This Week's [in]Security - Issue 177 | insecurity | Control Gap

Welcome to This Week’s [in]Security. P2PE Key Block Deadlines. PCI Case Studies. ATM Alerts. NIST. 250M+ in New breaches: Mega breach, Social Data, Experian, Freepik, Cense AI, RMC. New Ransomware. Carnival. Facial Recognition. Privacy Shield. Windows. Google. Alexa. Cisco. SpiKey. IoT. email encryption. Zip Crypto. Zip Crypto. Supply Chains. Fake Recruiters. Spear Vishing. HTML Smuggling. 2xHurricanes. Blackouts. AI Dogfight. Covid-19: Spread, Curves, Spikes & Waves. Disinformation. And more.

Note: The COVID section appears later in the article.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• Revisions to the Implementation Dates for PCI P2PE Security Requirement 18-3 (Key Blocks) https://www.pcisecuritystandards.org/pdfs/Key_Block_Implementation_Bulletin_P2PE_final.pdf
• Make a Difference: Serve on the 2021-2022 PCI SSC Board of Advisors https://blog.pcisecuritystandards.org/make-a-difference-serve-on-the-2021-2022-pci-ssc-board-of-advisors

• PCI PIN Security Case Studies:

  • First Tech https://www.pcisecuritystandards.org/documents/REB_Brazil_PCI_PIN_Security_Case_Study_2020_First_Tech_en_Final.pdf
  • RGertec https://www.pcisecuritystandards.org/documents/REB_Brazil_Case_Study_PCI_PIN_2020_Gertec_en_Final.pdf

• PCI DSS Case Studies:

  • Cielo https://www.pcisecuritystandards.org/documents/REB_Brazil_Case_Study_PCI_DSS_2020_Cielo_en_Final.pdf
  • CSU https://www.pcisecuritystandards.org/documents/REB_Brazil_Case_Study_PCI_DSS_2020_CSU_en_Final.pdf
  • PicPay https://www.pcisecuritystandards.org/documents/REB_Brazil_Case_Study_PCI_DSS_2020_PicPay_en_Final.pdf
• PCI SSC Business License Requirements by Region https://www.pcisecuritystandards.org/documents/2020_PCI_SSC_Business_License_Requirements.pdf
• Tens of suspects arrested for cashing-out Santander ATMs using software glitch https://www.zdnet.com/article/tens-of-suspects-arrested-for-cashing-out-santander-atms-using-software-glitch/
• Rare: CERT/CC Warns of Vulnerabilities in Diebold Nixdorf, NCR ATMs https://www.securityweek.com/certcc-warns-vulnerabilities-diebold-nixdorf-ncr-atms

• Update on 3 Upcoming NIST Cybersecurity & Privacy Program Webinars (postponed):

  • Challenges with Compliance, Operations and Security with Encrypted Protocols, in Particular TLS 1.3 https://www.nccoe.nist.gov/events/postponed-virtual-workshop-challenges-compliance-operations-and-security-encrypted-protocols
  • Considerations in Migrating to PQC Algorithms https://www.nccoe.nist.gov/events/postponed-virtual-workshop-considerations-migrating-post-quantum-cryptographic-algorithms
  • Workshop on the Automation of the NIST CMVP https://www.nccoe.nist.gov/events/postponed-virtual-workshop-automation-nist-cryptographic-module-validation-program-cmvp

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New breaches:

  • Hundreds of millions of Instagram, TikTok, YouTube accounts compromised by data breach https://www.techradar.com/news/hundreds-of-millions-of-instagram-tiktok-youtube-accounts-compromised-by-data-breach
  • Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms https://www.vice.com/en_us/article/dyzewz/hackers-leak-alleged-internal-files-of-chinese-social-media-monitoring-firms
  • Social media data broker exposes nearly 235 million profiles scraped from Instagram, TikTok, and Youtube https://www.comparitech.com/blog/information-security/social-data-leak/
  • Experian South Africa discloses data breach impacting 24 million customers https://www.zdnet.com/article/experian-south-africa-discloses-data-breach-impacting-24-million-customers
  • Free photos, graphics site Freepik discloses data breach impacting 8.3m users https://www.zdnet.com/article/free-photos-graphics-site-freepik-discloses-data-breach-impacting-8-3m-users/
  • LiveAuctioneers - 3,385,862 breached accounts https://haveibeenpwned.com/PwnedWebsites#LiveAuctioneers
  • Cense AI Leaks Over 2.5M Medical and Insurance Records https://www.pcmag.com/news/report-ai-company-leaks-over-25m-medical-records
  • Catho - 1,173,012 breached accounts (Mar 2020) https://haveibeenpwned.com/PwnedWebsites#Catho
  • Sonicbids - 751,700 breached accounts (Dec 2019) https://haveibeenpwned.com/PwnedWebsites#Sonicbids
  • Utah Gun Exchange - 235,233 breached accounts https://haveibeenpwned.com/PwnedWebsites#UtahGunExchange
  • Unico Campania - 166,031 breached accounts https://haveibeenpwned.com/PwnedWebsites#UnicoCampania
  • Medical records for more than 61,000 cardiac patients left unsecured online https://www.databreaches.net/medical-records-for-more-than-61000-cardiac-patients-left-unsecured-online/
  • CO: Mental Health Partners discloses email hack potentially compromised employee and patient data https://www.databreaches.net/co-mental-health-partners-discloses-email-hack-potentially-compromised-employee-and-patient-data/
  • TX: Dozens of boxes of medical records found at Odessa Recycling Center https://www.databreaches.net/tx-dozens-of-boxes-of-medical-records-found-at-odessa-recycling-center/
  • NC: Lawsuit: ‘Alarming’ data breach at Coastal Prep Academy exposed sensitive personal data https://www.databreaches.net/nc-lawsuit-alarming-data-breach-at-coastal-prep-academy-exposed-sensitive-personal-data/
  • NSW Police Leak Private Information of Complainants https://www.databreaches.net/nsw-police-leak-private-information-of-complainants/
  • UAE Hack and Leak Operations https://www.schneier.com/blog/archives/2020/08/uae_hack_and_le.html
  • Student information, financial info published in suspected RMC data leak after cyber attack https://globalnews.ca/news/7283754/student-financial-rmc-data-leak-cyber-attack/

• New Ransomware:

  • Ransomware – The New (Too-High) Cost of Doing Business https://www.databreaches.net/ransomware-the-new-too-high-cost-of-doing-business/
  • World's largest cruise line operator discloses ransomware attack https://www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/
  • University of Utah pays $457,000 to ransomware gang not to leak data https://www.zdnet.com/article/university-of-utah-pays-457000-to-ransomware-gang
  • More Canadian entities hit with ransomware https://www.databreaches.net/more-canadian-entities-hit-with-ransomware/

• Follow-ups:

  • Marriott Hit With Class-Action Data Breach Lawsuit https://www.databreachtoday.com/marriott-hit-class-action-data-breach-lawsuit-a-14850
  • US senators: WikiLeaks 'likely knew it was assisting Russian intelligence influence effort' in 2016 Dem email leak https://www.theregister.com/2020/08/18/us_senate_wikileaks_report/
  • Former Uber Security Chief Charged Over Covering Up 2016 Data Breach https://thehackernews.com/2020/08/uber-data-breach-cover-ups.html

Privacy

Articles about privacy related news, risks, and trends.

• EFF Calls on California Gov. Newsom To Mandate Data Privacy Protections for Californians Who Participate in COVID-19 Contact Tracing Programs https://www.eff.org/press/releases/eff-calls-california-gov-newsom-mandate-data-privacy-protections-californians-who
•  
• Senate Bill Would Expand Facial-Recognition Restrictions Nationwide https://threatpost.com/senate-bill-expand-facial-recognition-restrictions-nationwide/158509/
• Proctoring Apps Subject Students to Unnecessary Surveillance https://www.eff.org/deeplinks/2020/08/proctoring-apps-subject-students-unnecessary-surveillance
• How Smartphone Location Tracking Works, and What You Can Do About It https://www.nytimes.com/2020/08/19/technology/smartphone-location-tracking-opt-out.html
• Secret Service reportedly paid to access phone location data https://www.cnet.com/news/secret-service-reportedly-paid-to-access-to-phone-location-data/
• Schrems Files 101 Complaints Targeting US-EU Data Transfers https://epic.org/2020/08/schrems-files-101-complaints-t.html
• Ca: London Ontario Police snooped on personal health data 10,475 times in 4 months https://www.databreaches.net/ca-london-police-snooped-on-personal-health-data-10475-times-in-4-months/
• No to Expanded HHS Surveillance of COVID-19 Patients https://www.eff.org/deeplinks/2020/08/no-expanded-hhs-surveillance-covid-19-patients
• Australian Online Health Platform Fined for Data Practices https://www.databreachtoday.com/australian-online-health-platform-fined-for-data-practices-a-14865
• EU Regulators Wrangle Over Twitter Data Privacy Penalty https://www.securityweek.com/eu-regulators-wrangle-over-twitter-data-privacy-penalty
• IBM Settles Lawsuit Over Weather Channel App Data Privacy https://threatpost.com/ibm-settles-lawsuit-over-weather-channel-app-data-privacy/158529/

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• NY Department of Financial Services Brings First Enforcement Action under its Cybersecurity Regulation https://blog.isc2.org/isc2_blog/2020/08/nydfs-brings-first-enforcement-cybersecurity-regulation.html
• Federal Government Advisory on Federal Laws Potentially Violated When Intercepting Drones https://epic.org/2020/08/federal-government-advises-on-.html
• Article 17: Germany Shows Creativity, but EFF Wants More https://www.eff.org/deeplinks/2020/08/article-17-germany-shows-creativity-eff-wants-more
• NIST has published Special Publication (SP) 800-56C Revision 2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes https://csrc.nist.gov/publications/detail/sp/800-56c/rev-2/final
• NIST Privacy Workforce Taxonomy Development Project https://www.nist.gov/blogs/cybersecurity-insights/help-wanted-growing-workforce-managing-privacy-risk

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• WannaRen ransomware author contacts security firm to share decryption key https://www.zdnet.com/article/wannaren-ransomware-author-contacts-security-firm-to-share-decryption-key/
• Bye Bye Internet Explorer https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666
• Taking Transport Layer Security (TLS) to the next level with TLS 1.3 https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls-1-3/
• Chrome 86 to Alert Users of Insecure Forms https://www.securityweek.com/chrome-86-alert-users-insecure-forms
• Robust distributed symmetric-key encryption https://eprint.iacr.org/2020/1001
• SANS Institute Sees Its Breach as Teachable Moment https://www.databreachtoday.com/sans-institute-sees-its-breach-as-teachable-moment-a-14818
• SANS Examining Office 365 Mail Forwarding Rules (and other Mail Rules too) https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2 https://thehackernews.com/2020/08/windows-update-download.html
• Microsoft's Patch for LSASS Flaw Incomplete, Google Researcher Says https://www.securityweek.com/microsofts-patch-lsass-flaw-incomplete-google-researcher-says
• Google fixes major Gmail bug seven hours after exploit details go public https://www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-after-exploit-details-go-public/
• A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware https://thehackernews.com/2020/08/google-drive-file-versions.html
• Amazon Alexa Bugs Allowed Hackers to Pilfer Data and Install Malicious Skills Remotely https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html and https://threatpost.com/amazon-alexa-one-click-attack-can-divulge-personal-data/158297/
• Vulnerability Spotlight: Internet Systems Consortium BIND server DoS https://blog.talosintelligence.com/2020/08/vuln-spotlight-ISC-BIND-aug-2020.html
• Cisco Critical Flaw Patched in WAN Software Solution https://threatpost.com/cisco-critical-flaw-patched-in-wan-software-solution/158485/
• Default Credentials Expose Cisco ENCS, CSP Appliances to Attacks https://www.securityweek.com/default-credentials-expose-cisco-encs-csp-appliances-attacks
• IBM AI-Powered Data Management Software Subject to Simple Exploit https://threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/
• The Sounds a Key Make Can Produce 3D-Printed Replica https://threatpost.com/the-sounds-a-key-make-can-produce-3d-printed-replica/158457/ and https://www.schneier.com/blog/archives/2020/08/copying_a_key_b.html
• Researchers Warn of Flaw Affecting Millions of IoT Devices https://threatpost.com/flaw-affecting-millions-iot-devices/158472/ and https://www.databreachtoday.com/ibm-finds-flaw-in-millions-thales-wireless-iot-modules-a-14858
• Academics Devise Attacks Targeting Email End-to-End Encryption - malicious link attches files https://www.securityweek.com/academics-devise-attacks-targeting-email-end-end-encryption and https://www.theregister.com/2020/08/19/openpgp_smime_email_client_mailto_flaws/
• A Differential Meet-in-the-Middle Attack on the Zip cipher https://eprint.iacr.org/2020/983
• A Differential Meet-in-the-Middle Attack on the Zip cipher https://eprint.iacr.org/2020/983
• Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers https://www.databreaches.net/please-stop-hard-wiring-aws-credentials-in-your-code-looking-at-you-uni-covid-19-track-and-test-app-makers/
• Large Orgs Plagued with Bugs, Face Giant Patch Backlogs https://threatpost.com/large-orgs-plagued-bugs-patch-backlogs/158433/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• New Global Threat Landscape Report Reveals ‘Unprecedented’ Cyberattacks https://threatpost.com/new-global-threat-landscape-report-reveals-unprecedented-cyberattacks/158329/
• 'Next-Gen' Supply Chain Attacks Surge 430% https://www.darkreading.com/application-security/next-gen-supply-chain-attacks-surge-430-/d/d-id/1338717
• Hackers Target Defense Contractors' Employees By Posing as Recruiters https://thehackernews.com/2020/08/job-offer-hackers.html
• Voice Phishers Targeting Corporate VPNs https://krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/
• The Attack That Broke Twitter Is Hitting Dozens of Companies https://www.wired.com/story/phone-spear-phishing-twitter-crime-wave
• Researchers Warn of Active Malware Campaign Using HTML Smuggling https://threatpost.com/active-malware-campaign-html-smuggling/158439/
• RedCurl cybercrime group has hacked companies for three years https://www.databreaches.net/redcurl-cybercrime-group-has-hacked-companies-for-three-years/
• North Korean Hacking Group Attacks Israeli Defense Industry https://www.databreaches.net/north-korean-hacking-group-attacks-israeli-defense-industry/
• AWS Cryptojacking Worm Spreads Through the Cloud https://threatpost.com/aws-cryptojacking-worm-cloud/158427/
• How Four Brothers Allegedly Fleeced $19 Million From Amazon https://www.wired.com/story/how-four-brothers-allegedly-fleeced-19-million-amazon
• Cryptomining Botnet Steals AWS Credentials https://www.databreachtoday.com/cryptomining-botnet-steals-aws-credentials-a-14856
• US Army report says many North Korean hackers operate from abroad https://www.zdnet.com/article/us-army-report-says-many-north-korean-hackers-operate-from-abroad/
• A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide https://thehackernews.com/2020/08/p2p-botnet-malware.html

Other Security / Risk

Articles covering other types of risks.

• COVID-19 Other risks and impact:

  • 300 Pizza Huts are closing after a giant franchisee goes bankrupt https://www.cnn.com/2020/08/17/business/pizza-hut-closures-npc-international/index.html
  • Canadian retail sales back to pre-coronavirus levels in June https://globalnews.ca/news/7290410/canada-retail-sales-june-back-to-pre-coronavirus-levels/
  • Technical Woes Hamper California's COVID-19 Data Collection https://www.databreachtoday.com/technical-woes-hamper-californias-covid-19-data-collection-a-14840
  • The Lesson Americans Never Learn https://www.theatlantic.com/ideas/archive/2020/08/gofundme-economy-was-never-going-work/615457/
• For The First Time, Two Hurricanes May Hit The Gulf of Mexico at The Same Time https://www.sciencealert.com/for-the-first-time-ever-two-hurricanes-may-hit-the-gulf-of-mexico-next-week
• Using Disinformation to Cause a Blackout https://www.schneier.com/blog/archives/2020/08/using_disinform.html
• AI pilot thoroughly beats human in F-16 dogfight, marking major breakthrough for artificial intelligence https://www.independent.co.uk/life-style/gadgets-and-tech/news/ai-pilot-dogfight-artificial-intelligence-darpa-a9681346.html
• Documents Obtained by EPIC Reveal DHS’s Slow Response to Election Cybersecurity Threats, Underscore Risks Posed by New Voting Technologies https://epic.org/2020/08/documents-obtained-by-epic-rev-2.html
• Ex-CIA officer arrested and charged with espionage https://www.cnn.com/2020/08/17/politics/former-cia-officer-charged-with-espionage/index.html
• US special forces veteran arrested for passing secrets to Russia https://www.bbc.com/news/world-us-canada-53869484
• Facebook Finally Cracks Down on QAnon https://www.wired.com/story/facebook-qanon-secret-ipod-carnival-ransomware-security-news
• Internet Storm Center Blocked https://isc.sans.edu/diary/rss/26476
• Iran plane crash: Cockpit exchange recorded after missile hit Ukraine jet https://www.bbc.co.uk/news/world-middle-east-53880254
• The Golden Age of computer user groups https://arstechnica.com/information-technology/2020/08/the-golden-age-of-computer-user-groups/
• Go read how the US government built a top-secret iPod right under Steve Jobs’ nose https://www.theverge.com/2020/8/18/21374491/go-read-this-apple-us-government-secret-custom-ipod-david-shayer
• Reply-All storm sparked by student smut sees school system shut down Google Classroom for up to a week https://www.theregister.com/2020/08/17/act_schools_email_incident/
• (Metric anyone) Did you know there is a US foot and an International foot? https://www.nytimes.com/2020/08/18/science/foot-surveying-metrology-dennis.html
• California Just Reported First Case of Human Plague in 5 Years https://www.sciencealert.com/california-has-just-reported-a-case-of-human-plague
• Death Valley records highest temperature in the world in more than 100 years https://www.cbc.ca/news/technology/death-valley-hottest-1.5689060
• Amsterdam has been collapsing for years. Now it's paying the price https://www.cnn.com/travel/article/amsterdam-collapsing/index.html
• Greenland's Ice Sheet Has Lost a Record Half-a-Trillion Tonnes in a Single Year https://www.sciencealert.com/greenland-ice-sheets-shed-an-alarming-half-a-trillion-tonnes-in-one-year
• Genetically-modified mosquitoes to be released in Florida Keys to fight diseases https://globalnews.ca/news/7289992/genetically-modified-mosquitoes-florida-2/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, and waves:

  • Ontario uptick https://toronto.ctvnews.ca/ontario-reports-highest-number-of-new-covid-19-cases-since-july-1.5068733
  • Teachers and students become infected with coronavirus at 41 German schools https://globalnews.ca/news/7290375/coronavirus-germany-schools-cases/
  • Another group of international flights land in Canada with COVID-19 patients https://toronto.ctvnews.ca/another-group-of-international-flights-land-in-canada-with-covid-19-patients-1.5067157
  • Ontario’s COVID-19 cases have been on the decline. What can we expect if there’s a 2nd wave? https://globalnews.ca/news/7290923/ontario-2nd-wave-covid-19-coronavirus/
  • US intel agencies find Wuhan officials kept Beijing in the dark for weeks about coronavirus https://www.cnn.com/2020/08/21/politics/us-intel-wuhan-covid/index.html
  • Assessing SARS-CoV-2 transmission on an international flight https://scienmag.com/assessing-sars-cov-2-transmission-on-an-international-flight/

• Guidance, Response and Recovery:

  • Long-Haulers Are Redefining COVID-19 https://www.theatlantic.com/health/archive/2020/08/long-haulers-covid-19-recognition-support-groups-symptoms/615382/
  • NYC Adds Hotel Requirements In COVID Crackdown https://www.pymnts.com/coronavirus/2020/nyc-adds-hotel-requirements-in-covid-crackdown/
  • Here's what happened when students went to school during the 1918 pandemic https://www.cnn.com/2020/08/19/us/schools-flu-pandemic-1918-trnd/index.html
  • New TDSB elementary school plan mandates smaller classes, all students to wear masks https://globalnews.ca/news/7289764/coronavirus-tdsb-elementary-return-to-school-plan/

• Treatments, Testing, Triage, and Trials, and things we learned:

  • Scientists find COVID-19 coronavirus variant linked to milder infections https://www.cbc.ca/news/health/milder-coronavirus-1.5694855
  • Some 'Healthy' Kids Can Carry as Much COVID-19 Virus as Severely Sick Adults https://www.sciencealert.com/some-healthy-kids-with-covid-19-might-carry-enough-virus-to-hospitalise-an-adult
  • Coronavirus antibodies tests 'put public at risk' https://www.bbc.co.uk/news/health-53853967
  • COVID-19 Spit Tests Used by NBA Are Now Authorized by FDA https://www.scientificamerican.com/article/covid-19-spit-tests-used-by-nba-are-now-authorized-by-fda/
  • Army and Illinois researchers design, test protein that may lead to COVID-19 therapeutic https://scienmag.com/army-and-illinois-researchers-design-test-protein-that-may-lead-to-covid-19-therapeutic/
  • Study of More Than 55,000 COVID-19 Cases Reveals a Predictable Order of Symptoms https://www.sciencealert.com/study-of-more-than-55-000-covid-19-cases-reveals-a-predictable-order-of-symptoms
  • Hydroxychloroquine ineffective as a preventive antiviral against COVID-19 https://scienmag.com/new-study-hydroxychloroquine-ineffective-as-a-preventive-antiviral-against-covid-19/

• Disinformation:

  • Nine COVID-19 Myths That Just Won't Go Away https://www.scientificamerican.com/article/nine-covid-19-myths-that-just-wont-go-away/
  • Platforms successfully stopped a lame COVID conspiracy video from going viral https://www.theverge.com/interface/2020/8/19/21373820/plandemic-indoctornation-facebook-youtube-twitter-removal-block-covid-hoax-block

• Masks, anti-maskers, and distancing:

  • Hawaiian Airlines bans masks with vents or valves, institutes medical screenings for those claiming exemptions https://www.foxbusiness.com/lifestyle/hawaiian-airlines-banning-masks-vents-valves-medical-assessments-those-exempt
  • Newly Designed Nanowire Material For Face Masks Can Actually Destroy Pathogens https://www.sciencealert.com/new-filter-paper-for-making-nanowire-masks-could-help-beat-coronavirus
  • Doctor invents hybrid mask allowing ENT doctors to see more patients https://scienmag.com/doctor-invents-hybrid-mask-allowing-ent-doctors-to-see-more-patients/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• When Scientific American Made M. C. Escher Famous https://www.scientificamerican.com/article/when-scientific-american-made-m-c-escher-famous/
• AI AI Weirdness https://aiweirdness.com/post/626712039215202304
• Want to Save a Cow From Being Attacked By a Predator? Paint Some Eyes on Its Butt https://www.mentalfloss.com/article/627983/save-cow-from-predators-paint-eyes-on-its-butt
• First Laser Space Debris Detection Made… in Daylight https://www.universetoday.com/147445/first-laser-space-debris-detection-made-in-daylight/
• A Tiny Asteroid Just Made The Closest Earth Fly-by on Record, And We Didn't See It Coming https://www.sciencealert.com/a-car-size-asteroid-just-made-the-closest-pass-of-earth-on-record-and-we-didn-t-see-it-coming
• The SAA is like a Bermuda Triangle of Spacecraft Malfunctions https://www.sciencealert.com/nasa-is-tracking-the-mysterious-evolving-anomaly-in-earth-s-magnetic-field
• The Sun Might Have Once Had a Binary Companion Star https://www.universetoday.com/147514/the-sun-might-have-once-had-a-binary-companion-star/