Welcome to This Week’s [in]Security. PCI and payments: PCI related: PCI vs Magecart, Skimmers. Payments, Visa. New breaches: Yandex, MailChimp, Block, Parker-Hannifin, CashMama, Sask: SLGA, Medical. New Ransomware: Finland, The Works. Major outages, Atlassian. Follow-ups & Fall-out: Shopify, FIN7, Travelio. Privacy: Google, EU facial, NFTs. Laws & Regs - Canada: Cross-border CLOUD, Online News Act, Copyright. US: Anti-trust, Cyberpolicy, Indiana. World: UK, Palestine, Singapore, China. Standards: Blockchain, Patching. Defense: Training & events, Pre-emption, Medical devices, End-to-end, GitHub secrets & supply chain, fuzzing, Chrome, Microsoft, Pi. Vulnerabilities, Advisories. Zerodays. Patching: Vmware, GitLab, Zyxel, Android, Apple unpatched. Other: Linux, Spring4Shell, Wyze, WatchGuard. Vulnerability research: ICS. Crypto-research: GPRS, PQC. Cybercrime: Trends: Groups, WhatsApp, Lambda, Self-Spam. Crime & Enforcement: Hydra, Cyclops, gift cards, spies. Nation States and mercenaries: China, Hamas. Other: Wordpress, QR, Adobe. Other Risks: General: Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Related:

  • PCI DSS 4.0; It's time to get serious on Magecart https://scotthelme.co.uk/pci-dss-4-0-its-time-to-get-serious-on-magecart/

• Payment skimmers/malware/fraud:

  • Emma Sleep Company admits checkout cyber attack https://www.theregister.com/2022/04/04/emma_the_sleep_company_admits/

• Other payment related:

  • Visa Faces ‘New Network Fees' Antitrust Suit After Court of Appeal Loss https://www.pymnts.com/antitrust/2022/visa-faces-new-network-fees-antitrust-suit-after-court-of-appeal-loss/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Food Delivery Leak Unmasks Russian Security Agents https://www.databreaches.net/food-delivery-leak-unmasks-russian-security-agents/
  • Hackers breach MailChimp's internal tools to target crypto customers https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/
  • Block is contacting 8.2 million customers after a former employee downloaded company reports https://www.theverge.com/2022/4/5/23012328/block-reports-cash-app-investing-contacting-customers-sec-filing
  • Parker-Hannifin discloses breach in regulatory filing https://www.databreaches.net/parker-hannifin-discloses-breach-in-regulatory-filing/
  • Ransomware Gang Leaks Files Stolen From Industrial Giant Parker Hannifin https://www.securityweek.com/ransomware-gang-leaks-files-stolen-industrial-giant-parker-hannifin
  • Thousands Of Indians Exposed In Data Breach Affecting Money Lending App CashMama https://www.databreaches.net/thousands-of-indians-exposed-in-data-breach-affecting-money-lending-app-cashmama/
  • Bank had no firewall license, intrusion or phishing protection – guess the rest https://www.theregister.com/2022/04/05/mahesh_bank_no_firewall_attack/
  • Sask. government refusing to pay ransom for SLGA hack https://regina.ctvnews.ca/slga-dealing-with-information-breach-1.5848301
  • No warning from government that personal data was hacked: Sask. Liquor and Gaming suppliers https://www.cbc.ca/news/canada/saskatchewan/slga-suppliers-data-hacked-1.6406153
  • Ca: SLGA business partners should have figured out on their own that their data may have been stolen: minister https://www.databreaches.net/ca-slga-business-partners-should-have-figured-out-on-their-own-that-their-data-may-have-been-stolen-minister/
  • Audit of the Connecticut Health Insurance Exchange Uncovers 44 Unreported Data Breaches https://www.databreaches.net/audit-of-the-connecticut-health-insurance-exchange-uncovers-44-unreported-data-breaches/
  • MO: Tague Family Practice patient records stolen and leaked https://www.databreaches.net/mo-tague-family-practice-patient-records-stolen-and-leaked/
  • SuperCare Health notifies 318,379 patients of July breach https://www.databreaches.net/supercare-health-notifies-318379-patients-of-july-breach/
  • Would Sea Mar Community Health even know about large patient data dumps if not for DataBreaches.net? https://www.databreaches.net/would-sea-mar-community-health-even-know-about-large-patient-data-dumps-if-not-for-databreaches-net/

• New Ransomware and "Incidents":

  • Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report" https://www.darkreading.com/attacks-breaches/nearly-two-thirds-of-ransomware-victims-paid-ransoms-last-year-finds-2022-cyberthreat-defense-report-
  • Finland hit by cyberattack, airspace breach https://www.databreaches.net/finland-hit-by-cyberattack-airspace-breach/
  • UK retail chain The Works shuts down stores after cyberattack https://www.bleepingcomputer.com/news/security/uk-retail-chain-the-works-shuts-down-stores-after-cyberattack/
  • Ransomware sent North Carolina A&T University scrambling to restore services https://arstechnica.com/information-technology/2022/04/ransomware-sent-north-carolina-at-university-scrambling-to-restore-services/

• Major outages/downs:

  • Ongoing Atlassian Jira, Confluence outage affects customers worldwide https://www.bleepingcomputer.com/news/technology/ongoing-atlassian-jira-confluence-outage-affects-customers-worldwide/

• Follow-ups and fall-out:

  • Ledger users file a class-action lawsuit against Shopify over a data breach https://www.databreaches.net/ledger-users-file-a-class-action-lawsuit-against-shopify-over-a-data-breach/
  • Pentester for FIN7 sentenced for scheme that compromised tens of millions of debit and credit cards https://www.databreaches.net/pentester-for-fin7-sentenced-for-scheme-that-compromised-tens-of-millions-of-debit-and-credit-cards/
  • Travelio - 471,376 breached accounts https://haveibeenpwned.com/PwnedWebsites#Travelio
  • Kalispell hospital sued for patient data breach https://www.databreaches.net/kalispell-hospital-sued-for-patient-data-breach/

Privacy

Articles about privacy related news, risks, and trends.

• General:

  • Google Fights Dragnet Warrant for Users' Search Histories Overseas While Continuing to Give Data to Police in the U.S. https://www.eff.org/deeplinks/2022/04/google-fights-dragnet-warrant-users-search-histories-overseas-while-continuing
  • Europe Is Building a Huge International Facial Recognition System https://www.wired.com/story/europe-police-facial-recognition-prum
  • How You're Still Being Tracked on the Internet https://www.nytimes.com/2022/04/06/technology/online-tracking-privacy.html
  • NFTs Are a Privacy and Security Nightmare https://www.wired.com/story/nfts-privacy-security-nightmare
  • The Price of Privacy https://www.theatlantic.com/magazine/archive/2022/05/privacy-law-technology-california-gajda-seek-and-hide/629373/
  • University of Guelph students' privacy not violated by vaccine mandate: privacy commissioner https://globalnews.ca/news/8739751/guelph-university-covid-vaccine-mandate-privacy-commissioner/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 124: David Fraser on Negotiating a CLOUD Act Agreement Between Canada and the United States https://www.michaelgeist.ca/2022/04/law-bytes-podcast-episode-124/
  • Feds to force tech giants like Facebook, Google to pay for news with new bill https://globalnews.ca/news/8736127/social-media-news-revenue-sharing-facebook-youtube-media/
  • Here Comes the Online News Act: Why the Government's Media Shakedown is Bad News For Press Independence and Competition https://www.michaelgeist.ca/2022/04/here-comes-the-online-news-act-why-the-governments-media-shakedown-is-bad-news-for-press-independence-and-competition/
  • Taking Aim at Sharing News Online: Bill C-18 and the Government's Misguided Requirement to Mandate Payment for Internet Linking https://www.michaelgeist.ca/2022/04/taking-aim-at-sharing-news-online-bill-c-18-and-the-governments-misguided-requirement-to-mandate-payment-for-internet-linking/
  • Just How Extreme is Bill C-18?: It Mandates Payments For Merely Facilitating Access to News https://www.michaelgeist.ca/2022/04/just-how-extreme-is-bill-c-18-it-mandates-payments-merely-for-facilitating-access-to-news/
  • Chrystia Freeland's Hidden Tax: How Canada Should Implement the Copyright Term Extension Buried in Budget 2022 https://www.michaelgeist.ca/2022/04/budget2022/

• US:

  • The Senate Bill That Has Big Tech Scared https://www.wired.com/story/american-innovation-choice-online-act-antitrust-google-amazon
  • US State Department opens cybersecurity policy bureau https://www.theregister.com/2022/04/05/us_cybersecurity_cdp/
  • Indiana Amends State Data Breach Notification Law https://www.databreaches.net/indiana-amends-state-data-breach-notification-law/
  • The Latest Threat to Independent Online Creators Is the Filter Mandate Bill https://www.eff.org/deeplinks/2022/04/latest-threat-independent-online-creators-filter-mandate-bill
  • Dun & Bradstreet Must Make ‘Substantial Changes' After Deceit, Erroneous Credit Reports https://www.pymnts.com/news/2022/dun-bradstreet-must-make-substantial-changes-after-deceit-erroneous-credit-reports/

• World:

  • UK spy agencies sharing bulk personal data with foreign allies was legal, says court https://www.theregister.com/2022/04/06/privacy_international_vs_ipt/
  • ANNOUNCE: HHS' Office for Civil Rights Seeks Public Comment on Recognized Security Practices and Sharing Civil Money Penalties and Monetary Settlements Under the HITECH Act https://www.databreaches.net/announce-hhs-office-for-civil-rights-seeks-public-comment-on-recognized-security-practices-and-sharing-civil-money-penalties-and-monetary-settlements-under-the-hitech-act/
  • Palestinian Lawyer Sues Pegasus Spyware Maker in France https://www.securityweek.com/palestinian-lawyer-sues-pegasus-spyware-maker-france
  • Singapore moots bill to slap banks with higher fines for security breach https://www.databreaches.net/singapore-moots-bill-to-slap-banks-with-higher-fines-for-security-breach/
  • Singapore offers certification scheme to tag companies with robust security posture https://www.zdnet.com/article/singapore-offers-certification-scheme-to-tag-companies-with-robust-security-posture/
  • Google Can't Punish South Korean App Developers Who Offer Payment Workarounds https://www.pymnts.com/google/2022/google-cant-punish-south-korean-app-developers-who-offer-payment-workarounds/
  • China says it will send government officials to inspect Big Tech firms over their use of algorithms https://www.businessinsider.com/china-launches-crackdown-on-big-tech-algorithms-2022-4

• Standards News:

  • Blockchain and Related Technologies to Support Manufacturing Supply Chain Traceability: Needs and Industry Perspectives (NISTIR 8419) https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8419.pdf
  • NISTR/NCCoE published SP 800-40 Revision 4, Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology https://csrc.nist.gov/publications/detail/sp/800-40/rev-4/final
  • NISTR/NCCoE published SP 1800-31, Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways https://csrc.nist.gov/publications/detail/sp/1800-31/final

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:

  • IN-PERSON EVENT | Join NIST & RedHat on 4/20 for ‘Improving the Nation’s Cybersecurity - an Open Forum’ in Washington DC April 20 8:30 AM - 1:00 PM ET https://events.redhat.com/profile/form/index.cfm?PKformID=0x544826abcd

• General:

  • U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks https://www.nytimes.com/2022/04/06/us/politics/us-russia-malware-cyberattacks.html
  • US Disrupts Russian Botnet https://www.schneier.com/blog/archives/2022/04/us-disrupts-russian-botnet.html
  • The US is trying to fix medical devices' big cybersecurity problem https://www.theverge.com/2022/4/8/23016588/medical-device-cybersecurity-fda-congress-hacking
  • Meta Tries to Break the End-to-End Encryption Deadlock https://www.wired.com/story/meta-end-to-end-encryption-bsr-report
  • Google Play Store cracks down on outdated apps https://www.theverge.com/2022/4/7/23014518/google-play-store-cracks-down-on-outdated-apps
  • Zoom awarded $1.8 million in bug bounty rewards over 2021 https://www.zdnet.com/article/zoom-awards-1-8-million-in-bug-bounty-rewards-over-2021

• Methods, Techniques, Tools, and Products:

  • GitHub now scans for secret leaks in developer workflows https://www.zdnet.com/article/github-now-scans-for-secret-leaks-in-push-workflows
  • Developers Increasingly Prioritize Secure Coding https://www.darkreading.com/application-security/developers-increasingly-prioritize-secure-coding
  • Improving software supply chain security with tamper-proof builds https://security.googleblog.com/2022/04/improving-software-supply-chain.html
  • SOC for Supply Chain https://www.sans.org/blog/soc-for-supply-chain
  • When MFA fails, defense in depth is key https://www.theregister.com/2022/04/07/mfa_defense_in_depth/
  • MITRE Engenuity ATT&CK Tests https://www.trendmicro.com/en_us/research/22/d/mitre-engenuity-attack-tests.html
  • 10 top fuzzing tools: Finding the weirdest application errors https://www.csoonline.com/article/3487708/9-top-fuzzing-tools-finding-the-weirdest-application-errors.html
  • Google is adding a privacy settings walkthrough to Chrome https://www.theverge.com/2022/4/6/23013256/google-chrome-privacy-security-settings-guide-walkthrough-chrome
  • Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations https://www.microsoft.com/security/blog/2022/04/05/microsoft-365-defender-demonstrates-industry-leading-protection-in-the-2022-mitre-engenuity-attck-evaluations/
  • Microsoft Details New Security Features for Windows 11 https://www.darkreading.com/remote-workforce/microsoft-details-new-security-features-for-windows-11
  • Microsoft: Windows Autopatch steals the 'fun' from Patch Tuesdays https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-autopatch-steals-the-fun-from-patch-tuesdays/
  • New security features for Windows 11 will help protect hybrid work https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/
  • Raspberry Pi removes default user to hinder brute-force attacks https://www.bleepingcomputer.com/news/security/raspberry-pi-removes-default-user-to-hinder-brute-force-attacks/
  • Method For String Extraction Filtering, (Sat, Apr 9th) https://isc.sans.edu/diary/rss/28532
  • Welcoming the Serbian Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-serbian-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:

  • Europe Warned About Cyber Threat to Industrial Infrastructure https://www.securityweek.com/europe-warned-about-cyber-threat-industrial-infrastructure
  • SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/

• Zero-day news:

  • Zero days are for life, not just for Christmas. Here's how to deal with them https://www.theregister.com/2022/04/08/zero_days_are_for_life/

• Patching:

  • VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products https://thehackernews.com/2022/04/vmware-releases-critical-patches-for.html
  • GitLab issues critical update after hard-coding passwords into accounts https://www.databreaches.net/gitlab-issues-critical-update-after-hard-coding-passwords-into-accounts/
  • Zyxel Patches Critical Hijacking Vulnerability https://packetstormsecurity.com/news/view/33293/Zyxel-Patches-Critical-Hijacking-Vulnerability.html
  • 44 Vulnerabilities Patched in Android With April 2022 Security Updates https://www.securityweek.com/44-vulnerabilities-patched-android-april-2022-security-updates
  • Apple patched critical flaws in macOS Monterey but not in Big Sur nor Catalina https://www.theregister.com/2022/04/06/apple_patched_zerodays_in_macos/
  • Apple Leaves Big Sur, Catalina Exposed to Critical Flaws: Intego https://www.securityweek.com/intego-apple-leaves-big-sur-catalina-exposed-critical-flaws

• Other Vulnerabilities:

  • Linux Systems Are Becoming Bigger Targets https://www.darkreading.com/vulnerabilities-threats/linux-systems-are-becoming-bigger-targets
  • Vendors Assessing Impact of Spring4Shell Vulnerability https://www.securityweek.com/vendors-assessing-impact-spring4shell-vulnerability
  • VMware warns of critical remote code execution bug in Workspace ONE Access https://www.zdnet.com/article/vmware-warns-of-critical-remote-code-execution-bug-in-workspace-one-access
  • Wyze Camera Vulnerability https://www.schneier.com/blog/archives/2022/04/wyze-camera-vulnerability.html
  • WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers https://arstechnica.com/information-technology/2022/04/watchguard-failed-to-disclose-critical-flaw-exploited-by-russian-hackers/

• Research on new vulnerabilities:

  • An In-Depth Look at ICS Vulnerabilities Part 2 https://www.trendmicro.com/en_us/research/22/d/an-in-depth-look-at-ics-vulnerabilities-part-2.html
  • An In-Depth Look at ICS Vulnerabilities Part 3 https://www.trendmicro.com/en_us/research/22/d/an-in-depth-look-at-ics-vulnerabilities-part-3.html

• Cryptography and Cryptographic Research:

  • Refined Cryptanalysis of the GPRS Ciphers GEA-1 and GEA-2, by Dor Amzaleg and Itai Dinur https://eprint.iacr.org/2022/424
  • PQ-HPKE: Post-Quantum Hybrid Public Key Encryption, by Mila Anastasova and Panos Kampanakis and Jake Massimo https://eprint.iacr.org/2022/414
  • New Insights into Fully Homomorphic Encryption Libraries via Standardized Benchmarks, by Charles Gouert and Dimitris Mouris and Nektarios Georgios Tsoutsos https://eprint.iacr.org/2022/425

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • A Hacker Gang's Members Are In Jail. It's Still Stealing Data. https://packetstormsecurity.com/news/view/33290/A-Hacker-Gangs-Members-Are-In-Jail.-Its-Still-Stealing-Data..html
  • FIN7 hackers evolve operations with ransomware, novel backdoor https://www.zdnet.com/article/fin7-hackers-evolve-operations-with-ransomware-novel-backdoor
  • Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware https://thehackernews.com/2022/04/multiple-hacker-groups-capitalizing-on.html
  • Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info https://threatpost.com/attackers-whatsapp-voice-message/179244/
  • Cryptocurrency-mining AWS Lambda-specific malware spotted https://www.theregister.com/2022/04/07/aws_lambda_malware/
  • Android apps with 45 million installs used data harvesting SDK https://www.bleepingcomputer.com/news/security/android-apps-with-45-million-installs-used-data-harvesting-sdk/
  • Fake Android shopping apps steal bank account logins, 2FA codes https://www.zdnet.com/article/fake-android-shopping-apps-steal-bank-account-logins-2fa-codes
  • New Android banking malware remotely takes control of your device https://www.bleepingcomputer.com/news/security/new-android-banking-malware-remotely-takes-control-of-your-device/
  • Newly found Android malware records audio, tracks your location https://www.bleepingcomputer.com/news/security/newly-found-android-malware-records-audio-tracks-your-location/
  • New Meta information stealer distributed in malspam campaign https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/
  • Malicious web redirect service infects 16,500 sites to push malware https://www.bleepingcomputer.com/news/security/malicious-web-redirect-service-infects-16-500-sites-to-push-malware/
  • Text Spam Is on the Rise. Here's How to Spot It and What to Do https://www.nytimes.com/2022/04/06/technology/personaltech/text-scam-spam.html
  • Verizon Customers Are Receiving Spam Texts Sent From Their Own Numbers—Here's What To Know https://www.mentalfloss.com/posts/spam-texts-from-own-number
  • BlackCat Ransomware Targets Industrial Companies https://www.securityweek.com/blackcat-ransomware-targets-industrial-companies
  • Borat RAT Malware: A Unique Triple Threat That Is Far From Funny https://packetstormsecurity.com/news/view/33288/Borat-RAT-Malware-A-Unique-Triple-Threat-That-Is-Far-From-Funny.html
  • Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html
  • WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools, (Tue, Apr 5th) https://isc.sans.edu/diary/rss/28520

• Crime & Arrests, etc.:

  • Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin https://thehackernews.com/2022/04/germany-shuts-down-russian-hydra.html
  • Hydra: How German police dismantled Russian darknet site https://www.bbc.co.uk/news/technology-61002904
  • U.S. sanctions crypto-exchange Garantex for aiding Hydra Market https://www.bleepingcomputer.com/news/security/us-sanctions-crypto-exchange-garantex-for-aiding-hydra-market/
  • FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices https://thehackernews.com/2022/04/fbi-shut-down-russia-linked-cyclops.html
  • The Bitcoin Bust That Took Down the Web's Biggest Child Abuse Site https://www.wired.com/story/tracers-in-the-dark-welcome-to-video-crypto-anonymity-myth
  • Hackers Hijacked Crypto Wallets With Stolen MailChimp Data https://packetstormsecurity.com/news/view/33294/Hackers-Hijacked-Crypto-Wallets-With-Stolen-MailChimp-Data.html
  • Identify Fraud Skyrockets As Hackers Stick To Pre-Pandemic Techniques https://packetstormsecurity.com/news/view/33296/Identify-Fraud-Skyrockets-As-Hackers-Stick-To-Pre-Pandemic-Techniques.html
  • UK Charges Alleged Lapsus$ Gang Members With Hacking https://www.securityweek.com/uk-charges-alleged-lapsus-gang-members-hacking
  • US judge sentences men for $1.5 million Apple Gift Card scam https://www.zdnet.com/article/us-judge-sentences-men-for-1-5-million-apple-gift-card-scams
  • British embassy guard charged with spying for Russia https://www.bbc.co.uk/news/uk-61015772

• Nation State Actors:

  • How do China's cyber-spies snoop on governments, NGOs? Probably like this https://www.theregister.com/2022/04/07/china-espionage-campaign/
  • Researchers Trace Widespread Espionage Attacks Back to Chinese 'Cicada' Hackers https://thehackernews.com/2022/04/researchers-trace-widespread-espionage.html
  • Symantec: Chinese APT Group Targeting Global MSPs https://www.securityweek.com/symantec-chinese-apt-group-targeting-global-msps
  • APT10: These sneaky hackers hid inside their victims' networks for nine months https://www.databreaches.net/apt10-these-sneaky-hackers-hid-inside-their-victims-networks-for-nine-months/
  • Bearded Barbie hackers catfish high ranking Israeli officials https://www.bleepingcomputer.com/news/security/bearded-barbie-hackers-catfish-high-ranking-israeli-officials/
  • India Claims It Foiled Chinese Cyberattack on Disputed Border https://www.securityweek.com/india-claims-it-foiled-chinese-cyberattack-disputed-border
  • Other:
  • Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?, (Mon, Apr 4th) https://isc.sans.edu/diary/rss/28516
  • Scan This: There's Danger in QR Codes https://www.darkreading.com/omdia/scan-this-there-s-danger-in-qr-codes
  • Adobe Creative Cloud Experience makes it easier to run malware https://www.theregister.com/2022/04/07/adobe_cloud_malware/
  • The Original APT: Advanced Persistent Teenagers https://krebsonsecurity.com/2022/04/the-original-apt-advanced-persistent-teenagers/
  • Companies were slow to remove Russian spies' malware, so FBI did it for them https://arstechnica.com/information-technology/2022/04/fbi-accesses-us-servers-to-dismantle-botnet-malware-installed-by-russian-spies/
  • Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums https://thehackernews.com/2022/04/experts-shed-light-on-blackguard.html
  • Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems https://thehackernews.com/2022/04/researchers-uncover-how-colibri-malware.html

Other Security / Risk

Articles covering other types of risks.

• General:

  • The Blurring Line, and Growing Risk, Between Physical and Digital Supply Chains https://www.darkreading.com/risk/the-blurring-line-and-growing-risk-between-physical-and-digital-supply-chains
  • Will cloud computing be Canada's next big military procurement? Here's what to know https://globalnews.ca/news/8706412/canada-national-security-classified-cloud-services/
  • ‘Robot scientist' Eve finds that less than one third of scientific results are reproducible https://scienmag.com/robot-scientist-eve-finds-that-less-than-one-third-of-scientific-results-are-reproducible/
  • A Gentler, Better Way to Change Minds https://www.theatlantic.com/family/archive/2022/04/arguing-with-someone-different-values/629495/
  • Ontario government won't comment on progress of digital ID program https://toronto.ctvnews.ca/ontario-government-won-t-comment-on-progress-of-digital-id-program-1.5852732
  • Canadians are becoming more divided over COVID-19, politics: survey https://globalnews.ca/news/8733411/covid-politics-dividing-canadians-survey/

• Health:

  • A Shocking 99% of Us Are Now Breathing Unhealthy Air, WHO Warns https://www.sciencealert.com/a-shocking-99-of-us-are-now-breathing-unhealthy-air-who-warns
  • Bird flu outbreak: Can humans contract the virus? Expert weighs in https://globalnews.ca/news/8736753/bird-flu-explainer-ontario/
  • Over 5,000 Previously Unknown Viruses Have Been Discovered Lurking in The Oceans https://www.sciencealert.com/more-than-5-000-brand-new-viruses-have-been-discovered-lurking-in-the-oceans
  • Thousands of Ontario students behind on vaccines usually administered in schools https://toronto.ctvnews.ca/thousands-of-ontario-students-behind-on-vaccines-usually-administered-in-schools-1.5849427
  • COVID-19 rapid tests an imperfect and necessary tool in potential sixth wave, experts say https://globalnews.ca/news/8742204/covid-19-rapid-tests-sixth-wave/
  • Some Threats Just Keep Coming in Waves https://www.theatlantic.com/ideas/archive/2022/04/covid-omicron-ba2-surge-precautions/629500/
  • End of mask mandate in Ontario has fueled growing COVID-19 wave, provincial report suggests https://globalnews.ca/news/8749785/ontario-covid-cases-increase-lifting-masks/
  • Is It Time to Start Masking Again? https://www.theatlantic.com/health/archive/2022/04/omicron-ba2-surge-indoor-masking/629512/
  • Quebec extends mask mandate to end of April as province faces rising COVID-19 numbers https://globalnews.ca/news/8736157/quebec-covid19-masks-extension-april-5-2022/
  • Up to 120,000 daily COVID-19 cases in Ontario, science table director says https://globalnews.ca/news/8741308/ontario-sixth-wave-case-increase-100k/
  • Ontarians 60+ can book fourth COVID-19 vaccine doses Thursday https://toronto.ctvnews.ca/ontarians-60-can-book-fourth-covid-19-vaccine-doses-thursday-1.5851955
  • 6 cases of COVID-19 XE have been reported in Canada https://globalnews.ca/news/8742798/xe-variant-covid-19-health-canada/
  • What We Know about Omicron's BA.2 Variant So Far https://www.scientificamerican.com/article/what-we-know-about-omicrons-ba-2-variant-so-far1/
  • Vaccinated Canadians can have COVID-19 symptoms despite testing negative. Here's why https://globalnews.ca/news/8742842/vaccinated-canada-covid-19-omicron-rapid-test/
  • Around 2,000 Toronto-area health-care workers off job due to COVID-19 https://toronto.ctvnews.ca/around-2-000-toronto-area-health-care-workers-off-job-due-to-covid-19-1.5854942
  • Even Mild Cases of COVID Can Lead to a 40 Percent Greater Risk of Diabetes https://www.mentalfloss.com/posts/COVID-patients-higher-diabetes-risk
  • Can A.I.-Driven Voice Analysis Help Identify Mental Disorders? https://www.nytimes.com/2022/04/05/technology/ai-voice-analysis-mental-health.html

• Safety:

  • Kinder chocolates recalled due to possible salmonella contamination https://globalnews.ca/news/8742291/kinder-chocolates-recall-salmonella-contamination/
  • Manitoba issues flood watch for the Red River valley https://globalnews.ca/news/8735058/manitoba-flood-watch-red-river-valley-april-4-2022/
  • 2-year-old accidentally shoots, kills 4-year-old sister at Pennsylvania gas station https://globalnews.ca/news/8739302/toddler-accidentally-shoots-kills-4-year-old-sister/
  • A ‘Breaking Bad' character made poison. A biomed engineer was inspired. https://www.washingtonpost.com/nation/2022/04/05/breaking-bad-ricin/
  • Biting 'unruly passengers' hit with largest-ever US fines https://www.bbc.co.uk/news/world-us-canada-61047164
  • The FAA is proposing record fines of $81,950 and $77,272 to passengers who it says tried to open cabin doors and bite fellow passengers https://www.businessinsider.com/faa-proposes-record-fines-for-two-unruly-airplane-passengers-2022-4
  • Space Force is Releasing Decades of Tracking Data on a Thousand Bright Meteor Fireballs https://www.universetoday.com/155380/space-force-is-releasing-decades-of-tracking-data-on-a-thousand-bright-meteor-fireballs/
  • India's Inadvertent Missile Launch Underscores the Risk of Accidental Nuclear Warfare https://www.scientificamerican.com/article/indias-inadvertent-missile-launch-underscores-the-risk-of-accidental-nuclear-warfare/
  • Author of ‘How to Murder Your Husband' now on trial for husband's murder https://globalnews.ca/news/8737819/how-to-murder-your-husband-nancy-crampton-brophy-trial/

• Environment:

  • Record amount of methane added to atmosphere last year https://www.cbc.ca/news/science/methane-record-1.6413037
  • The 1.5-Degree Goal Is All But Dead https://www.theatlantic.com/science/archive/2022/04/un-ipcc-1-5-degree-report-global-warming/629486/
  • The US And EU Have Unsustainably Plundered Natural Resources For Decades, Study Shows https://www.sciencealert.com/the-us-and-eu-have-unsustainably-plundered-natural-resources-for-decades-study-shows
  • A wind farm company admitted killing 150 eagles in the US and was fined $8 million. Almost all died from being hit by the blades. https://www.businessinsider.com/wind-farm-company-admits-150-eagle-deaths-fined-8-million-2022-4
  • N.L. government lifts 15-year ban on onshore wind farms https://www.cbc.ca/news/canada/newfoundland-labrador/nl-wind-moratorium-lifts-1.6409296
  • Carbon Removal 'Unavoidable' as Climate Dangers Grow, New IPCC Report Says https://www.scientificamerican.com/article/carbon-removal-unavoidable-as-climate-dangers-grow-new-ipcc-report-says/
  • Stanford engineers point the way to more affordable, sustainable urban neighborhoods https://scienmag.com/stanford-engineers-point-the-way-to-more-affordable-sustainable-urban-neighborhoods/
  • Billions of Genetically Modified Mosquitoes Are Set to Descend on California and Florida This Summer https://www.mentalfloss.com/posts/genetically-modified-mosquitoes-california

• Disinformation and misinformation

  • Disinformation Is the Story of Our Age https://www.theatlantic.com/newsletters/archive/2022/04/jeffrey-goldberg-disinformation-democracy-threat/629487/
  • We're All Being Manipulated the Same Way https://www.theatlantic.com/ideas/archive/2022/04/maria-ressa-disinformation-manipulation/629483/
  • Economy:
  • Canada's treasury ‘depleted' as budget weans COVID spending, eyes uncertainty https://globalnews.ca/news/8743660/canada-budget-2022-covid-recovery/
  • I Tried to Put Russia on Another Path https://www.theatlantic.com/ideas/archive/2022/04/bill-clinton-nato-expansion-ukraine/629499/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:

  • Kramatorsk station attack: What we know so far https://www.bbc.co.uk/news/world-europe-61036740
  • New York Times' analysis of satellite images pokes holes in Russia's denials about civilian bodies found in Bucha https://www.businessinsider.com/nyt-satellite-images-refute-russias-denials-about-civilian-bodies-bucha-2022-4
  • Russia carried out extrajudicial civilian killings in Ukraine, Amnesty International says https://globalnews.ca/news/8742430/russia-ukraine-war-extrajudicial-civilian-killings-amnesty-international/
  • Germany intercepted conversations of Russian soldiers discussing Bucha killings, contradicting Kremlin claims of a hoax, report says https://www.businessinsider.com/germany-intercepts-russia-troops-discussing-bucha-killings-report-2022-4
  • How Explosions Actually Kill https://www.wired.com/story/russia-ukraine-blast-trauma
  • NATO is using its 'eyes in the sky' to keep Europe out of Russia's war on Ukraine https://www.businessinsider.com/nato-awacs-keep-europe-out-of-russia-ukraine-war-2022-4
  • Will Russia Use Chemical Weapons in Ukraine? Researchers Evaluate the Risks https://www.scientificamerican.com/article/will-russia-use-chemical-weapons-in-ukraine-researchers-evaluate-the-risks/

• Reaction and response:

  • UN votes Russia out of human rights council citing Bucha killings https://globalnews.ca/news/8742672/un-votes-russia-out-of-human-rights-council-citing-bucha-killings/
  • Vladimir Putin should face war crimes trial for Bucha massacre, Biden says https://globalnews.ca/news/8733566/vladimir-putin-war-crime-trial-bucha-joe-biden/
  • Intel suspends all operations in Russia “effective immediately” https://arstechnica.com/tech-policy/2022/04/intel-suspends-business-operations-in-russia-over-ukraine-war/
  • Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine https://thehackernews.com/2022/04/microsoft-obtains-court-order-to-take.html
  • Microsoft seized Russian domains targeting Ukrainian media organizations https://www.theverge.com/2022/4/9/23018258/microsoft-control-russian-domains-ukraine-war-cyberattack-fancy-bear-apt28-strontium
  • Microsoft takes down APT28 domains used in attacks against Ukraine https://www.bleepingcomputer.com/news/microsoft/microsoft-takes-down-apt28-domains-used-in-attacks-against-ukraine/
  • Oil giant Shell is writing off up to $5 billion in assets after it pulled its Russian operations https://www.businessinsider.com/shell-oil-natural-gas-putin-russia-energy-ukraine-assets-operations-2022-4
  • Pink Floyd releases first new song in nearly three decades for Ukraine https://www.washingtonpost.com/nation/2022/04/08/pink-floyd-ukraine-single/
  • Holland America will use one of its cruise ships to house 1,500 Ukrainian refugees — see inside the vessel https://www.businessinsider.com/photos-holland-americas-cruise-ship-to-house-1500-ukrainian-refugees-2022-4
  • Bilingual English-Ukrainian schools in Manitoba prepare for refugee students https://globalnews.ca/news/8745902/bilingual-english-ukrainian-schools-manitoba-refugee-students/
  • Ontario announces supports for Ukrainian refugees who come to the province https://globalnews.ca/news/8739457/ontario-ukrainian-refugee-supports/
  • Ukrainians begin to settle in Canada as Russia's war continues: ‘More comfortable here' https://globalnews.ca/news/8732342/ukrainian-refugees-canada-russia-invasion/
  • U.S. should expand presence in east Europe as Ukraine war could last years, general says https://globalnews.ca/news/8739278/u-s-more-troops-east-europe-ukraine-russia-war/
  • A Neutral Ukraine Is a Dangerous Idea Fraught with Risks https://www.theatlantic.com/ideas/archive/2022/04/ukraine-neutrality-peace-agreement-finland/629473/

• Sanctions & economic Impact:

  • Over 60% of Putin's war chest frozen - UK https://www.bbc.co.uk/news/uk-60997622
  • Sanctions over Ukraine are starting to ‘shrink' Russia's economy. Here's how https://globalnews.ca/news/8747616/western-sanctions-russia-economy-ukraine/
  • The US blocks Russia from making a $600 million bond payment as it ramps up the pressure on Moscow https://markets.businessinsider.com/news/bonds/russia-bond-debt-payment-blocked-us-treasury-default-risk-sanctions-2022-4
  • A 'nightmare' Russian debt default is now very likely after the US blocked payments, BlueBay strategist says https://markets.businessinsider.com/news/bonds/russian-debt-default-likely-us-treasury-blocks-bond-payment-sanctions-2022-4
  • Russia's move to pay for bonds in rubles may cause default https://globalnews.ca/news/8740126/russia-pay-bonds-rubles-debt-default/
  • EU targets Russian coal and ships in new sanctions https://www.bbc.co.uk/news/world-europe-60993645
  • Here's what happens if Europe sanctions Russian oil https://globalnews.ca/news/8739201/europe-sanctions-russian-oil/
  • Ukraine calls on EU to impose full energy embargo on Russia https://globalnews.ca/news/8742342/ukraine-eu-full-energy-embargo-russia/
  • US Senate, House Strip Russia of ‘Most-Favored-Nation' Trade Status, Ban Russian Oil Imports https://www.pymnts.com/news/regulation/2022/us-senate-house-strip-russia-of-most-favored-nation-trade-status-ban-russian-oil-imports/
  • The war in Ukraine is sending fertilizer prices through the roof. That could spark food shortages in countries already struggling with widespread hunger. https://www.businessinsider.com/fertilizer-prices-threaten-widespread-hunger-higher-inflation-ukraine-russia-war-2022-4
  • U.S. restricts Russian access to fertilizer, valves as it broadens export curbs https://globalnews.ca/news/8747068/united-states-russia-fertilizer-valves-export/
  • US charges Russian oligarch who called the war on Ukraine a 'holy war' against 'pagans' with violating sanctions — the first indictment of its kind since the invasion began https://www.businessinsider.com/us-charges-russian-oligarch-konstantin-malofeyev-violating-sanctions-ukraine-2022-4
  • China is buying Russian energy with its own currency, marking the first commodities paid for in yuan since Western sanctions hit Moscow https://markets.businessinsider.com/news/commodities/dollar-vs-yuan-china-buys-russian-oil-coal-ukraine-sanctions-2022-4
  • China could face sanctions if it supports Russia's war in Ukraine, U.S. says https://globalnews.ca/news/8740276/china-russia-potential-sanctions-ukraine-war-us/
  • Information, Disinformation, and Propaganda:
  • Cyberwar: Are attacks by Russian hackers still covered by cyber insurance? Germany's perspective (for now) https://www.databreaches.net/cyberwar-are-attacks-by-russian-hackers-still-covered-by-cyber-insurance-germanys-perspective-for-now/
  • Mystery of alleged Chinese hack on eve of Ukraine invasion https://www.bbc.co.uk/news/technology-60983346
  • RiskIQ Threat Intelligence Roundup: Trickbot, Magecart, and More Fake Sites Targeting Ukraine https://www.riskiq.com/blog/external-threat-management/trickbot-magecart-fake-sites/
  • Ukraine spots Russian-linked 'Armageddon' phishing attacks https://www.bleepingcomputer.com/news/security/ukraine-spots-russian-linked-armageddon-phishing-attacks/
  • Hackers use Conti's leaked ransomware to attack Russian companies https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
  • Russians bypass website blocks to access Western news sources https://www.bleepingcomputer.com/news/technology/russians-bypass-website-blocks-to-access-western-news-sources/

• Cyber-attacks and the potential for cyber-war:

  • Ukraine Warns of Cyber attack Aiming to Hack Users' Telegram Messenger Accounts https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:

  • Lost Women of Science Podcast, Season 2, Episode 2: Women Needed https://www.scientificamerican.com/article/lost-women-of-science-podcast-season-2-episode-two-women-needed/
  • Engineered crystals could help computers run on less power https://scienmag.com/engineered-crystals-could-help-computers-run-on-less-power/
  • What's softer than cashmere and warmer than down? Kuujjuaq students spin muskox qiviut into yarn https://www.cbc.ca/news/canada/north/muskox-wool-qiviut-yarn-workshop-1.6409211
  • The Secret of The Pyramids' Perfect Alignment Might Be Explained After All https://www.sciencealert.com/the-secret-of-the-pyramids-perfect-alignment-might-be-explained-after-all

• Other:

  • Mental Floss Presents: Titanic Timeline https://www.mentalfloss.com/posts/titanic-timeline-voyage-sinking-movie
  • 12 Artifacts Brought Up From the 'Titanic' https://www.mentalfloss.com/posts/titanic-shipwreck-recovered-artifacts
  • Old shipwreck in Niagara River pushed closer to brink of falls after storm https://toronto.ctvnews.ca/old-shipwreck-in-niagara-river-pushed-closer-to-brink-of-falls-after-storm-1.5852932
  • Summerlicious to return to Toronto in August https://toronto.ctvnews.ca/summerlicious-to-return-to-toronto-in-august-1.5856160
  • According to Perseverance, Mars is Quiet… too Quiet https://www.universetoday.com/155294/according-to-perseverance-mars-is-quiet-too-quiet/
  • Digging Through Kepler Data Turns Up a Near Twin of Jupiter https://www.universetoday.com/155318/digging-through-kepler-data-turns-up-a-near-twin-of-jupiter/
  • If Aliens Were Sending us Signals, This is What They Might Look Like https://www.universetoday.com/155173/if-aliens-were-sending-us-signals-this-is-what-they-might-look-like/