This Week’s [in]Security – Issue 153 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Trending: Corona virus updates - individual guidance, spread, responses, security. PCI and COVID19. PCI SPOC update RFC. New breach guidance. Breach news on planes, trains, electric automobiles, spacecraft, phones, schools, and cruise lines. 200M property records. 25GB security data. PEI hit by breach-ware. Failure to test leads to breach. Geofence suspect. Facial recognition. Student privacy. Ex-marketer privacy advocate. Copyright vs GDPR. Cyber-law casebook. NIST updates. Software ingredients lists. CPU Vulnerabilities. Password reuse and credential stuffing. Failure to patch. The big Let's Encrypt revoke. Quantum enhanced weakness. SIM swapping threat. 1.2M Microsoft enterprise non-MFA accounts compromised. Homographs: tricky lookalike Domain Names. New ransomware. Election security. Crypto AG update. Mumps. Security dilemmas. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

New - Emerging Issues and Trending Stories

This special section is dedicated to emerging issues and trending stories that cross multiple of our regular news categories.

• Corona virus updates - spread, guidance, response:

  • Individual response to COVID-19 ‘as important’ as government action https://scienmag.com/individual-response-to-covid-19-as-important-as-government-action/
  • The Coronavirus Is No 1918 Pandemic https://www.theatlantic.com/ideas/archive/2020/03/were-not-facing-second-spanish-flu/607354/
  • Consumer Reports on Coronavirus FAQ | COVID-19 https://www.consumerreports.org/coronavirus/coronavirus-faq-what-you-need-to-know-covid-19/
  • A pandemic simulation from 2018 shows how washing your hands more often could slow down an outbreak https://www.businessinsider.com/bbc-pandemic-data-shows-how-washing-hands-slows-virus-spread-2020-3
  • Stanford group wants to use your computer to help researchers study the coronavirus https://www.theverge.com/2020/3/2/21161131/folding-home-volunteers-researchers-coronavirus
  • A list of security conferences canceled or postponed due to coronavirus concerns https://www.zdnet.com/article/a-list-of-security-conferences-canceled-or-postponed-due-to-coronavirus-concerns/
  • COVID-19 kills member of council advising supreme leader of Iran https://globalnews.ca/news/6617451/coronavirus-iran-council-member/
  • Coronavirus in Canada: Here’s a timeline of cases across provinces https://globalnews.ca/news/6617581/coronavirus-cases-canada-timeline/
  • WHO Says The Coronavirus Global Death Rate Is 3.4% https://www.sciencealert.com/covid-19-s-death-rate-is-higher-than-thought-but-it-should-drop
  • The Official Coronavirus Numbers Are Wrong, and Everyone Knows It https://www.theatlantic.com/technology/archive/2020/03/how-many-americans-really-have-coronavirus/607348/
  • 235 Canadians among 3,500 passengers on cruise ship quarantined over coronavirus fears https://www.cbc.ca/news/politics/grand-princess-canadians-virus-1.5487485
  • TTC airport express route experiencing ‘major delays’ due to disinfection https://globalnews.ca/news/6645721/ttc-airport-route-disinfection/
  • These robots are fighting the coronavirus in China by disinfecting hospitals, taking temperatures, and preparing meals https://www.businessinsider.com/see-chinese-robots-fighting-the-coronavirus-in-photos-2020-3
  • Some Canadian insurance companies stop coverage for coronavirus-related trip cancellations https://globalnews.ca/news/6638051/canadian-insurance-corona-virus-cancellation-coverage/
  • Why a coronavirus-driven recession would be a unique beast — and why the normal playbook might not work https://markets.businessinsider.com/news/stocks/coronavirus-recession-economy-would-pose-unique-threats-federal-reserve-response-2020-3-1028956481
  • An American who was quarantined to check for signs of coronavirus says he's facing more than $2,600 in bills from his government-mandated hospital stay https://www.businessinsider.com/frank-wucinski-says-hospital-billed-him-for-coronavirus-quarantine-2020-3
  • Airlines are burning thousands of gallons of jet fuel flying empty 'ghost' planes so they can keep their flight slots https://www.businessinsider.com/coronavirus-airlines-run-empty-ghost-flights-planes-passengers-outbreak-covid-2020-3
  • Travelers are paying thousands of dollars to evacuate from coronavirus-affected areas on private jets - thanks to aviation loopholes https://www.businessinsider.com/private-jet-travel-surge-evacuate-coronavirus-outbreak-covid19-travel-aviation-2020
  • Short sellers reaped $51 billion in 7 days as markets tanked on coronavirus panic https://markets.businessinsider.com/news/stocks/stock-market-short-sellers-gained-one-week-fall-coronavirus-panic-2020-3-1028968941
  • B.C. traveller faked coronavirus in attempt to change flight booking https://globalnews.ca/news/6621450/bc-traveller-faked-covid-19-airline/
  • The Coronavirus Is Exposing the Limits of Populism https://www.theatlantic.com/ideas/archive/2020/03/geopolitics-coronavirus/607414/
  • Security of Health Information and COVID-19 https://www.schneier.com/blog/archives/2020/03/security_of_hea.html

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI SSC Statement on COVID-19 (1 event cancelled so far) https://blog.pcisecuritystandards.org/pci-ssc-statement-on-covid-19
• Request for Comments: pci Software-based PIN Entry on COTS Standard v1.1 https://blog.pcisecuritystandards.org/request-for-comments-software-based-pin-entry-on-cots-standard-v1-1
• Responding to a Cardholder Data Breach https://www.pcisecuritystandards.org/documents/Responding_to_a_Cardholder_Data_Breach.pdf
• Keeping Merchants PCI-Compliant Is Becoming Tougher https://www.digitaltransactions.net/keeping-merchants-pci-compliant-is-becoming-tougher-survey-finds/
• Mobile Payment Fraud on the Rise https://www.securityweek.com/mobile-payment-fraud-rise

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Cathay Pacific Airlines Fined Over Data Breach https://www.bankinfosecurity.com/cathay-pacific-airlines-fined-over-data-breach-a-13879
• British Rail Station Wi-Fi Provider Exposed Traveler Data https://www.bbc.com/news/technology-51682280
• Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach https://techcrunch.com/2020/03/01/visser-breach/
• Telus-Owned Koodo Mobile Announces Data Breach, Stolen Info for Sale https://www.bleepingcomputer.com/news/security/telus-owned-koodo-mobile-announces-data-breach-stolen-info-for-sale/
• Like a Virgin, hacked for the very first time... UK broadband ISP spills 900,000 punters' records into wrong hands from insecure database https://www.theregister.co.uk/2020/03/05/virgin_media_subscriber_data_leak/
• Porn, gore, and gambling habits aired in Virgin Media breach https://arstechnica.com/information-technology/2020/03/virgin-media-breach-outs-some-customers-porn-gore-and-gambling-habits/
• Simon Fraser University reviewing security measures after data breach exposes personal information (Names, birthdays, email addresses) https://www.databreaches.net/ca-sfu-reviewing-security-measures-after-data-breach-exposes-personal-information/ and https://globalnews.ca/news/6620351/sfu-data-breach/ and https://bc.ctvnews.ca/personal-information-of-students-faculty-at-b-c-university-exposed-in-recent-data-breach-1.4835336
• Data Breach Affects Princess Cruises, Holland America Line Guests https://www.databreaches.net/data-breach-affects-princess-cruises-holland-america-line-guests/
• US property and demographic database of 200 million records leaked on the web https://www.databreaches.net/us-property-and-demographic-database-of-200-million-records-leaked-on-the-web/
• Brazilian security firm leaks more than 25 GB of client and staff data https://www.zdnet.com/article/brazilian-security-firm-exposes-more-than-25-gb-of-client-and-staff-data/
• AnimeGame - 1,431,378 breached accounts https://haveibeenpwned.com/PwnedWebsites#AnimeGame
• 266,000 Passwords Stolen in Trident Crypto Fund Data Breach https://www.databreaches.net/266000-passwords-stolen-in-trident-crypto-fund-data-breach/
• Walgreens Mobile App Exposed Health-Related Messages https://www.bankinfosecurity.com/walgreens-mobile-app-exposed-health-related-messages-a-13813
• MO: Detectives investigate data breach at Jefferson County School District https://www.databreaches.net/mo-detectives-investigate-data-breach-at-jefferson-county-school-district/
• Data Leak Compels Samsung To Activate Two-Factor Authentication https://www.pymnts.com/authentication/2020/data-leak-compels-samsung-to-activate-two-factor-authentication/
• Loyalty Cards Targeted in Tesco Clubcard Attack https://threatpost.com/tesco-clubcard-account-takeovers/153430/
• Hackers Compromise T-Mobile Employee' Email Accounts and Steal User' Data https://thehackernews.com/2020/03/hackers-compromise-t-mobile-employees.html
• Data breach follows P.E.I. ransomware attack https://www.thetelegram.com/news/canada/data-breach-follows-pei-ransomware-attack-418350/
• NZ: Tuia 250 privacy breach: Tech boss signed off on government website with no testing https://www.databreaches.net/nz-tuia-250-privacy-breach-tech-boss-signed-off-on-government-website-with-no-testing/
• NZ: Cyberattackers hack Wellington school’s computer system https://www.databreaches.net/nz-cyberattackers-hack-wellington-schools-computer-system/
• UK: Boots Advantage Card hit by cyber attack https://www.databreaches.net/uk-boots-advantage-card-hit-by-cyber-attack/
• Casinos in Las Vegas Hit by Suspected Ransomware Attack https://www.databreaches.net/casinos-in-las-vegas-hit-by-suspected-ransomware-attack/
• Legal services giant Epiq Global offline after ransomware attack https://www.databreaches.net/legal-services-giant-epiq-global-offline-after-ransomware-attack/

Privacy

Articles about privacy related news, risks, and trends.

• Google location data turned a random biker into a burglary suspect https://www.theverge.com/2020/3/7/21169533/florida-google-runkeeper-geofence-police-privacy
• Clearview AI: When can companies use facial recognition data? https://globalnews.ca/news/6621410/clearview-ai-canada-privacy-data/
• Hundreds of New Yorkers Demand a Ban on NYPD Face Surveillance https://www.eff.org/deeplinks/2020/03/hundreds-new-yorkers-demand-ban-nypd-face-surveillance
• Schools Are Spying on Students – But Students Can Fight Back https://www.eff.org/press/releases/schools-are-spying-students-students-can-fight-back
• Warning: An Android Security App by China’s Cheetah Mobile With 1 Billion Downloads Is Recording Users’ Web Browsing https://www.forbes.com/sites/thomasbrewster/2020/03/03/warning-an-android-security-app-with-1-billion-downloads-is-recording-users-web-browsing/
• An ex-Red Bull marketer appalled by the shadowy world of data brokers is now campaigning for lawmakers to intervene https://www.businessinsider.com/red-bull-chief-privacy-uk-to-clamp-down-on-data-brokers
• Facebook sued by Australian information watchdog over Cambridge Analytica-linked data breach https://www.theguardian.com/technology/2020/mar/09/facebook-cambridge-analytica-sued-australian-information-watchdog-300000-privacy-breaches

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• The EARN IT Bill: A New Path for DOJ to Finally Break Encryption https://www.eff.org/deeplinks/2020/03/earn-it-bill-new-path-doj-finally-break-encryption
• Copyright Filters Are On a Collision Course With EU Data Privacy Rules https://www.eff.org/deeplinks/2020/02/upload-filters-are-odds-gdpr
• UK Moves Closer To Big Four Accountancy Breakup https://www.pymnts.com/news/b2b-payments/2020/united-kingdom-moves-closer-big-four-accountancy-breakup/
• NYC Sues Airbnb Listing Co In Bid To Stop Short-Term Rentals https://www.pymnts.com/legal/2020/nyc-sues-airbnb-listing-company-stop-short-term-rentals/
• Facebook is suing a domain registrar for selling deceptive web addresses https://www.theverge.com/2020/3/5/21166485/facebook-lawsuit-namecheap-faked-domain-names-phishing
• Judge Slaps Down USCIS In Significant H-1B Visa Court Case https://www.forbes.com/sites/stuartanderson/2020/03/09/judge-slaps-down-uscis-in-significant-h-1b-visa-court-case/
• EPIC to Supreme Court: Robocall Ban is Constitutional https://epic.org/2020/03/epic-to-supreme-court-robocall.html
• Cybersecurity Law Casebook https://www.schneier.com/blog/archives/2020/03/cybersecurity_l.html
• NIST draft Cybersecurity Framework (CSF) Manufacturing Profile upodate for version 1.1 is available for public comment until May 4th https://csrc.nist.gov/publications/detail/nistir/8183/rev-1/draft
• NIST Draft (SP) 800-133 Revision 2, Recommendation for Cryptographic Key Generation is available for public comment until April 17 https://csrc.nist.gov/News/2020/nist-releases-draft-sp-800-133-rev-2-for-comment

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• FBI Working to 'Burn Down' Cyber Criminals' Infrastructure https://www.securityweek.com/fbi-working-burn-down-cyber-criminals-infrastructure
• Why Doesn't Software Get Sold With a List of Ingredients? https://www.bankinfosecurity.com/doesnt-software-get-sold-list-ingredients-a-13869
• Enhancing Pwned Passwords Privacy with Padding https://www.troyhunt.com/enhancing-pwned-passwords-privacy-with-padding/ and https://blog.cloudflare.com/pwned-passwords-padding-ft-lava-lamps-and-workers/
• A cross-browser code library for security/privacy extensions. Interested? https://hackademix.net/2020/03/07/a-cross-browser-code-library-for-securityprivacy-extensions-interested/
• Download the Little Book of Big Scams https://www.rbc.com/cyber-security/how-to-protect-your-business/index.html

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Longstanding Intel and AMD firmware vulnerabilities:

  • AMD processors from 2011 to 2019 vulnerable to two new attacks https://www.zdnet.com/article/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks/
  • Intel CPU Security Alert For Millions Of Users As ‘Unfixable’ Crypto Flaw Revealed https://www.forbes.com/sites/daveywinder/2020/03/05/intel-cpu-security-alert-for-millions-of-users-as-unfixable-crypto-flaw-revealed/ and https://arstechnica.com/information-technology/2020/03/5-years-of-intel-cpus-and-chipsets-have-a-concerning-flaw-thats-unfixable/
• The (Growing) Problem of Password Reuse https://www.bankinfosecurity.com/growing-problem-password-reuse-a-13808
• EternalBlue Longevity Underscores Patching Problem https://www.darkreading.com/vulnerabilities---threats/eternalblue-longevity-underscores-patching-problem/d/d-id/1337233
• Nearly 1 Million Domains Use DMARC, but Only 13% Prevent Email Spoofing https://www.securityweek.com/nearly-1-million-domains-use-dmarc-only-13-prevent-email-spoofing
• Millions of Let’s Encrypt TLS Certs Need to be Revoked due to Certificate Authority Vulnerability https://www.schneier.com/blog/archives/2020/03/lets_encrypt_vu.html, https://threatpost.com/lets-encrypt-revoke-millions-tls-certs/153413/
• Let's Encrypt: We Won't Revoke All Certificates Right Now https://www.bankinfosecurity.com/lets-encrypt-we-wont-revoke-all-certificates-right-now-a-13895
• Siri and Google Assistant hacked in new ultrasonic attack https://nakedsecurity.sophos.com/2020/03/02/siri-and-google-assistant-hacked-in-new-ultrasonic-attack/ AND https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html
• Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/
• Skoltech scientists break Google’s quantum algorithm https://scienmag.com/skoltech-scientists-break-googles-quantum-algorithm/
• Google Patches Critical Remotely Exploitable Android Bug https://www.securityweek.com/google-patches-critical-remotely-exploitable-android-bug
• Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html
• Critical Zoho ManageEngine Desktop Zero-Day Flaw Disclosed https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/
• NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
• A Safe Excel Sheet Not So Safe https://isc.sans.edu/diary.html?storyid=25868
• The original Philips Hue Bridge hub is losing all internet connectivity on April 30th https://www.theverge.com/circuitbreaker/2020/3/6/21167813/philips-hue-bridge-hub-internet-connectivity-discontinued-cloud-updates

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• Forget Robocalls, SIM Swapping Is The Biggest Threat On Your Smartphone: How To Protect Yourself https://www.forbes.com/sites/brookecrothers/2020/03/01/two-factor-authentication-2fa-isnt-as-safe-as-you-think-on-your-iphone-android-device-the-danger-of-sim-swapping-and-how-to-protect-yourself/
• Multiple nation-state groups are hacking Microsoft Exchange servers https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/
• CIA Hackers Targeted China in Decade-Long Campaign: Chinese Security Firm https://www.securityweek.com/cia-hackers-targeted-china-decade-long-campaign-chinese-security-firm
• Microsoft confirms 1.2M customer enterprise accounts compromised and MFA would have prevented most these https://www.forbes.com/sites/zakdoffman/2020/03/07/microsoft-confirms-really-really-high-hacking-threat-for-millions-of-users-heres-what-you-do-now/
• A Zero-Day Homograph Domain Name Attack https://www.securityweek.com/zero-day-homograph-domain-name-attack
• New PwndLocker Ransomware Targeting U.S. Cities, Enterprises https://www.databreaches.net/new-pwndlocker-ransomware-targeting-u-s-cities-enterprises/
• Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight https://www.forbes.com/sites/daveywinder/2020/03/05/beware-of-this-new-windows-10-ransomware-threat-hiding-in-plain-sight/
• French Critical Infrastructure Firms Rocked by Kasbah Hacker Malware Campaign? https://krebsonsecurity.com/2020/03/french-firms-rocked-by-kasbah-hacker/
• NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs https://threatpost.com/netsupport-manager-rat-nortonlifelock-docs/153387/
• This phishing email contains a password-protected file. Don't open it. https://www.zdnet.com/article/this-phishing-email-contains-a-password-protected-file-dont-open-it/
• Former DHS Acting Inspector General Indicted for Stealing Database with Personnel Information https://www.databreaches.net/former-dhs-acting-inspector-general-indicted-for-stealing-database-with-personnel-information/
• Coder charged in massive CIA leak portrayed as vindictive https://www.databreaches.net/coder-charged-in-massive-cia-leak-portrayed-as-vindictive/
• Chinese nationals helped North Korea launder stolen cryptocurrency https://www.theverge.com/2020/3/2/21161976/chinese-bitcoin-cryptocurrency-north-korea-hacking
• Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef https://www.theregister.co.uk/2020/03/05/cia_leak_trial/
• Alleged Russian hacker on trial Monday for 2012 LinkedIn, Dropbox hacks https://www.databreaches.net/alleged-russian-hacker-on-trial-monday-for-2012-linkedin-dropbox-hacks/
• Australian thief uses fishing rod to steal Versace necklace https://www.bbc.co.uk/news/world-australia-51735614

Other Security / Risk

Articles covering other types of risks.

• Forget Robocalls, SIM Swapping Is The Biggest Threat On Your Smartphone: How To Protect Yourself https://www.forbes.com/sites/brookecrothers/2020/03/01/two-factor-authentication-2fa-isnt-as-safe-as-you-think-on-your-iphone-android-device-the-danger-of-sim-swapping-and-how-to-protect-yourself/
• Multiple nation-state groups are hacking Microsoft Exchange servers https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/
• CIA Hackers Targeted China in Decade-Long Campaign: Chinese Security Firm https://www.securityweek.com/cia-hackers-targeted-china-decade-long-campaign-chinese-security-firm
• Microsoft confirms 1.2M customer enterprise accounts compromised and MFA would have prevented most these https://www.forbes.com/sites/zakdoffman/2020/03/07/microsoft-confirms-really-really-high-hacking-threat-for-millions-of-users-heres-what-you-do-now/
• A Zero-Day Homograph Domain Name Attack https://www.securityweek.com/zero-day-homograph-domain-name-attack
• New PwndLocker Ransomware Targeting U.S. Cities, Enterprises https://www.databreaches.net/new-pwndlocker-ransomware-targeting-u-s-cities-enterprises/
• Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight https://www.forbes.com/sites/daveywinder/2020/03/05/beware-of-this-new-windows-10-ransomware-threat-hiding-in-plain-sight/
• French Critical Infrastructure Firms Rocked by Kasbah Hacker Malware Campaign? https://krebsonsecurity.com/2020/03/french-firms-rocked-by-kasbah-hacker/
• NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs https://threatpost.com/netsupport-manager-rat-nortonlifelock-docs/153387/
• This phishing email contains a password-protected file. Don't open it. https://www.zdnet.com/article/this-phishing-email-contains-a-password-protected-file-dont-open-it/
• Former DHS Acting Inspector General Indicted for Stealing Database with Personnel Information https://www.databreaches.net/former-dhs-acting-inspector-general-indicted-for-stealing-database-with-personnel-information/
• Coder charged in massive CIA leak portrayed as vindictive https://www.databreaches.net/coder-charged-in-massive-cia-leak-portrayed-as-vindictive/
• Chinese nationals helped North Korea launder stolen cryptocurrency https://www.theverge.com/2020/3/2/21161976/chinese-bitcoin-cryptocurrency-north-korea-hacking
• Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef https://www.theregister.co.uk/2020/03/05/cia_leak_trial/
• Alleged Russian hacker on trial Monday for 2012 LinkedIn, Dropbox hacks https://www.databreaches.net/alleged-russian-hacker-on-trial-monday-for-2012-linkedin-dropbox-hacks/
• Australian thief uses fishing rod to steal Versace necklace https://www.bbc.co.uk/news/world-australia-51735614

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• This Year's Equinox Is March 19, The Earliest In 124 Years https://www.forbes.com/sites/startswithabang/2020/03/05/celebrate-the-earliest-equinox-since-1896-this-march-19-thanks-to-science/
• A dam right across the North Sea? https://scienmag.com/a-dam-right-across-the-north-sea/
• The tale of the two female pilots who could have been the first women in space https://www.cbc.ca/news/the-tale-of-the-two-female-pilots-who-could-have-been-the-first-women-in-space-1.5489108
• Another Reminder that Spaceflight is Difficult. Starship Prototype Explodes and Falls Over https://www.universetoday.com/145189/another-reminder-that-spaceflight-is-difficult-starship-prototype-explodes-and-falls-over/
• Smithsonian 3D Scans NASA Space Shuttle Discovery And Makes It Open Source https://www.forbes.com/sites/tjmccue/2020/03/04/smithsonian-3d-scans-the-nasa-space-shuttle-discovery-and-makes-it-open-source/
• Astronomy Student in Canada Discovers 17 Exoplanets New to Science https://www.sciencealert.com/student-discovered-17-planets-and-one-s-in-a-habitable-zone
• Nuclear Tests Marked Life on Earth With a Radioactive Spike https://www.theatlantic.com/science/archive/2020/03/how-nuclear-testing-transformed-science/607174/