordered-To-Shut-Down-In-UK.html

• Educational events, webinars, courses, etc:

  • Security course at Cambridge https://www.lightbluetouchpaper.org/2022/03/18/security-course-at-cambridge/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Thousands of Secret Keys Found in Leaked Samsung Source Code https://www.securityweek.com/thousands-secret-keys-found-leaked-samsung-source-code
  • TransUnion Confirms Data Breach at South Africa Business https://www.securityweek.com/transunion-confirms-data-breach-south-africa-business
  • Ransomware Gang Threatens to Leak Files Stolen From Tire Giant Bridgestone https://www.securityweek.com/ransomware-gang-threatens-leak-files-stolen-tire-giant-bridgestone
  • SAP community website leaks member data to savvy users https://www.theregister.com/2022/03/18/sap_customer_influence_leak/
  • Misconfigured Firebase Databases Exposing Data In Mobile Apps https://packetstormsecurity.com/news/view/33225/Misconfigured-Firebase-Databases-Exposing-Data-In-Mobile-Apps.html
  • State Bar Breach Exposed Thousands More Confidential Records Than Original Estimates, Investigation Shows https://www.databreaches.net/state-bar-breach-exposed-thousands-more-confidential-records-than-original-estimates-investigation-shows/
  • 1 Million Texans Potentially Impacted By Dental Care Data Breach https://www.databreaches.net/1-million-texans-potentially-impacted-by-dental-care-data-breach/
  • Health insurance: Data of more than 500,000 people stolen in France https://www.databreaches.net/health-insurance-data-of-more-than-500000-people-stolen-in-france/

• New Ransomware and "Incidents":

  • Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021 https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html
  • FBI: Avoslocker ransomware targets US critical infrastructure https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/
  • Free decryptor released for TrickBot gang's Diavol ransomware https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-trickbot-gangs-diavol-ransomware/
  • Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang https://thehackernews.com/2022/03/google-uncovers-initial-access-broker.html
  • More Conti ransomware source code leaked on Twitter out of revenge https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/
  • Staff Think Conti Group Is a Legit Employer – Podcast https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/
  • Hackers hit Hood. Dairy shut down milk production this week after ‘cyber security event' https://www.databreaches.net/hackers-hit-hood-dairy-shut-down-milk-production-this-week-after-cyber-security-event/
  • Pandora Ransomware Hits Giant Automotive Supplier Denso https://threatpost.com/pandora-ransomware-hits-giant-automotive-supplier-denso/178911/
  • Hackers hit Mass. background-check firm used by state agencies, universities https://www.databreaches.net/hackers-hit-mass-background-check-firm-used-by-state-agencies-universities/
  • LokiLocker ransomware family spotted with built-in wiper https://www.theregister.com/2022/03/16/blackberry_lokilocker_ransomware/
  • Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html

• Major outages/downs:

  • Huge DDoS attack temporarily kicks Israeli government sites offline https://www.theregister.com/2022/03/15/ddos-attack-israel-government-iran/

• Follow-ups and fall-out:

  • ZAP-Hosting - 746,682 breached accounts https://haveibeenpwned.com/PwnedWebsites#ZAPHosting
  • CafePress Fined For Covering Up 2019 Customer Info Leak https://packetstormsecurity.com/news/view/33224/CafePress-Fined-For-Covering-Up-2019-Customer-Info-Leak.html

Privacy

Articles about privacy related news, risks, and trends.

• Smart Devices Are Spying on You Everywhere, And That's a Problem https://www.sciencealert.com/the-internet-of-things-is-probably-violating-your-privacy-here-s-how
• Android 13 will ask your permission to send notifications https://www.theverge.com/2022/3/17/22981999/google-android-13-notification-opt-in-default-developer-preview

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 121: The Law Is No Longer Fit For Purpose – My Appearance Before the ETHI Committee on Canadian Privacy and Mobility Data https://www.michaelgeist.ca/2022/03/law-bytes-podcast-episode-121/

• US:

  • US Critical Infrastructure Companies Will Have to Report When They Are Hacked https://www.schneier.com/blog/archives/2022/03/us-critical-infrastructure-companies-will-have-to-report-when-they-are-hacked.html
  • Senators Ask DHS About Efforts to Protect US Against Russian Cyberattacks https://www.securityweek.com/senators-ask-dhs-about-efforts-protect-us-against-russian-cyberattacks
  • Protocol: The FTC's new enforcement weapon spells death for algorithms https://epic.org/protocol-the-ftcs-new-enforcement-weapon-spells-death-for-algorithms/
  • EFF Asks Federal Appellate Court to Re-hear Important Patent Transparency Case https://www.eff.org/deeplinks/2022/03/eff-asks-federal-appellate-court-re-hear-important-patent-transparency-case
  • EPIC Sues ICE for Records on Social Media and Location Surveillance https://epic.org/epic-sues-ice-for-records-on-social-media-and-location-surveillance/
  • Warren Crypto Bill Would Cast Wide Net in Fight to Enforce Sanctions https://www.pymnts.com/cryptocurrency/2022/warren-crypto-bill-would-cast-wide-net-in-fight-to-enforce-sanctions/
  • A professor found his exam questions posted online. He's suing the students responsible for copyright infringement. https://www.washingtonpost.com/nation/2022/03/17/chapman-university-professor-lawsuit-copyright-cheating/

• World:

  • Would 'Cyber Geneva Conventions' Defuse Online Aggression? https://www.darkreading.com/attacks-breaches/would-cyber-geneva-conventions-defuse-online-aggression-
  • EFF Tells E.U. Commission: Don't Break Encryption https://www.eff.org/deeplinks/2022/03/eff-tells-eu-commission-dont-break-encryption
  • UK´s Online Safety Bill Comes With Possible Jail Time for Violators https://www.pymnts.com/news/regulation/2022/uks-online-safety-bill-comes-with-possible-jail-time-for-violators/
  • Ireland's privacy watchdog sued for inaction over ‘massive Google data breach' https://www.databreaches.net/irelands-privacy-watchdog-sued-for-inaction-over-massive-google-data-breach/
  • Polish SA: record fine of almost $1.2 million imposed on Fortum Marketing and Sales Polska S.A. for personal data breach https://www.databreaches.net/polish-sa-record-fine-of-almost-1-2-million-imposed-on-fortum-marketing-and-sales-polska-s-a-for-personal-data-breach/
  • Australia sues Facebook over scam ads impersonating celebrities https://www.bbc.co.uk/news/world-australia-60789802
  • Meta Fined $18.6M Over Facebook Data Breach https://www.pymnts.com/meta/2022/meta-fined-18-6m-over-facebook-data-breach/
  • Julian Assange denied permission to appeal against extradition https://www.bbc.co.uk/news/uk-60743322

• Standards News:

  • NIST has released Special Publication (SP) 800-172A, Assessing Enhanced Security Requirements for Controlled Unclassified Information https://csrc.nist.gov/publications/detail/sp/800-172/final
  • The National Cybersecurity Center of Excellence (NCCoE) has published NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector https://www.nccoe.nist.gov/manufacturing/protecting-information-and-system-integrity-industrial-control-system-environments

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• A big bet to kill the password for good https://arstechnica.com/information-technology/2022/03/a-big-bet-to-kill-the-password-for-good/
• Are You Better Than a Machine at Spotting a Deepfake? https://www.scientificamerican.com/podcast/episode/are-you-better-than-a-machine-at-spotting-a-deepfake/
• Shifting from Penetration Testing to Red Team and Purple Team https://www.sans.org/blog/shifting-from-penetration-testing-to-red-team-and-purple-team
• What Kind Of Security Tools Should I Provide My Developers? https://www.darkreading.com/tech-talks/what-kind-of-security-tools-should-i-provide-my-developers-
• Inside the plan to fix America's never-ending cybersecurity failures https://www.technologyreview.com/2022/03/18/1047395/inside-the-plan-to-fix-americas-never-ending-cybersecurity-failures/
• The Rising Importance of Research Communities for Industrial Cybersecurity https://www.securityweek.com/rising-importance-research-communities-industrial-cybersecurity
• Has Trickbot gang hijacked your router? This scanner may have an answer https://www.theregister.com/2022/03/17/microsoft_trickbot_scanner/
• Introducing: Backup Certificates https://blog.cloudflare.com/introducing-backup-certificates/
• Google's Android Auto app can tell you if your USB cable is bad https://www.theverge.com/2022/3/16/22981792/google-android-auto-update-usb-startup-diagnostics-cable-port
• Curl on Windows, (Mon, Mar 14th) https://isc.sans.edu/diary/rss/28436

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Other Vulnerabilities:

  • CISA, FBI warn US critical orgs of threats to SATCOM networks https://www.bleepingcomputer.com/news/security/cisa-fbi-warn-us-critical-orgs-of-threats-to-satcom-networks/
  • The Human Factor in Data Security Breaches https://www.databreaches.net/the-human-factor-in-data-security-breaches/
  • Half of Orgs Use Web Application Firewalls to Paper Over Flaws https://www.darkreading.com/tech-trends/half-of-orgs-use-web-application-firewalls-to-paper-over-flaws
  • High-Severity Vulnerabilities Patched in BIND Server https://www.securityweek.com/high-severity-vulnerabilities-patched-bind-server
  • 'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices https://thehackernews.com/2022/03/dirty-pipe-linux-flaw-affects-wide.html
  • Most QNAP NAS Devices Affected by ‘Dirty Pipe' Linux Flaw https://threatpost.com/most-qnap-nas-devices-affected-by-dirty-pipe-linux-flaw/178920/
  • QNAP warns severe Linux bug affects most of its NAS devices https://www.bleepingcomputer.com/news/security/qnap-warns-severe-linux-bug-affects-most-of-its-nas-devices/
  • Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22 https://arstechnica.com/information-technology/2022/03/researcher-uses-dirty-pipe-exploit-to-fully-root-a-pixel-6-pro-and-samsung-s22/
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html
  • Microsoft Azure DevOps revives TLS 1.0/1.1 with rollback https://www.theregister.com/2022/03/15/microsoft_azure_tls/
  • Scans for Movable Type Vulnerability (CVE-2021-20837), (Fri, Mar 18th) https://isc.sans.edu/diary/rss/28454
  • This browser-in-browser attack is perfect for phishing https://www.theregister.com/2022/03/18/browser_in_browser_phishing/
  • NASA in 'serious jeopardy' due to big black hole in security https://www.theregister.com/2022/03/15/nasa_insider_threat_audit/
  • Clean Binaries with Suspicious Behaviour, (Tue, Mar 15th) https://isc.sans.edu/diary/rss/28444

• Patching:

  • AMD Updates Spectre Mitigations Following Intel Research https://www.securityweek.com/amd-updates-spectre-mitigations-following-intel-research
  • OpenSSL patches crash-me bug triggered by rogue certs https://www.theregister.com/2022/03/15/openssl_bug_dos/

• Cryptography and Cryptographic Research:

  • Breaking RSA through Insufficiently Random Primes https://www.schneier.com/blog/archives/2022/03/breaking-rsa-through-insufficiently-random-primes.html
  • Researcher uses 600-year-old algorithm to crack crypto keys found in the wild https://arstechnica.com/information-technology/2022/03/researcher-uses-600-year-old-algorithm-to-crack-crypto-keys-found-in-the-wild/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • CISOs face 'perfect storm' of ransomware and state-supported cybercrime https://www.theregister.com/2022/03/18/ciso_security_storm/
  • How CAPTCHAs can cloak phishing URLs in emails https://www.theregister.com/2022/03/17/captcha_phishinbg_url/
  • Scammers have 2 clever new ways to install malicious apps on iOS devices https://arstechnica.com/information-technology/2022/03/scammers-have-2-clever-new-ways-to-install-malicious-apps-on-ios-devices/
  • ASUS warns of Cyclops Blink malware attacks targeting routers https://www.bleepingcomputer.com/news/security/asus-warns-of-cyclops-blink-malware-attacks-targeting-routers/
  • New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers https://thehackernews.com/2022/03/new-variant-of-russian-cyclops-blink.html
  • DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly https://thehackernews.com/2022/03/dirtymoe-botnet-gains-new-exploits-in.html
  • New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw https://thehackernews.com/2022/03/new-b1txor20-linux-botnet-uses-dns.html
  • Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/
  • Fake Valorant cheats on YouTube infect you with RedLine stealer https://www.bleepingcomputer.com/news/security/fake-valorant-cheats-on-youtube-infect-you-with-redline-stealer/

• Nation State Actors:

  • FBI warns of MFA flaw used by state hackers for lateral movement https://www.bleepingcomputer.com/news/security/fbi-warns-of-mfa-flaw-used-by-state-hackers-for-lateral-movement/
  • China thrilled it captured already-leaked NSA cyber-weapon https://www.theregister.com/2022/03/14/china_nsa_nopen/
  • Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln https://www.theregister.com/2022/03/16/russia-attack-ngo-mfa-printnightmare/

• Crime & Arrests, etc.:

  • Dominican Republic hackers steal US$2.7M in welfare cards https://www.databreaches.net/dominican-republic-hackers-steal-us2-7m-in-welfare-cards/
  • Selling your car? Beware of a popular scam making the rounds in Alberta https://globalnews.ca/news/8690910/alberta-car-selling-scam-beware/
  • Toronto police say date scammer stole $30,000 from vulnerable victims https://globalnews.ca/news/8689768/toronto-man-stole-vulnerable-victims-police/
  • Wirecard Ex-Boss Markus Braun Charged with Fraud https://www.pymnts.com/news/security-and-risk/2022/wirecard-ex-boss-markus-braun-charged-with-fraud/
  • Ca: Conviction for Illegal Disclosure of Health Information https://www.databreaches.net/ca-conviction-for-illegal-disclosure-of-health-information/
  • Computer consultant sentenced to prison for access device fraud scheme https://www.databreaches.net/computer-consultant-sentenced-to-prison-for-access-device-fraud-scheme/

Other Security / Risk

Articles covering other types of risks.

• CSIS repeatedly warned space agency about engineer facing breach of trust charge https://globalnews.ca/news/8685135/canadian-space-agency-engineer-csis-warnings/
• Walk, Don't Walk, “Change Password”, ... https://www.schneier.com/blog/archives/2022/03/change-password.html
• What Generation Z can teach us about cybersecurity https://www.microsoft.com/security/blog/2022/03/15/what-generation-z-can-teach-us-about-cybersecurity/
• Russia is risking the creation of a “splinternet”—and it could be irreversible https://www.technologyreview.com/2022/03/17/1047352/russia-splinternet-risk/
• You Should Not Trust Russia's New “Trusted Root CA” https://www.eff.org/deeplinks/2022/03/you-should-not-trust-russias-new-trusted-root-ca
• Why Vaccine Cards Are So Easily Forged https://www.schneier.com/blog/archives/2022/03/why-vaccine-cards-are-so-easily-forged.html
• Ontario bar exams rescheduled for April following potential test material leak https://toronto.ctvnews.ca/ontario-bar-exams-rescheduled-for-april-following-potential-test-material-leak-1.5818361
• Windows 11 adds a BitLocker exclusion policy for USB drives https://www.bleepingcomputer.com/news/microsoft/windows-11-adds-a-bitlocker-exclusion-policy-for-usb-drives/
• Microsoft is testing ads in the Windows 11 File Explorer https://www.bleepingcomputer.com/news/microsoft/microsoft-is-testing-ads-in-the-windows-11-file-explorer/
• Microsoft says Windows 11's File Explorer ads were ‘not intended to be published externally' https://www.theverge.com/2022/3/15/22979251/microsoft-file-explorer-ads-windows-11-testing
• Why Netflix is starting to crack down on password sharing https://www.theverge.com/22983315/netflix-password-account-sharing-test-streaming
• Disinformation and misinformation
• Brazil Bans Telegram Over Disinformation Concerns https://www.nytimes.com/2022/03/18/world/americas/brazil-bans-telegram.html
• Chinese plot to smear US Congress hopeful unveiled https://www.bbc.co.uk/news/60773595

• Health, Safety & Environment:

  • America's Flu-Shot Problem Is Also Its Next COVID-Shot Problem https://www.theatlantic.com/health/archive/2022/03/flu-shot-covid-vaccine-mandates/627104/
  • Contagions Worse Than COVID Will Prevail If Neglect of Global Public Health Continues https://www.scientificamerican.com/article/contagions-worse-than-covid-will-prevail-if-neglect-of-global-public-health-continues/
  • H5N1 avian flu confirmed in southern N.S. ‘backyard flock,' two probes end in N.L. https://globalnews.ca/news/8693413/h5n1-avian-flu-confirmed-in-southern-n-s-backyard-flock-two-probes-end-in-n-l/
  • mRNA-based Covid-19 vaccines are safe for high-risk patients, shows study https://scienmag.com/mrna-based-covid-19-vaccines-are-safe-for-high-risk-patients-shows-study/
  • Trial of innovative HIV vaccine using mRNA technology enrolls first participant https://scienmag.com/trial-of-innovative-hiv-vaccine-using-mrna-technology-enrolls-first-participant/
  • 'Dangerous' tanning products promoted by influencers https://www.bbc.co.uk/news/health-60348334
  • The Science Is in – You Should Leave Your Filthy Shoes Outside The House https://www.sciencealert.com/your-shoes-are-probably-carrying-filthy-contaminants-into-your-house
  • Close the blinds during sleep to protect your health https://scienmag.com/close-the-blinds-during-sleep-to-protect-your-health/
  • Scripps Research develops a smartphone app to calculate genetic risk for heart attack https://scienmag.com/scripps-research-develops-a-smartphone-app-to-calculate-genetic-risk-for-heart-attack/
  • Tuberculosis Got to South America Through … Seals? https://www.theatlantic.com/science/archive/2022/03/mystery-how-tuberculosis-got-americas/627088/
  • Verve Times: Where's The Evidence Proving TSA's Backscatter Scanners Are Safe? https://epic.org/verve-times-wheres-the-evidence-proving-tsas-backscatter-scanners-are-safe/
  • Canada will scrap pre-arrival COVID-19 testing rule for vaccinated travellers April 1 https://globalnews.ca/news/8689556/covid-test-travel-rules-lifted-update-canada/
  • Canada won't necessarily see another COVID-19 wave, experts say https://globalnews.ca/news/8687799/covid-cases-global-rise-canada/
  • Canada's top doctors still recommend wearing a mask — even as provinces ditch mandates https://globalnews.ca/news/8692613/covid-phac-omicron-mask-province-mandate/
  • Covid travel restrictions have ended in the UK https://www.bbc.co.uk/news/uk-60789979
  • COVID-19 mask mandate lifts in Ontario for most settings https://globalnews.ca/news/8690680/ontario-mask-mandate-lifts-most-settings/
  • Is Canada dropping its COVID-19 guard too quickly? Experts weigh in https://globalnews.ca/news/8688881/covid-canada-restrictions-dropping/
  • Many Ontario long-term care homes keeping COVID vaccine mandates as province lifts policy https://globalnews.ca/news/8681531/ontario-long-term-care-keeping-covid-vaccine-mandates/
  • Ontario COVID numbers: 644 people in hospital, 199 in intensive care https://globalnews.ca/news/8689570/ontario-covid-cases-hospitalizations-march-17-coronavirus/
  • Ontario rejects TDSB's request for more time in lifting mask rules in schools https://globalnews.ca/news/8692332/tdsb-mask-mandate-request-rejected-covid-ontario/
  • AI suggested 40,000 new possible chemical weapons in just six hours https://www.theverge.com/2022/3/17/22983197/ai-new-possible-chemical-weapons-generative-models-vx
  • Groundbreaking earthquake discovery: Risk models overlook an important element https://scienmag.com/groundbreaking-earthquake-discovery-risk-models-overlook-an-important-element/
  • People Deserve to Know Their Houses Are Going to Burn https://www.theatlantic.com/science/archive/2022/03/wildfire-insurance-california-fair-plan/627065/
  • The Atlantic Daily: Fire Insurance Is Feeding a Dangerous Fantasy https://www.theatlantic.com/newsletters/archive/2022/03/fire-insurance-climate-change/627091/
  • Great Barrier Reef suffers widespread coral bleaching due to high ocean temperatures https://www.cbc.ca/news/science/great-barrier-reef-severe-coral-bleaching-1.6389540
  • University partners with world-leading simulator provider to revolutionise floating offshore wind installations https://scienmag.com/university-partners-with-world-leading-simulator-provider-to-revolutionise-floating-offshore-wind-installations/
  • Arctic Ice Already Thinning at a 'Frightening Rate', Satellites Reveal https://www.sciencealert.com/arctic-thinning-at-frightening-rate-remote-satellite-data-shows
  • Ice Cores Reveal Huge Volcanic Eruptions, Bigger Than Anything in The Last 2,500 Years https://www.sciencealert.com/ice-cores-reveal-huge-volcanic-eruptions-during-the-last-ice-age

• We are heading for permanent Daylight Savings Time - great on June 22, sucks on December 21 - use the sunset & sunrise tab, slide the date line to Dec 21 and add 1 hour for not falling back - sunlight from 9am to 6pm

  • Tallahassee (sunlight from 8:30am to 6:30pm) https://www.timeanddate.com/sun/usa/tallahassee
  • Toronto (sunlight from 9am to almost 6pm) https://www.timeanddate.com/sun/canada/toronto
  • Should We Make Daylight Saving Time Permanent? Let's Sleep on It https://www.scientificamerican.com/article/should-we-make-daylight-saving-time-permanent-lets-sleep-on-it/
  • Daylight Saving Is a Trap https://www.theatlantic.com/ideas/archive/2022/03/daylight-saving-time-bad-teenagers/627095/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:

  • Zelenskyy lays out demands for Ukraine-Russia peace talks: 'End of the war, security guarantees, sovereignty, restoration of territorial integrity' https://www.businessinsider.com/zelenskyy-lays-out-demands-for-ukraine-russia-peace-talks-2022-3
  • Ukraine says talks with Russia becoming ‘more constructive' despite shelling of Kyiv https://globalnews.ca/news/8684987/ukraine-russia-talks-kyiv/
  • Russian invasion could be over by May, Ukrainian presidential advisor predicts https://globalnews.ca/news/8683135/ukraine-russia-invasion-may-end/
  • Only NATO Can Save Putin (?) https://www.theatlantic.com/ideas/archive/2022/03/putin-war-nato-intervention/627092/
  • The number of Ukrainians displaced by Russia's invasion has swelled to nearly 10 million, UN agencies say https://www.businessinsider.com/un-nearly-10-million-ukrainians-displaced-by-russian-invasion-2022-3
  • Ukraine refugee crisis nears 3 million as Russia war continues: UN https://globalnews.ca/news/8683438/ukraine-refugee-crisis-latest-russia-war-un/
  • Ukraine-Russia conflict is now seen as a war of attrition: experts https://globalnews.ca/news/8696854/ukraine-russia-conflict-mariupol-war-attrition/
  • Ukraine official says 1,300 people are still trapped in the Mariupol theater bombed by Russian forces https://www.businessinsider.com/ukraine-official-says-people-still-trapped-bombed-mariupol-theater-2022-3
  • Survivors have begun to emerge from wreckage after Russian troops bombed Ukrainian theater where hundreds were sheltering: officials https://www.businessinsider.com/survivors-emerge-after-russian-forces-bombed-ukrainian-theater-officials-2022-3
  • Ukrainian authorities accused Russian troops of detonating ammo at Europe's largest nuclear power plant https://www.businessinsider.com/ukraine-accuses-russian-troops-detonate-ammo-zaporizhzhia-nuclear-plant-2022-3
  • Signs of war: Ukrainians fight back, with billboards https://globalnews.ca/news/8692408/signs-of-war-ukraine-fight-back-billboards/
  • Russia is accused of war crimes in Ukraine. Will investigations accomplish anything? https://globalnews.ca/news/8685678/ukraine-russia-war-crimes-genocide-probes/
  • Russia's staggering losses over 3 weeks of Ukraine fighting already exceed entire wars https://www.businessinsider.com/russias-losses-deaths-ukraine-already-exceed-multiple-wars-2022-3
  • Putin will face war with the world's foremost alliance if a single Russian soldier's 'toecap' so much as crosses into NATO territory: UK official https://www.businessinsider.com/putin-will-face-nato-if-a-russian-soldiers-toecap-crosses-into-its-territory-uk-2022-3
  • Canadians believe NATO should be prepared to fight in Ukraine amid Russian invasion: poll https://globalnews.ca/news/8683374/canadians-nato-fight-ukraine-russian-invasion/
  • UN peacekeeping force should be on the ground in Ukraine, says former Canadian ambassador https://globalnews.ca/news/8693691/un-peacekeeping-force-ukraine/
  • Ukrainian minister says it 'will take years' to defuse the unexploded shells Russian forces fired at Ukraine: report https://www.businessinsider.com/ukrainian-minister-says-years-to-defuse-unexploded-shells-russia-fired-2022-3

• Reaction and response:

  • Could a neutral status help guarantee Ukraine's safety? Experts weigh in https://globalnews.ca/news/8690690/ukraine-russia-war-neutral-status-nato/
  • Russia gets triggered by Ukraine joining NATO cyberdefense hub https://www.bleepingcomputer.com/news/government/russia-gets-triggered-by-ukraine-joining-nato-cyberdefense-hub/
  • How Do We End Wars? A Peace Researcher Puts Forward Some Innovative Approaches https://www.scientificamerican.com/article/how-do-we-end-wars-a-peace-researcher-puts-forward-some-innovative-approaches/
  • Putin Needs an Off-Ramp https://www.theatlantic.com/international/archive/2022/03/west-save-putin-russia-ukraine/627051/
  • Canada trolls Russian diplomat by marking up his letter denouncing a UN resolution condemning attacks on Ukrainian civilians https://www.businessinsider.com/canada-trolls-russian-united-nations-diplomat-edits-letter-resolution-ukraine-2022-3
  • Canada will allow Ukrainians fleeing Russia's war to stay for 3 years https://globalnews.ca/news/8690277/ukrainian-refugees-canada-three-years/
  • Newfoundland opening office in Poland to help relocate Ukrainian refugees https://globalnews.ca/news/8690185/newfoundland-office-ukrainian-refugees/
  • Germany advises citizens to uninstall Kaspersky antivirus https://www.theregister.com/2022/03/15/kaspersky_germany_antivirus/
  • Boston doctors wanted to help Ukrainians. They made YouTube tutorials on how to control bleeding wounds. https://www.washingtonpost.com/nation/2022/03/15/melnitchouk-stop-the-bleed-ukraine/
  • Russia Today: News channel RT's UK licence revoked by Ofcom https://www.bbc.co.uk/news/entertainment-arts-60791734
  • Russian state-media RT barred in Canada over ‘abusive' Ukraine content: CRTC https://globalnews.ca/news/8687800/crtc-rt-russia-ukraine-unauthorized/
  • China could aid Russia's invasion of Ukraine. Here's why experts say that isn't likely https://globalnews.ca/news/8681738/china-could-aid-russias-invasion-of-ukraine-heres-why-experts-say-that-isnt-likely/
  • China is studying the West's response to Russia's invasion of Ukraine for clues on how it might be punished for invading Taiwan, experts say https://www.businessinsider.com/china-studying-ukraine-predict-western-punishment-taiwan-invasion-experts-2022-3
  • U.S. says Russia requesting China's help amid Ukraine war, tells Beijing not to intervene https://globalnews.ca/news/8682059/ukraine-russia-china-military-help/
  • Russia says it will not strand American astronaut in space despite media reports https://www.theverge.com/2022/3/14/22977362/russia-roscosmos-nasa-space-station-mark-vande-hei
  • Russian Space Agency Employees are now Forbidden to Travel Outside Russia (Because They Might not Come Back) https://www.universetoday.com/154995/russian-space-agency-employees-are-now-forbidden-to-travel-outside-russia-because-they-might-not-come-back/
  • Putin is rumored to be purging the Kremlin of Russian officials he blames for the faltering invasion of Ukraine https://www.businessinsider.com/putin-rumored-to-be-purging-kremlin-officials-over-ukraine-invasion-2022-3
  • Putin replaced 1,000 personal staff members in February over fears they would poison him, report says https://www.businessinsider.com/ukraine-russia-putin-replaced-staffers-over-fears-poison-him-report-2022-3
  • Putin will search for a way to save face https://www.bbc.co.uk/news/world-europe-60756993
  • Vladimir Putin Has Fallen Into the Dictator Trap https://www.theatlantic.com/ideas/archive/2022/03/putin-dictator-trap-russia-ukraine/627064/

• Sanctions & economic Impact:

  • An exiled Russian oligarch says blocking all Putin's bankers and sanctioning all oligarchs is the 'only thing' that will stop Russia's invasion of Ukraine https://www.businessinsider.com/exiled-russian-oligarch-mikhail-khodorkovsky-sanctions-ukraine-money-putin-banks-2022-3
  • Russia's economy already lost $860 million this year because the government keeps shutting down the internet https://www.businessinsider.com/russia-internet-censorship-cost-economy-putin-ukraine-sanctions-twitter-2022-3
  • Russia's stock market to close for a 3rd week, while the clock ticks down to a key debt payment deadline https://markets.businessinsider.com/news/stocks/russia-stock-market-closed-3rd-week-sovereign-debt-deadline-2022-3
  • Russia may be cut off from the world's lender of last resort as bonds head toward default https://markets.businessinsider.com/news/bonds/russia-bond-default-imf-world-bank-bailout-ukraine-g7-sanctions-2022-3
  • European Banks to Isolate Russian FI Computer Networks https://www.pymnts.com/news/international/2022/1261609/
  • Russia faces IT crisis with just two months of data storage left https://www.bleepingcomputer.com/news/technology/russia-faces-it-crisis-with-just-two-months-of-data-storage-left/
  • Oh ship! All the superyachts seized from Russian oligarchs so far https://globalnews.ca/news/8689659/superyachts-seized-russian-oligarchs/
  • Forensics Firm Finds Digital Wallets Tied to Sanctioned Russians https://www.pymnts.com/cryptocurrency/2022/forensics-firm-finds-digital-wallets-tied-to-sanctioned-russians/
  • Lithuania threatens to stop using Russian oil and gas https://www.bbc.co.uk/news/business-60751080
  • UK holds plane with possible Russian ties https://www.bbc.co.uk/news/uk-60808690
  • UK says it's blocked some yachts from leaving Britain over suspected links to Russian oligarchs and turned away 10 ships with ties to Russia https://www.businessinsider.com/oligarch-sanction-yachts-russia-ukraine-uk-banned-ships-putin-shapps-2022-3
  • Canada sanctions 22 Belarusian officials for supporting Russian invasion of Ukraine https://globalnews.ca/news/8689758/canada-sanctions-22-belarusian-officials-russian-invasion/
  • Putin's strongman ally says Belarus — which is on the verge of a default — can help Russia overcome Western sanctions https://www.businessinsider.com/putins-strongman-ally-says-belarus-can-help-russia-overcome-sanctions-2022-3
  • Oligarchs and other wealthy Russians have stashed up to $214 billion in secretive Swiss bank accounts, leading trade group reveals https://www.businessinsider.com/russian-oligarchs-wealthy-stash-billions-dollars-secretive-swiss-bank-accounts-2022-3
  • It's a Great Time to Hoard Nickels https://www.theatlantic.com/technology/archive/2022/03/nickel-shortage-supply-shock-russia/627107/

• Cyber-attacks and the potential for cyber-war:

  • Ukraine War Has Insurers Worried About Cyber Policies https://www.databreaches.net/ukraine-war-has-insurers-worried-about-cyber-policies/
  • Banks on alert for Russian reprisal cyberattacks on Swift https://arstechnica.com/information-technology/2022/03/banks-on-alert-for-russian-reprisal-cyberattacks-on-swift/
  • Europe warns of aircraft GPS outages tied to Russian invasion https://www.bleepingcomputer.com/news/security/europe-warns-of-aircraft-gps-outages-tied-to-russian-invasion/
  • Amateur hackers warned against joining Ukraine's ‘IT army' https://www.theguardian.com/world/2022/mar/18/amateur-hackers-warned-against-joining-ukraines-it-army
  • Russia's invasion of Ukraine tears open political rift between cybercriminals https://www.theregister.com/2022/03/15/cyberciminals_russia_ukraine/
  • The Windows malware on Ukraine CERT's radar https://www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/
  • Threat Advisory: CaddyWiper http://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html
  • BIG sabotage: Famous npm package deletes files to protest Ukraine war https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/
  • Pro-Ukraine ‘Protestware' Pushes Antiwar Ads, Geo-Targeted Malware https://krebsonsecurity.com/2022/03/pro-ukraine-protestware-pushes-antiwar-ads-geo-targeted-malware/
  • Sabotage: Code added to popular NPM package wiped files in Russia and Belarus https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/
  • Google: Chinese state hackers target Ukraine's government https://www.bleepingcomputer.com/news/security/google-chinese-state-hackers-target-ukraine-s-government/
  • Fake antivirus updates used to deploy Cobalt Strike in Ukraine https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/
  • How cloud services become weapons in Russia-Ukraine cyber conflict https://www.zdnet.com/article/the-role-of-cloud-services-containers-in-the-russia-ukraine-cyber-conflict
  • Hackers Target German Branch of Russian Oil Giant Rosneft https://www.securityweek.com/hackers-target-german-branch-russian-oil-giant-rosneft
  • Russian pipeline company Transneft hit by data leak dedicated to Hillary Clinton https://www.databreaches.net/russian-pipeline-company-transneft-hit-by-data-leak-dedicated-to-hillary-clinton/
  • Hackers Provide Livestream Of Dozens Of Cameras Inside Russia https://packetstormsecurity.com/news/view/33226/Hackers-Provide-Livestream-Of-Dozens-Of-Cameras-Inside-Russia.html
  • Information, Disinformation, and Propaganda:
  • Russia's wild theories about secret bio-labs and 'crisis actors' in Ukraine are crafted to appeal to US conspiracists, experts say https://www.businessinsider.com/russia-crafts-ukraine-disinfo-to-appeal-to-us-audience-experts-2022-3
  • West slams Russia for spreading bioweapons ‘nonsense' at UN amid Ukraine war https://globalnews.ca/news/8693318/russia-bioweapons-misinformaiton-west-un-ukraine-war/
  • ‘Game of Whac-a-Mole': why Russian disinformation is still running amok on social media https://www.theguardian.com/media/2022/mar/15/russia-disinformation-social-media-ukraine
  • Facebook removes deepfake of Ukrainian President Zelenskyy https://www.bleepingcomputer.com/news/technology/facebook-removes-deepfake-of-ukrainian-president-zelenskyy/
  • Leak of Russian Censorship Data https://www.schneier.com/blog/archives/2022/03/leak-of-russian-censorship-data.html
  • Leaked ransomware documents show Conti helping Putin from the shadows https://arstechnica.com/information-technology/2022/03/leaked-ransomware-documents-show-conti-helping-putin-from-the-shadows/
  • Russian pipeline company Transneft hit by data leak dedicated to Hillary Clinton https://www.theverge.com/2022/3/17/22983085/russia-transneft-omega-data-leak-hillary-clinton
  • How Kremlin accounts manipulate Twitter https://www.bbc.co.uk/news/technology-60790821
  • Russia Is Using 'Digital Repression' to Suppress Dissent https://www.scientificamerican.com/article/russia-is-using-digital-repression-to-suppress-dissent/
  • Russia labels Meta an 'extremist' organization, bans Instagram https://www.theregister.com/2022/03/14/russia_meta/
  • Mozilla Firefox removes Yandex, Mail.ru search over misinformation concerns https://www.bleepingcomputer.com/news/software/mozilla-firefox-removes-yandex-mailru-search-over-misinformation-concerns/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:

  • Microsoft announces progress on a completely new type of qubit https://arstechnica.com/science/2022/03/microsoft-announces-progress-on-a-completely-new-type-of-qubit/
  • Scientists Create RNA That Evolves on Its Own. This Could Be How Life on Earth Started https://www.sciencealert.com/scientists-have-designed-their-own-evolving-rna-soup-for-the-first-time
  • To Keep Students in STEM fields, Let's Weed Out the Weed-Out Math Classes https://www.scientificamerican.com/article/to-keep-students-in-stem-fields-lets-weed-out-the-weed-out-math-classes/
  • How a jetpack design helped create a flying motorbike https://www.bbc.co.uk/news/business-60333565
  • Astronomers Could Detect Gravitational Waves by Tracking the Moon's Orbit Around the Earth https://www.universetoday.com/155063/astronomers-could-detect-gravitational-waves-by-tracking-the-moons-orbit-around-the-earth/

• Other:

  • Chris Hadfield Drives in the Desert With a new Lunar Rover Prototype https://www.universetoday.com/155050/chris-hadfield-drives-in-the-desert-with-a-new-lunar-rover-prototype/
  • Webb has Now Taken the Sharpest Image the Laws of Physics Allow https://www.universetoday.com/155013/webb-has-now-taken-the-sharpest-image-the-laws-of-physics-allow/
  • Astronomers watch as a dead star eats its planets and blasts out X-rays https://www.syfy.com/syfy-wire/bad-astronomy-white-dwarf-eating-planetary-debris
  • Not One, Not Two, But Three Planetary Systems Are Forming Around This Binary Star https://www.sciencealert.com/three-whole-planetary-systems-have-been-spotted-forming-around-a-star
  • Mysterious Signal Coming From Our Galaxy Could Be One of The Rarest Known Objects https://www.sciencealert.com/weird-repeating-signal-from-the-galactic-center-could-be-an-ultra-rare-white-dwarf-pulsar
  • Physicists Think They've Finally Cracked Stephen Hawking's Famous Black Hole Paradox https://www.sciencealert.com/physicists-think-they-ve-cracked-hawking-s-famous-paradox-using-quantum-hair