This Week’s [in]Security – Issue 155 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Trending:COVID-19 update: Spread, containment, Reactions, response, impact, Surveillance, Information, Tools, How much Toilet Paper, Extraordinary invention, Treatments, vaccines, Behaviours from just bad to evil. Magecart. POS Terminal sanitization. Breach responsibility. 3 Mega-breaches. Who Has Your Face. De-Googling. FIPS 140-3 and NIST. NIST Telework guidance and more. Password managers. Russian cyber-weapon breach. Security theatre. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

New - Emerging Issues and Trending Stories

This special section is dedicated to emerging issues and trending stories that cross multiple of our regular news categories.

Coronavirus COVID-19 update

• Spread and containment:

  • China reported no new local coronavirus cases for the first time during the outbreak https://www.businessinsider.com/china-no-new-local-coronavirus-cases-first-time-during-outbreak-2020-3
  • Coronavirus: Italy's death toll overtakes China's https://www.bbc.co.uk/news/world-europe-51964307
  • Italy coronavirus deaths rise by record 475 in a day https://www.bbc.co.uk/news/world-europe-51952712
  • The coronavirus has caused a full breakdown in Iran https://www.businessinsider.com/iran-coronavirus-covid19-deaths-cases-updates-2020-3
  • We could be Italy' https://www.businessinsider.com/surgeon-general-warns-theres-chance-that-us-could-be-italy-2020-3
  • 2.2 Million People in the U.S. Could Die If Coronavirus Goes Unchecked https://theintercept.com/2020/03/17/coronavirus-air-pollution/
  • One chart shows how South Korea got its coronavirus outbreak under control in less than a month https://www.businessinsider.com/coronavirus-south-korea-spread-daily-case-count-decreases-over-time-2020-3
  • Coronavirus slowdown seen from space https://www.bbc.co.uk/news/world-51948578
  • Ontario declares state of emergency amid COVID-19 pandemic https://toronto.ctvnews.ca/ontario-declares-state-of-emergency-amid-covid-19-pandemic-1.4856033
  • Coronavirus: Ontario extends validity of drivers’ licences and health cards https://globalnews.ca/news/6702722/coronavirus-ontario-licences-health-cards/
  • The party is over': Florida Gov. Ron DeSantis ends spring break amid the coronavirus pandemic https://www.businessinsider.com/coronavirus-florida-gov-ron-desantis-ends-spring-break-partying-2020-3
  • US-Canada border to close amid virus crisis https://www.bbc.co.uk/news/world-us-canada-51949243
  • President Trump Invokes Wartime Law The Defense Production Act https://www.forbes.com/sites/mattperez/2020/03/18/president-trump-invokes-wartime-law-the-defense-production-act-heres-what-that-does/
  • NY Governor Rejects Mayor’s ‘Shelter In Place’ Order https://www.pymnts.com/coronavirus/2020/ny-governor-rejects-shelter-in-place-order/
  • Germany shuts borders to try to slow virus https://www.bbc.co.uk/news/world-europe-51905129
  • Canada to bar entry for most foreigners https://www.bbc.co.uk/news/world-us-canada-51861980
  • The U.K.’s Coronavirus ‘Herd Immunity’ Debacle https://www.theatlantic.com/health/archive/2020/03/coronavirus-pandemic-herd-immunity-uk-boris-johnson/608065/
  • The UK abandoned its coronavirus plan after realising it would have resulted in 'hundreds of thousands of deaths' https://www.businessinsider.com/uk-abandoned-coronavirus-strategy-that-would-cause-250000-deaths-2020-3

• Reactions, response, impact:

  • WHO: All countries must 'test, test, test.' Social distancing and hand-washing isn't enough. https://www.businessinsider.com/who-social-distancing-isnt-enough-countries-must-test-2020-3
  • WHO says countries not testing enough for coronavirus cases https://globalnews.ca/news/6683518/who-testing-coronavirus-march-16/
  • Nurses say they won't get paid time off if they catch coronavirus — and it could force them to choose between paying bills or heading to work while sick https://www.businessinsider.com/nurses-worry-about-getting-paid-sick-leave-covid-19-outbreak-2020-3
  • Super rich stranded as private jet operators say no to travel http://www.bnnbloomberg.ca/super-rich-stranded-as-private-jet-operators-say-no-to-travel-1.1407304
  • Virus creates world's longest passenger flight https://www.cnn.com/travel/article/coronavirus-worlds-longest-flight/index.html
  • Passengers from Nanaimo now on ‘mystery cruise’ after Chile calls a state of catastrophe https://www.nanaimobulletin.com/news/passengers-from-nanaimo-now-on-mystery-cruise-after-chile-calls-a-state-of-catastrophe/
  • 30 cruise ships are still at sea -- here's what it's like https://www.cnn.com/travel/article/cruise-ship-passengers-stranded-coronavirus/index.html
  • Coronavirus: How long can Canadians expect to be social distancing? https://globalnews.ca/news/6695737/coronavirus-canadians-social-distancing/
  • Hong Kong makes wearable trackers mandatory for new arrivals, checks in with ‘surprise calls’ too https://www.theregister.co.uk/2020/03/19/hong_kong_wearable_trackers_mandatory/
  • Emergency Surveillance During COVID-19 Crisis https://www.schneier.com/blog/archives/2020/03/emergency_surve.html
  • Israel is using cellphone data to track the coronavirus https://www.theverge.com/2020/3/17/21183716/coronavirus-covid-19-israel-natanyahu-cellphone-data-tracking
  • Privacy in a Pandemic: What You Can (and Can't) Ask Employees https://www.darkreading.com/endpoint/privacy-in-a-pandemic-what-you-can-(and-cant)-ask-employees/d/d-id/1337326
  • Authorities Eye Using Mobile Phone Tracking COVID-19’s Spread https://threatpost.com/authorities-mobile-phone-tracking-covid-19-spread/153903/
  • A Historical Lesson in Disease Containment https://www.theatlantic.com/health/archive/2020/03/tuberculosis-sanatoriums-were-quarantine-experiment/608335/
  • Ontario government announces expansion of Telehealth resources https://globalnews.ca/news/6682453/coronavirus-ontario-government-telehealth-resources/
  • Canada will not send athletes to Tokyo Olympics https://www.cnn.com/2020/03/22/americas/canada-no-athletes-tokyo-olympics/index.html
  • The Modern Supply Chain Is Snapping https://www.theatlantic.com/ideas/archive/2020/03/supply-chains-and-coronavirus/608329/
  • We're about to get an early sign of just how badly coronavirus will damage the economy https://markets.businessinsider.com/news/stocks/jobless-claims-preview-data-early-coronavirus-impact-labor-insurance-unemployment-2020-3-1029010357
  • Federal government flooded with 500,000 applications for employment insurance https://www.cbc.ca/news/business/coronavirus-employment-insurance-1.5504676
  • Chinese factories face new threat: US anti-virus controls https://ca.finance.yahoo.com/news/chinese-factories-face-threat-us-015210958.html
  • Senate Republicans are reportedly close to agreeing on a $1 trillion coronavirus stimulus package https://www.businessinsider.com/republican-senators-close-1-trillion-coronavirus-stimulus-package-deal-report-2020-3
  • The Dow has officially erased all gains minted during the Trump presidency https://markets.businessinsider.com/news/stocks/stock-market-erases-gains-trump-presidency-coronavirus-fear-dow-inauguration-2020-3-1029009600
  • The US economy is already mired in a coronavirus-sourced recession https://markets.businessinsider.com/news/stocks/economic-outlook-us-already-in-coronavirus-recession-employment-forecast-ucla-2020-3-1029003617
  • Microsoft Teams goes down just as Europe logs on to work remotely https://www.theverge.com/2020/3/16/21181300/microsoft-teams-down-outage-europe-remote-working-coronavirus
  • Mozilla re-enables TLS 1.0 and 1.1 so people can get to Government sites on Coronavirus https://www.ghacks.net/2020/03/21/mozilla-re-enables-tls-1-0-and-1-1-because-of-coronavirus-and-google/
  • Telecom networks deal with 'unprecedented' pressure as Canadians work from home https://www.cbc.ca/news/technology/internet-phone-networks-under-strain-covid-19-1.5503818
  • Netflix urged to slow down streaming to stop the internet from breaking https://www.cnn.com/2020/03/19/tech/netflix-internet-overload-eu/index.html
  • Steam hit its all-time concurrent user peak over the weekend https://www.theverge.com/2020/3/16/21181272/steam-concurrent-user-record-set-cs-go
  • Online Educator Khan Academy’s Traffic Spikes 50%. Founder: “We Are A Stopgap” https://www.forbes.com/sites/susanadams/2020/03/18/online-educator-khan-academys-traffic-spikes-50-founder-we-are-a-stopgap/
  • DOD Warns of Cyber Risks as Employees Work From Home https://www.bankinfosecurity.com/dod-warns-cyber-risks-as-employees-work-from-home-a-13960
  • Security Lessons We've Learned (So Far) from COVID-19 https://www.darkreading.com/edge/theedge/security-lessons-weve-learned-(so-far)-from-covid-19/b/d-id/1337332
  • Pandemic Planning Should Ensure All Votes Can Be Cast by Mail in November https://theintercept.com/2020/03/16/pandemic-planning-ensure-votes-can-cast-mail-november-experts-say/
  • Planes, Trains and Automobiles: What Does A Deep Clean Mean? https://khn.org/news/ships-planes-trains-scooters-all-need-a-virus-wipe-but-what-does-a-deep-clean-mean/

• Information and Tools:

  • We Were Warned https://www.theatlantic.com/politics/archive/2020/03/pandemic-coronavirus-united-states-trump-cdc/608215/
  • No, COVID-19 Coronavirus Was Not Bioengineered. Here’s The Research That Debunks That Idea https://www.forbes.com/sites/brucelee/2020/03/17/covid-19-coronavirus-did-not-come-from-a-lab-study-shows-natural-origins/
  • Flattening the COVID-19 Curves https://blogs.scientificamerican.com/blogs/observations/flattening-the-covid-19-curves/
  • How Much Toilet Paper?! - The Coronavirus Toilet Paper Calculator https://howmuchtoiletpaper.com/
  • For perspective - The top 10 leading causes of death in the United States https://www.medicalnewstoday.com/articles/282929
  • Science Matters: Let's Talk About COVID-19 an online course https://www.coursera.org/learn/covid-19
  • Graph theory suggests COVID-19 might be a ‘small world’ model after all - not that it helps much at the beginning of the outbreak https://www.zdnet.com/article/graph-theory-suggests-covid-19-might-be-a-small-world-after-all/
  • These simulations show how to flatten the coronavirus growth curve https://www.washingtonpost.com/graphics/2020/world/corona-simulator/
  • 7 Dangerous Myths About The COVID-19 Coronavirus Pandemic https://www.forbes.com/sites/robertpearl/2020/03/18/7-myths-about-covid-19/
  • Study reveals how long COVID-19 remains infectious on cardboard, metal and plastic https://scienmag.com/study-reveals-how-long-covid-19-remains-infectious-on-cardboard-metal-and-plastic/
  • Updated: WHO Now Doesn't Recommend Avoiding Ibuprofen For COVID-19 Symptoms https://www.sciencealert.com/who-recommends-to-avoid-taking-ibuprofen-for-covid-19-symptoms
  • Coronavirus: Australian scientists map how immune system fights virus https://www.bbc.co.uk/news/world-australia-51921403
  • COVID-19 Symptom Self-Assessment Tool https://ca.thrive.health/covid19/en
  • Facebook built a tool last year to map the spread of diseases. Now it's being used to combat coronavirus https://www.businessinsider.com/see-how-facebooks-disease-prevention-maps-could-fight-coronavirus-2020-3
  • Astronaut Buzz Aldrin has advice for getting through quarantine https://www.cnet.com/news/astronaut-buzz-aldrin-has-advice-for-getting-through-quarantine/
  • Work-from-Home Security Advice https://www.schneier.com/blog/archives/2020/03/work-from-home_.html

• Invention in extraordinary times:

  • There’s A Shortage Of Ventilators For Coronavirus Patients, So This International Group Invented An Open Source Alternative That’s Being Tested Next Week https://www.forbes.com/sites/alexandrasternlicht/2020/03/18/theres-a-shortage-of-ventilators-for-coronavirus-patients-so-this-international-group-invented-an-open-source-alternative-thats-being-tested-next-week/
  • Chinese Journalist Shares Report on COVID-19 on Ethereum, Bypassing Censor - clever trojan use of blockchain https://cointelegraph.com/news/chinese-journalist-shares-report-on-covid-19-on-ethereum-bypassing-censor
  • Denmark’s Idea Could Help the World Avoid a Great Depression https://www.theatlantic.com/ideas/archive/2020/03/denmark-freezing-its-economy-should-us/608533/

• Treatments and vaccines:

  • How COVID-19 Drug Hunters Spot Virus-Fighting Compounds https://www.scientificamerican.com/article/how-covid-19-drug-hunters-spot-virus-fighting-compounds/
  • Researchers Look To Old Drugs For A Possible Coronavirus Treatment – It Might Just Work https://www.forbes.com/sites/marybethpfeiffer/2020/03/18/science-works-to-use-old-cheap-drugs-to-attack-coronavirus--it-might-just-work/
  • How Scientists Are Working 24/7 Looking For Old Drugs That Might Treat COVID-19 https://www.sciencealert.com/a-treatment-for-covid-19-might-already-exist-in-old-drugs-we-just-need-to-unlock-the-right-combination
  • Could a malaria pill from the 1940s treat the coronavirus? https://www.businessinsider.com/malaria-pill-chloroquine-tested-as-coronavirus-treatment-2020-3
  • US Just Started The First Human Trial of a Vaccine For The New Coronavirus https://www.sciencealert.com/us-begins-first-human-trial-of-coronavirus-vaccine
  • Updated: Trump Says FDA Approved Anti-Malaria Drug Chloroquine To Test As Coronavirus Treatment https://www.forbes.com/sites/lisettevoytko/2020/03/19/trump-says-fda-approved-anti-malaria-drug-chloroquine-to-test-as-coronavirus-treatment/
  • Coronavirus Vaccines: Five Key Questions as Trials Begin https://www.scientificamerican.com/article/coronavirus-vaccines-five-key-questions-as-trials-begin/
  • Canada's First Coronavirus Vaccine Made In Saskatchewan Is Now In Testing Stages https://www.narcity.com/news/ca/sk/coronavirus-vaccine-made-in-saskatchewan-is-now-in-the-testing-stages
  • Japanese Flu Drug ‘Effective’ Against Coronavirus In Clinical Trials, Chinese Officials Say https://www.forbes.com/sites/lisettevoytko/2020/03/18/japanese-flu-drug-effective-against-coronavirus-in-clinical-trials-chinese-officials-say/
  • Johns Hopkins Experts Are Trying a Clever Antibody Method From The 1890s on COVID-19 https://www.sciencealert.com/a-classic-therapy-from-the-1890s-could-help-protect-against-coronavirus-experts-say
  • NIH clinical trial of investigational vaccine for COVID-19 begins https://scienmag.com/nih-clinical-trial-of-investigational-vaccine-for-covid-19-begins/
  • Distributed GPU's fighting coronovirus - Folding@Home Now More Powerful Than World's Top 7 Supercomputers, Combined https://www.tomshardware.com/news/folding-at-home-worlds-top-supercomputers-coronavirus-covid-19

• Shame, shame, and more shame:

  • Societies extreme behaviour is scarier than the Coronavirus itself https://blogs.scientificamerican.com/blogs/observations/whats-scarier-than-the-coronavirus/
  • Oregon police tell citizens to stop calling 911 ‘just because you ran out of toilet paper’ https://globalnews.ca/news/6690521/coronavirus-toilet-paper-shortage/
  • The People Ignoring Social Distancing https://www.theatlantic.com/family/archive/2020/03/coronavirus-social-distancing-socializing-bars-restaurants/608164/
  • Why we can't have nice things - French people ignored officials' warnings to isolate themselves over the coronavirus. Now they need a form to leave the house. https://www.businessinsider.com/coronavirus-france-requires-form-leave-house-walk-shopping-2020-3
  • Two-thirds of passengers from the coronavirus-stricken Grand Princess cruise ship declined to be tested while quarantined at a California military base so they could go home sooner https://www.businessinsider.com/coronavirus-grand-princess-cruise-ship-passengers-decline-testing-2020-3
  • Medical company threatens to sue volunteers that 3D-printed valves for life-saving coronavirus treatments https://www.theverge.com/2020/3/17/21184308/coronavirus-italy-medical-company-threatens-sue-3d-print-valves-treatments
  • Senators Urge FTC to Stop Google's Monetization of COVID-19 Fears https://epic.org/2020/03/senators-urge-ftc-to-stop-goog.html
  • Russia is aggressively exploiting the coronavirus pandemic to push disinformation and weaken Western society https://www.businessinsider.com/coronavirus-russia-disinformation-eu-report-warns-2020-3
  • Phone scam tells Albertans they have COVID-19, asks for credit card info https://globalnews.ca/news/6692519/coronavirus-phone-scam-alberta-health-credit-card/
  • Coronavirus Widens the Money Mule Pool https://krebsonsecurity.com/2020/03/coronavirus-widens-the-money-mule-pool/
  • Surprise - Hackers are making fake coronavirus tracking apps that are actually ransomware https://www.businessinsider.com/coronavirus-fake-app-ransomware-malware-bitcoin-android-demands-ransom-domaintools-2020-3
  • Hackers are exploiting the coronavirus crisis by posing as World Health Organisation officials in order to steal bank details and target government infrastructure https://www.businessinsider.com/coronavirus-hackers-posing-as-world-health-organisation-offiicals-2020-3
  • Hackers Hit US Health Agency During Coronavirus Crisis https://www.cnet.com/news/hackers-hit-us-health-agency-during-coronavirus-crisis/

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• How to sanitize your POS terminal https://www.moneris.com/-/media/Files/2020/COVID/Terminal-Sanitization-Instructions-FINAL-EN-031420.ashx
• Card Verification FAQ https://community.moneris.com/blogs/b/announcements/posts/card-verification-faq
• Magecart Hackers Hit NutriBullet Website Multiple Times https://www.pymnts.com/fraud-attack/2020/magecart-hackers-hit-nutribullet-website-multiple-times/
• TrueFire Guitar Tutoring Website Suffers Magecart-style Credit Card Breach https://thehackernews.com/2020/03/truefire-guitar-tutoring-data-breach.html

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Troy Hunt: There is a Serious Lack of Corporate Responsibility During Breach Disclosures https://www.troyhunt.com/there-is-a-serious-lack-of-corporate-responsibility-during-breach-disclosures/
• Beware—This Open Database On Google Cloud ‘Exposes 200 Million Americans’: Are You At Risk? https://www.forbes.com/sites/zakdoffman/2020/03/20/stunning-new-google-cloud-breach-hits-200-million-us-citizens-check-here-if-youre-now-at-risk/
• Unprotected Elasticsearch Database Exposed 5 Billion Previously Leaked Records https://www.securityweek.com/unprotected-database-exposed-5-billion-previously-leaked-records
• Unidentified database exposes 200 million American https://www.databreaches.net/report-unidentified-database-exposes-200-million-americans/
• 500,000 Documents Relating to MCA Wizard App Exposed in Open S3 Bucket Incident https://www.darkreading.com/cloud/500000-documents-exposed-in-open-s3-bucket-incident/d/d-id/1337343
• Security Breach Disrupts Fintech Firm Finastra https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/
• Oregon DHS notifies public of data breach https://www.databreaches.net/oregon-dhs-notifies-public-of-data-breach/
• Unsecured S3 Database Exposes Financial Records from defunct small business loan app MCA Wizard https://www.bankinfosecurity.com/unsecured-database-exposes-financial-records-report-a-13969
• Rogers notifies customers their personal information may have been compromised (no cards) https://www.databreaches.net/rogers-notifies-customers-their-personal-information-may-have-been-compromised/
• Jamaica National hit by major cyber attack http://jamaica-gleaner.com/article/news/20200320/jamaica-national-hit-major-cyber-attack
• Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems https://thehackernews.com/2020/03/ddos-botnets-lilin-dvr.html
• Why ransomware continues to knock on healthcare’s door, enter, and create havoc https://www.databreaches.net/why-ransomware-continues-to-knock-on-healthcares-door-enter-and-create-havoc/

Privacy

Articles about privacy related news, risks, and trends.

• Announcing Who Has Your Face - article https://www.eff.org/deeplinks/2020/03/announcing-who-has-your-face and site https://whohasyourface.org/
• Tattoo Recognition Score Card: How Institutions Handled Unethical Biometric Surveillance Dataset https://www.eff.org/deeplinks/2020/03/tattoo-recognition-score-card-how-institutions-handled-unethical-biometric
• Fighting AI Bias—Digital Rights Are Human Rights https://www.forbes.com/sites/insights-ibmai/2020/03/19/fighting-ai-bias-digital-rights-are-human-rights/
• EPIC Obtains DOJ Report on Predictive Policing and AI - “Individual liberty is at stake" https://epic.org/2020/03/epic-obtains-doj-report-on-pre.html
• The Best and Worst Browsers for Privacy, Ranked https://arstechnica.com/information-technology/2020/03/study-ranks-edges-default-privacy-settings-the-lowest-of-all-major-browsers/
• Rival Web Browser Alleges Google Violates GDPR https://www.pymnts.com/google/2020/rival-web-browser-alleges-google-violates-gdpr/
• Spy balloons that can see a phone in your hand will soon fly over North America https://www.businessinsider.com/spy-balloons-how-they-work-stratospheric-balloon-technology-racetrack-surveillance-2020-3
• The NYC subway’s new tap-to-pay system has a hidden cost — rider data https://www.theverge.com/2020/3/16/21175699/mta-omny-privacy-security-smartphone-identifier-location-nyc
• How National Security Surveillance Nabs More Than Spies https://www.securityweek.com/how-national-security-surveillance-nabs-more-spies
• De-Googling My Life – 2 Years On https://kevq.uk/de-googling-my-life-2-years-on/

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions https://csrc.nist.gov/publications/detail/itl-bulletin/2020/03/security-for-enterprise-telework-remote-access-and-byod/final

• FIPS-140-3 moves closer with NIST Updates for (SP) 800-140 and 800-140A through -140F

  • https://doi.org/10.6028/NIST.SP.800-140
  • https://csrc.nist.gov/publications/detail/sp/800-140a/final
  • https://csrc.nist.gov/publications/detail/sp/800-140b/final
  • https://csrc.nist.gov/publications/detail/sp/800-140c/final
  • https://csrc.nist.gov/publications/detail/sp/800-140d/final
  • https://csrc.nist.gov/publications/detail/sp/800-140e/final
  • https://csrc.nist.gov/publications/detail/sp/800-140f/final
• NIST is releasing Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment until April 20 https://csrc.nist.gov/publications/detail/nistir/8286/draft
• NIST has published NISTIR 8170, Approaches for Federal Agencies to Use the Cybersecurity Framework https://csrc.nist.gov/publications/detail/nistir/8170/final
• Freedom of Information coverup clerk stung for £2k after deleting council audio recording https://www.theregister.co.uk/2020/03/18/first_successful_foi_act_prosecution/
• ACLU Files Lawsuit Over Facial Recognition at US Airports https://www.bankinfosecurity.com/aclu-files-lawsuit-over-facial-recognition-at-us-airports-a-13957
• Apple fined record €1.1bn by French competition regulator https://www.theguardian.com/technology/2020/mar/16/apple-fined-record-11bn-by-french-competition-regulator

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• The Web’s Bot Containment Unit Needs Your Help https://krebsonsecurity.com/2020/03/the-webs-bot-containment-unit-needs-your-help/
• How to Combat CEO Fraud (email compromise) https://www.datex.ca/blog/how-to-combat-ceo-fraud
• Microsoft: PowerShell's new 'secrets' tool preview is out https://www.zdnet.com/article/microsoft-powershells-new-secrets-tool-preview-is-out/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Researchers expose vulnerabilities of password managers https://techxplore.com/news/2020-03-expose-vulnerabilities-password.html
• Here’s the Netflix account compromise Bugcrowd doesn’t want you to know about https://arstechnica.com/information-technology/2020/03/bugcrowd-tries-to-muzzle-hacker-who-found-netflix-account-compromise-weakness/
• Google Patches High-Risk Chrome Flaws, Halts Upcoming Releases https://www.securityweek.com/google-patches-high-risk-chrome-flaws-halts-upcoming-releases
• With Everyone WFH, VPN Security Has Become Paramount https://www.zdnet.com/article/covid-19-with-everyone-working-from-home-vpn-security-has-now-become-paramount/
• The Insecurity of WordPress and Apache Struts https://www.schneier.com/blog/archives/2020/03/the_insecurity_.html
• The CheapBit of Fitness Trackers Apps https://freedom-to-tinker.com/2020/03/16/the-cheapbit-of-fitness-trackers-apps/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• Putin’s Secret Intelligence Agency Hacked: Dangerous New ‘Cyber Weapons’ Now Exposed https://www.forbes.com/sites/zakdoffman/2020/03/21/putins-secret-intelligence-agency-hacked-dangerous-new-cyber-weapons-target-your-devices/
• Russian Hackers Relying on Compromised Accounts https://www.databreachtoday.com/russian-hackers-relying-on-compromised-accounts-report-a-13994
• How Microsoft Dismantled the Infamous Necurs Botnet https://www.wired.com/story/microsoft-necurs-botnet-takedown/
• California Man Gets Prison for Hacking Atlanta-Based Company https://www.securityweek.com/california-man-gets-prison-hacking-atlanta-based-company

Other Security / Risk

Articles covering other types of risks.

• TSA Admits Liquid Ban Is Security Theater https://www.schneier.com/blog/archives/2020/03/tsa_admits_liqu.html
• Regional nuclear war a risk for global food security https://scienmag.com/regional-nuclear-war-a-risk-for-global-food-security/
• 8 American cities that could disappear by 2100 https://www.businessinsider.com/american-cities-disappear-sea-level-rise-2100-2019-3
• New insights into US flood vulnerability revealed from flood insurance big data https://scienmag.com/new-insights-into-us-flood-vulnerability-revealed-from-flood-insurance-big-data/
• Facebook’s misinformation problem goes deeper than you think https://www.theverge.com/2020/3/17/21183341/new-america-report-facebook-misinformation-nathalie-marechal
• Can computers ever replace the classroom? https://www.theguardian.com/technology/2020/mar/19/can-computers-ever-replace-the-classroom
• Ontario man fighting $110 ticket for using license plate frame https://driving.ca/auto-news/news/ontario-man-fighting-110-ticket-for-using-license-plate-frame
• Apple finally admits Microsoft was right about tablets https://www.theverge.com/2020/3/19/21186500/apple-ipad-pro-vs-surface-pro-trackpad-mouse-inputs-history
• Magnetic component in e-cigarettes found to interfere with implantable cardioverter-defibrillator function https://scienmag.com/magnetic-component-in-e-cigarettes-found-to-interfere-with-implantable-cardioverter-defibrillator-function/
• ‘Sushi parasites’ have increased 283-fold in past 40 years https://scienmag.com/sushi-parasites-have-increased-283-fold-in-past-40-years/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• 2019 Was a Record Year for U.S. Solar Power https://www.scientificamerican.com/article/2019-was-a-record-year-for-u-s-solar-power/
• The dirty, dangerous job US airmen do to ensure U-2 pilots can breathe at 70,000 feet https://www.businessinsider.com/airmen-fuels-operators-supply-liquid-oxygen-for-u2-pilot-2020-3
• The Lunar Gateway Station is No Longer a Required Part of the Artemis Mission to Return to the Moon by 2024 https://www.universetoday.com/145428/the-lunar-gateway-is-no-longer-a-required-part-of-the-artemis-mission-to-return-to-the-moon-by-2024/
• Diamond samples in Canada reveal size of lost continent https://www.bbc.com/news/world-us-canada-51989255
• Filed under just hit it when it's broken - NASA Fixes Mars Lander By Telling It to Hit Itself With a Shovel https://futurism.com/nasa-mars-lander-hit-itself-shovel
• Is Star Trek: Picard's Hypothesized 'Octuple Star System' Really Possible? https://www.forbes.com/sites/startswithabang/2020/03/19/is-star-trek-picards-hypothesized-octuple-star-system-really-possible/
• Court cases that sound like the weirdest fights https://aiweirdness.com/post/612669075940900864/court-cases-that-sound-like-the-weirdest-fights