This Week's [in]Security - Issue 197 | insecurity | Control Gap

Welcome to This Week’s [in]Security. SolarWinds. Riot fallout. New PCI FAQs. SPoC Unsupported O/S RFC. New breaches. New Ransomware. Mining AI. WhatsApp & Facebook. Telegram. Old SSL/TLS. Selfies vs. Fraud. Browsers. Android. reCAPTCHA. Titan. Fortinet WAF. Zend Framework. Nvidia. The Great Suspender. Trends. Nation States. Arrests, etc. Bulletproof TLS. WiFi6. Bad Citations. EC-RAM. Outages. Refund(of sorts) AI. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. The Good, Bad, and Ugly (Behaviour). And more.

Trending news

More on SolarWinds Supply Chain Hack and the fallout from the Capitol Hill riot:

• Solar-gate week 4:

  • Sealed U.S. Court Records Exposed in SolarWinds Breach https://krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/
  • Over 250 Organizations Breached via SolarWinds Supply Chain Hack https://www.securityweek.com/over-250-organizations-breached-solarwinds-supply-chain-hack-report
  • Russia’s SolarWinds Attack and Software Security https://www.schneier.com/blog/archives/2021/01/russias-solarwinds-attack-and-software-security.html
  • Latest on the SVR’s SolarWinds Hack https://www.schneier.com/blog/archives/2021/01/latest-on-the-svrs-solarwinds-hack.html
  • CISA: SolarWinds hackers also used password guessing to breach targets https://www.zdnet.com/article/cisa-solarwinds-hackers-also-used-password-guessing-to-breach-targets
  • SolarWinds: The more we learn, the worse it looks https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks
  • Widely Used Software 'JetBrains' May Be Entry Point for Huge U.S. Hacking https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html
  • Technical Deep Dive Into SolarWinds Breach https://blog.qualys.com/vulnerabilities-research/2021/01/04/technical-deep-dive-into-solarwinds-breach
  • Unauthorized Access of FireEye Red Team Tools http://www.fireeye.de/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
  • US government formally blames Russia for SolarWinds hack https://www.zdnet.com/article/us-government-formally-blames-russia-for-solarwinds-hack/
  • SolarWinds fallout: DOJ says hackers accessed its Microsoft O365 email server https://www.zdnet.com/article/solarwinds-fallout-doj-says-hackers-accessed-its-microsoft-o365-email-server

• Politics aside, the fallout from the US Capitol Riots will likely spawn long term and wide ranging questions about platform liability, free speech, what is domestic terrorism, and much much more:

  • Post-Riot, the Capitol Hill IT Staff Faces a Security Mess https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up
  • Use of Clearview AI facial recognition tech spiked as law enforcement seeks to identify Capitol mob https://www.theverge.com/2021/1/10/22223349/clearview-ai-facial-recognition-law-enforcement-capitol-rioters
  • Twitter bans Trump, citing risk of violent incitement, evidence of 'secondary attack' https://www.ctvnews.ca/world/america-votes/twitter-bans-trump-citing-risk-of-violent-incitement-1.5259773, and https://www.businessinsider.com/trump-tweets-understood-as-encouragement-to-commit-violence-2021-1
  • Twitter bans QAnon supporters, including former national security adviser Michael Flynn https://www.theverge.com/2021/1/8/22221332/twitter-ban-qanon-accounts-michael-flynn-sidney-powell-ron-watkins
  • Reddit’s largest remaining Trump community banned for “inciting violence” https://arstechnica.com/information-technology/2021/01/reddits-largest-remaining-trump-community-banned-for-inciting-violence/
  • Discord bans pro-Trump server https://www.theverge.com/2021/1/8/22221579/discord-bans-the-donald-server-reddit-subreddit
  • Google, Apple, and Amazon cut off Parler https://www.buzzfeednews.com/article/adolfoflores/apple-parler-ban-app-store, and https://arstechnica.com/tech-policy/2021/01/amazon-cuts-off-parlers-web-hosting-following-apple-google-bans/
  • EFF's Response to Social Media Companies' Decisions to Block President Trump’s Accounts https://www.eff.org/deeplinks/2021/01/eff-response-social-media-companies-decision-block-president-trumps-accounts
  • Shopify takes down Trump’s campaign store https://www.theverge.com/2021/1/7/22218776/shopify-trump-store-disable-campaign-ecommerce-sites-capitol
  • Stripe Blocks Processing For Trump Campaign Donations https://www.pymnts.com/digital-payments/2021/stripe-blocks-processing-trump-campaign-donations/
  • Domestic Terrorism: A More Urgent Threat, but Weaker Laws http://feeds.propublica.org/link/9499/14201971/domestic-terrorism-a-more-urgent-threat-but-weaker-laws
  • FBI investigating threat to fly planes in the US Capitol https://www.businessinsider.com/fbi-investigating-threat-to-fly-planes-the-us-capitol-report-2021-1
  • Sedition charges possible for those that stormed U.S. Capitol https://globalnews.ca/news/7562491/us-capitol-sedition-charges/

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• New FAQs:

  • 1486 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Can-the-Compliant-but-with-Legal-exception-option-in-the-AOC-be-used-to-identify-where-a-testing-procedure-could-not-be-performed-due-to-a-legal-constraint
  • 1487 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Can-a-3DS-entity-outsource-the-hosting-and-management-of-its-HSMs-to-a-third-party-service-provider
  • 1488 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-types-of-3DS-components-are-in-scope-for-Requirement-P2-7-in-the-PCI-3DS-Core-Security-Standard
  • 1489 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Is-an-EMVCo-Letter-of-Approval-required-prior-to-conducting-a-PCI-3DS-Assessment
  • 1490 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Can-a-PCI-3DS-Assessment-result-in-a-finding-of-Compliant-if-some-requirements-are-not-tested
  • Updated index https://controlgap.com/index-pci-frequently-asked-questions/
• Request for Comments: SPoC Unsupported Operating Systems Annex https://blog.pcisecuritystandards.org/request-for-comments-spoc-unsupported-operating-systems-annex
• Sweeping Bad Actors Out Of The Trusted Debit Space https://www.pymnts.com/next-gen-debit/2021/sweeping-bad-actors-out-of-the-trusted-debit-space/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • 100M breached records from India's JustPay on the dark web https://www.databreaches.net/in-10-crore-indians-card-data-selling-on-dark-web-researcher/, and https://www.databreachtoday.com/indian-payment-platform-justpay-breached-a-15697
  • Stolen Saskatchewan Health Care data could fetch big money on dark web https://globalnews.ca/news/7566304/stolen-sask-health-care-data-could-fetch-big-money-on-dark-web-expert-says/
  • Aurora Cannabis breach exposes personal data of former, current workers https://www.databreaches.net/aurora-cannabis-breach-exposes-personal-data-of-former-current-workers/
  • Apex Laboratory Says Patient Data Stolen in Ransomware Attack https://www.securityweek.com/apex-laboratory-says-patient-data-stolen-ransomware-attack
  • Indian government sites leaking patient COVID-19 test results https://www.databreaches.net/indian-government-sites-leaking-patient-covid-19-test-results/
  • Robservations: Two-year data breach hits employees’ email at WTTW, WFMT https://www.databreaches.net/robservations-two-year-data-breach-hits-employees-email-at-wttw-wfmt/
  • Ca: Thousands of UGDSB students back on email following breach last week https://www.databreaches.net/ca-thousands-of-ugdsb-students-back-on-email-following-breach-last-week/
  • Names of students who use University of Ottawa Students’ Union Food Bank made public https://www.databreaches.net/completely-outrageous-names-of-students-who-use-university-of-ottawa-students-union-food-bank-made-public/
  • Nissan source code leaked online after Git repo misconfiguration https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration

• New Ransomware and "Incidents":

  • New Zealand Central Bank Hit by Cyber Attack https://www.securityweek.com/new-zealand-central-bank-hit-cyber-attack
  • Ransomware attack cripples NYC DOE’s teacher disciplinary system https://www.databreaches.net/ransomware-attack-cripples-nyc-does-teacher-disciplinary-system/
  • Ca: Communauto car-sharing service victim of a cyberattack https://www.databreaches.net/ca-communauto-car-sharing-service-victim-of-a-cyberattack/
  • Ben-Gurion University targeted by cyberattack, extent of damage unclear https://www.databreaches.net/ben-gurion-university-targeted-by-cyberattack-extent-of-damage-unclear/
  • Major Gaming Companies Hit with Ransomware Linked to APT27 https://threatpost.com/ransomware-major-gaming-companies-apt27/162735/

• Follow-ups and fall-out:

  • Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data https://www.wired.com/story/ddosecrets-ransomware-leaks/
  • Personal data of ANWB customers may have been stolen after a cyber attack https://www.databreaches.net/personal-data-of-anwb-customers-may-have-been-stolen-after-a-cyber-attack/
  • Glofox - 2,330,735 breached accounts added to HIBP https://haveibeenpwned.com/PwnedWebsites#Glofox
  • GeniusU - 1,301,460 breached accounts added to HIBP https://haveibeenpwned.com/PwnedWebsites#GeniusU
  • ZA: Government to replace Sassa grant cards after security breach https://www.databreaches.net/za-government-to-replace-sassa-grant-cards-after-security-breach/
  • $2.4 Million Settlement in 2017 Sabre Data Breach https://www.databreachtoday.com/24-million-settlement-in-2017-sabre-data-breach-a-15689
  • Dickey’s Barbecue Pit provides an update on its breach https://www.databreaches.net/dickeys-barbecue-pit-provides-an-update-on-its-breach/
  • Delaware County officials paid $25,000 in ransom to hackers who infiltrated the county’s computer system https://www.databreaches.net/delaware-county-officials-paid-25000-in-ransom-to-hackers-who-infiltrated-the-countys-computer-system/
  • Data Analytics Company Settles with FTC Over Alleged Data Security Violations https://www.databreaches.net/data-analytics-company-settles-with-ftc-over-alleged-data-security-violations/

Privacy

Articles about privacy related news, risks, and trends.

• Extracting Personal Information from Large Language Models Like GPT-2 https://www.schneier.com/blog/archives/2021/01/extracting-personal-information-from-large-language-models-like-gpt-2.html
• App privacy labels show stark contrasts among messaging apps https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/
• WhatsApp Has Shared Your Data With Facebook for Years https://www.wired.com/story/whatsapp-facebook-data-share-notification
• Facebook’s Mandatory Data-Sharing Rules for WhatsApp Spark Ire https://threatpost.com/facebooks-mandatory-data-sharing-whatsapp-ire/162828/
• Telegram feature exposes your precise address to hackers https://arstechnica.com/information-technology/2021/01/telegram-feature-exposes-your-precise-address-to-hackers/
• Police Robots Are Not a Selfie Opportunity, They’re a Privacy Disaster Waiting to Happen https://www.eff.org/deeplinks/2021/01/police-robots-are-not-selfie-opportunity-theyre-privacy-disaster-waiting-happen

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • New rules on removal of illegal online content could help in battle against child pornography https://www.cbc.ca/news/canada/manitoba/canada-illegal-online-content-child-porn-1.5847695

• US:

  • Trump Executive Order Bans Transactions With Alipay, 7 Other Chinese Companies https://www.pymnts.com/news/regulation/2021/trump-executive-order-bans-transactions-with-alipay-seven-other-chinese-companies/
  • New York City proposes regulating algorithms used in hiring https://arstechnica.com/tech-policy/2021/01/new-york-city-proposes-regulating-algorithms-used-in-hiring/
  • ACLU, EFF Urge Court to Require Warrants for Border Searches of Digital Devices https://www.eff.org/press/releases/video-hearing-tuesday-aclu-eff-urge-court-require-warrants-border-searches-digital
  • Here's what could happen to Section 230 https://www.businessinsider.com/future-of-section-230-democrats-both-houses-2021-1

• World:

  • GDPR Fines Exceeded €170 Million in 2020 https://www.securityweek.com/gdpr-fines-exceeded-170-million-2020
  • Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority https://www.databreaches.net/post-brexit-personal-data-breach-reporting-an-end-to-the-icos-role-as-one-stop-shop-lead-supervisory-authority/
  • NIST publishes NISTIR 8322: Virtual Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” https://csrc.nist.gov/publications/detail/nistir/8322/final

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Encrypted Client Hello: the future of ESNI in Firefox https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/
• NSA Urges SysAdmins to Replace Obsolete TLS Protocols https://threatpost.com/nsa-urges-sysadmins-to-replace-obsolete-tls-protocols/162814/
• Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) https://www.databreaches.net/joint-statement-by-the-federal-bureau-of-investigation-fbi-the-cybersecurity-and-infrastructure-security-agency-cisa-the-office-of-the-director-of-national-intelligence-odni-and-the-national/
• How to remove metadata from your photos https://www.comparitech.com/blog/information-security/remove-metadata-from-photos/
• How good are you at scoring security vulnerabilities, really? Boffins seek infosec pros to take rating skill survey https://www.theregister.com/2021/01/08/cvss_scoring_survey/
• How You Can Start Learning Malware Analysis https://www.sans.org/blog/how-you-can-start-learning-malware-analysis
• How to set up two-factor authentication on your online accounts https://www.theverge.com/22215571/factor-authentication-2fa-apple-microsoft-google-how-to
• Facial ID Emerges As Effective Fraud Defense https://www.pymnts.com/digital-identity/2021/facial-id-emerges-as-effective-fraud-defense/
• Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact https://www.microsoft.com/security/blog/2021/01/06/privacy-breaches-using-microsoft-365-advanced-audit-and-advanced-ediscovery-to-minimize-impact/
• Amazon Has Trucks Filled with Hard Drives and an Armed Guard https://www.schneier.com/blog/archives/2021/01/amazon-has-trucks-filled-with-hard-drives-and-an-armed-guard.html
• How Does Your AD Password Policy Compare to NIST's Password Recommendations? https://thehackernews.com/2021/01/creating-strong-password-policy-with.html
• Military Cryptanalytics, Part III redacted, declassified, and released by NSA https://www.schneier.com/blog/archives/2021/01/military-cryptanalytics-part-iii.html

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/
• Google Warns of Critical Android Remote Code Execution Bug https://threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/
• Researcher Breaks reCAPTCHA With Google’s Speech-to-Text API https://threatpost.com/researcher-breaks-recaptcha-speech-to-text-api/162734/
• New side-channel attack can recover encryption keys from Google Titan security keys https://www.zdnet.com/article/new-side-channel-attack-can-recover-encryption-keys-from-google-titan-security-keys
• Vulnerabilities in Fortinet WAF https://www.securityweek.com/vulnerabilities-fortinet-waf-can-expose-corporate-networks-attacks
• RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework https://threatpost.com/rce-bug-php-scripting-framework/162773/
• Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws https://threatpost.com/nvidia-windows-gamers-graphics-driver-flaws/162857/
• What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn't document updates? https://www.theregister.com/2021/01/07/great_suspender_malware/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than SolarWinds):

  • Malware uses WiFi BSSID for victim identification https://www.zdnet.com/article/malware-uses-wifi-bssid-for-victim-identification/
  • Cyberattacks on Healthcare Spike 45% Since November https://threatpost.com/cyberattacks-healthcare-spike-ransomware/162770/
  • Some ransomware gangs are going after top execs to pressure companies into paying https://www.zdnet.com/article/some-ransomware-gangs-are-going-after-top-execs-to-pressure-companies-into-paying
  • A crypto-mining botnet is now stealing Docker and AWS credentials https://www.zdnet.com/article/a-crypto-mining-botnet-is-now-stealing-docker-and-aws-credentials, and https://www.trendmicro.com/en_us/research/21/a/malicious-shell-script-steals-aws-docker-credentials.html
  • How the Shady Zero-Day Sales Game Is Evolving https://www.darkreading.com/edge/theedge/how-the-shady-zero-day-sales-game-is-evolving-/b/d-id/1339843
  • ElectroRAT Malware Targets Cryptocurrency Wallets https://www.databreachtoday.com/electrorat-malware-targets-cryptocurrency-wallets-a-15716

• Nation State Actors:

  • APT Horoscope https://www.schneier.com/blog/archives/2021/01/apt-horoscope.html
  • Ransomware Attacks Linked to Chinese Cyberspies https://www.securityweek.com/ransomware-attacks-linked-chinese-cyberspies
  • Researchers Disclose Details of FIN7 Hacking Group's Malware https://www.databreachtoday.com/researchers-disclose-details-fin7-hacking-groups-malware-a-15703
  • North Korean hackers launch RokRat Trojan in campaigns against the South https://www.zdnet.com/article/north-korean-hackers-launch-rokrat-trojan-in-campaigns-against-the-south

• Crime:

  • Russian Hacker Sentenced To 12 Years In Prison For Involvement In Massive Network Intrusions https://www.databreaches.net/russian-hacker-sentenced-to-12-years-in-prison-for-involvement-in-massive-network-intrusions-at-u-s-financial-institutions-brokerage-firms-a-major-news-publication-and-other-companies/
  • Julian Assange: UK judge blocks extradition of Wikileaks founder to US https://www.bbc.com/news/uk-55528241
  • EFF Statement on British Court’s Rejection of Trump Administration’s Extradition Request for Wikileaks’ Julian Assange https://www.eff.org/deeplinks/2021/01/eff-statement-british-courts-rejection-trump-administrations-extradition-request
  • ‘World’s unluckiest burglars’ butt-dialled police during U.K. heist https://globalnews.ca/news/7564151/burglar-pocket-dial-butt-uk-unlucky/

Other Security / Risk

Articles covering other types of risks.

• He Created the Web. Now He’s Out to Remake the Digital World. https://www.nytimes.com/2021/01/10/technology/tim-berners-lee-privacy-internet.html
• Bulletproof TLS Newsletter #72 - Let's Encrypt & Android, TLS interception, and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue_72_cross_signature_will_keep_lets_encrypt_compatible_with_old_android
• Wi-Fi’s biggest upgrade in decades is starting to arrive https://www.theverge.com/2021/1/7/22212938/wifi-6e-rollout-starting-2021-smartphones-tvs-laptops-vr-routers
• Retracted scientific papers persists in new citations https://scienmag.com/retracted-scientific-paper-persists-in-new-citations-study-finds/
• Why don’t PCs use error correcting RAM? “Because Intel,” says Linus https://arstechnica.com/gadgets/2021/01/linus-torvalds-blames-intel-for-lack-of-ecc-ram-in-consumer-pcs/
• WhatsApp competitor Signal stops working properly as users rush to leave over privacy update https://www.independent.co.uk/life-style/gadgets-and-tech/whatsapp-privacy-update-signal-facebook-verification-code-b1784305.html
• Slack starts 2021 with a massive outage https://www.theverge.com/2021/1/4/22213105/slack-outage-down-2021-server-error
• Cogeco reports internet outages across Ontario https://globalnews.ca/news/7555923/cogeco-internet-outages-ontario/
• How Hamas May Be Threat to 8chan, QAnon Online https://krebsonsecurity.com/2021/01/hamas-may-be-threat-to-8chan-qanon-online/
• Did you buy Microsoft PC software between 1998 and 2010? You could be eligible to claim up to $250 https://toronto.ctvnews.ca/did-you-buy-microsoft-pc-software-between-1998-and-2010-you-could-be-eligible-to-claim-up-to-250-1.5255022
• Boeing to pay $2.5bn over 737 Max conspiracy - https://www.bbc.co.uk/news/business-55582496
• Verizon is pausing its 3G shutdown indefinitely https://www.theverge.com/2021/1/5/22215453/verizon-3g-shutdown-paused-delay-network-old-phones
• Snow collapses roof in India https://www.accuweather.com/en/videos/startling-video-shows-house-collapsing-under-heavy-weight-of-snow/3M3VhKWd

• AI:

  • Researchers Developed AI That Tells Apart True Conspiracies From Conspiracy Theories https://www.sciencealert.com/an-ai-tool-can-distinguish-between-a-conspiracy-theory-and-a-true-conspiracy
  • AI algorithms detect diabetic eye disease inconsistently https://scienmag.com/ai-algorithms-detect-diabetic-eye-disease-inconsistently/

• Health, Safety & Environment:

  • Amazon reportedly developing radar-equipped sleep apnea tracker https://www.theverge.com/2021/1/6/22216648/amazon-sleep-tracking-alexa-brahms-apnea-radar-device
  • Research Says Alzheimer's Is Actually 3 Distinct Disease Subtypes https://www.sciencealert.com/study-splits-alzheimer-s-into-three-subtypes-and-it-might-help-us-treat-it-better
  • A prognostic Alzheimer’s disease blood test in the symptom-free stage https://scienmag.com/a-prognostic-alzheimers-disease-blood-test-in-the-symptom-free-stage/
  • Bird flu: India to cull poultry amid fears of virus https://www.bbc.co.uk/news/world-asia-india-55556030
  • We Know Almost Nothing About Giant Viruses https://www.theatlantic.com/science/archive/2021/01/giant-viruses-can-change-their-hosts-dna/617555/
  • Unravelling the mystery that makes viruses infectious https://scienmag.com/unravelling-the-mystery-that-makes-viruses-infectious/
  • NIST publishes a beginner’s guide to DNA origami https://scienmag.com/nist-publishes-a-beginners-guide-to-dna-origami/
  • Here’s why Indonesia is so prone to airplane crashes https://globalnews.ca/news/7566802/why-is-indonesia-prone-to-plane-crashes/
  • Physicist works toward forecasting rogue waves along Vancouver Island's west coast https://www.cbc.ca/news/canada/british-columbia/victoria-physicist-rogue-waves-vancouver-island-1.5861347

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • People Without COVID Symptoms Are Responsible For 50% of New Infections https://www.sciencealert.com/people-without-covid-symptoms-are-responsible-for-50-of-new-infections-per-study
  • Expert warns that risk of transmitting COVID-19 outdoors during the winter is higher https://toronto.ctvnews.ca/expert-warns-that-risk-of-transmitting-covid-19-outdoors-during-the-winter-is-higher-1.5254353
  • Despite warnings, nearly half of Canadians visited family, friends this holiday https://globalnews.ca/news/7555645/coronavirus-family-gatherings-canadians-poll/
  • Half of Canadians say pandemic at its worst, almost as many visited over holidays https://www.ctvnews.ca/health/coronavirus/half-of-canadians-say-pandemic-at-its-worst-almost-as-many-visited-over-holidays-poll-1.5253913
  • B.C. sees positive trend in COVID-19 cases over the Christmas holiday https://globalnews.ca/news/7556013/bc-positive-trend-coronavirus-covid-19-christmas/
  • Nearly a third of Torontonians who recently tested positive for COVID-19 attended gatherings over the holidays https://toronto.ctvnews.ca/nearly-a-third-of-torontonians-who-recently-tested-positive-for-covid-19-attended-gatherings-over-the-holidays-survey-1.5256238
  • The Most Reliable Pandemic Number Keeps Getting Worse https://www.theatlantic.com/health/archive/2021/01/pandemic-cases-hospitalizations-record-south/617589/
  • Pushed up by COVID U.S. deaths in 2020 top 3M over 400K more than in 2019 https://www.cp24.com/world/u-s-deaths-in-2020-top-3-million-by-far-most-ever-counted-1.5241198
  • For the first time ever, the U.S. reported more than 4,000 COVID-19 deaths in one day https://www.ctvnews.ca/health/coronavirus/for-the-first-time-ever-the-u-s-reported-more-than-4-000-covid-19-deaths-in-one-day-1.5258542
  • South America's COVID-19 death toll passes 365K https://www.aa.com.tr/en/americas/south-americas-covid-19-deaths-near-half-a-million-/2097547
  • Covid death records shattered across Europe as London declares 'major incident' https://www.cnn.com/2021/01/08/europe/europe-overwhelmed-coronavirus-variant-intl/index.html
  • UK sees highest daily toll of 1,325 deaths https://www.bbc.co.uk/news/uk-55594107
  • Inflatable holiday costume likely responsible for outbreak at California hospital https://www.washingtonpost.com/nation/2021/01/04/inflatable-costume-san-jose-covid/
  • Canada adds more than 8,000 coronavirus cases for 2nd day in a row https://globalnews.ca/news/7562853/coronavirus-canada-cases-jan-7/
  • Ontario surpasses 200,000 COVID-19 cases since beginning of pandemic as hospitalizations surge https://toronto.ctvnews.ca/ontario-surpasses-200-000-covid-19-cases-since-beginning-of-pandemic-as-hospitalizations-surge-1.5255517
  • Nova Scotia Health issues potential COVID-19 exposure warning for Dartmouth Starbucks https://globalnews.ca/news/7563232/nova-scotia-health-exposure-starbucks/
  • These three Toronto businesses with a COVID-19 outbreak pose a 'significant risk' https://toronto.ctvnews.ca/these-three-toronto-businesses-with-a-covid-19-outbreak-pose-a-significant-risk-city-1.5254594

• New Variants:

  • Experts Worry COVID-19 Vaccines May Not Work as Well Against The South African Variant https://www.sciencealert.com/experts-worry-that-the-covid-19-vaccine-may-not-work-as-well-against-south-african-variant
  • Pfizer says its coronavirus vaccine appears to work against U.K., South Africa variants https://globalnews.ca/news/7563069/pfizer-coronavirus-vaccine-variants/
  • WHO Urges Bolder Response Against 'Alarming' New Coronavirus Variant https://www.sciencealert.com/who-urges-bolder-response-against-alarming-new-coronavirus-variant

• Impact:

  • 4 Numbers That Make the Pandemic’s Massive Death Toll Sink In https://www.theatlantic.com/family/archive/2021/01/us-covid-19-death-toll/617544/
  • Number of ICU patients in Ontario soars as province records more than 3,000 new COVID-19 cases https://toronto.ctvnews.ca/number-of-icu-patients-in-ontario-soars-as-province-records-more-than-3-000-new-covid-19-cases-1.5260271
  • Overcapacity: London, Ontario hospital brings in mobile 'body holding' facility https://london.ctvnews.ca/overcapacity-london-ont-hospital-brings-in-mobile-body-holding-facility-1.5254315
  • Frustrated customers continue to demand refunds from airlines https://globalnews.ca/news/7557039/consumer-alberta-refunds-airlines-travel/
  • New coronavirus testing rules send Canadian travel industry into ‘tailspin’ https://globalnews.ca/news/7555595/coronavirus-testing-rules-travel-industry/

• Guidance, Response, and Recovery:

  • Vacationers will not be able to claim sickness benefit to quarantine https://www.ctvnews.ca/health/coronavirus/vacationers-will-not-be-able-to-claim-sickness-benefit-to-quarantine-pm-1.5254066
  • COVID-19 isolation centres opening in Brampton 'very soon' https://toronto.ctvnews.ca/covid-19-isolation-centres-opening-in-brampton-very-soon-mayor-says-1.5255674
  • Toronto announces new measures, including listing outbreaks, aimed at curbing spread of COVID-19 in workplaces https://toronto.ctvnews.ca/toronto-announces-new-measures-aimed-at-curbing-spread-of-covid-19-in-workplaces-1.5252656
  • ‘We’re not in a lockdown when schools are open https://globalnews.ca/news/7556412/ontario-lockdown-schools-doctors/
  • Is Quebec heading toward another full lockdown? https://globalnews.ca/news/7555743/quebec-full-lockdown-possible-curfew/
  • Proposed Criminal Law Could Penalize New Yorkers For Skipping COVID Vaccine Lines https://www.pymnts.com/coronavirus/2021/proposed-criminal-law-could-penalize-new-yorkers-for-skipping-covid-vaccine-lines/
  • Travellers to UK will need to show negative test result https://www.bbc.co.uk/news/uk-55582116
  • Boris Johnson is under pressure to impose a national lockdown as the surge in coronavirus cases overwhelms hospitals and forces schools to close https://www.businessinsider.com/boris-johnson-could-impose-national-lockdown-schools-shut-across-uk-2021-1
  • China imposes new travel restrictions as province sees spike in coronavirus cases https://globalnews.ca/news/7557939/china-coronavirus-new-restrictions-hebei/
  • WHO team investigating virus origins denied entry to China https://www.bbc.co.uk/news/world-asia-china-55555466

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Immune but infectious: Can someone vaccinated against COVID-19 still spread the virus? https://globalnews.ca/news/7559408/health-matters-covid-19-vaccine-immune-but-infectious/
  • Detecting COVID-19 antibodies in 10-12 seconds https://scienmag.com/detecting-covid-19-antibodies-in-10-12-seconds/
  • New COVID Vaccines Need Absurd Amounts of Material and Labor https://www.scientificamerican.com/article/new-covid-vaccines-need-absurd-amounts-of-material-and-labor1/
  • CDC Shut Down a Lab Involved in Making Faulty Coronavirus Tests http://feeds.propublica.org/link/9499/14203615/cdc-lab-faulty-coronavirus-tests
  • COVID-19 likely lingered longer than reported in Wuhan https://scienmag.com/covid-19-likely-lingered-longer-than-reported-in-wuhan/

• Immunity, Vaccines, and Vaccination:

  • COVID-19 infection vs. vaccination: Which is better for immunity? https://www.cbc.ca/news/health/vaccination-infection-covid-19-immunity-1.5865984
  • US COVID-19 Cases Are Surging. Here's Why Natural Herd Immunity Is Still a Long Way Off https://www.sciencealert.com/us-covid-19-cases-are-surging-but-natural-herd-immunity-is-still-a-long-way-off
  • Canada investigating timing of second coronavirus vaccine dose https://globalnews.ca/news/7557093/canada-coronavirus-dose-timing/
  • Moderna Covid-19 vaccine authorized by UK medicines regulator https://www.cnn.com/2021/01/08/uk/uk-moderna-covid-19-vaccine-intl/index.html
  • 25% of Canadians don't want the COVID-19 vaccine https://nationalpost.com/news/a-quarter-of-canadians-dont-want-the-covid-19-vaccine-we-asked-the-experts-why
  • Health Canada says 9 adverse reactions after COVID-19 vaccinations are in line with clinical trials https://www.cbc.ca/news/politics/adverse-events-covid-19-vaccines-1.5866357
  • ‘Urgently need vaccine’ says Toronto’s University Health Network president on COVID-19 doses https://globalnews.ca/news/7563299/toronto-university-health-network-coronavirus-vaccine/
  • Toronto nurses upset over COVID-19 vaccine access, allege frontline medical staff not being prioritized https://globalnews.ca/news/7565343/coronavirus-toronto-covid-19-vaccine-distribution/
  • Federal inmates to start receiving coronavirus vaccinations this week https://globalnews.ca/news/7557842/coronavirus-vaccine-inmates-begin/
  • How Badly Is the US Vaccination Going? https://www.theatlantic.com/health/archive/2021/01/listen-how-badly-vaccination-going/617617/
  • People are randomly getting vaccinated at pharmacies because of extra doses that need to be used before they expire https://www.businessinsider.com/random-people-are-getting-vaccinated-with-extra-doses-at-pharmacies-2021-1
  • A California hospital administered 600 coronavirus vaccine shots within 2 hours after discovering its freezer had broken https://www.businessinsider.com/coronavirus-vaccine-california-hospital-600-shots-2-hours-freezer-broken-2021-1
  • French government vows to speed up vaccinations https://www.bbc.co.uk/news/world-europe-55529240
  • How will the UK jab millions of people? https://www.bbc.co.uk/news/health-55274833
  • The Next Phase of Vaccination Will Be Even Harder https://www.theatlantic.com/health/archive/2021/01/next-phase-vaccination-will-be-even-harder/617595/
  • The Best Evidence for How to Overcome COVID Vaccine Fears https://www.scientificamerican.com/article/the-best-evidence-for-how-to-overcome-covid-vaccine-fears1/

• More of the good, the bad, and the ugly:

  • Policeman buys family food instead of arresting them for shoplifting https://www.bbc.com/news/world-us-canada-55522825
  • Canadian snowbirds chartering private jets to fly south for faster COVID-19 vaccine access https://www.ctvnews.ca/health/coronavirus/canadian-snowbirds-chartering-private-jets-to-fly-south-for-faster-covid-19-vaccine-access-1.5257752
  • Wealthy donors reportedly received COVID-19 vaccinations ahead of staff and residents https://www.businessinsider.com/wealthy-donors-assisted-living-facility-got-covid-vaccine-early-report-2021-1
  • One in four doctors attacked, harassed on social media https://scienmag.com/one-in-four-doctors-attacked-harassed-on-social-media/
  • Pandemic Hackers Swiped $36 Billion From Unemployment Coffers https://www.pymnts.com/news/security-and-risk/2021/pandemic-hackers-swiped-36-billion-from-unemployment-coffers/
  • COVID-19 vaccine scams are now appearing online, over text, and by email https://www.zdnet.com/article/be-warned-covid-19-vaccine-scams-are-now-appearing-online-over-text-and-over-email
  • Fired Healthcare Exec Stalls Critical PPE Shipment for Months https://threatpost.com/healthcare-exec-stalls-critical-ppe-shipment/162855/
  • Wisconsin Pharmacist accused of tampering with vaccine over ‘mutant DNA’ fears https://globalnews.ca/news/7555878/coronavirus-vaccine-change-dna-moderna-tamper/

• There's a been a rash of leaders travelling during the pandemic resulting in public pressure. We note that not all cases are equally bad

  • Alberta MLAs who travelled during COVID-19 pandemic lose ministry portfolios https://globalnews.ca/news/7554153/alberta-mlas-travel-resign-kenney-covid/
  • Ontario hospital CEO who vacationed in Dominican Republic resigns from health panels https://www.cbc.ca/news/canada/hamilton/st-joes-niagara-health-ceo-vacation-covid-19-1.5862449
  • Senator co-signed order barring international travel during pandemic — then went to Mexico https://www.cbc.ca/news/politics/senate-travel-plett-mexico-1.5866272
  • 'Wrong on so many fronts': Airlines continue to incentivise holiday travel despite COVID-19 pandemic https://toronto.ctvnews.ca/wrong-on-so-many-fronts-airlines-continue-to-incentivise-holiday-travel-despite-covid-19-pandemic-1.5256239

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Covid-19 face mask innovation that ‘costs pennies’ designed by BTYSTE entrant https://www.irishtimes.com/news/science/covid-19-face-mask-innovation-that-costs-pennies-designed-by-btyste-entrant-1.4451725
  • Central Okanagan church fined $2,300 for mass gathering https://globalnews.ca/news/7558824/coronavirus-kelowna-church-mass-gathering-fine/
  • Singapore woman jailed for hiding meetings with male friend https://www.bbc.co.uk/news/world-asia-55579775

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• 10 Words We DON’T Want to Hear in 2021 https://sourcedefense.com/resources/blog/10-words-we-dont-want-to-hear-in-2021/
• Nature's optical illusions - gravity hills https://www.sciencealert.com/these-gravity-defying-hills-are-one-of-the-weirdest-natural-phenomena-we-ve-seen
• We May Have Dog Friends Because Wolves Once Preferred Different Food https://www.sciencealert.com/we-might-have-dog-friends-now-because-wolves-once-preferred-different-food-study-suggests
• Identical Twins Aren't 100% Genetically Identical After All https://www.sciencealert.com/study-suggests-that-identical-twins-are-not-so-identical-after-splitting
• Sprite Lightning at 100000 Frames Per Second https://apod.nasa.gov/apod/ap210104.html
• Greener planes of the future... or just pretty plans? https://www.bbc.co.uk/news/business-51751984
• Producing milk from yeast that looks and tastes like cow’s milk https://scienmag.com/producing-milk-from-yeast-that-looks-and-tastes-like-cows-milk/
• South Korea’s ‘Artificial Sun’ burns hotter than star for longer than ever before https://www.independent.co.uk/life-style/gadgets-and-tech/artificial-sun-nuclear-fusion-record-south-korea-b1781915.html//
• Physicists Have Observed an Entirely New State of Matter Called 'Liquid Glass' https://www.sciencealert.com/scientists-have-discovered-a-new-state-of-matter-called-liquid-glass
• Earth Was Spinning Faster Last Year Than at Any Other Time in The Past 50 Years https://www.sciencealert.com/earth-was-spinning-faster-last-year-than-at-any-other-time-in-the-past-50-years
• Nasa's Curiosity rover: 3,000 days on Mars https://www.bbc.co.uk/news/science-environment-55562150
• NASA’s first mission to the Trojan asteroids https://scienmag.com/nasas-first-mission-to-the-trojan-asteroids-integrates-its-second-scientific-instrument/
• Mercury Is a Planet With a Tail https://www.sciencealert.com/the-tail-of-mercury
• Jupiter Is Bigger Than Some Stars, So Why Didn't We Get a Second Sun? https://www.sciencealert.com/why-isn-t-jupiter-a-star
• Beautiful 6-Planet System in Almost Perfect Orbital Harmony https://www.sciencealert.com/astronomers-find-a-beautiful-6-planet-system-in-almost-perfect-orbital-harmony
• Hundreds of high-velocity stars with many leaving the Milky Way https://www.universetoday.com/149461/astronomers-discover-hundreds-of-high-velocity-stars-many-on-their-way-out-of-the-milky-way/
• Perimeter Institute gets international recognition for work on first image of black hole https://www.kitchenertoday.com/local-news/perimeter-institute-gets-international-recognition-for-work-on-first-image-of-black-hole-3248505