Welcome to This Week’s [in]Security. PCI and payments: PCI DSSv4 is live, Payments, New breaches: Ronin crypto, Globant, Lapsu$, Forged warrants, New Ransomware: Newfoundland, Conti. Major outages, DDoS. Follow-ups & Fall-out: Solarwinds, Royal Enfield. Atento, Privacy: Mystery Tracker, Never review patients! Laws & Regs - Canada: Online harms, Bill C-11. US: Facial recognition, Pro Codes Act, California. World: EU vs. Apple, crypto and. the other crypto. Standards: Hijacking standards. Defense: Chrome, Privid, IP reputation? Vulnerabilities, Zerodays: Chrome, Java Spring. Other: alerts, Pear PHP, 2FA bypass, GitLab, Defender IoT, Zlib, PLCs, Sandbox escape, Honda. Patching: CISA, Chrome, Edge, Sophos. Crypto-research: Proof-of-Stake. Cybercrime: Trends: Canada, NPM poisoning, Exchange. Nation States and mercenaries: FinFisher, Russia, China. Crime & Enforcement: identities, FBI, call centers. Other Risks: facebook, life-cycles, splinernet, spamming thyself. Disinformation, Health, Safety & Environment. 1 man 90 Jabs! Russia v. Ukraine. Quantum hype. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI DSSv4.0 is live! Only 729 days until 3.2.1 is retired!

  • PCI DSS v4.0 Resource Hub https://blog.pcisecuritystandards.org/pci-dss-v4-0-resource-hub
  • PCI DSS v4.0: A Conversation with the Council https://blog.pcisecuritystandards.org/topic/pci-dss
  • PCI DSS v4.0: A Preview of the Standard and Transition Training https://blog.pcisecuritystandards.org/pci-dss-v4.0-a-preview-of-the-standard-and-transition-training
  • At a glance https://www.pcisecuritystandards.org/documents/PCI-DSS-v4-0-At-A-Glance.pdf
  • Change Summary https://www.pcisecuritystandards.org/documents/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf
  • Standard https://www.pcisecuritystandards.org/documents/PCI-DSS-v4_0.pdf
  • Report On Compliance template https://www.pcisecuritystandards.org/documents/PCI-DSS-v4_0-ROC-Template.pdf
  • FAQs for use with ROC Template https://www.pcisecuritystandards.org/documents/PCI-DSS-v4_0-ROC-Template-FAQs.pdf
  • Merchant ROC Attestation of Compliance (AOC) https://www.pcisecuritystandards.org/documents/PCI-DSS-v4_0-ROC-AOC-Merchants.docx
  • Service Provider ROC Attestation of Compliance (AOC) https://www.pcisecuritystandards.org/documents/PCI-DSS-v4_0-ROC-AOC-Service-Providers.docx
  • PCI Data Security Standard v4.0 Released to Address Emerging Threats https://www.securityweek.com/pci-data-security-standard-v40-released-address-emerging-threats

• Other payment related:

  • The Future of Digital Cash Is Not on the Blockchain https://www.wired.com/story/digital-cash-ecash-act

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Blockchains Have a ‘Bridge' Problem, and Hackers Know It https://www.wired.com/story/blockchain-network-bridge-hacks
  • In $625M Hack, a Bigger Crypto Security Problem Is on Display https://www.pymnts.com/cryptocurrency/2022/in-625m-hack-a-bigger-crypto-security-problem-is-on-display/
  • Infinity's Ronin Network Says About $620M Stolen In Major Security Breach https://www.databreaches.net/infinitys-ronin-network-says-about-620m-stolen-in-major-security-breach/
  • IT Giant Globant Confirms Source Code Repository Breach https://www.securityweek.com/it-giant-globant-confirms-source-code-repository-breach
  • Lapsus$ And SolarWinds Hackers Both Use The Same Old Trick To Bypass MFA https://packetstormsecurity.com/news/view/33269/Lapsus-And-SolarWinds-Hackers-Both-Use-The-Same-Old-Trick-To-Bypass-MFA.html
  • Lapsus$ found a spreadsheet of passwords as they breached Okta, documents show https://www.databreaches.net/lapsus-found-a-spreadsheet-of-passwords-as-they-breached-okta-documents-show/
  • Lapsus$: Two UK teenagers charged with hacking for notorious gang https://www.databreaches.net/lapsus-two-uk-teenagers-charged-with-hacking-for-notorious-gang/
  • New Lapsus$ Hack Documents Make Okta's Response Look More Bizarre https://www.wired.com/story/lapsus-okta-hack-sitel-leak

• Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/

  • Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
  • Palo Alto Networks error exposed customer support cases, attachments https://www.bleepingcomputer.com/news/security/palo-alto-networks-error-exposed-customer-support-cases-attachments/
  • CA: North Orange County Community College District updates students and faculty on breach https://www.databreaches.net/ca-north-orange-county-community-college-district-updates-students-and-faculty-on-breach/
  • Ca: 120 patients victims of Chatham-Kent Health Alliance privacy breach https://www.databreaches.net/ca-120-patients-victims-of-chatham-kent-health-alliance-privacy-breach/
  • Anonymous Claims It Hacked Russian Orthodox Church, Leaked 15 GB Data And 57,500 Emails https://www.databreaches.net/anonymous-claims-it-hacked-russian-orthodox-church-leaked-15-gb-data-and-57500-emails/
  • UK: Confidential documents were blown into gardens in data breach https://www.databreaches.net/uk-confidential-documents-were-blown-into-gardens-in-data-breach/

• New Ransomware and "Incidents":

  • Officials to give update on Newfoundland and Labrador cyberattack Wednesday https://www.databreaches.net/officials-to-give-update-on-newfoundland-and-labrador-cyberattack-wednesday/
  • UK Ransomware Attacks Up 100% in 2021 https://www.pymnts.com/cybersecurity/2022/uk-ransomware-attacks-up-100-in-2021/
  • A Detailed Look at the Conti Ransomware Gang https://www.schneier.com/blog/archives/2022/03/a-detailed-look-at-the-conti-ransomware-gang.html

• Major outages/downs:

  • American Express users locked out for HOURS: no login, no payments https://www.bleepingcomputer.com/news/security/american-express-users-locked-out-for-hours-no-login-no-payments/
  • Connecticut's Bradley Airport Website Hit by DDoS; Russia's Rosaviatsia suffers significant cyberattack https://www.databreaches.net/connecticuts-bradley-airport-website-hit-by-ddos-russias-rosaviatsia-suffers-significant-cyberattack/

• Follow-ups and fall-out:

  • Solar Winds can't dodge investor suit over massive cyberattack https://www.databreaches.net/solar-winds-cant-dodge-investor-suit-over-massive-cyberattack/
  • Royal Enfield - 420,873 breached accounts https://haveibeenpwned.com/PwnedWebsites#RoyalEnfield
  • LockBit victim estimates cost of ransomware attack to be $42 million https://www.bleepingcomputer.com/news/security/lockbit-victim-estimates-cost-of-ransomware-attack-to-be-42-million/

Privacy

Articles about privacy related news, risks, and trends.

• An EFF Investigation: Mystery GPS Tracker On A Supporter's Car https://www.eff.org/deeplinks/2022/03/eff-investigation-mystery-gps-tracker-supporters-car
• The first step to data privacy is admitting you have a problem, Google https://www.theregister.com/2022/03/28/google_data_privacy/
• GT: TSA Continues Facial Recognition Rollout at Airports https://epic.org/gt-tsa-continues-facial-recognition-rollout-at-airports/
• Stalking with an Apple Watch https://www.schneier.com/blog/archives/2022/03/stalking-with-an-apple-watch.html
• Writing Google reviews about patients is actually a HIPAA violation https://www.theverge.com/2022/4/1/23006132/google-patient-reviews-hipaa-doctors-yelp

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • After missing 100-day deadline, Liberal online harms bill still months away https://globalnews.ca/news/8722103/online-harms-bill-hate-speech-censorship/
  • The Law Bytes Podcast, Episode 123: Darcy Michael on Why Bill C-11 Hurts Canada's Digital First Creators https://www.michaelgeist.ca/2022/03/law-bytes-podcast-episode-123/
  • Why Has the Government's Defence of Bill C-11 Been So Cartoonishly Misleading? https://www.michaelgeist.ca/2022/03/why-has-the-governments-defence-of-bill-c-11-been-so-cartoonishly-misleading/
  • Advertising rules for the Ontario Election https://www.elections.on.ca/en/political-entities-in-ontario/political-advertising.html

• US:

  • The National Law Review: Federal Court Dismisses Litigation Challenging U.S. Postal Service's Use of Facial Recognition and Related Technologies https://epic.org/the-national-law-review-federal-court-dismisses-litigation-challenging-u-s-postal-services-use-of-facial-recognition-and-related-technologies/
  • The Public Has a Right to Know How DHS is Spending Millions to Spy on Immigrants on Social Media https://www.eff.org/deeplinks/2022/03/public-has-right-know-how-dhs-spending-millions-spy-immigrants-social-media
  • The Pro Codes Act Is a Wolf in Sheep's Clothing limits access to regulations used in laws https://www.eff.org/deeplinks/2022/03/pro-codes-act-wolf-sheeps-clothing
  • EFF Files FOIA Lawsuit Against DHS to Shed Light on Vetting Program to Collect and Data Mine Immigrants' Social Media https://www.eff.org/press/releases/eff-files-foia-lawsuit-against-dhs-shed-light-vetting-program-collect-and-data-mine
  • California: Speak Up For Biometric and Student Privacy https://www.eff.org/deeplinks/2022/04/california-speak-biometric-and-student-privacy
  • California's “Social Media Platform Duty to Children Act” is Destined to Fail—For Good Reason https://www.eff.org/deeplinks/2022/03/californias-social-media-platform-duty-children-act-destined-fail-good-reason
  • Rattled by Rhode Island Public Transit Authority breach that affected 22,000, lawmakers propose policy changes https://www.databreaches.net/rattled-by-ripta-breach-that-affected-22000-lawmakers-propose-policy-changes/
  • Ubiquiti sues Krebs on Security for defamation https://www.theregister.com/2022/03/30/ubiquiti_brian_krebs/

• World:

  • Apple's $55 million fine over in-app payments for Dutch dating apps could start growing faster https://www.theverge.com/2022/3/28/22999998/apple-bigger-fine-proposal-dutch-regulator-acm-netherlands-dating-apps
  • Security experts say new EU rules will damage WhatsApp encryption https://www.theverge.com/2022/3/28/23000148/eu-dma-damage-whatsapp-encryption-privacy
  • EU draft law adds security checks to all crypto transactions https://www.bleepingcomputer.com/news/legal/eu-draft-law-adds-security-checks-to-all-crypto-transactions/

• Standards News:

  • UK spy boss warns China hopes Russia will help it take over tech standards https://www.theregister.com/2022/03/31/gchq_sir_jeremy_fleming_speech/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Consistency in password resets helps block credential theft https://www.bleepingcomputer.com/news/security/consistency-in-password-resets-helps-block-credential-theft/
• Chrome Browser Gets Major Security Update https://www.securityweek.com/chrome-browser-gets-major-security-update
• Privid: A Privacy-Preserving Surveillance Video Analytics System https://thehackernews.com/2022/03/privid-privacy-preserving-surveillance.html
• Of Cybercriminals and IP Addresses - IP reputation https://thehackernews.com/2022/03/of-cybercriminals-and-ip-addresses.html
• How to Spot Scams That Mimic the IRS or Charities https://www.nytimes.com/2022/03/30/technology/personaltech/scams-phishing-spring.html
• Ransomware driving you to distraction? Here's how to recover https://www.theregister.com/2022/03/29/ransomeware_recovery/
• Police record checks will soon be free for volunteers in Ontario https://toronto.ctvnews.ca/police-record-checks-will-soon-be-free-for-volunteers-in-ontario-1.5840877
• Hiring for iCrime https://www.lightbluetouchpaper.org/2022/03/31/hiring-for-icrime-2/
• Welcoming the Bulgarian Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-bulgarian-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • Chrome Zero-Day from North Korea https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html
  • Google Chrome Bug Actively Exploited as Zero-Day https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/
  • Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html
  • Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks https://www.securityweek.com/trend-micro-patches-apex-central-zero-day-exploited-targeted-attacks

• Other Vulnerabilities:

  • CISA warns of attacks targeting Internet-connected UPS devices https://www.bleepingcomputer.com/news/security/cisa-warns-of-attacks-targeting-internet-connected-ups-devices/
  • 15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks https://thehackernews.com/2022/04/15-year-old-bug-in-pear-php-repository.html
  • Bypassing Two-Factor Authentication https://www.schneier.com/blog/archives/2022/04/bypassing-two-factor-authentication.html
  • Critical GitLab vulnerability lets attackers take over accounts https://www.bleepingcomputer.com/news/security/critical-gitlab-vulnerability-lets-attackers-take-over-accounts/
  • Critical Vulnerabilities Found in Microsoft Defender for IoT https://www.securityweek.com/critical-vulnerabilities-found-microsoft-defender-iot
  • QNAP warns severe OpenSSL bug affects most of its NAS devices https://www.bleepingcomputer.com/news/security/qnap-warns-severe-openssl-bug-affects-most-of-its-nas-devices/
  • Zlib crash-an-app bug finally squashed, 17 years later https://www.theregister.com/2022/03/30/zlib_data_bug/
  • Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html
  • Log4JShell Used to Swarm VMware Servers with Miners, Backdoors https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
  • Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks https://www.darkreading.com/vulnerabilities-threats/vulnerabilities-in-rockwell-automation-plcs-could-enable-stuxnet-like-attacks
  • Microsoft adds Windows 11 upgrade block due to IE11 known issue https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-11-upgrade-block-due-to-ie11-known-issue/
  • FORCEDENTRY: Sandbox Escape https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html
  • Researchers Hack Remote Keyless System of Honda Vehicles https://www.securityweek.com/researchers-hack-remote-keyless-system-honda-vehicles
  • Electric Vehicle DC charging tripped by a wireless hack https://www.theregister.com/2022/03/30/brokenwire/

• Patching:

  • CISA Adds 66 Vulnerabilities to 'Must Patch' List https://www.securityweek.com/cisa-adds-66-vulnerabilities-must-patch-list
  • CISA orders agencies to patch actively exploited Sophos firewall bug https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-actively-exploited-sophos-firewall-bug/
  • CISA warns orgs to patch actively exploited Chrome, Redis bugs https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-to-patch-actively-exploited-chrome-redis-bugs/
  • Google Chrome, Microsoft Edge patched in race against exploitation https://www.theregister.com/2022/03/28/google_chromium_exploit/
  • Sophos fixes critical hijack flaw in firewall offering https://www.theregister.com/2022/03/28/sophos-firewall-rce-vulnerability/
  • Trend Micro fixes actively exploited remote code execution bug https://www.bleepingcomputer.com/news/security/trend-micro-fixes-actively-exploited-remote-code-execution-bug/
  • Apple emergency update fixes zero-days used to hack iPhones, Macs https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-days-used-to-hack-iphones-macs/

• Cryptography and Cryptographic Research:

  • Proof-of-Stake Is a Defective Mechanism, by Vicent Sus https://eprint.iacr.org/2022/409

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • US national emergency extended due to elevated malicious cyber activity https://www.bleepingcomputer.com/news/security/us-national-emergency-extended-due-to-elevated-malicious-cyber-activity/
  • FBI warns election officials of credential phishing attacks https://www.bleepingcomputer.com/news/security/fbi-warns-election-officials-of-credential-phishing-attacks/
  • Canada the target of 'thousands' of cyberattacks every day, CSIS reveals https://nationalpost.com/news/politics/canada-the-target-of-thousands-of-cyber-attacks-every-day-csis-reveals
  • A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages https://thehackernews.com/2022/03/a-threat-actor-dubbed-red-lili-has-been.html
  • Checkmarx Finds Threat Actor 'Fully Automating' NPM Supply Chain Attacks https://www.securityweek.com/checkmarx-finds-threat-actor-fully-automating-npm-supply-chain-attacks
  • Microsoft Exchange targeted for IcedID reply-chain hijacking attacks https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
  • Mars Stealer malware pushed via OpenOffice ads on Google https://www.bleepingcomputer.com/news/security/mars-stealer-malware-pushed-via-openoffice-ads-on-google/
  • New BlackGuard password-stealing malware sold on hacker forums https://www.bleepingcomputer.com/news/security/new-blackguard-password-stealing-malware-sold-on-hacker-forums/
  • New Malware Loader 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners https://thehackernews.com/2022/03/new-malware-loader-verblecon-infects.html
  • Hackers use modified MFA tool against Indian govt employees https://www.bleepingcomputer.com/news/security/hackers-use-modified-mfa-tool-against-indian-govt-employees/
  • Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation https://thehackernews.com/2022/03/experts-detail-virtual-machine-used-by.html
  • SunCrypt ransomware is still alive and kicking in 2022 https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-is-still-alive-and-kicking-in-2022/

• Nation State Actors:

  • Creepy Spyware Company Goes Broke https://www.databreaches.net/creepy-spyware-company-goes-broke/
  • Google: Russian credential thieves target NATO, Eastern European military https://www.theregister.com/2022/04/01/russian_credential_phishing/
  • Russian-linked Android malware records audio, tracks your location https://www.bleepingcomputer.com/news/security/russian-linked-android-malware-records-audio-tracks-your-location/
  • Chinese hacking group uses new 'Fire Chili' Windows rootkit https://www.bleepingcomputer.com/news/security/chinese-hacking-group-uses-new-fire-chili-windows-rootkit/
  • Unmasking China's State Hackers https://www.databreaches.net/unmasking-chinas-state-hackers/

• Crime & Arrests, etc.:

  • Losses From Stolen Identities Skyrocketed 79% to $24 Billion in 2021, a Javelin Study Finds https://www.digitaltransactions.net/losses-from-stolen-identities-skyrocketed-79-to-24-billion-in-2021-a-javelin-study-finds/
  • FBI Efforts To Disrupt Business Email Compromise Scams Leads To 65 Arrests https://packetstormsecurity.com/news/view/33279/FBI-Efforts-To-Disrupt-Business-Email-Compromise-Scams-Leads-To-65-Arrests.html
  • German Authorities Seize Spyware Firm FinFisher's Accounts https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts
  • Europol dismantles massive call center investment scam operation https://www.bleepingcomputer.com/news/security/europol-dismantles-massive-call-center-investment-scam-operation/
  • National Security Agency employee indicted for 'leaking top secret info' https://www.theregister.com/2022/04/01/nsa_employee_secret_data_leak/
  • Congressional Chair Asks Google and Apple to Help Stop Fraud Against U.S. Taxpayers on Telegram https://www.propublica.org/article/congressional-chair-asks-google-and-apple-to-help-stop-fraud-against-u-s-taxpayers-on-telegram#1286501
  • Cybercrooks target students with fake job opportunities https://www.theregister.com/2022/03/29/student_scams/
  • Fake Trezor data breach emails used to steal cryptocurrency wallets https://www.bleepingcomputer.com/news/security/fake-trezor-data-breach-emails-used-to-steal-cryptocurrency-wallets/
  • Guelph, Ont. police seeing an increase in cryptocurrency investment scams https://globalnews.ca/news/8716270/guelph-crypto-investing-scams/
  • Ca: Laval man faces cybercrime charges from 2018 and 2019, RCMP says https://www.databreaches.net/ca-laval-man-faces-cybercrime-charges-from-2018-and-2019-rcmp-says/
  • Saskatchewan couple's house robbed while hoping to find missing dog https://globalnews.ca/news/8720482/saskatchewan-couple-house-robbed-missing-dog/
  • 24 Sunwing party plane passengers now face penalties as feds find vaccine, mask rules broken https://globalnews.ca/news/8716093/covid-sunwing-party-plane-penalties-influencers/

Other Security / Risk

Articles covering other types of risks.

• A Facebook bug led to increased views of harmful content over six months https://www.theverge.com/2022/3/31/23004326/facebook-news-feed-downranking-integrity-bug
• New research shows what it takes to make society change for the better https://scienmag.com/new-research-shows-what-it-takes-to-make-society-change-for-the-better/
• Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn https://threatpost.com/automaker-cybersecurity-lagging-tech-adoption/179204/
• Security's Life Cycle Isn't the Developers' Life Cycle https://www.darkreading.com/application-security/security-s-life-cycle-isn-t-the-developers-life-cycle
• Russia inches closer to its splinternet dream https://arstechnica.com/tech-policy/2022/04/russia-inches-closer-to-its-splinternet-dream/
• When Nokia Pulled Out of Russia, a Vast Surveillance System Remained https://www.nytimes.com/2022/03/28/technology/nokia-russia-surveillance-system-sorm.html
• Forcing WhatsApp and iMessage to Work Together Is Doomed to Fail https://www.wired.com/story/dma-interoperability-messaging-imessage-whatsapp
• Researchers used a decommissioned satellite to broadcast hacker TV https://arstechnica.com/information-technology/2022/03/researchers-used-a-decommissioned-satellite-to-broadcast-hacker-tv/
• COVID Disrupted Everything--Even Rocket Launches https://www.scientificamerican.com/article/covid-disrupted-everything-even-rocket-launches/
• IndiGo: Man says he hacked airline website to find lost luggage https://www.bbc.co.uk/news/world-asia-india-60937480
• My own phone number is now spam texting me https://www.theverge.com/2022/3/28/22999719/spam-texts-own-phone-number-verizon-att-tmobile
• Self-Proclaimed Creator of Bitcoin Says He'll Sell His Stash, as BTC 'Has No Utility' https://www.pymnts.com/cryptocurrency/2022/self-proclaimed-creator-of-bitcoin-says-hell-sell-his-stash-as-btc-has-no-utility/
• Disinformation and misinformation
• Google autocomplete helps mislead public, legitimize conspiracy theorists: SFU study https://scienmag.com/google-autocomplete-helps-mislead-public-legitimize-conspiracy-theorists-sfu-study/
• Russia, Iran, Saudi Arabia are top sources of online misinformation https://www.theregister.com/2022/03/31/russia_iran_and_saudi_arabia/
• Russian Misinformation Seeks to Confound, Not Convince https://www.scientificamerican.com/article/russian-misinformation-seeks-to-confound-not-convince/
• Biden's latest plan to try to bring gas prices down: Releasing 1 million barrels of oil a day from the government's stockpile for 6 months https://www.businessinsider.com/biden-oil-release-lower-gas-prices-stockpile-russia-ukraine-inflation-2022-3

• Health, Safety & Environment:

  • Animal tranquillizer detected in growing number of human overdose deaths in Ontario https://globalnews.ca/news/8731763/animal-tranquillizer-detected-in-growing-number-of-human-overdose-deaths-in-ontario/
  • Bird flu detected on third Ontario farm as virus continues to spread https://toronto.ctvnews.ca/bird-flu-detected-on-third-ontario-farm-as-virus-continues-to-spread-1.5843028
  • There's a Depressing Link Between Where You Live And Dementia Risk https://www.sciencealert.com/people-living-in-more-affluent-areas-are-less-likely-to-get-dementia
  • With spring underway, Interior Health issues annual tick warning https://globalnews.ca/news/8726743/interior-health-annual-tick-warning/
  • What One Million COVID Dead Mean for the U.S.'s Future https://www.scientificamerican.com/article/what-one-million-covid-dead-mean-for-the-u-s-s-future/
  • Nearly 5 million infected in U.K. as COVID-19 hits record levels https://globalnews.ca/news/8730428/uk-covid-update-ba-2-variant/
  • The more contagious Omicron subvariant BA.2 is now dominant in the US and likely to cause an 'uptick' in cases https://www.businessinsider.com/covid-ba2-omicron-subvariant-now-dominant-us-cdc-2022-3
  • Ontario launches new plan to prepare for health emergencies, includes PPE stockpile https://globalnews.ca/news/8718113/ontario-plan-prepare-health-emergencies-covid/
  • Vaccinated travellers no longer need pre-entry COVID-19 tests to enter Canada https://globalnews.ca/news/8725336/vaccinated-travellers-no-pre-entry-covid-tests-canada/
  • Canada headed towards 6th COVID-19 wave this spring, experts warn https://globalnews.ca/news/8720190/canada-6th-covid-wave-explainer/
  • Ontario has 'eliminated all our defences' against COVID subvariant: epidemiologist https://www.ctvnews.ca/health/coronavirus/ontario-has-eliminated-all-our-defences-against-covid-subvariant-epidemiologist-1.5842670
  • Ontario's sixth COVID-19 wave being driven by eased restrictions, science table head says https://toronto.ctvnews.ca/ontario-s-sixth-covid-19-wave-being-driven-by-eased-restrictions-science-table-head-says-1.5841024
  • Quebec public health experts say province has already entered a sixth wave of COVID-19 https://globalnews.ca/news/8716491/quebec-covid-sixth-wave-arrival-experts/
  • Large-Scale Study Confirms Which Type of Immunity Best Protects Against COVID https://www.sciencealert.com/huge-study-confirms-hybrid-immunity-gives-best-covid-protection
  • New COVID Spit Tests May Be More Accurate and Easier Than Nasal Swabs https://www.scientificamerican.com/article/new-covid-spit-tests-may-be-more-accurate-and-easier-than-nasal-swabs/
  • Rising COVID-19 indicators in Ontario prompt calls for expanded access to PCR tests https://toronto.ctvnews.ca/rising-covid-19-indicators-in-ontario-prompt-calls-for-expanded-access-to-pcr-tests-1.5841489
  • Some Types of Asthma Protect Against Severe COVID-19, And We May Finally Know Why https://www.sciencealert.com/research-reveals-why-some-asthma-patients-are-less-susceptible-to-severe-covid-19
  • Ivermectin doesn't treat COVID or keep people out of hospital, study finds https://globalnews.ca/news/8725268/ivermectin-doesnt-work-covid-study/
  • German man got 90 COVID-19 shots to sell forged vaccination cards (no word on health impact of getting this many shots) https://globalnews.ca/news/8731770/germany-covid-fake-vaccination-cards/
  • B.C. doctor suspended over COVID-19 allegations https://globalnews.ca/news/8718880/b-c-doctor-suspended-over-covid-19-allegations/
  • Skippy is recalling 161,692 pounds of peanut butter that might contain small stainless steel fragments https://www.businessinsider.com/skippy-recall-peanut-butter-might-have-steel-fragment-2022-3
  • Shooting in Sacramento leaves 6 dead, 10 others injured, police say https://globalnews.ca/news/8731633/sacramento-shooting-deaths-april-3/
  • Geofencing Improves Safety in Sweden https://www.nytimes.com/2022/03/28/world/europe/geofencing-sweden.html
  • B.C. landslide triggered 100-metre tall lake tsunami, study shows https://www.cbc.ca/news/canada/british-columbia/b-c-landslide-triggered-100-metre-tall-lake-tsunami-study-shows-1.6401469
  • Quebec drivers who turn 75 no longer need to take physical, eye exam to keep licence https://globalnews.ca/news/8718835/quebec-drivers-75-no-longer-need-to-take-physical-eye-exam-to-keep-licence/
  • Last week asteroid 2007FF1 passed earth beyond the orbit of the moon, here is a NASA/JPL asteroid dashboard for the next five close encounters https://www.jpl.nasa.gov/asteroid-watch/next-five-approaches
  • Chernobyl scientists accused looters of stealing radioactive material from labs there https://www.businessinsider.com/radioactive-items-stolen-from-chernobyl-lab-in-russia-attack-scientists-2022-4
  • N.S. man faces charges after WWI, WWII weapons and explosives found in home https://globalnews.ca/news/8728890/ns-wwi-wwii-weapons-charges/
  • Climate groups say a change in coding can reduce bitcoin energy consumption by 99% https://www.theguardian.com/technology/2022/mar/29/bitcoin-reduce-energy-consumption-climate-groups
  • Exxon is trying out a program that will use leftover natural gas to power bitcoin mining https://markets.businessinsider.com/news/currencies/exxon-mobil-natural-gas-power-bitcoin-mining-bakken-shale-crypto-2022-3

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:

  • Zelensky says Ukraine prepared to discuss neutrality in peace talks https://www.bbc.co.uk/news/world-europe-60901024
  • Battle for Irpin: Russian forces pushed out of Kyiv suburb https://www.bbc.co.uk/news/world-europe-60959667
  • Nearly 5,000 dead in Mariupol so far during Russia-Ukraine war: mayor's office https://globalnews.ca/news/8715627/mariupol-death-toll-russia-ukraine-war/
  • Ukraine decries alleged atrocities by Russian troops in Bucha: ‘Horror movie' https://globalnews.ca/news/8731685/ukraine-bucha-bodies-russia-war/
  • Russia destroys Ukrainian oil refinery, hits ‘critical infrastructure' near Odesa port https://globalnews.ca/news/8731583/russia-attacks-oil-refineries-near-odesa-ukraine/
  • Russian soldiers disturbed radioactive dust in Chornobyl's ‘Red Forest,' workers say https://globalnews.ca/news/8718511/russian-soldiers-disturbed-radioactive-dust-chernobyl-red-forest/
  • Russian troops got 'significant doses of radiation' after digging trenches around Chernobyl, Ukrainian power authority says https://www.businessinsider.com/russians-retreat-from-chernobyl-after-getting-sick-from-radiation-ukraine-2022-3
  • Canada, Denmark, and Norway are sending a 'light and lethal' rocket launcher to help Ukrainians shred Russian armor https://www.businessinsider.com/countries-sending-light-and-lethal-m72-antitank-weapon-to-ukraine-2022-4
  • The US is helping transfer Soviet-made tanks to Ukraine to support its defenses against Russia, report says https://www.businessinsider.com/us-help-transfer-soviet-made-tanks-to-ukraine-russia-nyt-2022-4

• Reaction and response:

  • ‘Embarrassing': Russia scrambles to copy banned social media platforms https://www.theguardian.com/media/2022/mar/30/russia-banned-social-media-platforms-rossgram
  • Thousands of Russia-linked shipping containers are causing a 'nightmare' situation in the Port of Rotterdam https://www.businessinsider.com/thousands-russia-linked-shipping-containers-port-congestion-rotterdam-2022-4
  • Russia says it will suspend ISS cooperation until sanctions are lifted https://www.theverge.com/2022/4/2/23007575/russia-suspend-iss-cooperation-sanctions-lifted-ukraine-space-nasa
  • Ukraine war: Russian officials seize Swiss watches apparently worth millions https://www.bbc.co.uk/news/world-europe-60900694

• Sanctions & economic Impact:

  • Russia facing internet outages due to equipment shortage https://www.bleepingcomputer.com/news/technology/russia-facing-internet-outages-due-to-equipment-shortage/
  • Russia says it won't cut off gas supplies yet in rouble payment row https://www.bbc.co.uk/news/business-60944322
  • Russian stocks fall again as Moscow Exchange expands trading to all shares after month-long shutdown https://markets.businessinsider.com/news/stocks/russian-stocks-moscow-exchange-moex-index-all-shares-reopened-investing-2022-3
  • The world's largest aircraft leasing company has filed a $3.5 billion insurance claim over aircraft and engines stuck in Russia https://www.businessinsider.com/worlds-largest-airplane-lessor-files-russia-aircraft-insurance-claim-2022-3
  • Chinese oil giant Sinopec halts Russian projects amid West's sanctions on Moscow https://globalnews.ca/news/8716233/china-sinopec-pause-russia-projects-beijing-ukraine-war/
  • Heineken wants to leave Russia but it's worried the Kremlin could seize its assets https://www.businessinsider.com/heineken-exiting-russia-nationalization-concern-western-sanctions-exodus-companies-2022-3

• Cyber-attacks and the potential for cyber-war:

  • Mystery solved in destructive attack that knocked out >10k Viasat modems https://arstechnica.com/information-technology/2022/03/mystery-solved-in-destructive-attack-that-knocked-out-10k-viasat-modems/
  • Russia's military has been jamming commercial planes' satellite navigation systems since the invasion of Ukraine, a report says https://www.businessinsider.com/russias-military-jamming-satellite-navigation-commercial-planes-2022-4
  • Traffic at major Ukrainian internet service provider Ukrtelecom disrupted https://www.databreaches.net/traffic-at-major-ukrainian-internet-service-provider-ukrtelecom-disrupted/
  • Hacked WordPress sites force visitors to DDoS Ukrainian targets https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
  • “Anonymous” hacktivists continue to try to help Ukraine https://www.databreaches.net/anonymous-hacktivists-continue-to-try-to-help-ukraine/
  • Information, Disinformation, and Propaganda:
  • The Russia-Ukraine information war: How propaganda is being used in two very different ways https://globalnews.ca/news/8716376/russia-ukraine-information-war/

• Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards https://www.bleepingcomputer.com/news/security/ukraine-dismantles-5-disinformation-bot-farms-seizes-10-000-sim-cards/

  • Names and addresses of 620 FSB officers published in data breach https://www.databreaches.net/names-and-addresses-of-620-fsb-officers-published-in-data-breach/
  • Ukraine security agency shutters Russian disinformation bot farms https://www.theregister.com/2022/03/29/ukriane-russia-bot-farm-disinformation/
  • Google Ordered Russian Translators Not to Call War in Ukraine a War https://theintercept.com/2022/03/28/google-russia-ukraine-war-censorship/
  • Russian regulator says it will fine Google over Ukraine war videos https://www.theverge.com/2022/3/30/23002909/russia-youtube-google-illegal-content-roskomnadzor-ukraine-war-regulator-fine
  • Canadian intelligence flags Russian disinformation campaigns amid Ukraine war https://globalnews.ca/news/8727605/canadian-intelligence-flags-russian-disinformation-campaigns/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:

  • Artificial intelligence beats eight world champions at bridge https://www.theguardian.com/technology/2022/mar/29/artificial-intelligence-beats-eight-world-champions-at-bridge
  • The human genome is, at long last, complete https://scienmag.com/the-human-genome-is-at-long-last-complete/
  • Thicken sea ice by trickling water on it? Company plans to test machine for that in Nunavut https://www.cbc.ca/news/canada/north/real-ice-re-icing-machine-nunavut-1.6393326
  • Virtuoso Mathematician Who Reshaped Topology Wins Abel Prize https://www.scientificamerican.com/article/virtuoso-mathematician-who-reshaped-topology-wins-abel-prize/
  • World Quantum Day is coming on April 14th https://worldquantumday.org/
  • 'Momentum Computing' Pushes Technology's Thermodynamic Limits https://www.scientificamerican.com/article/momentum-computing-pushes-technologys-thermodynamic-limits/
  • Saskatchewan releases plan to advance small modular nuclear reactors https://globalnews.ca/news/8715952/saskatchewan-releases-plan-small-modular-nuclear-reactors/
  • SpaceX pausing production of new Crew Dragon spacecraft https://www.theverge.com/2022/3/28/23000175/spacex-crew-dragon-fleet-capsules-production-iss
  • The Download: Quantum computing has a hype problem https://www.technologyreview.com/2022/03/28/1048377/the-download-quantum-computing-has-a-hype-problem/
  • Quantum computing has a hype problem https://www.technologyreview.com/2022/03/28/1048355/quantum-computing-has-a-hype-problem/

• Other:

  • AI-generated pranks for your computer to play on you https://www.aiweirdness.com/ai-generated-pranks-for-your-computer-to-play/
  • Pink Floyd, a flamingo that escaped Kansas zoo, found 17 years later in Texas https://globalnews.ca/news/8728766/pink-floyd-flamingo-found-kansas-texas/
  • Strange Illusion Shows The Human Brain Mess With Time to Maintain Our Expectations https://www.sciencealert.com/the-human-brain-overrides-the-flow-of-time-to-maintain-the-illusion-of-causality
  • NASA Astronaut and Cosmonauts Land Safely Together in Kazakhstan https://www.universetoday.com/155211/nasa-astronaut-and-cosmonauts-land-safely-together-in-kazakhstan/
  • Stunning Image of ISS Taken From the Ground Shows two Spacewalking Astronauts https://www.universetoday.com/155271/stunning-image-of-iss-taken-from-the-ground-shows-two-spacewalking-astronauts/
  • It's Not Conclusive, But Methane is Probably the Best Sign of Life on Exoplanets https://www.universetoday.com/155203/its-not-conclusive-but-methane-is-probably-the-best-sign-of-life-on-exoplanets/
  • Astronomers Come up With a New Message to let the Aliens Know we're Here https://www.universetoday.com/155061/astronomers-come-up-with-a-new-message-to-let-the-aliens-know-were-here/