This Week's [in]Security - Issue 189 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PTSv3 Expiry. POS malware. New breaches (150M+) New Ransomware. Zoom. NIST. Elections. DNS Cache Poisoning. Intel SGX. Chrome zero-days. Wordpress. Nation States. CyberSkils. Health, Safety & Environment. 30+ Hurricanes. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. Contact Tracing. Vaccine Progress. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• Vote for the 2021-2022 PCI Board of Advisors https://blog.pcisecuritystandards.org/a-message-from-pci-ssc-executive-director-lance-johnson-vote-for-the-2021-2022-board-of-advisors

• PTSv3 Expiry:

  • Warning for the upcoming April 30, 2021 expiry of PTSv3 POI devices - they may no longer be eligible for SAQ-B-IP (long) https://www.pcicomplianceguide.org/pts-poi-v3-device-expiration/
  • FAQ on SAQ-B-IP eligibility and expired PTS devices https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Does-the-use-of-expired-PTS-POI-devices-meet-eligibility-criteria-for-SAQ-B-IP
• Master Card FAQ's on Payment terminals : https://globalrisk.mastercard.com/wp-content/uploads/2020/09/Terminal-and-PIN-Entry-Security-Standards-FAQs-1-September-2020.pdf (via https://www.mastercard.com/PCI360))

• Visa PIN Entry Device Requirements https://usa.visa.com/content/dam/VCOM/global/partner-with-us/documents/visa-ped-requirments.pdfPOS malware:

  • The Wash Tub is notifying customers of a year-long payment card breach POS malware https://www.databreaches.net/the-wash-tub-is-notifying-customers-of-a-year-long-payment-card-breach/
  • 'ModPipe' POS Malware Attacking Hospitality Industry
• Oracle cloud PCI guidance https://blogs.oracle.com/cloud-infrastructure/updated-guidance-to-customer-for-pci-compliance-on-oracle-cloud-infrastructure
• COVID-19 Could Push Merchant Surcharging To The Mainstream https://www.pymnts.com/news/pos-innovation/2020/covid-19-could-push-merchant-surcharging-to-the-mainstream/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New breaches:

  • Hosting Provider Exposed 63M Records incl. WP & Magento https://www.databreaches.net/hosting-provider-exposed-63m-records-incl-wp-magento/
  • Info of 27.7 million Texas drivers exposed in Vertafore data breach https://www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/
  • 123RF - 8,661,578 breached accounts https://haveibeenpwned.com/PwnedWebsites#123RF
  • Home Chef - 8,815,692 breached accounts https://haveibeenpwned.com/PwnedWebsites#HomeChef
  • Animal Jam Hacked, 46M Records and 7,104,998 breached accounts https://haveibeenpwned.com/PwnedWebsites#AnimalJam and https://threatpost.com/animal-jam-hack-data-breach/161177/
  • Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/
  • Hacker shares 3.2 million Pluto TV accounts for free on forum https://www.databreaches.net/hacker-shares-3-2-million-pluto-tv-accounts-for-free-on-forum/
  • Mashable - 1,414,677 breached accounts https://haveibeenpwned.com/PwnedWebsites#Mashable
  • Online Supermarket BigBasket Investigates Data Leak Report https://www.databreachtoday.com/online-supermarket-bigbasket-investigates-data-leak-report-a-15331
  • Delaware Division of Public Health Announces Data Breach Incident Involving COVID-19 Results https://www.databreaches.net/delaware-division-of-public-health-announces-data-breach-incident-involving-covid-19-results/
  • COVID-19 Data-Sharing App COVID-KAYA Leaked Healthcare Worker Infohttps://citizenlab.ca/2020/11/unmasked-covid-kaya-and-the-exposure-of-healthcare-worker-data-in-the-philippines/, (Tagalog version) https://citizenlab.ca/2020/11/covid-kaya-and-the-exposure-of-healthcare-worker-data-in-the-philippines-tagalog/, and https://threatpost.com/covid-19-data-leaked-healthcare-worker-info/161108/

• New Ransomware:

  • Compal, the second-largest laptop manufacturer in the world, hit by ransomware https://www.zdnet.com/article/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware/
  • Melbourne firm denies data stolen during ransomware attack https://www.databreaches.net/melbourne-firm-denies-data-stolen-during-ransomware-attack/
  • (Too Cute)Egregor ransomware causes printers to spit out ransom notes https://www.databreaches.net/egregor-ransomware-causes-printers-to-spit-out-ransom-notes/

• Follow-ups and fall-out:

  • More on last week's 26K db breach - Cit0day - 226,883,414 breached accounts https://haveibeenpwned.com/PwnedWebsites#Cit0day
  • Ticketmaster Scores Hefty Fine Over 2018 Data Breach https://threatpost.com/ticketmaster-fine-2018-data-breach/161198/
  • Probing Marriott's Mega-Breach: 9 Cybersecurity Takeaways https://www.databreachtoday.com/probing-marriotts-mega-breach-9-cybersecurity-takeaways-a-15338
  • Lazada RedMart - 1,107,789 breached accounts https://haveibeenpwned.com/PwnedWebsites#Lazada
  • Eight months after ransomware attack, Advanced Urgent Care of Florida Keys notifies patients https://www.databreaches.net/nine-months-after-ransomware-attack-advanced-urgent-care-of-florida-keys-notifies-patients/

Privacy

Articles about privacy related news, risks, and trends.

• A Case for Facial Recognition https://www.nytimes.com/2020/11/11/technology/facial-recognition-software-police.html
• Training Facial Recognition on Some New Furry Friends: Bears https://www.nytimes.com/2020/11/11/science/bears-facial-recognition.html
• Zoom lied to users about end-to-end encryption for years, FTC says https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/
• FTC Fails to Address Privacy in Settlement with Zoom https://epic.org/2020/11/ftc-fails-to-address-privacy-i.html
• CRTC issues $100,000 in fines to brokerages for violating telemarketing rules https://mobilesyrup.com/2020/11/10/crtc-issues-100000-fines-brokerages-violating-telemarketing-rules/
• German Court Slashes a GDPR Privacy Fine by 90% https://www.databreachtoday.com/german-court-slashes-gdpr-privacy-fine-by-90-a-15359
• Divided Court Rules Baltimore's Continuous Aerial Surveillance is Constitutional https://epic.org/2020/11/divided-court-rules-baltimores.html

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Swiss spies knew about Crypto AG compromise – and kept it from govt overseers for nearly 30 years https://www.theregister.com/2020/11/12/crypto_ag_swiss_parliament_report/
• A EU/UK data privacy disaster is approaching, and most businesses aren't ready for it https://www.zdnet.com/article/a-data-disaster-is-approaching-and-most-businesses-arent-ready-for-it/
• Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits https://www.databreaches.net/cyber-consulting-firms-get-tied-up-in-post-breach-lawsuits/
• Finland Fast-Tracks ID Code Law Change After Hacking Case https://www.securityweek.com/finland-fast-tracks-id-code-law-change-after-hacking-case

• Canada:

  • The Law Bytes Podcast, Episode 69: Bram Abramson on the Government’s Plan to Regulate Internet Streaming Services https://www.michaelgeist.ca/2020/11/law-bytes-podcast-episode-69/

• US:

  • Breach Lawsuit Spotlights Complex Vendor Issues https://www.databreaches.net/breach-lawsuit-spotlights-complex-vendor-issues/
  • Asleep at the Wheel: Why Didn't Carmakers Prepare for Massachusetts' Right to Repair Law? https://www.eff.org/deeplinks/2020/11/asleep-wheel-why-didnt-carmakers-prepare-massachusetts-right-repair-law

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Announcing our open source security key test suite https://security.googleblog.com/2020/11/announcing-our-open-source-security-key.html
• Introducing “How to Fix the Internet,” a New Podcast from EFF https://www.eff.org/deeplinks/2020/11/introducing-how-fix-internet-new-podcast-eff
• Apple to Deliver ‘Privacy Labels’ for Apps, Revealing Data-Sharing Details https://threatpost.com/apple-privacy-labels-apps-data-sharing/161081/
• How Do Security Controls Help Implement a Corporate Security Policy? https://blog.isc2.org/isc2_blog/2020/11/how-do-security-controls-help-implement-a-corporate-security-policy.html
• Worried About SaaS Misconfigurations? Check These 5 Settings Everybody Misses https://thehackernews.com/2020/11/worried-about-saas-misconfigurations.html
• Palo Alto Networks to Acquire Attack Surface Management Firm Expanse in $800 Million Deal https://www.securityweek.com/palo-alto-networks-acquire-attack-surface-management-firm-expanse-800-million-deal
• 10 Years of HTTPS Everywhere https://www.eff.org/deeplinks/2020/11/10-years-https-everywhere
• Preloading Intermediate CA Certificates into Firefox https://blog.mozilla.org/security/2020/11/13/preloading-intermediate-ca-certificates-into-firefox/
• Barracuda to Acquire Fyde for Zero-Trust Capabilities https://www.darkreading.com/endpoint/barracuda-to-acquire-fyde-for-zero-trust-capabilities/d/d-id/1339426

• Election Security:

  • 2020 Was a Secure Election https://www.schneier.com/blog/archives/2020/11/2020-was-a-secure-election.html
  • Did Sean Hannity misquote Princeton security researcher? https://freedom-to-tinker.com/2020/11/13/did-sean-hannity-misquote-me/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• DNS cache poisoning, the Internet attack from 2008, is back from the dead https://arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/
• Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical SMS Multi-Factor Authentication https://www.forbes.com/sites/brookecrothers/2020/11/14/microsoft-warns-a-strong-password-doesnt-work-neither-does-typical-multi-factor-authentication/ and https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication
• Windows 10, iOS, Chrome, and many others fall at China's top hacking contest https://www.zdnet.com/article/windows-10-ios-chrome-and-many-others-fall-at-chinas-top-hacking-contest/
• Patch Tuesday, November 2020 Edition https://krebsonsecurity.com/2020/11/patch-tuesday-november-2020-edition/
• Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087 https://www.tenable.com/blog/microsoft-s-november-2020-patch-tuesday-addresses-112-cves-including-cve-2020-17087
• Colossal Intel 40-Bug Update Anchored by Critical Privilege-Escalation Bugs https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/
• Intel SGX defeated yet again—this time thanks to on-chip power meter https://arstechnica.com/information-technology/2020/11/intel-sgx-defeated-yet-again-this-time-thanks-to-on-chip-power-meter/ and https://www.theregister.com/2020/11/14/intel_sgx_physical_security/
• Hackers can use just-fixed Intel bugs to install malicious firmware on PCs https://arstechnica.com/information-technology/2020/11/intel-patches-high-severity-bugs-protecting-lost-stolen-or-confiscated-pcs/
• PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption https://www.securityweek.com/platypus-hackers-can-obtain-crypto-keys-monitoring-cpu-power-consumption
• Mysterious Bugs Were Used to Hack iPhones and Android Phones and No One Will Talk About It https://www.vice.com/en/article/xgzxmk/google-project-zero-bugs-used-to-hack-iphones-and-android-phones
• Two New Chrome 0-Days Under Active Attacks – Update Your Browser https://thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html
• Chrome to block tab-nabbing attacks https://www.zdnet.com/article/chrome-to-block-tab-nabbing-attacks
• Ultimate Member Plugin for WordPress Allows Site Takeover https://threatpost.com/ultimate-member-plugin-wordpress-site-takeover/161053/
• Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs https://www.securityweek.com/encryption-vulnerabilities-allow-hackers-take-control-schneider-electric-plcs
• EA Games' Origin client contained privilege escalation vuln that anyone with user-grade access could exploit https://www.theregister.com/2020/11/10/ea_games_origin_privesc_vuln_nettitude/
• Bug hunting and missing a bug https://googleprojectzero.blogspot.com/2020/11/oops-i-missed-it-again.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Ransomware Group Turns to Facebook Ads https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/
• How Hackers Blend Attack Methods to Bypass MFA https://www.darkreading.com/vulnerabilities---threats/how-hackers-blend-attack-methods-to-bypass-mfa/a/d-id/1339370
• Botnet Attackers Turn to Vulnerable IoT Devices https://threatpost.com/botnet-attackers-turn-to-vulnerable-iot-devices/161210/
• Minecraft Apps on Google Play Fleece Players Out of Big Money https://threatpost.com/minecraft-apps-google-play-fleece-players/161125/

• Nation State Actors:

  • Three APTs have targeted seven vaccine makers https://www.zdnet.com/article/microsoft-says-three-apts-have-targeted-seven-covid-19-vaccine-makers/?ftag=CAD-03-10abf6j
  • Czech Intel Report Targets Russian, Chinese Spies https://www.securityweek.com/czech-intel-report-targets-russian-chinese-spies

• Crime:

  • Former Microsoft Engineer Sentenced to 9 Years in Prison https://www.databreachtoday.com/former-microsoft-engineer-sentenced-to-9-years-in-prison-a-15340

Other Security / Risk

Articles covering other types of risks.

• ‘Coded Bias’ Documentary Review: When the Bots Are Racist https://www.nytimes.com/2020/11/11/movies/coded-bias-review.html
• Cybersecurity Skills Shortage Falls for First Time https://www.infosecurity-magazine.com/news/cybersecurity-skills-shortage-1/
• Understanding Cloud Misconfigurations — With Pizza and Lego https://www.trendmicro.com/en_us/research/20/k/Understanding-Cloud-Misconfigurations-With-Pizza-and-Lego.html
• Radio Frequency fingerprinting of aircraft ADS-B transmitters? Boffins reckon they've cracked it https://www.theregister.com/2020/11/10/adsb_fingerprinting_research/
• The Security Failures of Online Exam Proctoring https://www.schneier.com/blog/archives/2020/11/the-security-failures-of-online-exam-proctoring.html
• Body Found in Canada Identified as Neo-Nazi Spam King https://krebsonsecurity.com/2020/11/body-found-in-canada-identified-as-neo-nazi-spam-king/
• Every last Slingbox will become a brick in two years https://www.theverge.com/2020/11/9/21557578/slingbox-discontinued-servers-sunset
• (They spent money on this?)Age gates on alcohol websites are ineffective, Texas A&M research shows https://scienmag.com/age-gates-on-alcohol-websites-are-ineffective-texas-am-research-shows/

• Health, Safety & Environment:

  • Atlantic basin churns out record-setting 29th named storm (Theta) https://www.accuweather.com/en/hurricane/atlantic-basin-churns-out-record-setting-29th-named-storm/846665
  • Here we go again: Tropical Depression 31 forms over the Caribbean https://www.accuweather.com/en/hurricane/here-we-go-again-tropical-depression-31-forms-over-the-caribbean/848694
  • Canadian discovery: A potential game-changer to reverse alcohol intoxication https://scienmag.com/canadian-discovery-a-potential-game-changer-to-reverse-alcohol-intoxication/
  • Man fined for trying to fry chicken in Yellowstone hot spring https://www.theweathernetwork.com/ca/news/article/man-fined-for-trying-to-fry-chicken-in-yellowstone-hot-spring and earlier this year https://www.theweathernetwork.com/ca/news/article/woman-sustains-burns-after-illegally-entering-yellowstone-park-oild-faithful
  • Destroyed 'murder hornet' nest near U.S.-B.C. border contained nearly 200 queens https://www.cbc.ca/news/canada/british-columbia/murder-hornet-nest-washington-bc-200-queens-1.5798631
  • Evolution favours new diseases of ‘intermediate’ severity https://scienmag.com/evolution-favours-new-diseases-of-intermediate-severity/

• Other risks relating to COVID and the new normal:

  • Police issue warning of ongoing fake taxi scam in Toronto https://toronto.ctvnews.ca/police-issue-warning-of-ongoing-fake-taxi-scam-in-toronto-1.5183040
  • How to clean your laptop keyboard https://www.theverge.com/21557240/laptop-keyboard-how-to-clean-key-windows-mac
  • COVID-19 pandemic leaves Quebec with $15 billion deficit for 2020-2021 fiscal year https://globalnews.ca/news/7458868/covid-19-coronavirus-quebec-budget-2020-2021/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, and waves - now reinfection:

  • U.S. has seen over 1 million new coronavirus cases in first 10 days of November https://globalnews.ca/news/7455511/us-coronavirus-cases-november/
  • The Worst Day of the Pandemic Since May https://www.theatlantic.com/science/archive/2020/11/pandemic-coronavirus-hospitalizations-new-record/617061/
  • The Russian provinces buckling under Covid-19 https://www.bbc.co.uk/news/world-54910067
  • 29 residents dead as Scarborough long-term care home deals with latest COVID-19 outbreak https://toronto.ctvnews.ca/29-residents-dead-as-scarborough-long-term-care-home-deals-with-latest-covid-19-outbreak-1.5185186
  • Some form of lockdown 'inevitable' in Ontario as COVID-19 cases hit new high https://toronto.ctvnews.ca/some-form-of-lockdown-inevitable-in-ontario-as-covid-19-cases-hit-new-high-doctor-warns-1.5184685
  • Study of nearly 2,000 Marine recruits reveals asymptomatic SARS-CoV-2 transmission https://scienmag.com/study-of-nearly-2000-marine-recruits-reveals-asymptomatic-sars-cov-2-transmission/
  • The Real Danger Posed by Coronavirus-Infected Mink https://www.scientificamerican.com/article/the-real-danger-posed-by-coronavirus-infected-mink/

• Contact Tracing:

  • Australia to track Coronavirus encounters with payment card records https://www.theregister.com/2020/11/16/australia_contact_tracing_review_payment_recommendation/
  • Restaurants and gyms were COVID-19 superspreader sites when the pandemic began, cellphone data reveals https://www.businessinsider.com/restaurants-and-gyms-were-spring-covid-19-hotspots-cellphone-data-2020-11
  • Paper on corrupting/falsifying COVID alerts https://eprint.iacr.org/2020/1393

• Guidance, Response and Recovery:

  • Toronto to enter red zone under Ontario’s coronavirus system with stricter local restrictions https://globalnews.ca/news/7454443/toronto-red-zone-coronavirus-restrictions/
  • Many Toronto business owners, employees confused over new colour-coded system https://globalnews.ca/news/7457525/coronavirus-ontario-colour-system-confusion-covid-19/
  • Vending machines that dispense masks, hand sanitizer to be installed at 10 TTC stations https://toronto.ctvnews.ca/vending-machines-that-dispense-masks-hand-sanitizer-to-be-installed-at-10-ttc-stations-1.5189025
  • What is a coronavirus ‘circuit-breaker?’ A pivot in strategy with pros and cons https://globalnews.ca/news/7453570/coronavirus-circuit-breaker-alberta-lockdown/
  • A cap on numbers in restaurants could stop them from becoming covid hot spots https://www.technologyreview.com/2020/11/10/1011930/a-cap-on-numbers-in-restaurants-could-stop-them-becoming-covid-hotspots/
  • Russia resists lockdown and pins hopes on vaccine https://www.bbc.co.uk/news/world-europe-54885616
  • Hospitals install pop-up Covid-19 isolation bays https://www.bbc.co.uk/news/health-54910619
  • Some educators advocate for extended Christmas break to stop COVID-19 https://toronto.citynews.ca/2020/11/15/some-educators-advocate-for-extended-christmas-break-to-stop-covid-19/

• Treatments, Testing, Triage, and Trials:

  • Rapid coronavirus tests slow to be used as officials unsure of best use https://globalnews.ca/news/7462818/coronavirus-rapid-testing/
  • COVID-related hospital overcrowding has gotten so bad the Utah governor has issued a state of emergency https://www.businessinsider.com/utah-governor-issues-state-of-emergency-mask-mandate-2020-11
  • The FDA just authorized Eli Lilly's antibody treatment for emergency use to treat the coronavirus (LLY) https://www.businessinsider.com/eli-lilly-covid-antibody-treatment-authorized-emergency-use-trump-coronavirus-2020-10
  • Fluvoxamine may prevent serious illness in COVID-19 patients https://scienmag.com/fluvoxamine-may-prevent-serious-illness-in-covid-19-patients/_Vaccines Progress:
  • Pfizer says its coronavirus vaccine is 90% effective. https://www.businessinsider.com/how-pfizer-coronavirus-vaccine-compares-other-vaccines-2020-11
  • Pfizer vaccine trial participant reveals what it's like to be injected with the first effective vaccine for COVID-19 https://www.businessinsider.com/pfizer-vaccine-trial-participant-on-side-effects-what-its-like-2020-11
  • Immunising the world against Covid-19 https://www.bbc.co.uk/news/health-54896513
  • Most States Aren’t Ready to Distribute the Leading COVID-19 Vaccine http://feeds.propublica.org/link/9499/14054721/most-states-arent-ready-to-distribute-the-leading-covid-19-vaccine
  • Russian Covid vaccine shows encouraging results https://www.bbc.co.uk/news/health-54905330

• Things we learned:

  • Smell and taste changes provide early indication of COVID-19 community spread https://scienmag.com/smell-and-taste-changes-provide-early-indication-of-covid-19-community-spread/
  • Scientists Just Found a Mysteriously Hidden 'Gene Within a Gene' in SARS-CoV-2 https://www.sciencealert.com/scientists-find-mysterious-gene-within-gene-hidden-in-the-coronavirus-genome
  • Could SARS-CoV-2 evolve resistance to COVID-19 vaccines? https://scienmag.com/could-sars-cov-2-evolve-resistance-to-covid-19-vaccines/
  • Identification of the SARS-CoV-2 virus features causing COVID-19 using primate model https://scienmag.com/identification-of-the-sars-cov-2-virus-features-causing-covid-19-using-primate-model/
  • Uracil switch in SARS-CoV-2 genome alters innate immune responses https://scienmag.com/uracil-switch-in-sars-cov-2-genome-alters-innate-immune-responses/
  • Screening travelers for symptoms of Covid-19 was ineffective, CDC study says https://www.cnn.com/travel/article/cdc-study-symptom-screening-airport-covid-19-ineffective/index.html

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Wearing a mask also helps protect you from coronavirus https://globalnews.ca/news/7456337/cdc-coronavirus-mask-protects-wearer/ and https://www.sciencealert.com/cdc-now-advises-cloth-masks-protect-the-wearer-from-coronavirus
  • Organizer of anti-mask protest at Hamilton city hall charged https://globalnews.ca/news/7462471/anti-mask-organizer-hamilton-charged/
  • Seventeen COVID-19 cases linked to two wedding events in Vaughan, Ont. https://toronto.ctvnews.ca/seventeen-covid-19-cases-linked-to-two-wedding-events-in-vaughan-ont-1.5184790
  • (Foreshadowing US Thanksgiving, Christmas, and New Years)Fines issued following large gatherings in Brampton for Diwali https://toronto.ctvnews.ca/fines-issued-following-large-gatherings-in-brampton-for-diwali-mayor-confirms-1.5189779
  • Numerous $5,000 tickets issued in Manitoba for not following COVID health orders https://globalnews.ca/news/7455968/numerous-5000-tickets-issued-in-manitoba-for-not-following-covid-health-orders/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Alphabet delivers wireless Internet over light beams from 20km away https://arstechnica.com/information-technology/2020/11/alphabet-delivers-wireless-internet-over-light-beams-from-20km-away/
• Low-Carbon Cement Can Help Combat Climate Change https://www.scientificamerican.com/article/low-carbon-cement-can-help-combat-climate-change/
• Success! SpaceX Just Launched 4 Astronauts Into Orbit in Historic NASA Mission https://www.sciencealert.com/success-spacex-just-launched-4-astronauts-into-orbit-and-landed-safely-afterwards
• Would hyperloop transportation technology work in Canada? https://www.cbc.ca/radio/quirks/would-hyperloop-transportation-technology-work-in-canada-1.5801147
• Doctor Who's sonic pioneers to turn internet into giant musical instrument https://www.theguardian.com/music/2020/nov/15/doctor-whos-sonic-pioneers-to-turn-internet-into-giant-musical-instrument
• Did astronomers just witness the explosive birth of a magnetar? https://www.syfy.com/syfywire/did-astronomers-just-witness-the-explosive-birth-of-a-magnetar