Welcome to This Week’s [in]Security. PCI and payments: PCI related: New breaches: disclosures, source code, Queen's University, McDonalds. New Ransomware: persistence, Zenga, Snap-On Tools, Nordex. Follow-ups & Fall-out: GitHub oauth, T-Mobile, Rideau Hall, hospital lawsuits. Privacy: Webex, De-anonymizing Bitcoin, Data brokers. Laws & Regs - Canada: Harms, Online News. US: Facial Recognition. Defense - Training & events: PCI, IEEE, NICE. FSP, Certs. Tools: SLSA, Autopatch, Purple. Vulnerabilities, Advisories: CISA. Zerodays: Microsoft, Nginx. Patching: Chrome, Vmware, Cisco, Windows, Struts. Other: 80%, ICS, Cloud, NFT. Vulnerability research: FrozenHeart/Zero Knowledge, Hospital bots. Crypto-research: QIST & quantum attacks. Cybercrime: Trends: payment apps, customer support, fake jobs, botnets, text scams. Crime & Enforcement: Ottawa, RaidForums, unethical. Nation States and mercenaries. Other. Other Risks: General: Trusting AI, Governance, Self-drive & cops, Snake -oil. Health, Safety, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Related:

  • At a Glance: PCI DSS v4.0 https://blog.pcisecuritystandards.org/at-a-glance-pci-dss-v4-0
  • The Threat of Ransomware Attacks https://blog.pcisecuritystandards.org/the-threat-of-ransomware-attacks-2022
  • PCI DSS 4.0 And The Need For Continuous Data-centric Security https://www.datex.ca/blog/pci-dss-4.0-and-the-need-for-continuous-data-centric-security

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Breach Disclosure Blow-by-Blow: Here's Why It's so Hard https://www.troyhunt.com/breach-disclosure-blow-by-blow-heres-why-its-so-hard/
  • The Tricky Aftermath of Source Code Leaks https://www.wired.com/story/source-code-leak-dangers
  • Ca: University Life Sciences students facing mass data breach Life Sciences students facing mass data breach https://www.databreaches.net/ca-university-life-sciences-students-facing-mass-data-breach-life-sciences-students-facing-mass-data-breach/
  • McDonald's is Informing its Costa Rica Customers About a Data Breach https://www.databreaches.net/mcdonalds-is-informing-its-costa-rica-customers-about-a-data-breach/
  • MS Teams users at Army Futures Command potentially exposed private info https://www.databreaches.net/ms-teams-users-at-army-futures-command-potentially-exposed-private-info/
  • CitySprint confirms security breach involving iFleet System, warns delivery drivers their personal data may be in the hands of hackers https://www.databreaches.net/citysprint-confirms-security-breach-involing-ifleet-system-warns-delivery-drivers-their-personal-data-may-be-in-the-hands-of-hackers/
  • 500,000 Impacted by Email Breach at Illinois Healthcare Firm https://www.securityweek.com/500000-impacted-email-breach-illinois-healthcare-firm
  • Newman Regional Health notifies 52,224 patients after long-running breach of employee email accounts https://www.databreaches.net/newman-regional-health-notifies-52224-patients-after-long-running-breach-of-employee-email-accounts/
  • Update to Christie Clinics breach disclosure https://www.databreaches.net/update-to-christie-clinics-breach-disclosure/
  • Massive data leak of devotees from Meenakshi temple, admin claims technical glitch https://www.databreaches.net/massive-data-leak-of-devotees-from-meenakshi-temple-admin-claims-technical-glitch/

• New Ransomware and "Incidents":

  • Don't let ransomware crooks spend months in your network – like this govt agency did https://www.theregister.com/2022/04/14/ransomware_gang_network/
  • Luxury fashion house Zegna confirms August ransomware attack https://www.bleepingcomputer.com/news/security/luxury-fashion-house-zegna-confirms-august-ransomware-attack/
  • Snap-on Tools Hit by Cyberattack Claimed by Conti Ransomware Gang https://www.securityweek.com/high-end-tools-manufacturer-snap-discloses-data-breach
  • Wind turbine firm Nordex hit by Conti ransomware attack https://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/
  • AlphaV claims attack on Florida International University (updated) https://www.databreaches.net/alphav-claims-attack-on-florida-international-university/
  • At small and rural hospitals, ransomware attacks are causing unprecedented crises https://www.databreaches.net/at-small-and-rural-hospitals-ransomware-attacks-are-causing-unprecedented-crises/

• Follow-ups and fall-out:

  • GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html
  • T-Mobile Secretly Bought Its Customer Data From Hackers To Stop Leak. It Failed https://packetstormsecurity.com/news/view/33319/T-Mobile-Secretly-Bought-Its-Customer-Data-From-Hackers-To-Stop-Leak.-It-Failed.html
  • Cyberbreach at Rideau Hall was 'sophisticated' intrusion, internal documents reveal https://www.cbc.ca/news/politics/privacy-breach-rideau-hall-sophisticated-1.6422070
  • Avvo - 4,101,101 breached accounts https://haveibeenpwned.com/PwnedWebsites#Avvo
  • Hetzner lost customer data and gave 20€ as compensation https://www.databreaches.net/hetzner-lost-customer-data-and-gave-20e-as-compensation/
  • Patients increasingly suing hospitals over data breaches https://www.databreaches.net/patients-increasingly-suing-hospitals-over-data-breaches/

Privacy

Articles about privacy related news, risks, and trends.

• Cisco's Webex app phoned home audio telemetry even when muted https://www.theregister.com/2022/04/14/muting_ciscos_webex_app_doesnt/
• De-anonymizing Bitcoin https://www.schneier.com/blog/archives/2022/04/de-anonymizing-bitcoin.html
• Did Student-Monitoring Software Accuse You of Cheating on a Test? https://www.nytimes.com/2022/04/14/technology/student-cheating-software.html
• John Oliver on Data Brokers https://www.schneier.com/blog/archives/2022/04/john-oliver-on-data-brokers.html
• CNET: Your Social Security Number: When Is It OK to Give It Out? https://epic.org/cnet-your-social-security-number-when-is-it-ok-to-give-it-out/
• EPIC Urges Department of Transportation to Prioritize Privacy in Development of New Technologies https://epic.org/epic-urges-department-of-transportation-to-prioritize-privacy-in-development-of-new-technologies/
• What Do You Mean My Email Isn't Free? https://blog.isc2.org/isc2_blog/2022/04/email-isnt-free.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Harm from Budget 2022's Hidden Copyright Term Extension, Part One: Entry to Public Domain of Canadian Authors Lost for a Generation https://www.michaelgeist.ca/2022/04/the-harm-from-budget-2022s-hidden-copyright-term-extension-part-one-entry-to-public-domain-of-canadian-authors-lost-for-a-generation/
  • The Law Bytes Podcast, Episode 125: Sue Gardner on Journalism, the Internet Platforms, and the Online News Act https://www.michaelgeist.ca/2022/04/law-bytes-podcast-episode-125/
  • Spiking Op-Eds: How the Government's Online News Act is Already Leading to Media Self-Censorship https://www.michaelgeist.ca/2022/04/spiking-op-eds-how-the-governments-online-news-act-is-already-leading-to-media-self-censorship/

• US:

  • House Panels Probe Gov't Use of Facial Recognition Software https://www.securityweek.com/house-panels-probe-govt-use-facial-recognition-software
  • Microsoft's tactics to win cloud battle lead to new antitrust scrutiny https://arstechnica.com/tech-policy/2022/04/microsofts-tactics-to-win-cloud-battle-lead-to-new-antitrust-scrutiny/
  • EPIC Urges Illinois Supreme Court to Uphold Illinois Residents' Biometric Privacy Rights https://epic.org/epic-urges-illinois-supreme-court-to-uphold-illinois-residents-biometric-privacy-rights/
  • EFF and Partners to Ninth Circuit Court of Appeals: Retaliatory Investigation of Twitter Chills First Amendment Rights https://www.eff.org/deeplinks/2022/04/eff-and-partners-ninth-circuit-court-appeals-retaliatory-investigation-twitter
  • Google Sues Scammer for Running 'Puppy Fraud Scheme' Website https://thehackernews.com/2022/04/google-sues-scammer-for-running-puppy.html

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:

  • PCI DSS v4.0 Global Symposium - on demand June 21 through August 30 https://events.pcisecuritystandards.org/pcidss4-0-global-symposium
  • 29th IEEE Software Technology Conference (STC) - October 3-6 Call for Papers, Presentations and Tutorials https://ieee-stc.org/
  • Call for Speaker Proposals: 2022 NICE K12 Cybersecurity Education Conference - December 5-6 in St. Louis https://content.govdelivery.com/accounts/USNIST/bulletins/312a50d
  • Federation of Security Professionals (FSP) spring seminar Fri, May 27 12:00 PM – 5:00 PM EDT https://www.eventbrite.ca/e/federation-of-security-professionals-virtual-event-2022-tickets-261170898187
  • SECURE London stokes debate on the future of the cybersecurity workforce https://blog.isc2.org/isc2_blog/2022/04/secure-london-stokes-debate-on-the-future-of-the-cybersecurity-workforce.html
  • An impressive mapping of IT security certifications to domains https://pauljerimy.com/security-certification-roadmap/

• Methods, Techniques, Tools, and Products:

  • Fish sticks and diamonds: How Russia's invasion of Ukraine is supercharging the push for supply-chain traceability as a major loophole reveals flaws in sanctions https://www.businessinsider.com/russian-seafood-diamond-sanctions-prompt-supply-chain-traceability-ethics-2022-4
  • How to SLSA (Supply-chain Levels for Software Artifacts) Part 1 - The Basics https://security.googleblog.com/2022/04/how-to-slsa-part-1-basics.html
  • How to SLSA Part 2 - The Details https://security.googleblog.com/2022/04/how-to-slsa-part-2-details.html
  • How to SLSA Part 3 - Putting it all together https://security.googleblog.com/2022/04/how-to-slsa-part-3-putting-it-all.html
  • OpenSSH Moves to Prevent 'Capture Now, Decrypt Later' Attacks https://www.securityweek.com/openssh-moves-prevent-capture-now-decrypt-later-attacks
  • Microsoft's New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date https://thehackernews.com/2022/04/microsofts-new-autopatch-feature-to.html
  • A clearer lens on Zero Trust security strategy: Part 1 https://www.microsoft.com/security/blog/2022/04/14/a-clearer-lens-on-zero-trust-security-strategy-part-1/
  • Building an Internal Red Team? Go Purple First https://www.sans.org/blog/building-internal-red-team-go-purple-first
  • Think Like a Criminal: Knowing Popular Attack Techniques to Stop Bad Actors Faster https://www.securityweek.com/think-criminal-knowing-popular-attack-techniques-stop-bad-actors-faster
  • DuckDuckGo's Privacy Browser Finally Lands on Desktop https://www.wired.com/story/duckduckgo-browser-mac-app
  • Your Data Is Everywhere: Here Are The Critical Capabilities Of A Modern Data Loss Prevention (DLP) https://cloudsecurityalliance.org/blog/2022/03/21/your-data-is-everywhere-here-are-the-critical-capabilities-of-a-modern-data-loss-prevention-dlp
  • Let's Encrypt Wins Levchin Prize For Work On Internet Security https://www.eff.org/press/releases/lets-encrypt-wins-levchin-prize-work-internet-security
  • Welcoming the North Macedonian Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-north-macedonian-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:

  • CISA orders agencies to fix actively exploited VMware, Chrome bugs https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-fix-actively-exploited-vmware-chrome-bugs/
  • CISA warns orgs to patch actively exploited Windows LPE bug https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-to-patch-actively-exploited-windows-lpe-bug/
  • CISA Tells Orgs to Patch WatchGuard Flaw Exploited for Months Before Disclosure https://www.securityweek.com/cisa-tells-orgs-patch-watchguard-flaw-exploited-months-disclosure

• Zero-day news:

  • Can we solve the zero-day threat once and for all? No, but here's what we can do https://www.theregister.com/2022/04/12/can_we_solve_the_zero/
  • Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html
  • Microsoft Zero-Days, Wormable Bugs Spark Concern https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/
  • NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation https://thehackernews.com/2022/04/nginx-shares-mitigations-for-zero-day.html

• Patching:

  • Google issues third emergency fix for Chrome this year https://www.theregister.com/2022/04/15/google-third-fix-chrome-vulnerability/
  • Hackers exploit critical VMware CVE-2022-22954 bug, patch now https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-cve-2022-22954-bug-patch-now/
  • Cisco Patches Critical Vulnerability in Wireless LAN Controller that allows attackers to craft their own login credentials https://www.securityweek.com/cisco-patches-critical-vulnerability-wireless-lan-controller and https://www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-hackers-craft-their-own-login-credentials/
  • Critical Windows RPC CVE-2022-26809 flaw raises concerns — Patch now https://www.bleepingcomputer.com/news/microsoft/critical-windows-rpc-cve-2022-26809-flaw-raises-concerns-patch-now/
  • Git for Windows issues update to fix running-someone-else's-code vuln https://www.theregister.com/2022/04/13/git_vuln/
  • Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now https://www.bleepingcomputer.com/news/security/critical-apache-struts-rce-vulnerability-wasnt-fully-fixed-patch-now/
  • Microsoft Patch Tuesday, April 2022 Edition https://krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/

• Other Vulnerabilities:

  • 80% of Software Codebases Contain at Least One Vulnerability https://www.darkreading.com/application-security/80-of-software-codebases-contain-at-least-one-vulnerability
  • Industrial Control System Malware Discovered https://www.schneier.com/blog/archives/2022/04/industrial-control-system-malware-discovered.html
  • Finding Attack Paths in Cloud Environments https://thehackernews.com/2022/04/finding-attack-paths-in-cloud.html
  • Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html
  • VMware Confirms Workspace One Exploits in the Wild https://www.securityweek.com/vmware-confirms-workspace-one-exploits-wild
  • Rarible NFT Marketplace Flaw Could've Let Attackers Hijack Crypto Wallets https://thehackernews.com/2022/04/rarible-nft-marketplace-flaw-couldve.html

• Research on new vulnerabilities:

  • Coordinated disclosure of vulnerabilities affecting Girault, Bulletproofs, and PlonK - FoRging Of ZEro kNowledge proofs (FrozenHeart) https://blog.trailofbits.com/2022/04/13/part-1-coordinated-disclosure-of-vulnerabilities-affecting-girault-bulletproofs-and-plonk/
  • The Frozen Heart vulnerability in Girault's proof of knowledge https://blog.trailofbits.com/2022/04/14/the-frozen-heart-vulnerability-in-giraults-proof-of-knowledge/
  • ‘JekyllBot:5' Vulnerabilities Allow Remote Hacking of Hospital Robots https://www.databreaches.net/jekyllbot5-vulnerabilities-allow-remote-hacking-of-hospital-robots/

• Cryptography and Cryptographic Research:

  • Cybersecurity Considerations for The Quantum Information Science Technology (QIST) Workforce April 20, 2022 | 2:00-3:00 PM ET https://content.govdelivery.com/accounts/USNIST/bulletins/3134a93
  • Quantum Attacks on PRFs Based on Public Random Permutations, by Tingting Guo and Peng Wang and Lei Hu and Dingfeng Ye https://eprint.iacr.org/2022/442
  • Improving Differential-Neural Distinguisher Model For DES, Chaskey and PRESENT, by Liu Zhang and Zilong Wang https://eprint.iacr.org/2022/457
  • On End-to-End Encryption, by Britta Hale and Chelsea Komlo https://eprint.iacr.org/2022/449

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware https://thehackernews.com/2022/04/us-warns-of-apt-hackers-targeting.html
  • FBI: Payment app users targeted in social engineering attacks https://www.bleepingcomputer.com/news/security/fbi-payment-app-users-targeted-in-social-engineering-attacks/
  • African banks heavily targeted in RemcosRAT malware campaigns https://www.bleepingcomputer.com/news/security/african-banks-heavily-targeted-in-remcosrat-malware-campaigns/
  • Android banking malware intercepts calls to customer support https://www.bleepingcomputer.com/news/security/android-banking-malware-intercepts-calls-to-customer-support/
  • Lazarus Targets Chemical Sector With 'Dream Jobs,' Then Trojans https://www.darkreading.com/attacks-breaches/lazarus-targets-chemical-sector-with-dream-jobs-then-trojans
  • These hackers pretend to poach, recruit rival bank staff in new cyberattacks https://www.zdnet.com/article/these-hackers-pretend-to-poach-recruit-rival-bank-staff-in-new-cyberattacks
  • Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free https://thehackernews.com/2022/04/haskers-gang-gives-away-zingostealer.html
  • Apple's still not catching scammy apps, and this time they're on the Mac https://www.theverge.com/2022/4/15/23027363/apple-scammy-apps-mac-app-store-moderation
  • Windows 11 tool to add Google Play secretly installed malware https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/
  • Enemybot botnet uses Gafgyt source code with a sprinkling of Mirai https://www.theregister.com/2022/04/13/enemy-botnet-uses-gafgyt-mirai/
  • New EnemyBot DDoS botnet recruits routers and IoTs into its army https://www.bleepingcomputer.com/news/security/new-enemybot-ddos-botnet-recruits-routers-and-iots-into-its-army/
  • New Fodcha DDoS botnet targets over 100 victims every day https://www.bleepingcomputer.com/news/security/new-fodcha-ddos-botnet-targets-over-100-victims-every-day/
  • Internet Crime Center Issues Warning About New Texting Scam https://www.pymnts.com/news/security-and-risk/2022/internet-crime-center-issues-warning-about-new-texting-scam/

• Crime & Arrests, etc.:

  • Capital city defrauded out of more than half a million dollars, police investigating https://globalnews.ca/news/8761821/ottawa-defrauded-half-a-million-police-investigation/
  • Feds Shut Down RaidForums Hacking Marketplace https://threatpost.com/shut-down-raidforums-hacking-marketplace/179279/
  • Ethereum dev imprisoned for helping North Korea evade sanctions https://www.bleepingcomputer.com/news/security/ethereum-dev-imprisoned-for-helping-north-korea-evade-sanctions/
  • Cops: ‘Ethical Hacker' Was Anything But https://www.databreaches.net/cops-ethical-hacker-was-anything-but/
  • Ph: NBI raids house of ex-Smartmatic employee tagged in ‘data breach' https://www.databreaches.net/ph-nbi-raids-house-of-ex-smartmatic-employee-tagged-in-data-breach/
  • Montgomery County and Florida Women Convicted of Hacking One's Former Employer and Attempting to Extort Them https://www.databreaches.net/montgomery-county-and-florida-women-convicted-of-hacking-ones-former-employer-and-attempting-to-extort-them/
  • Star loses $500,000 NFT after crooks exploit Rarible market https://www.theregister.com/2022/04/15/rarible-flaw-nft/

• Nation State Actors:

  • Feds: APTs Have Tools That Can Take Over Critical Infrastructure https://threatpost.com/feds-apts-critical-infrastructure/179291/
  • Feds Uncover a ‘Swiss Army Knife' for Hacking Industrial Systems https://www.wired.com/story/pipedream-ics-malware and https://arstechnica.com/information-technology/2022/04/us-uncovers-swiss-army-knife-for-hacking-industrial-control-systems/
  • Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities https://www.securityweek.com/russia-linked-pipedreamincontroller-ics-malware-designed-target-energy-facilities
  • US blames North Korean hacker group for $625 million Axie Infinity theft https://www.theverge.com/2022/4/14/23025739/north-korean-hacker-lazarus-axie-infinity-cryptocurrency-hack-theft-us-blames
  • Microsoft details how China-linked crew's malware hides scheduled Windows tasks https://www.theregister.com/2022/04/14/microsoft-tarrask-malware-in-windows/
  • FBI links largest crypto hack ever to Lazarus state hackers https://www.bleepingcomputer.com/news/security/fbi-links-largest-crypto-hack-ever-to-lazarus-state-hackers/
  • Other:
  • Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/
  • Microsoft disrupts Zloader malware in global operation https://www.bleepingcomputer.com/news/security/microsoft-disrupts-zloader-malware-in-global-operation/
  • Google Play pulls sneaky data-harvesting apps with 46m+ downloads https://www.theregister.com/2022/04/11/in_brief_security/

Other Security / Risk

Articles covering other types of risks.

• General:

  • A.I. Is Mastering Language. Should We Trust What It Says? https://www.nytimes.com/2022/04/15/magazine/ai-language.html
  • Only half of organizations reviewed security policies due to the pandemic: Study https://www.zdnet.com/article/only-half-of-organizations-reviewed-security-policies-due-to-the-pandemic-study
  • Self-driving car stopped by San Francisco police https://www.bbc.com/news/technology-61080666
  • Snake Oilers: Vectra, Google Security and SecureStack https://risky.biz/snakeoilers15pt2
  • China Covid: Clashes in Shanghai over lockdown evictions https://www.bbc.co.uk/news/world-asia-china-61117528
  • E-transfers disappearing from some RBC accounts https://bc.ctvnews.ca/missing-e-transfers-being-returned-to-customers-accounts-royal-bank-says-1.5863642
  • 'Oh no.' The teen behind the popular Twitter account that tracks Elon Musk's private jet reacts to the billionaire's proposal to buy the company. https://www.businessinsider.com/elon-musk-twitter-private-jet-tracking-teen-reacts-jack-sweeney-2022-4
  • Tunnelling begins on Eglinton Crosstown West Extension https://toronto.ctvnews.ca/tunnelling-begins-on-eglinton-crosstown-west-extension-1.5858394
  • The USS Sullivans at Buffalo’s Naval Park took on water and partially sunk https://www.irishecho.com/2022/4/uss-the-sullivans-taking-on-water

• Health:

  • Two Long Years https://www.theatlantic.com/health/archive/2022/04/covid-anniversary-2022-new-normal/629430/
  • Ford open to extending mask mandate for high-risk settings, advises people to ‘be cautious' over long weekend https://toronto.ctvnews.ca/ford-open-to-extending-mask-mandate-for-high-risk-settings-advises-people-to-be-cautious-over-long-weekend-1.5862370
  • Have We Already Ruined Our Next COVID Summer? https://www.theatlantic.com/health/archive/2022/04/covid-pandemic-free-summer/629568/
  • New Ontario modelling suggests COVID-19 hospitalizations are likely to surpass 3,000 in May https://toronto.ctvnews.ca/new-ontario-modelling-suggests-covid-19-hospitalizations-are-likely-to-surpass-3-000-in-may-1.5862429
  • 'Don't trust rapid tests': Expert advises Canadians to test more than once before making plans https://www.ctvnews.ca/health/coronavirus/don-t-trust-rapid-tests-expert-advises-canadians-to-test-more-than-once-before-making-plans-1.5864661
  • Do You Need a 4th COVID Vaccine Dose? An Epidemiologist Has The Evidence https://www.sciencealert.com/an-epidemiologist-explains-whether-you-ll-be-needing-a-second-booster-in-the-future
  • What to know about the ultra-infectious Omicron subvariants circulating the US as COVID rates rise, Broadway shows pause, and a mask mandate returns https://www.businessinsider.com/new-infectious-omicron-subvariants-ba2-xe-what-to-know-2022-4
  • Why Can't We Just Call BA.2 Omicron? https://www.theatlantic.com/science/archive/2022/04/covid-variant-naming-omicron-ba2/629558/

• Safety:

  • The sea is ruthless’: Locals reflect on rescue efforts, tragedy at Peggy’s Cove, N.S. https://globalnews.ca/news/8754959/locals-rescue-efforts-tragedy-peggys-cove/
  • Power restored to 188K homes after heavy snow, wind across Ontario: Hydro One https://globalnews.ca/news/8764513/hydro-one-power-outage-ontario-restored-2022/
  • This Bizarre Hole in The Water Is Not an Optical Illusion. It Actually Exists https://www.sciencealert.com/this-hole-doesn-t-actually-lead-to-the-depths-of-the-underworld
  • Economy:
  • There Are No Signs the Chip Shortage Is Easing, the U.S. Payments Forum Says https://www.digitaltransactions.net/there-are-no-signs-the-chip-shortage-is-easing-the-u-s-payments-forum-says/
  • Millions of people who left the US job market last year plan to stay away in an act of 'long social distancing,' fanning the flames of inflation, research shows https://www.businessinsider.com/jobs-millions-plan-stay-away-workforce-covid-19-virus-fears-2022-4
  • Deloitte scales back London office space in stark shift to remote working https://www.ft.com/content/9c393011-516a-4269-b829-e770515f78c9
  • A man bought an NFT for $2.9M, then listed it for $48M. The top bid was less than $280 https://globalnews.ca/news/8760673/nft-jack-dorsey-tweet-sina-estavi-48-million/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:

  • Russia's Moskva warship sinks after fire, marking major setback in Ukraine war https://globalnews.ca/news/8761662/ukraine-russia-moskva-warship-sinks/
  • Another Russian army general has been killed in action in Ukraine, governor says https://www.businessinsider.com/russia-confirms-another-general-in-ukraine-killed-in-action-donbas-2022-4
  • Over 900 civilian bodies found around Kyiv following withdrawal of Russian forces: police https://globalnews.ca/news/8763115/over-900-civilian-bodies-kyiv-police/
  • Ukrainian foreign minister says Mariupol 'doesn't exist anymore' as officials estimate 21,000 civilian losses https://www.businessinsider.com/ukraines-foreign-minister-says-russia-razed-mariupol-to-the-ground-2022-4
  • Ukraine round-up: Ukraine defies Mariupol deadline as Kharkiv shelled https://www.bbc.co.uk/news/world-europe-61135894
  • What counts as a chemical weapon and how to tell who's using one https://www.cbc.ca/news/world/ukraine-chemical-weapons-1.6420933
  • Russia accuses Ukraine of helicopter strike in cross-border attack https://globalnews.ca/news/8760372/russia-accuses-ukraine-helicopter-strike-cross-border-attack/

• Reaction and response:

  • Canadian soldiers headed to Poland to help Ukrainians: ‘This is what we trained for' https://globalnews.ca/news/8763316/canadian-soldiers-poland-help-ukrainians/
  • Ukraine: Online posts 'transform' war crimes documentation https://www.bbc.co.uk/news/uk-wales-61011855
  • If Russia's atrocities are genocide, world leaders have a duty to act. Will they? https://globalnews.ca/news/8761052/russia-genocide-in-ukraine-responsibility-to-protect/
  • Ukraine war: Germany's conundrum over its ties with Russia https://www.bbc.co.uk/news/world-europe-61118706
  • Russian Tech Industry Faces ‘Brain Drain' as Workers Flee https://www.nytimes.com/2022/04/13/technology/russia-tech-workers.html
  • Russia tries to scare Finland and Sweden away from NATO by threatening to deploy nukes in the Baltics, which it's already done https://www.businessinsider.com/lithuania-shrugs-off-russias-threat-to-deploy-nukes-to-the-baltics-2022-4
  • How is Ukrainian internet holding up during the Russian invasion?, (Wed, Apr 13th) https://isc.sans.edu/diary/rss/28546
  • GitHub suspends accounts of Russian devs at sanctioned companies https://www.bleepingcomputer.com/news/security/github-suspends-accounts-of-russian-devs-at-sanctioned-companies/
  • Huawei reportedly furloughs Russian staff and stops taking orders https://www.theregister.com/2022/04/13/huawei_may_quit_russia/
  • Barbeque held for Ukrainian refugees who have arrived in Kelowna https://globalnews.ca/news/8764883/barbeque-held-for-ukrainian-refugees-who-have-arrived-in-kelowna/

• Sanctions & economic Impact:

  • Russia's debt default will be one of the hardest in history to resolve and could see the US seize the central bank's assets, economist says https://www.businessinsider.com/russia-debt-default-us-could-seize-assets-resolution-ukraine-sanctions-2022-4
  • Putin says Europe has no energy alternatives to Russian gas, and weaning off will have severe consequences for the economy https://markets.businessinsider.com/news/commodities/putin-europe-alternative-oil-russian-gas-sanctions-ukraine-war-exports-2022-4
  • Ukraine war: Trucks stuck at Poland-Belarus border as EU sanctions deadline passes https://www.bbc.co.uk/news/world-europe-61133439
  • Ukraine's finance minister says the country's economy could shrink by half this year due to the war, a report says https://www.businessinsider.com/ukraines-economy-shrink-half-russia-invasion-finance-minister-2022-4
  • Ukraine's Zelenskyy, IMF managing director discuss ‘post-war reconstruction' https://globalnews.ca/news/8765913/ukraine-zelenskyy-international-monetary-fund-war/

• Premier Kenney continues push to replace Russian oil with Alberta crude https://globalnews.ca/news/8763369/premier-kenney-push-russian-oil-alberta-crude/

  • Information, Disinformation, and Propaganda:
  • Russia Is Leaking Data Like a Sieve https://www.wired.com/story/russia-ukraine-data
  • Ukraine war scams: Cybercriminals stole my identity https://www.bbc.co.uk/news/world-61100181

• Cyber-attacks and the potential for cyber-war:

  • Russian Cyberattack against Ukrainian Power Grid Prevented https://www.schneier.com/blog/archives/2022/04/russian-cyberattack-against-ukrainian-power-grid-prevented.html
  • Russian Hackers Tried Attacking Ukraine's Power Grid with Industroyer2 Malware https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html
  • Preparing for Armageddon: How Ukraine battles Russian hackers https://arstechnica.com/information-technology/2022/04/preparing-for-armageddon-how-ukraine-battles-russian-hackers/
  • The Week in Ransomware - April 15th 2022 - Encrypting Russia https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-15th-2022-encrypting-russia/
  • Third npm protestware: 'event-source-polyfill' calls Russia out https://www.bleepingcomputer.com/news/security/third-npm-protestware-event-source-polyfill-calls-russia-out/
  • What Concerns Cyber Pros Most About the Invasion of Ukraine https://blog.isc2.org/isc2_blog/2022/03/what-concerns-cyber-pros-most-about-the-invasion-of-ukraine.html

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:

  • Lost Women of Science Podcast, Season 2, Episode 3: The Experimental Rabbit https://www.scientificamerican.com/article/lost-women-of-science-podcast-season-2-episode-3-the-experimental-rabbit/
  • Battery recycling could help make electric vehicle production more sustainable https://www.cbc.ca/news/science/what-on-earth-ev-battery-recycling-1.6420048
  • Researchers Discover The Format Our Brains Use to Store Working Visual Memory https://www.sciencealert.com/researchers-discover-the-format-our-brains-use-to-store-working-visual-memory
  • Scientists Ran an Experiment to Identify the Personality Profile of an A-Hole https://www.sciencealert.com/scientists-ran-an-experiment-to-identify-the-personality-profile-of-a-holes

• Other:

  • Here's The Genetic Reason We Find Puppy Dogs So Gosh Dang Irresistible https://www.sciencealert.com/puppy-dogs-seem-so-darn-irresistible-to-us-and-it-s-our-own-fault
  • Operation Mincemeat: The Welsh drifter who helped end WW2 https://www.bbc.co.uk/news/uk-wales-61080456
  • The Surprising Fates of the 'Titanic's' Sister Ships https://www.mentalfloss.com/posts/titanic-sister-ships-olympic-britannic
  • Ants Can Literally Build Bridges Without Training, And You Can Watch Them in Action https://www.sciencealert.com/watch-industrious-ants-use-tools-and-cooperation-in-an-impressive-feat-of-civil-engineering
  • There's a Really Weird Effect When Honeybees Fly Over a Mirror https://www.sciencealert.com/honeybees-go-crashing-into-the-ground-if-they-fly-over-a-mirror
  • AI-generated easter eggs https://www.aiweirdness.com/ai-generated-easter-eggs/
  • A Fleet of Space Telescopes Flying in Formation Could Reveal Details on Exoplanets https://www.universetoday.com/155445/a-fleet-of-space-telescopes-flying-in-formation-could-reveal-details-on-exoplanets/
  • The Far Side of The Moon Is Significantly More Cratered. We May Finally Know Why https://www.sciencealert.com/the-mystery-of-the-moon-s-two-faced-nature-could-finally-be-solved
  • Uranus got its moons when a big rocky planet whacked it. Maybe. https://www.syfy.com/syfy-wire/bad-astronomy-uranus-moons-characteristics-explained
  • Hubble Confirms Megacomet Bound for Inner Solar System Is Largest Ever Seen https://www.scientificamerican.com/article/hubble-confirms-megacomet-bound-for-inner-solar-system-is-largest-ever-seen/
  • Ukrainian Astronomers Discover 'Exocomets' around Another Star https://www.scientificamerican.com/article/ukrainian-astronomers-discover-exocomets-around-another-star/