This Week’s [in]Security – Issue 140

Welcome to This Week’s [in]Security. This week: PCI Contactless Payments on COTS arrives, Magecart/skimming Smith & Wesson, Salesforce. Mega-breaches: TruDialog spills text messages, MixCloud. Others: HackerOne, BMW, Hyundai, Healthcare. Credential stealing Python. Breach fallout. Breaches climb after mandatory disclosure. Hiding breaches with NDAs. Facial recognition and biometrics. iOS & China. Federal Privacy Law. US bans on travelers up. Certbot helps Let's Encrypt. IoT defense. Hacked election machine? Cipher breaks - RSA and DLP 240 fall. (795 bits). Nation State attacks, espionage, targeting biometric data, bricking Android, ransomware. Arrests and charges. Scams. Security crystal ball. The Internet Of Bodies? Measles deaths and response. Fake CV leads to jail. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

News and announcements relating to Payment Security, Payments, PCI, and Card Brands.

• Securing Emerging Payment Channels https://blog.pcisecuritystandards.org/securing-emerging-payment-channels

• The PCI Contactless Payments on COTS (CPoC) Program has arrived https://blog.pcisecuritystandards.org/just-published-pci-contactless-payments-on-cots

  • Program Guide https://www.pcisecuritystandards.org/documents/CPoCProgramGuide_v1.0.pdf
  • Standard and Security Testing Requirements https://www.pcisecuritystandards.org/documents/ContactlessPaymentsonCOTS-SecurityandTestRequirements-v1.0.pdf
  • Technical (Mandatory) FAQs https://www.pcisecuritystandards.org/documents/ContactlessPaymentsonCOTS-TechnicalFAQs_v1.0.pdf
• Smith & Wesson Is Magecart's Latest Target https://www.darkreading.com/threat-intelligence/smith-and-wesson-is-magecarts-latest-target/d/d-id/1336505 (Probable motive: Americans bought more than 200,000 guns on Black Friday - National https://globalnews.ca/news/6244058/black-friday-gun-sales-2019/))
• Magecart Skimmers Found on Salesforce's Heroku Platform https://www.securityweek.com/magecart-skimmers-found-salesforces-heroku-platform
• Skimming Campaign Leveraged Heroku Cloud Platform https://www.bankinfosecurity.com/skimming-campaign-leveraged-heroku-cloud-platform-report-a-13472 and https://arstechnica.com/information-technology/2019/12/crooks-host-payment-card-skimming-malware-on-heroku-cloud-platform/
• Cybercrime Campaign Targeting Hospitality Sector Intensifies https://www.securityweek.com/cybercrime-campaign-targeting-hospitality-sector-intensifies
• Keeping Friction-Free From Being A Fraudster’s Best Friend https://www.pymnts.com/authentication/2019/keeping-friction-free-from-being-a-fraudsters-best-friend/
• BMO Harris becomes first bank to launch Mastercard True Name debit https://www.mobilepaymentstoday.com/news/bmo-harris-becomes-first-bank-to-launch-mastercard-true-name-debit/
• Fed Becomes Founding Sponsor Of Faster Payments Council https://www.pymnts.com/news/faster-payments/2019/fed-becomes-founding-sponsor-of-faster-payments-council/

Breaches / Leaks

Covering breaches, leaks, data exposures, and their fallout.

• SMS company TrueDialog exposes millions of text messages, credentials online https://nakedsecurity.sophos.com/2019/12/03/sms-company-exposes-millions-of-text-messages-credentials-online/ and https://www.bankinfosecurity.com/truedialog-unsecure-database-exposes-sms-data-report-a-13462
• Data from 21M Mixcloud Users Compromised in Breach https://www.darkreading.com/threat-intelligence/data-from-21m-mixcloud-users-compromised-in-breach/d/d-id/1336491
• HackerOne breach lets outside hacker read customers’ private bug reports https://arstechnica.com/information-technology/2019/12/hackerone-breach-lets-outside-hacker-read-customers-private-bug-reports/ and https://www.securityweek.com/hacker-accessed-private-reports-hackerone
• HackerOne pays $20,000 bug bounty after 'sloppy' breach https://www.bbc.co.uk/news/technology-50670433
• Hackers scraped personal data from thousands of women shopping on plus-size clothing sites, and it points to a new trend that a cybersecurity expert calls 'uniquely terrible' https://www.businessinsider.com/hackers-targeting-plus-size-women-ads-scams-2019-12
• BMW and Hyundai hacked by Vietnamese hackers https://www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/
• Healthcare Sector Breach Reports Rise After Mandatory Reporting Implementation https://www.datex.ca/blog/healthcare-sector-breach-reports-rise-after-mandatory-reporting-implementation
• Microsoft Analyzes Known Breached Accounts and Finds Password Security Problem Affecting 44 Million Users https://www.forbes.com/sites/daveywinder/2019/12/06/microsoft-finds-password-security-problem-affecting-44-million-users/
• Nebraska Medicine Breached By Rogue Employee https://threatpost.com/nebraska-medicine-breached-rogue-employee/150823/
• Two malicious Python libraries caught stealing SSH and GPG keys https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
• Desjardins CEO announces departure of two senior execs after data breach https://www.ctvnews.ca/business/desjardins-ceo-announces-departure-of-two-senior-execs-after-data-breach-1.4713606
• A Tale of Two Breach Lawsuits https://www.bankinfosecurity.com/lawsuits-a-13466
• The Hidden Cost of a Third-Party Data Breach https://www.bankinfosecurity.com/blogs/enzoic-blog-5-6-x2-p-2805

Privacy

Articles about privacy related news, risks, and trends.

• Senator Marley Blasts DHS Plan for Facial Recognition at Airports https://epic.org/2019/12/senator-marley-blasts-dhs-plan.html
• 50 countries ranked by how they’re collecting biometric data and what they’re doing with it https://www.comparitech.com/blog/vpn-privacy/biometric-data-study/
• This iOS Security App Shares User Data With China: 8 Million Americans Impacted https://www.forbes.com/sites/zakdoffman/2019/12/03/top-ios-security-app-shares-user-data-with-china-8-million-americans-impacted/
• A security expert found that Apple's latest iPhone can still track your location data, even if you toggle it off for every app https://www.businessinsider.com/apple-iphone-11-pro-collects-location-data-krebs-report-2019-12
• EFF Report Exposes, Explains Big Tech’s Personal Data Trackers Lurking on Social Media, Websites, and Apps https://www.eff.org/press/releases/eff-report-exposes-explains-big-techs-personal-data-trackers-lurk-social-media
• FTC announces Privacy Shield enforcement action but no penalties https://epic.org/2019/12/ftc-announces-privacy-shield-n.html
• Google Data Practices Under EU Antitrust Scrutiny https://www.pymnts.com/google/2019/google-data-practices-under-eu-antitrust-scrutiny/
• EU to Check How Facebook, Google Use Data: Spokeswoman https://www.securityweek.com/eu-check-how-facebook-google-use-data-spokeswoman
• EU to Relaunch Push to Regulate WhatsApp, Skype on Privacy https://www.securityweek.com/eu-relaunch-push-regulate-whatsapp-skype-privacy
• Reporter documented every surveillance camera on his way to work in New York City, and it revealed a dystopian reality https://www.businessinsider.com/how-many-security-cameras-in-new-york-city-2019-12

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• Criticism Prompts DHS To Abort Facial Recognition Of US citizens https://www.pymnts.com/news/biometrics/2019/criticism-prompts-dhs-to-abort-facial-recognition-of-us-citizens/
• GOP Federal Privacy Bill Would Supersede CCPA https://www.bankinfosecurity.com/gop-federal-privacy-bill-would-supersede-ccpa-a-13468
• Cybersecurity insiders say big companies use NDAs to hide data breaches, potentially avoiding millions of dollars in fines https://www.businessinsider.com/cybersecurity-insiders-reveal-nda-hide-data-breach-2019
• Senators Demand Answers on Algorithmic Bias in Healthcare https://epic.org/2019/12/senators-demand-answers-on-alg.html
• Huawei is suing the FCC, which is trying to block it from providing equipment to rural America https://www.businessinsider.com/huawei-mounts-legal-challenge-against-the-fcc-2019-12
• SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit https://www.darkreading.com/risk/soc-2s-and-third-party-assessments-how-to-prevent-them-from-being-used-in-a-data-breach-lawsuit/a/d-id/1336496
• PSD2: The Compliance and Enforcement Update https://www.bankinfosecurity.com/interviews/psd2-compliance-enforcement-update-i-4526
• U.S. doubles number of 5-year bans on travellers from Canada https://www.msn.com/en-ca/news/canada/us-doubles-number-of-5-year-bans-on-travellers-from-canada/ar-BBXJx85
• Quebec’s unique winter tire law has begun, but does the rule make roads safer? https://globalnews.ca/news/6240928/quebecs-unique-winter-tire-law/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• EFF Releases Certbot 1.0 to Help More Websites Encrypt Their Traffic https://www.eff.org/press/releases/eff-releases-certbot-10-help-more-websites-encrypt-their-traffic
• Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready? https://www.darkreading.com/theedge/mega-breaches-are-forcing-us-to-a-passwordless-world-are-we-finally-ready/b/d-id/1336538
• Android Ups the Mobile Security Ante with Default TLS Encryption https://threatpost.com/android-mobile-security-tls-encryption/150760/
• Google’s New Chrome Move: Another Reason To Switch To Firefox? https://www.forbes.com/sites/kateoflahertyuk/2019/12/06/googles-new-chrome-move-another-reason-to-turn-to-firefox/
• FBI recommends that you keep your IoT devices on a separate network https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/
• Surviving a Breach: 8 Incident Response Essentials https://www.bankinfosecurity.com/surviving-breach-8-incident-response-essentials-a-13460 and a response playbook https://www.bankinfosecurity.com/to-survive-data-breach-create-response-playbook-a-13459
• Cloud(y) with a Chance of a Data Breach https://www.securityweek.com/cloudy-chance-data-breach
• Microsoft: We're creating a new Rust-based programming language for secure coding https://www.zdnet.com/article/microsoft-were-creating-a-new-rust-based-programming-language-for-secure-coding/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Vulnerability in fully patched Android phones under active attack by bank thieves https://arstechnica.com/information-technology/2019/12/vulnerability-in-fully-patched-android-phones-under-active-attack-by-bank-thieves/
• ESP32 IoT Devices Vulnerable to attack that implants malware in the firmware https://www.infoq.com/news/2019/12/esp32-fatal-fury/
• Election Machine Insecurity Story https://www.schneier.com/blog/archives/2019/12/electionmachin2.html
• Your new smart TV may be spying on you, FBI warns https://www.cnn.com/2019/12/02/politics/smart-tv-fbi-warning-cyber-monday/index.html
• FBI tells people to put black tape over smart TV cameras to protect against hackers https://www.independent.co.uk/life-style/gadgets-and-tech/smart-tv-hack-fbi-cyber-stalk-camera-microphone-internet-a9230176.html
• Microsoft OAuth Flaw Opens Azure Accounts to Takeover https://threatpost.com/microsoft-oauth-flaw-azure-takeover/150737/
• Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter https://www.theregister.co.uk/2019/12/05/atlassianzeroday_bug/
• Fortinet took 18 months to strip software of flawed crypto cipher and keys https://portswigger.net/daily-swig/fortinet-took-18-months-to-strip-software-of-flawed-crypto-cipher-and-keys
• Attackers Can Circumvent Outlook Homepage Flaw https://www.darkreading.com/vulnerabilities---threats/attackers-can-circumvent-outlook-homepage-flaw/d/d-id/1336513
• Vulnerability Allows Hackers to Take Control of ABB Substation Protection Devices https://www.securityweek.com/vulnerability-allows-hackers-take-control-abb-substation-protection-devices
• Siemens Offers Workarounds for Newly Found PLC Vulnerability https://www.darkreading.com/vulnerabilities---threats/siemens-offers-workarounds-for-newly-found-plc-vulnerability/d/d-id/1336503
• GPS Is Easy to Hack, and the U.S. Has No Backup https://www.scientificamerican.com/article/gps-is-easy-to-hack-and-the-u-s-has-no-backup/
• VPN Connection Hijacking Vulnerability Affects Linux, Unix Systems https://www.securityweek.com/vpn-connection-hijacking-vulnerability-affects-linux-unix-systems
• OpenBSD Multiple Authentication Vulnerabilities https://blog.qualys.com/laws-of-vulnerabilities/2019/12/04/openbsd-multiple-authentication-vulnerabilities
• A Look at the Vulnerability-to-Exploit Supply Chain https://www.tenable.com/blog/a-look-at-the-vulnerability-to-exploit-supply-chain
• Can Amazon drones or Mars rovers be hacked? Very easily, UBC research suggests https://globalnews.ca/news/6235460/ubc-drone-hacking-research/
• RSA-240 and DLP-240 (795bits) Factored https://www.schneier.com/blog/archives/2019/12/rsa-240_factore.html and https://arstechnica.com/information-technology/2019/12/new-crypto-cracking-record-reached-with-less-help-than-usual-from-moores-law/
• Apple Explains Mysterious iPhone 11 Location Requests https://krebsonsecurity.com/2019/12/apple-explains-mysterious-iphone-11-location-requests/ and the original article https://krebsonsecurity.com/2019/12/the-iphone-11-pros-location-data-puzzler/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• 1 in 9 SMBs Believe Nation-State Actors Are Targeting Them |https://threatpost.com/smbs-nation-state-actors-apts-targeting/150836/
• Shopping Bots Ramp Up Cybercrime During Holidays https://www.pymnts.com/news/security-and-risk/2019/shopping-bots-ramp-up-cybercrime-during-holidays/
• Russian-Owned Company Attempted Ohio Election Hack https://www.securityweek.com/official-russian-owned-company-attempted-ohio-election-hack
• Clever Microsoft Phishing Scam Creates a Local Login Form to Avoid Tipping Hand to Victims https://www.bleepingcomputer.com/news/security/clever-microsoft-phishing-scam-creates-a-local-login-form/
• A Third of Biometric Systems Targeted by Malware in Q3 https://threatpost.com/threatlist-a-third-of-biometric-systems-targeted-by-malware-in-q3/150778/
• 61% of malicious ads target Windows users https://www.zdnet.com/article/61-of-malicious-ads-target-windows-users/
• Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/
• New Malware Campaign Uses Trojanized 'Tetris' Game https://www.bankinfosecurity.com/new-malware-campaign-uses-trojanized-tetris-game-report-a-13465
• State of the Internet: Web Attacks and Gaming Abuse https://www.darkreading.com/edge/theedge/new-state-of-the-internet-web-attacks-and-gaming-abuse/b/d-id/1336486
• FBI Warns Russian Apps Are Subject To ‘Cyber Exploitation’ https://www.pymnts.com/news/security-and-risk/2019/fbi-warns-russian-apps-are-subject-to-cyber-exploitation/
• Iran Has Launched ‘Malicious’ New Malware That Wipes Windows Computers https://www.forbes.com/sites/zakdoffman/2019/12/04/iranian-hackers-launch-malicious-new-wiper-malware-ibm-warns-of-destructive-attacks/
• Dutch NCSC Warns Hundreds Of Companies Suffered Ransomware Attack https://latesthackingnews.com/2019/12/02/dutch-ncsc-warns-of-hundreds-of-companies-affected-by-ransomware-attack/
• Ransomware attack hits major US data center provider CyrusOne https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/
• Service provider ransomware impacts 100 dental offices https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/
• ‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup https://threatpost.com/ultimate-mitm-attack-steals-1m-from-israeli-startup/150840/
• Criminals have reportedly figured out how to reactivate peoples' canceled Netflix accounts and start charging them again for monthly subscriptions https://www.businessinsider.com/netflix-hackers-reactivating-canceled-accounts-2019-11
• IM RAT spy tool seller raided, busted, kicked offline https://nakedsecurity.sophos.com/2019/12/03/im-rat-spy-tool-seller-raided-busted-kicked-offline/
• Europol wipes out 30,000+ piracy sites, three suspects cuffed to walk the legal plank https://www.theregister.co.uk/2019/12/02/europol30000piracy_sites/
• Feds Crack Down on Money Mules, Warn of BEC Scams https://threatpost.com/feds-crack-down-on-money-mules-warn-of-bec-scams/150900/
• RCMP connect Burnaby, B.C. man to widespread CRA phone scam after months-long probe https://globalnews.ca/news/6255906/cra-phone-scam-bc-suspect/
• Evil Corp: US charges Russians over hacking attacks https://www.bbc.co.uk/news/world-us-canada-50677512
• The US sanctioned a Russian hacking group called Evil Corp. for stealing more than $100 million from banks https://www.businessinsider.com/treasury-sanctions-russian-evil-corp-hacking-fraud-2019-12
• FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware https://thehackernews.com/2019/12/dridex-russian-hackers-wanted-by-fbi.html
• Cornwall, Ont., woman loses life savings to terrifying 'SIN scam' https://www.cbc.ca/news/canada/ottawa/sin-scam-fraud-1.5378917
• Toronto Hydro warns of scams and fraud https://www.torontohydro.com/scams-and-fraud

Other Security / Risk

Articles covering other types of risks.

• The 2020 Crystal Ball: The 2020 Security Industry (parts 1 to 4) https://www.forbes.com/sites/samcurry/2019/12/02/2020-cyber-crystal-ball-extending-from-2019-part-1-of-4/, https://www.forbes.com/sites/samcurry/2019/12/03/the-2020-crystal-ball-the-adversary-part-2-of-4/, https://www.forbes.com/sites/samcurry/2019/12/04/the-2020-crystal-ball-the-2020-security-industry-part-3-of-4/, and https://www.forbes.com/sites/samcurry/2019/12/05/the-2020-crystal-ball-the-hope-for-2020-part-4-of-4/
• NSO Group / Q Cyber Technologies https://citizenlab.ca/2019/10/nso-q-cyber-technologies-100-new-abuse-cases/
• Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/
• Has Huawei’s Darkest Secret Just Been Exposed By This New Surveillance Report? https://www.forbes.com/sites/zakdoffman/2019/11/29/has-huaweis-darkest-secret-just-been-exposed-by-this-new-report/
• EFF Warns Of One-Way Mirror In The World Of Corporate Online Spying https://www.zdnet.com/article/eff-warns-of-one-way-mirror-in-the-world-of-corporate-online-spying/
• The FBI Investigated Viral Ageing App FaceApp. Here’s What It Found https://www.forbes.com/sites/kateoflahertyuk/2019/12/03/fbi-faceapp-investigation-confirms-threat-from-apps-developed-in-russia/
• What Is The Internet Of Bodies? And How Is It Changing Our World? https://www.forbes.com/sites/bernardmarr/2019/12/06/what-is-the-internet-of-bodies-and-how-is-it-changing-our-world/
• Facebook apps account for nearly half of all online child sex abuse https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-sex-child-abuse-encryption-nspcc-mark-zuckerberg-a9233761.html
• Ex-Facebook worker claims disturbing content led to PTSD https://www.theguardian.com/technology/2019/dec/04/ex-facebook-worker-claims-disturbing-content-led-to-ptsd
• Cloudflare’s Response to CSAM (child sexual abuse material) Online https://blog.cloudflare.com/cloudflares-response-to-csam-online/
• Staggering': Measles deaths surge to 142,000 https://www.bbc.co.uk/news/health-50659893
• Anti-vaxxer' charged as Samoan government battles deadly measles outbreak https://www.cnn.com/2019/12/06/health/samoa-measles-outbreak-anti-vaxx-vaccines-intl-scli/index.html
• Almost 90% of people in Samoa now vaccinated against measles in wake of deadly outbreak https://globalnews.ca/news/6267095/samoa-measles-vaccinated/
• Introducing peanuts and eggs early can prevent food allergies in high risk infants https://scienmag.com/introducing-peanuts-and-eggs-early-can-prevent-food-allergies-in-high-risk-infants/
• ‘All it takes is to cut the wrong wire’: Copper wire thefts pose fatal risk https://globalnews.ca/news/6263974/all-it-takes-is-to-cut-the-wrong-wire-copper-wire-thefts-pose-fatal-risk/
• Bone Marrow Transplants: When a DNA Test Says You’re a Younger Man, Who Lives 5,000 Miles Away https://www.nytimes.com/2019/12/07/us/dna-bone-marrow-transplant-crime-lab.html
• Tinder says 'there are definitely registered sex offenders on our free products' https://www.businessinsider.com/tinder-says-registered-sex-offenders-use-app-match-group-2019-12
• US Life Expectancy Drops For Third Straight Year in Alarming Reality Check https://www.sciencealert.com/life-expectancy-in-the-us-just-declined-for-the-third-year-straight
• Half of homeless people have experienced traumatic brain injury https://globalnews.ca/news/6245863/homeless-traumatic-brain-injury/
• 2 of the men who took down the London Bridge terrorist were convicted felons, including a murderer in the final stages of his sentence https://www.businessinsider.com/london-bridge-terrorist-usman-khan-thwarted-by-ex-felons-2019-12
• This is the list of the top 10 stolen vehicles in Canada https://globalnews.ca/news/6244718/top-stolen-vehicles-canada-2019-ibc/
• A small town can’t afford cops at night. So it’s turning to cameras watched by citizen patrols. https://www.washingtonpost.com/nation/2019/12/03/cave-junction-oregon-citizen-patrols-cameras-police/
• More than 1 in 10 packages 'disappear without explanation' in major US cities, and it's a huge headache for retailers https://www.businessinsider.com/packages-stolen-in-cities-report-2019-12
• Greenhouse gases accelerated to new peak in 2018, UN says https://www.cbc.ca/news/technology/greenhouse-gases-1.5371968
• Why Apocalyptic Claims About Climate Change Are Wrong https://www.forbes.com/sites/michaelshellenberger/2019/11/25/why-everything-they-say-about-climate-change-is-wrong/
• Deployment Isn’t the Final Step – Monitoring Machine Learning Models in Production https://www.imperva.com/blog/deployment-isnt-the-final-step-monitoring-machine-learning-models-in-production/
• Can We Force AIs to Be Fair Towards People? Scientists Just Invented a Way https://www.sciencealert.com/how-can-we-trust-intelligent-machines-to-be-fair-scientists-just-invented-a-way
• Is AI A Job Killer Or Job Creator? https://www.forbes.com/sites/cognitiveworld/2019/11/24/is-ai-a-job-killer-or-job-creator/
• AI Is Not Similar To Human Intelligence. Thinking So Could Be Dangerous https://www.forbes.com/sites/fernandezelizabeth/2019/11/30/ai-is-not-similar-to-human-intelligence-thinking-so-could-be-dangerous/
• A renowned market bear says stock valuations remind him the Great Depression and tech bubble — and warns of an ominous 'Hindenburg' tipping point https://www.businessinsider.com/next-stock-market-crash-hussman-cites-great-depression-tech-bubble-2019-11 and https://www.forbes.com/sites/johnmauldin/2019/12/03/we-are-on-the-brink-of-the-second-great-depression/
• Half Of Apple’s Business Is at Risk https://www.forbes.com/sites/stephenmcbride1/2019/12/02/half-of-apples-business-is-at-risk/
• Via Rail goes cashless for onboard service, leaving some consumers in the lurch https://globalnews.ca/news/6248373/via-rail-cashless-service/
• Australian woman jailed after lying on resume https://www.cnn.com/2019/12/04/australia/australia-woman-jailed-fake-resume-intl-hnk-scli/index.html
• Flight forced to turn around after woman fakes illness for better seat https://globalnews.ca/news/6242908/florida-woman-fake-illness-bigger-seat/
• US cryptocurrency expert arrested after appearance at North Korea conference https://www.independent.co.uk/life-style/gadgets-and-tech/news/cryptocurrency-north-korea-bitcoin-ethereum-sanctions-conference-a9229151.html
• How the U.S. hydrogen bomb secrets disappeared https://phys.org/news/2019-12-hydrogen-secrets.html
• Nova Scotia marks anniversary of catastrophic Halifax Explosion 102 years ago https://globalnews.ca/news/6262645/nova-scotia-102nd-anniversary-halifax-explosion/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• World first as artificial neurons developed to cure chronic diseases https://scienmag.com/world-first-as-artificial-neurons-developed-to-cure-chronic-diseases/
• These Marine snipers disappeared right in front of us, vanishing into a field as top sharpshooters hunted for them https://www.businessinsider.com/these-marine-corps-snipers-disappeared-right-in-front-of-us-2019-11
• Porch pirate victims strike back with dirty diaper ‘surprise’ packages https://globalnews.ca/news/6258218/porch-pirate-diaper-trap/
• Forget Elephants. Giant Tortoises Can Learn New Tricks And Remember Them For Years https://www.sciencealert.com/giant-tortoises-can-be-taught-new-tricks-and-remember-them-for-years
• Fireball Spotted Over Australian Desert May Have Been Super-Rare 'Minimoon' https://www.sciencealert.com/a-fireball-spotted-over-the-australian-desert-could-have-been-a-rare-and-elusive-minimoon
• NASA Finally Discovers The Shattered Remnants of India's Lost Moon Lander https://www.sciencealert.com/nasa-finds-shattered-remnants-of-india-s-lost-moon-rover
• Hoag's Object, the Turducken of celestial objects, is a Galaxy Within a Galaxy Within a Galaxy (and Nobody Knows Why) https://www.livescience.com/hoags-object-perfect-ring-mystery.html