This Week's [in]Security - Issue 194 | insecurity | Control Gap

Welcome to This Week’s [in]Security. SolarWinds. Verifone and Ingenico Critical Updates. Carding. Over 45M records in new breaches. A Clear Breach Notice. New Ransomware. Doxxing. Schools with Cell Phone Unlocking Tech. DMCA. Forensic Privilege. Breaking up the NSA. NSO Lawsuit. Google Anti-Trust. Twitter FIned. NIST. Browser network partitioning. Passwords begone. Vaccine Logistics. Shadow IT. Air-Fi Stealth Wi-FI Attack. 5G. What Gets Exploited. WordPress. PaceMakers. ICS. Ships. Honda. Trends. Banking. iPwnage. Nation States. Arrests, etc. Disagreement. Persuasion. Zodiac. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. Vaccine Updates. And more.

Trending news

The SolarWinds Nation State Supply Chain Hack variously called Solar-Gate, Solorigate, (and yes even Breaking-Wind) dominates the headlines and has organizations scrambling to see just how bad it was. This is a major event and fast moving story with far reaching implications.

• What Happened:

  • Russian hackers infiltrated the US government for months without being spotted https://www.technologyreview.com/2020/12/15/1014462/how-russian-hackers-infiltrated-the-us-government-for-months-without-being-spotted/
  • Microsoft Finds Backdoor, CISA Warns of New Attack Vectors https://www.databreachtoday.com/microsoft-finds-backdoor-cisa-warns-new-attack-vectors-a-15626
  • SolarWinds hack that breached gov networks poses a “grave risk” to the nation https://arstechnica.com/information-technology/2020/12/feds-warn-that-solarwinds-hackers-likely-used-other-ways-to-breach-networks/
  • Suspected Russian hacking spree extended beyond SolarWinds users https://www.databreaches.net/suspected-russian-hacking-spree-extended-beyond-solarwinds-users/
  • Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor http://www.fireeye.fr/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
  • Threat Advisory: SolarWinds supply chain attack https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html
  • SolarWinds Likely Hacked at Least One Year Before Breach Discovery https://www.securityweek.com/solarwinds-likely-hacked-least-one-year-breach-discovery
  • How to Understand the Russia Hack Fallout https://www.wired.com/story/russia-solarwinds-hack-targets-fallout
  • SolarWinds Hack: Lawmakers Demand Answers https://www.databreachtoday.com/solarwinds-hack-lawmakers-demand-answers-a-15632
  • Former US cybersecurity chief Chris Krebs warned not to 'conflate' voting system security with SolarWinds hack https://www.businessinsider.com/krebs-do-not-conflate-voting-security-solarwinds-hack-2020-12

• Who's Affected:

  • 18K users compromised https://www.schneier.com/blog/archives/2020/12/more-on-the-solarwinds-breach.html
  • Only an elite few SolarWinds hack victims received follow-on attacks https://arstechnica.com/information-technology/2020/12/only-an-elite-few-solarwinds-hack-victims-received-follow-on-attacks/
  • U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
  • Nuclear weapons agency breached amid massive cyber onslaught https://www.databreaches.net/nuclear-weapons-agency-breached-amid-massive-cyber-onslaught/, https://threatpost.com/nuclear-weapons-agency-hacked-cyberattack/162387/
  • US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach https://www.bbc.com/news/world-us-canada-55386947
  • Microsoft says it identified 40+ victims of the SolarWinds hack https://www.zdnet.com/article/microsoft-says-it-identified-40-victims-of-the-solarwinds-hack/
  • Microsoft is reportedly added to the growing list of victims in SolarWinds hack https://arstechnica.com/information-technology/2020/12/microsoft-is-reportedly-added-to-the-growing-list-of-victims-in-solarwinds-hack/
  • Cisco targeted in SolarWinds attack as Microsoft uncovers a second hacking group https://siliconangle.com/2020/12/20/cisco-targeted-solarwinds-attack-microsoft-uncovers-second-hacking-group/
  • Cisco And Equifax Amongst Corporate Giants Finding Malware... But No Sign Of Russian Spies https://www.forbes.com/sites/thomasbrewster/2020/12/19/solarwinds-hack-cisco-and-equifax-amongst-corporate-giants-finding-malware-but-no-sign-of-russian-spies/
  • SolarWinds Supply-Chain Hit: Victims Include Cisco, Intel https://www.databreachtoday.com/solarwinds-supply-chain-hit-victims-include-cisco-intel-a-15619
  • NATO Checking Systems After US Cyberattack https://www.securityweek.com/nato-checking-systems-after-us-cyberattack
  • Florida launches investigation into hacking of its servers https://www.databreaches.net/florida-launches-investigation-into-hacking-of-its-servers/

• How it Happened:

  • SolarWinds hackers have a clever way to bypass multi factor authentication https://arstechnica.com/information-technology/2020/12/solarwinds-hackers-have-a-clever-way-to-bypass-multi-factor-authentication/
  • How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication https://www.schneier.com/blog/archives/2020/12/how-the-solarwinds-hackers-bypassed-duo-multi-factor-authentication.html
  • NSA on Authentication Hacks (Related to SolarWinds Breach) https://www.schneier.com/blog/archives/2020/12/nsa-on-authentication-hacks-related-to-solarwinds-breach.html
  • We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext' https://www.theregister.com/2020/12/16/solarwinds_github_password/
  • New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor https://thehackernews.com/2020/12/new-evidence-suggests-solarwinds.html
  • Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
  • VMware Flaw a Vector in SolarWinds Breach? https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/

• Mitigations:

  • SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack https://thehackernews.com/2020/12/solarwinds-issues-second-hotfix-for_15.html
  • Ensuring customers are protected from Solorigate https://www.microsoft.com/security/blog/2020/12/15/ensuring-customers-are-protected-from-solorigate/
  • Killswitch Found for Malware Used in SolarWinds Hack https://www.securityweek.com/killswitch-found-malware-used-solarwinds-hack

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI Security Standards Council Bulletin: Implementation Dates for Key Block (Proprietary)Equivalents https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Bulletin_on_Key_Block_Equivalents_Final.pdf
• P2PE Program Guide v3.0 r1.0 Errata Published https://www.pcisecuritystandards.org/documents/PCI-SSC_P2PE_Program_Guide_v3.0r1.0.pdf

• PCI Technical (Mandatory) FAQ updates for:

  • P2PE v3 https://www.pcisecuritystandards.org/documents/PCI-SSC_P2PEv3_Technical_FAQs_Dec2020.pdf
  • HSM v3 https://www.pcisecuritystandards.org/documents/PTS_HSM_Technical_FAQs_v3_Dec_2020.pdf
  • POI v5 https://www.pcisecuritystandards.org/documents/PTS_POI_Technical_FAQs_v5_Dec__2020.pdf
  • POI v6 https://www.pcisecuritystandards.org/documents/PTS_POI_Technical_FAQs_v6_Dec_2020.pdf
• Followup to last week: POS Device Makers Push Patches for Vulnerabilities https://www.databreachtoday.com/pos-device-makers-push-patches-for-vulnerabilities-a-15598
• In 2020, COVID-19 also impacted the carding market https://www.databreaches.net/in-2020-covid-19-also-impacted-the-carding-market/
• The PCI DSS Is Not The Only Relevant Payment Security Standard https://www.datex.ca/blog/the-pci-dss-is-not-the-only-relevant-payment-security-standard

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • 45 Million Medical Images Left Exposed Online https://threatpost.com/million-medical-images-online/162284/
  • Spotify Changes Passwords After Another Data Breach https://threatpost.com/spotify-changes-passwords-data-breach/162256/
  • Ledger - 1,075,241 breached accounts https://haveibeenpwned.com/PwnedWebsites#Ledger
  • Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm’s CRM customers https://www.databreaches.net/unsecured-azure-blob-exposed-500000-highly-confidential-docs-from-uk-firms-crm-customers/
  • Ransomware masterminds claim to have nabbed 53GB of data from Intel's Habana Labs https://www.theregister.com/2020/12/14/habana_labs_ransomware/
  • Premier Kids Care, Inc. notifies patients of attack first discovered in April https://www.databreaches.net/premier-kids-care-inc-notifies-patients-of-attack-first-discovered-in-april/
  • DoppelPaymer dumps data from public school districts in Mississippi and Montana https://www.databreaches.net/doppelpaymer-dumps-data-from-public-school-districts-in-mississippi-and-montana/
  • Ethical power supplier People's Energy hacked, 250K customers' personal info accessed https://www.theregister.com/2020/12/17/peoples_energy_hacked/
  • GenRx Pharmacy Breach Notice Shows How to Do It Right https://www.databreaches.net/genrx-pharmacy-breach-notice-shows-how-to-do-it-right/

• New Ransomware and "Incidents":

  • Norwegian Cruise Company Hurtigruten Experiences Cyber Attack https://www.databreaches.net/norwegian-cruise-company-hurtigruten-experiences-cyber-attack/

• Follow-ups and fall-out:

  • Company that Provides Travel Emergency Services Settles FTC Allegations it Failed to Secure Sensitive Consumer Data https://www.databreaches.net/company-that-provides-travel-emergency-services-settles-ftc-allegations-it-failed-to-secure-sensitive-consumer-data/
  • Seven states settle with CafePress over 2019 data breach https://www.databreaches.net/seven-states-settle-with-cafepress-over-2019-data-breach/
  • Gaps in safeguards led to massive Desjardins security breach: privacy commissioners https://www.cbc.ca/news/business/desjardins-breach-privacy-report-1.5840171
  • Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019 https://www.databreaches.net/investigation-into-desjardins-compliance-with-pipeda-following-a-breach-of-personal-information-between-2017-and-2019/

Privacy

Articles about privacy related news, risks, and trends.

• Doxxing: Tips To Protect Yourself Online & How to Minimize Harm https://www.eff.org/deeplinks/2020/12/doxxing-tips-protect-yourself-online-how-minimize-harm
• US Schools Are Buying Cell Phone Unlocking Systems https://www.schneier.com/blog/archives/2020/12/us-schools-are-buying-cell-phone-unlocking-systems.html
• Kazakhstan spies on citizens’ HTTPS traffic; browser makers fight back https://arstechnica.com/information-technology/2020/12/kazakhstan-spies-on-citizens-https-traffic-browser-makers-fight-back/
• Service NSW not effectively handling private information: NSW Auditor-General https://www.databreaches.net/au-service-nsw-not-effectively-handling-private-information-nsw-auditor-general/

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Canada’s Proposed New Privacy Legislation, The Consumer Privacy Protection Act (CPPA) https://www.datex.ca/blog/canadas-proposed-new-privacy-legislation-the-consumer-privacy-protection-act-cppa
  • The Broadcasting Act Blunder, Day 20: The Case Against Bill C-10 https://www.michaelgeist.ca/2020/12/the-case-against-bill-c-10/
  • Elections Canada considered briefing the Governor General on pandemic election rules https://globalnews.ca/news/7525279/canada-election-pandemic/

• US:

  • Protecting Your Rights to Understand and Innovate on the Tech in Your Life https://www.eff.org/deeplinks/2020/12/protecting-your-rights-understand-and-innovate-tech-your-life
  • Maintaining legal privilege over forensic data-breach reports https://www.databreaches.net/maintaining-privilege-over-forensic-data-breach-reports/
  • Pentagon proposes to split NSA, U.S. Cyber Command leadership https://globalnews.ca/news/7533482/pentagon-cybersecurity-split/
  • Pentagon Plan on Cyber Split Draws Strong Hill Criticism https://www.securityweek.com/pentagon-plan-cyber-split-draws-strong-hill-criticism
  • US Blacklists Chinese Companies Including Chip Giant SMIC https://www.securityweek.com/us-blacklists-chinese-companies-including-chip-giant-smic
  • Fox News is debunking claims made by its own anchors in response to a legal threat https://www.businessinsider.com/fox-news-debunking-election-fraud-claims-made-by-its-anchors-2020-12
  • Microsoft, Google, Cisco, and others file amicus brief in support of Facebook's NSO lawsuit https://www.zdnet.com/article/microsoft-google-cisco-and-others-file-amicus-brief-in-support-of-facebooks-nso-lawsuit/
  • Texas, 9 other states sue Google for abusing market power https://www.cbc.ca/news/business/texas-google-lawsuit-1.5844223
  • Google Faces Two Additional Antitrust Suits https://epic.org/2020/12/google-faces-two-additional-an.html

• World:

  • Twitter scores a first for big tech after being fined €450,000 by Ireland's data watchdog for violating the EU's GDPR https://www.theregister.com/2020/12/15/twitter_gdpr_fine/
  • In wake of horrific Vastaamo breach, Finnish government tables laws to protect data from cyber criminals https://www.databreaches.net/in-wake-of-horrific-vastaamo-breach-finnish-government-tables-laws-to-protect-data-from-cyber-criminals/

• New NIST:

  • Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: Draft NISTIR 8286A is Available for Comment https://csrc.nist.gov/publications/detail/nistir/8286a/draft
  • NIST Releases Draft Guidance on Internet of Things Device Cybersecurity https://www.nist.gov/news-events/news/2020/12/nist-releases-draft-guidance-internet-things-device-cybersecurity
  • The 2nd Open Security Controls Assessment Language (OSCAL) Workshop https://www.nist.gov/news-events/events/2021/02/2nd-open-security-controls-assessment-language-oscal-workshop#Proposals
  • CVMAP for CVE Numbering Authorities (CNAs) and Authorized Data Publishers: NISTIR 8246 https://csrc.nist.gov/publications/detail/nistir/8246/final

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Firefox to ship 'network partitioning' as a new anti-tracking defense https://www.zdnet.com/article/firefox-to-ship-network-partitioning-as-a-new-anti-tracking-defense
• How to Use Password Length to Set Best Password Expiration Policy https://thehackernews.com/2020/12/how-to-use-password-length-to-set-best.html
• Passwords begone: GitHub will ban them next year for authenticating Git operations https://www.theregister.com/2020/12/17/github_bans_passwords/
• Passwordless Authentication and Zero-Trust https://blog.isc2.org/isc2_blog/2020/12/absolute-zero-.html
• Google Extends Support Period for Android Devices https://www.securityweek.com/google-extends-support-period-android-devices
• 4 Ways to Improve Nessus Scans Through Firewalls https://www.tenable.com/blog/4-ways-to-improve-nessus-scans-through-firewalls

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• CSIS warns of threats to vaccine distribution chain https://www.cbc.ca/news/politics/csis-vaccine-distribution-threats-1.5842035
• Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr https://threatpost.com/code42-incydr-series-bringing-shadow-it-into-the-light-with-code42-incydr/162311/
• Air-Gap Attack Turns Memory Modules into Wi-Fi Radios https://threatpost.com/air-gap-attack-turns-memory-wifi/162358/
• 'Long-standing vulns' in 5G protocols open the door for attacks on smartphone users https://www.theregister.com/2020/12/18/5g_security_enisa_positive_technologies/
• Proportion of Exploited Vulnerabilities Continues to Drop (this may not be good news) https://www.securityweek.com/proportion-exploited-vulnerabilities-continues-drop
• 5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack https://threatpost.com/contact-form-7-plugin-bug/162383/
• Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices https://www.securityweek.com/vulnerabilities-medtronic-product-can-allow-hackers-control-cardiac-devices
• Industrial Control Systems Ripe Targets for Ransomware https://www.securityweek.com/industrial-control-systems-ripe-targets-ransomware
• Your ship comms app is 'secured' with a Flash interface, doesn't sanitise SQL inputs and leaks user data, you say? https://www.theregister.com/2020/12/16/dualog_communications_suite_cves/
• Honda recalls 737,000 Accord and Insight cars over a software flaw https://www.engadget.com/honda-recalls-accord-insight-cars-over-software-flaw-154349095.html
• Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome https://threatpost.com/firefox-patches-critical-mystery-bug-also-impacting-google-chrome/162294/
• Authentication Bypass Vulnerability Patched in Bouncy Castle Library https://www.securityweek.com/authentication-bypass-vulnerability-patched-bouncy-castle-library
• Yes, Donald Trump really did protect his Twitter account with MAGA2020! password https://www.theregister.com/2020/12/17/trump_twitter_hacking/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than SolarWinds):

  • Credential Stealer Targets US, Canadian Bank Customers https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
  • A Massive Fraud Operation Stole Millions From Online Accounts https://www.wired.com/story/massive-fraud-operation-stole-millions-online-bank-accounts
  • The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
  • Zero-click iOS zero-day found deployed against Al Jazeera employees https://www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees
  • Three million users installed 28 malicious Chrome or Edge extensions https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/
  • Ransomware attackers are making threatening phone calls to their victims, warns FBI https://www.databreaches.net/ransomware-attackers-are-making-threatening-phone-calls-to-their-victims-warns-fbi/
  • NSA Warns of Hacking Tactics That Target Cloud Resources https://www.databreachtoday.com/nsa-warns-hacking-tactics-that-target-cloud-resources-a-15635
  • FBI Warns of DoppelPaymer Ransomware Attack Surge https://www.databreachtoday.com/fbi-warns-doppelpaymer-ransomware-attack-surge-a-15630
  • RubyGems Packages Laced with Bitcoin-Stealing Malware https://threatpost.com/rubygems-packages-bitcoin-stealing-malware/162360/

• Nation State Actors:

  • Software Supply-Chain Attack Hits Vietnam Government Certification Authority https://thehackernews.com/2020/12/software-supply-chain-attack-hits.html
  • Russia’s hacking frenzy is a reckoning https://arstechnica.com/information-technology/2020/12/russias-hacking-frenzy-is-a-reckoning/
  • CISA Warns of Increasing Cyberthreats to US K-12 Schools https://www.databreachtoday.com/cisa-warns-increasing-cyberthreats-to-us-k-12-schools-a-15580

• Crime:

  • DOJ Seizes $4 Million in Assets Tied to Phantom Secure https://www.databreachtoday.com/doj-seizes-4-million-in-assets-tied-to-phantom-secure-a-15627
  • Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts https://threatpost.com/cisco-employee-convicted-deleting-webex-accounts/162246/

Other Security / Risk

Articles covering other types of risks.

• Why IT and Security Teams Do Not See Eye to Eye https://www.databreachtoday.com/it-security-teams-do-see-eye-to-eye-a-15541
• Should There Be Limits on Persuasive Technologies? https://www.schneier.com/blog/archives/2020/12/should-there-be-limits-on-persuasive-technologies.html
• Odd Story of Authentication Failure https://www.schneier.com/blog/archives/2020/12/authentication-failure.html
• More on the Zodiac Killer Cipher Solution https://www.schneier.com/blog/archives/2020/12/zodiac-killer-cipher-solved.html
• Troy Hunt #222 https://www.troyhunt.com/weekly-update-222/
• Google Maps postcode error leads delivery drivers on wild pizza chase https://www.theguardian.com/money/2020/dec/20/google-maps-postcode-error-leads-delivery-drivers-on-wild-pizza-chase
• Maple syrup industry sounds alarm over new Quebec lumber policy https://globalnews.ca/news/7534413/qc-maple-syrup-industry-national-wood-production-strategy/

• Health, Safety & Environment:

  • 'Yes, people have Zoom fatigue but it's not our fault' https://www.bbc.co.uk/news/business-55320156
  • Pregnant Women Must Be Included in Medical Research https://www.scientificamerican.com/article/pregnant-women-must-be-included-in-medical-research/
  • The possibilities of mRNA vaccines beyond COVID-19 https://www.cbc.ca/news/thenational/the-possibilities-of-mrna-vaccines-beyond-covid-19-1.5843190

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • Africa hits 2.5 million coronavirus cases as new variant detected in south https://globalnews.ca/news/7533368/coronavirus-africa-cases-2-5-mill/
  • New COVID-19 variant that is 70% more transmissible threatens UK https://www.businessinsider.com/london-on-lockdown-and-christmas-canceled-new-covid-19-variant-2020-12
  • WHO in 'close contact' with UK over new virus variant https://www.bbc.co.uk/news/world-55382212
  • Over half a million Canadians have now been infected with the coronavirus https://globalnews.ca/news/7532600/canada-coronavirus-half-million-cases/
  • Canada adds over 6,200 coronavirus cases as Nunavut sees first deaths https://globalnews.ca/news/7534633/canada-coronavirus-cases-dec-20/
  • Alberta records 1,286 COVID-19 cases, 10 deaths Sunday https://globalnews.ca/news/7534502/alberta-covid-19-update-sunday-december-20-2020/
  • Ontario reports 2,316 new coronavirus cases, 25 deaths https://globalnews.ca/news/7533848/ontario-coronavirus-cases-december-20-covid19/

• Guidance, Response and Recovery:

  • Canada restricts travel from U.K. due to new strain of virus that causes COVID-19 https://toronto.ctvnews.ca/canada-restricts-travel-from-u-k-due-to-new-strain-of-virus-that-causes-covid-19-1.5239605
  • There have been more than 7 million entries into Canada since COVID-19 began. CBSA explains why https://www.cbc.ca/news/business/canada-u-s-border-travel-covid-19-1.5843872
  • Ontario planning to implement new provincewide restrictions beginning Christmas Eve https://globalnews.ca/news/7534030/ontario-new-coronavirus-restrictions-2/
  • UK passengers on a plane to Germany were told to deboard or face mandatory coronavirus testing and quarantine at the airport when they landed https://www.businessinsider.com/pilot-uk-get-off-plane-or-face-quarantine-in-germany-2020-12
  • COVID-19: avoiding hospital caused heart disease death rise https://scienmag.com/covid-19-avoiding-hospital-caused-heart-disease-death-rise/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • COVID-19 would have been worse without recent advances in science https://globalnews.ca/news/7530587/covid-19-vaccine-science-advances/
  • How China Censored Covid-19 https://www.nytimes.com/2020/12/19/technology/china-coronavirus-censorship.html

• Vaccine Updates:

  • Should the COVID-19 vaccine be mandatory? https://globalnews.ca/news/7528320/canada-covid-19-vaccination-mandatory/
  • Vaccine Passports: A Stamp of Inequity https://www.eff.org/deeplinks/2020/12/vaccine-passports-stamp-inequity
  • Covid vaccine: 'Disappearing' needles and other rumours debunked https://www.bbc.co.uk/news/55364865
  • U.S. prepares to ship out its second authorized coronavirus vaccine https://globalnews.ca/news/7533789/coronavirus-vaccine-united-states-shipping-second/
  • This online dashboard shows how many COVID-19 vaccines have been administered and where they're available https://coronavirus.jhu.edu/vaccines, article https://www.businessinsider.com/covid-19-vaccine-johns-hopkins-dashboard-2020-12

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Wearing a used mask can be worse than not wearing one at all: Study https://torontosun.com/health/wearing-a-used-mask-can-be-worse-than-not-wearing-one-at-all-study

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Because the real 2020 headline weren't weird enough .. AI weirdness https://aiweirdness.com/post/637497177623724032
• No, it's the end of the year, not the end of the world https://www.syfy.com/syfywire/no-its-the-end-of-the-year-not-the-end-of-the-world
• She put cat litter in an Amazon package, and a porch pirate stole it 40 minutes later https://www.cbc.ca/news/canada/hamilton/porch-pirate-cat-litter-package-1.5845536
• Genetically engineered trees could help fight climate change https://www.cbc.ca/news/technology/genetic-modification-trees-climage-change-1.5837766
• Federal government backs development of mini nuclear reactors with new action plan https://www.cbc.ca/news/politics/small-modular-reactors-seamus-1.5847931
• K2: 'Savage Mountain' beckons for unprecedented winter climb https://www.bbc.co.uk/news/world-europe-55341778
• Reading Computer Code Is Not the Same As Reading Language to the Brain https://scitechdaily.com/reading-computer-code-is-not-the-same-as-reading-language-to-the-brain/
• The Steampunk Rover Concept That Could Help Explore Venus https://www.wired.com/story/the-steampunk-rover-concept-that-could-help-explore-venus/
• White House Encourages NASA to Work on Space-Based Nuclear Power and Propulsion Systems https://www.universetoday.com/149327/white-house-encourages-nasa-to-work-on-space-based-nuclear-power-and-propulsion-systems/
• Radio Emissions Have Been Detected from an Exoplanet around nearby Proxima Centauri https://www.universetoday.com/149344/radio-emissions-have-been-detected-from-an-exoplanet/, https://www.syfy.com/syfywire/a-signal-from-proxima-likely-intelligent-unlikely-from-aliens, and https://www.scientificamerican.com/article/alien-hunters-discover-mysterious-signal-from-proxima-centauri/