This Week's [in]Security - Issue 198

Welcome to This Week’s [in]Security. SolarWinds. Riot fallout. Dumps. Bans. Magecart. Carding. New breaches: The UN. Socialarks. Ubiquiti. Capcom. Healthcare. SmartPhones. WhatsApp & Facebook. Signal. Facial Recognition & Analysis. More Brexit. NIST. Tools. Dynamic PII? Disinformation. MFA Cloning. CSV Injection. Wild. MacOS. DoH Resolvers. Patch Tuesday. Adobe. WordPress. Trends. MFA Bypass. ScAAS? 0-Day. Nation States. Arrests, etc. CitizenLab. Rogue AI. Election Security. Congo TLD. Exodus? Bitcoin Passwords. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. Disinformation. The Good, Bad, and Ugly (Behaviour). And more.

Trending news

More on SolarWinds Supply Chain Hack and the fallout from the Capitol Hill riot:

• Solar-gate week 5:

  • SolarLeaks site claims to sell data stolen in SolarWinds attacks https://www.databreaches.net/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/
  • Third malware strain discovered in SolarWinds supply chain attack https://www.zdnet.com/article/third-malware-strain-discovered-in-solarwinds-supply-chain-attack
  • Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack https://www.securityweek.com/mimecast-discloses-certificate-incident-possibly-related-solarwinds-hack, https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/
  • Researchers Find Links Between Sunburst and Russian Kazuar Malware https://thehackernews.com/2021/01/researchers-find-links-between-sunburst.html
  • SolarWinds: What Hit Us Could Hit Others https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/
  • SolarWinds defense: How to stop similar attacks https://www.zdnet.com/article/solarwinds-defense-how-to-stop-similar-attacks

• Politics aside, more on the long term fallout from the US Capitol Riots, issues like platform liability, free speech, domestic terrorism, etc.:

  • Parler hack: Public info from platform archived by activist hackers https://www.usatoday.com/story/tech/news/2021/01/11/parler-hack-platform-archived-hackers-capitol-riots/6629772002/
  • Parler’s amateur coding could come back to haunt Capitol Hill rioters https://arstechnica.com/information-technology/2021/01/parlers-amateur-coding-could-come-back-to-haunt-capitol-hill-rioters/
  • An Absurdly Basic Bug Let Anyone Grab All of Parler's Data https://www.wired.com/story/parler-hack-data-public-posts-images-video
  • A Parler archive is being converted into an interactive map of the Capitol building attack https://www.theverge.com/2021/1/14/22231749/parler-interactive-map-video-gps-capitol-attack
  • Banning Trump won't fix social media: 10 ideas to rebuild our broken internet – by experts https://www.theguardian.com/media/2021/jan/16/how-to-fix-social-media-trump-ban-free-speech
  • Who decides what stays on the internet? https://www.theverge.com/22225238/trump-social-media-ban-platform-moderation-tech-regulation-daphne-keller-interview
  • Twitter suspends 70,000 accounts sharing QAnon content https://www.theguardian.com/technology/2021/jan/12/twitter-suspends-70000-accounts-sharing-qanon-content
  • Inside Twitter's Decision to Cut Off Donald J. Trump https://www.nytimes.com/2021/01/16/technology/twitter-donald-trump-jack-dorsey.html
  • How Silicon Valley banished Donald Trump in 48 hours https://www.businessinsider.com/how-silicon-valley-banished-donald-trump-in-48-hours-2021-1
  • The Meaning of Trump’s Mass Cancellation https://www.theatlantic.com/ideas/archive/2021/01/how-big-tech-impeached-donald-trump/617643/
  • Biden inauguration: All 50 US states on alert for armed protests https://www.bbc.co.uk/news/world-us-canada-55689840
  • Far-right groups received large Bitcoin payment ahead of U.S. Capitol riot: report https://globalnews.ca/news/7577631/us-capitol-riot-bitcoin-far-right/
  • FBI received over 100,000 pieces of digital evidence after Capitol attack https://www.theverge.com/2021/1/12/22227633/doj-fbi-evidence-capitol-trump-riot-attack
  • Airbnb says it’s working to block Capitol attackers from returning to Washington, DC https://www.theverge.com/2021/1/12/22227028/airbnb-block-capitol-attackers-returning-dc-gofundme
  • Anti-government website hosted in Montreal shut down after promoting armed protests in U.S. https://www.cbc.ca/news/canada/montreal/montreal-website-extremists-protests-u-s-1.5870183
  • FBI says it warned about potential violence ahead of U.S. Capitol riot https://globalnews.ca/news/7572485/fbi-warned-violence-capitol/
  • Face Surveillance and the Capitol Attack https://www.eff.org/deeplinks/2021/01/face-surveillance-and-capitol-attack
  • The Government Has All of the Powers It Needs to Find and Prosecute Those Responsible for the Crimes on Capitol Hill https://www.eff.org/deeplinks/2021/01/government-has-all-powers-it-needs-find-and-prosecute-those-responsible-crimes

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• Magecart Groups Hide Behind 'Bulletproof' Hosting Service https://www.databreachtoday.com/magecart-groups-hide-behind-bulletproof-hosting-service-a-15778, https://www.riskiq.com/blog/labs/magecart-medialand/
• Joker's Stash, the internet's largest carding forum, is shutting down https://www.zdnet.com/article/jokers-stash-the-internets-largest-carding-forum-is-shutting-down
• Hy-Vee agrees to settle the class action lawsuit over payment card data breach https://www.databreaches.net/hy-vee-agrees-to-settle-the-class-action-lawsuit-over-payment-card-data-breach/
• ‘Organized Retail Crime’ Is Growing (And Not Just Because Of The Pandemic) https://www.pymnts.com/news/retail/2021/organized-retail-crime-is-growing-and-not-just-because-of-the-pandemic/
• Moneris on 3-D Secure 2.0: What you need to know https://community.moneris.com/blogs/b/announcements/posts/3-d-secure-2-0-what-you-need-to-know

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Vulnerable Database Exposed UN Employees' Data https://www.databreachtoday.com/vulnerable-database-exposed-un-employees-data-a-15744
  • Chinese start-up, Socialarks, leaked 400GB of scraped data exposing 200+ million Facebook, Instagram and LinkedIn users https://www.databreaches.net/chinese-start-up-leaked-400gb-of-scraped-data-exposing-200-million-facebook-instagram-and-linkedin-users/
  • Ubiquiti, maker of prosumer routers and access points, has had a data breach https://www.theverge.com/2021/1/11/22226061/ubiquiti-data-breach-email-third-party-unathorized-access
  • Ubiquiti: Change Your Password, Enable 2FA https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/
  • Capcom Says Personal Data of Thousands More Stolen in Ransomware Attack https://www.securityweek.com/capcom-says-personal-data-thousands-more-stolen-ransomware-attack
  • Eneco warns customers for data breach: ‘Change your password, personal data may have been accessed’ https://www.databreaches.net/eneco-warns-customers-for-data-breach-change-your-password-personal-data-may-have-been-accessed/
  • Reserve Bank of New Zealand Investigates Data Breach https://www.databreachtoday.com/reserve-bank-new-zealand-investigates-data-breach-a-15737
  • Paging System Leak Affects Thousands of Patients https://www.databreachtoday.com/paging-system-leak-affects-thousands-patients-a-15740
  • TX: Hendrick Health: Computer network breach compromised some patients’ information https://www.databreaches.net/tx-hendrick-computer-network-breach-compromised-some-patients-information/
  • Wisconsin Medicaid information accessed by unauthorized individual https://www.databreaches.net/wisconsin-medicaid-information-accessed-by-unauthorized-individual/

• Follow-ups and fall-out:

  • Ca: Confidential data stolen from Promutuel Insurance ends up online https://www.databreaches.net/ca-confidential-data-stolen-from-promutuel-ends-up-online/
  • Ca: Laurentian University Data Breach Class Action Approved by Court https://www.databreaches.net/ca-laurentian-data-breach-class-action-approved-by-court/
  • 2018's Jobandtalent - 10,981,207 breached accounts added to HIBP https://haveibeenpwned.com/PwnedWebsites#JobAndTalent
  • Excellus to pay $5 million to settle charges stemming from breach that impacted 9.3 million https://www.databreaches.net/excellus-to-pay-5-million-to-settle-charges-stemming-from-breach-that-impacted-9-3-million/

Privacy

Articles about privacy related news, risks, and trends.

• How Law Enforcement Gets Around Your Smartphone's Encryption https://www.wired.com/story/smartphone-encryption-law-enforcement-tools/
• So-called “Consent Searches” Harm Our Digital Rights https://www.eff.org/deeplinks/2021/01/so-called-consent-searches-harm-our-digital-rights
• China: 30 Firms Reprimanded Over Data Privacy Violations in Guangdong https://www.databreaches.net/cn-30-firms-reprimanded-over-data-privacy-violations-in-guangdong/

• WhatsApp, Facebook, and the rush to Signal:

  • Changes in WhatsApp’s Privacy Policy https://www.schneier.com/blog/archives/2021/01/changes-in-whatsapps-privacy-policy.html
  • The Truth About Your WhatsApp Data https://www.nytimes.com/2021/01/13/technology/whatsapp-data.html
  • Post-Backlash, WhatsApp Spells Out Privacy Policy Updates https://threatpost.com/post-backlash-whatsapp-spells-out-privacy-policy-updates/162996/
  • Switching to Signal? Turn on these settings now for greater privacy and security https://www.zdnet.com/article/switching-to-signal-turn-on-these-settings-now-for-greater-privacy-and-security/
  • Signal outage is keeping messages from sending https://www.theverge.com/2021/1/15/22232993/signal-outage-new-users-messages-not-sending

• Facial Recognition & Analysis:

  • HireVue, Facing FTC Complaint From EPIC, Halts Use of Facial Recognition https://epic.org/2021/01/hirevue-facing-ftc-complaint-f.html
  • FTC Orders Photo App to Delete Algorithms Built on Personal Data https://epic.org/2021/01/ftc-orders-photo-app-to-delete.html

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Digital privacy law is being updated for the first time in decades, and it's imperative we get it right https://www.cbc.ca/news/opinion/opinion-digital-privacy-bill-c11-1.5863117

• US:

  • New Petition Urges Supreme Court to Ensure Fifth Amendment Protections for Cell Phone Passcodes https://epic.org/2021/01/aclu-eff-urge-supreme-court-to.html
  • Administration blacklists Xiaomi as a ‘Communist Chinese military company’ https://www.theverge.com/2021/1/14/22231786/trump-administration-blacklists-xiaomi-communist-chinese-military-company
  • Cuba placed back on US terrorism sponsor list https://www.bbc.co.uk/news/world-latin-america-55627032
  • Former Michigan Gov. Rick Snyder and other top officials will soon be criminally charged in connection with the Flint water crisis, report says https://www.businessinsider.com/former-gov-rick-snyder-faces-charges-over-flint-water-crisis-2021-1, https://www.bbc.co.uk/news/world-us-canada-55656898
  • The SEC Undermined a Powerful Weapon Against White-Collar Crime http://feeds.propublica.org/link/9499/14214135/the-sec-undermined-a-powerful-weapon-against-white-collar-crime
  • Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers https://www.databreaches.net/computer-security-incident-notification-requirements-for-banking-organizations-and-their-bank-service-providers/
  • The FAA just greenlit this drone to fly autonomously without a human nearby https://www.theverge.com/2021/1/15/22234029/faa-american-robotics-beyond-visual-line-of-sight-remote-observer-waiver
  • FAA Publishes Final Rule for Operating Drones Over People https://epic.org/2021/01/faa-publishes-final-rule-for-o.html
  • Theranos 'dumped' a useless, double-encrypted blood-test database on prosecutors, then destroyed the original, Feds say https://www.businessinsider.com/theranos-prosecutors-useless-database-elizabeth-holmes-sunny-balwani-2021-1
  • Facebook sues two Chrome extension devs for scraping user data https://www.zdnet.com/article/facebook-sues-two-chrome-extension-devs-for-scraping-user-data
  • Appeals Court Vacates $4.3 Million HIPAA Penalty https://www.databreachtoday.com/appeals-court-vacates-43-million-hipaa-penalty-a-15773

• World:

  • (From last month) Brexit Deal Mandates Old Insecure Crypto Algorithms (Copy and Paste Error?) https://www.schneier.com/blog/archives/2020/12/brexit-deal-mandates-old-insecure-crypto-algorithms.html
  • Thou shalt not hack indiscriminately, High Court of England tells Britain's spy agencies https://www.theregister.com/2021/01/11/equipment_interference_privacy_international_judgment/
  • Civil Society Groups Urge EU to Prohibit Certain Red-line Uses of AI https://epic.org/2021/01/civil-society-groups-urge-eu-t.html
  • Polish DPA fines Virgin Mobile Polska €460,000: Incidental safeguards review is not regular testing of technical measures https://www.databreaches.net/polish-dpa-fines-virgin-mobile-polska-e460000-incidental-safeguards-review-is-not-regular-testing-of-technical-measures/
  • Poland proposes social media 'free speech' law https://www.bbc.co.uk/news/technology-55678502

• New NIST:

  • The comment period has been extended through March 1, 2021 https://csrc.nist.gov/publications/detail/nistir/8286a/draft and https://csrc.nist.gov/News/2020/draft-nistir-8286a-available-for-comment

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• DevSecOps and Zero Trust Architecture Virtual Conference Jan 27th https://www.nist.gov/news-events/events/2021/01/devsecops-and-zero-trust-architecture-zta-multi-cloud-environments
• Intel Packs Ransomware Detection Directly Into vPro Platform https://www.securityweek.com/intel-packs-ransomware-detection-directly-vpro-platform
• Reducing Fraud Through Advanced IVR Technologies https://www.databreachtoday.com/reducing-fraud-through-advanced-ivr-technologies-a-15756
• PowerShell Tools I Use Audit and Compliance Measurement https://www.sans.org/blog/powershell-tools-i-use-audit-and-compliance-measurement
• Microsoft Defender for Endpoint on Linux Goes Live https://www.securityweek.com/microsoft-defender-endpoint-linux-goes-live
• Risky Biz Soap Box: Mapping NIST 800-53 to MITRE ATT&CK https://risky.biz/soapbox48
• Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop https://isc.sans.edu/diary/rss/26974
• CISSP Online Exam? Explaining the (ISC)² Pilot Test https://blog.isc2.org/isc2_blog/2021/01/cissp-online-exam-explaining-the-isc2-pilot-test.html
• Dynamic PII: The key to fighting payments fraud https://www.mobilepaymentstoday.com/blogs/dynamic-pii-the-key-to-fighting-payments-fraud/
• New Release of Sysmon Adding Detection for Process Tampering https://isc.sans.edu/diary/rss/26994
• Misinformation vs. disinformation: What to know about each form of false information, and how to spot them online https://www.businessinsider.com/misinformation-vs-disinformation

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Cloning Google Titan 2FA keys, physical side-channel attack https://www.schneier.com/blog/archives/2021/01/cloning-google-titan-2fa-keys.html
• CSV injection attacks explained https://www.comparitech.com/blog/information-security/csv-injection-attacks/

• Introducing the Project Zero In-the-Wild Series https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html

  • Chrome Exploits https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html
  • Chrome Infinity Bug https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
  • Android Exploits https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html
  • Android Post-Exploitation https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
  • Windows Exploits https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html
• Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’ https://threatpost.com/microsoft-implements-windows-zerologon-flaw-enforcement-mode/163104/
• Apple Removes Feature That Allowed Its Apps To Bypass macOS Firewalls And VPNs https://packetstormsecurity.com/news/view/31929/Apple-Removes-Feature-That-Allowed-Its-Apps-To-Bypass-macOS-Firewalls-And-VPNs.html
• The NSA warns enterprises to beware of third-party DNS resolvers https://arstechnica.com/information-technology/2021/01/the-nsa-warns-enterprises-to-beware-of-third-party-dns-resolvers/, https://www.zdnet.com/article/nsa-warns-against-using-doh-inside-enterprise-networks
• Running my own DoH relay and getting Pi-hole protection away from home! https://scotthelme.co.uk/running-my-own-doh-relay-and-getting-pihole/
• Microsoft Patch Tuesday, January 2021 Edition https://krebsonsecurity.com/2021/01/microsoft-patch-tuesday-january-2021-edition/
• Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html, https://www.trendmicro.com/en_us/research/21/a/january-patch-tuesday-repairs-critical-ms-defender-rce-bug.html
• Microsoft fixes Defender zero-day in January 2021 Patch Tuesday https://www.zdnet.com/article/microsoft-fixes-defender-zero-day-in-january-2021-patch-tuesday
• Adobe fixes critical code execution vulnerabilities in 2021's first major patch round https://www.zdnet.com/article/adobe-patches-code-execution-vulnerabilities-in-the-first-security-update-of-2021
• Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways https://www.securityweek.com/vulnerabilities-can-allow-hackers-create-backdoors-comtrol-industrial-gateways
• Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover https://threatpost.com/orbit-fox-wordpress-plugin-bugs/163020/
• Iconic BugTraq security mailing list shuts down after 27 years https://www.zdnet.com/article/iconic-bugtraq-security-mailing-list-shuts-down-after-27-years
• Watchdog Raises Concerns About Census Bureau's IT Security https://www.securityweek.com/watchdog-raises-concerns-about-census-bureaus-it-security

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than SolarWinds):

  • Cloud Attacks Are Bypassing MFA, Feds Warn https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/
  • 'Scam-as-a-Service' Scheme Spreads https://www.databreachtoday.com/scam-as-a-service-scheme-spreads-a-15770
  • 'Rogue' Android RAT Can Take Control of Devices, Steal Data https://www.securityweek.com/rogue-android-rat-can-take-control-devices-steal-data
  • Hackers used 4 zero-days to infect Windows and Android devices in Watering Hole Attacks https://arstechnica.com/information-technology/2021/01/hackers-used-4-0days-to-infect-windows-and-android-devices/, https://www.databreachtoday.com/watering-hole-operation-leveraged-zero-day-exploits-a-15757
  • CISA Warns of Surge in Attacks Targeting Cloud Services https://www.databreachtoday.com/cisa-warns-surge-in-attacks-targeting-cloud-services-a-15764
• Free decrypter released for victims of Darkside ransomware https://www.zdnet.com/article/free-decrypter-released-for-victims-of-darkside-ransomware

• Nation State Actors:

  • Iranian cyberspies behind major Christmas SMS spear-phishing campaign https://www.zdnet.com/article/iranian-cyberspies-behind-major-christmas-sms-spear-phishing-campaign

• Crime:

  • Europol Reveals Dismantling of ‘Largest’ Underground Marketplace https://threatpost.com/europol-dismantling-underground-marketplace/162949/
  • Hacker Blows Chance at Early Release By Hacking More https://www.databreachtoday.com/hacker-blows-chance-at-early-release-by-hacking-more-a-15775

Other Security / Risk

Articles covering other types of risks.

• NSA Publishes Cybersecurity Year in Review Report https://www.securityweek.com/nsa-publishes-cybersecurity-year-review-report
• Response to NSO Group on the Great iPwn Report https://citizenlab.ca/2021/01/response-to-nso-group-on-the-great-ipwn-report/
• (Shades of Skynet and the Forbin Project) Calculations Show It'll Be Impossible to Control a Super-Intelligent AI https://www.sciencealert.com/calculations-show-it-d-be-impossible-to-control-a-rogue-super-smart-ai
• ESS paperless voting machine company sends legal threats https://freedom-to-tinker.com/2021/01/11/ess-voting-machine-company-sends-threats/
• UK: 150,000 Arrest Records Lost in Police Data Accident - data recovery underway https://www.databreaches.net/uk-150000-arrest-records-lost-in-police-data-accident/, https://www.bbc.co.uk/news/uk-55672194
• A security researcher commandeered a country’s expired top-level domain to save it from hackers https://techcrunch.com/2021/01/15/congo-comandeered/
• Google cuts off other Chromium-based browsers from its Sync service https://www.zdnet.com/article/google-cuts-off-other-chromium-based-browsers-from-its-sync-service/
• Peel District School Board says virtual classroom for Mississauga school hacked with pornographic video https://www.680news.com/2021/01/14/peel-district-school-board-says-virtual-classroom-for-mississauga-school-hacked-with-pornographic-video/
• Boy, 12, killed by hand grenade sold at U.S. antique market https://globalnews.ca/news/7571084/boy-killed-hand-grenade-explosion-antique/

• Exodus:

  • Toronto saw record-high population loss in 2020 https://www.blogto.com/city/2021/01/toronto-record-high-population-loss-2020/
  • Canadians leaving big cities in record numbers: Statistics Canada https://www.ctvnews.ca/canada/canadians-leaving-big-cities-in-record-numbers-statistics-canada-1.5270161
  • They Can’t Leave the Bay Area Fast Enough https://www.nytimes.com/2021/01/14/technology/leaving-san-francisco.html
• The password guess worth $240m in bitcoin... https://www.bbc.co.uk/news/technology-55645408
• Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html
• Hypersonic Superweapons Are a Mirage, New Analysis Says https://www.nytimes.com/2021/01/15/science/hypersonic-missile-weapons.html
• How a $2 million electric hypercar gets crash tested https://www.businessinsider.com/rimac-automobili-2-million-hypercar-crash-test-2021-1
• Jared Mauch didn’t have good broadband—so he built his own fiber ISP https://arstechnica.com/information-technology/2021/01/jared-mauch-didnt-have-good-broadband-so-he-built-his-own-fiber-isp/
• New Year Kicks Off With Vendor Consolidation https://www.databreachtoday.com/new-year-kicks-off-vendor-consolidation-a-15748

• Health, Safety & Environment:

  • 2020 saw most excess deaths since World War Two https://www.bbc.co.uk/news/uk-55631693
  • Protecting lungs from ventilator-induced injury https://scienmag.com/protecting-lungs-from-ventilator-induced-injury/
  • ‘It’s unprecedented’: No cases of the flu detected in Saskatchewan this season https://globalnews.ca/news/7579880/flu-cases-nonexistent-saskatchewan/
  • Is seeing your doctor online working? https://www.bbc.co.uk/news/world-us-canada-55502493
  • Gene-editing produces tenfold increase in superbug slaying antibiotics https://scienmag.com/gene-editing-produces-tenfold-increase-in-superbug-slaying-antibiotics/
  • New method helps pocket-sized DNA sequencer achieve near-perfect accuracy https://scienmag.com/new-method-helps-pocket-sized-dna-sequencer-achieve-near-perfect-accuracy/
  • Seagrass Is Doing Us All a Favor And Trapping Our Plastic in Balls https://www.sciencealert.com/seagrass-neptune-balls-bundle-plastic-waste
  • Microplastics from laundry are flooding into the Arctic https://www.theverge.com/2021/1/12/22226655/microplastics-laundry-wastewater-plastic-pollution-arctic-ocean
  • ‘Swiss Army knife’ catalyst can make natural gas burn cleaner https://scienmag.com/swiss-army-knife-catalyst-can-make-natural-gas-burn-cleaner/
  • Research project to eliminate ‘forever chemicals’ Research project to eliminate ‘forever chemicals’
  • Turn off that camera during virtual meetings, environmental study says https://scienmag.com/turn-off-that-camera-during-virtual-meetings-environmental-study-says/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • New COVID-19 modelling shows pandemic resurgence in Canada rapidly worsening https://www.ctvnews.ca/health/coronavirus/new-covid-19-modelling-shows-pandemic-resurgence-in-canada-rapidly-worsening-1.5268145
  • COVID-19 deaths in Ontario’s 2nd wave to exceed 1st if contacts aren’t reduced, modelling suggests https://globalnews.ca/news/7570667/new-ontario-coronavirus-modelling-2/
  • Global death toll hits 2M amid vaccine rollout https://globalnews.ca/news/7579210/covid-global-covid-death-toll-2-million/
  • Canada’s COVID-19 deaths have now surpassed 18,000 https://globalnews.ca/news/7582113/coronavirus-canada-update-jan-17/
  • Canada adds 7,563 new coronavirus infections as more variant cases found https://globalnews.ca/news/7577918/coronavirus-canada-jan-14/
  • Ontario reports more than 3,400 new coronavirus cases, 69 deaths https://globalnews.ca/news/7581708/ontario-coronavirus-cases-january-17-covid19/
  • COVID-19 exposure notices issued for flight, location in Truro https://globalnews.ca/news/7575590/covid-19-exposure-notices/
  • California: The state is struggling to contain the virus - https://www.bbc.co.uk/news/election-us-2020-55578098
  • Students returning home may have caused 9,400 secondary COVID-19 infections across UK https://scienmag.com/students-returning-home-may-have-caused-9400-secondary-covid-19-infections-across-uk/
  • Ireland has the world's highest Covid-19 rate. How did it go so wrong? https://www.cnn.com/2021/01/12/europe/ireland-covid-rate-intl/index.html
  • At least two gorillas at San Diego Zoo tested positive for Covid-19, in the first known cases among great apes https://www.cnn.com/2021/01/11/us/apes-covid-19-san-diego-zoo-scn-trnd/index.html

• New Variants:

  • UK variant could drive 'rapid growth' in US cases, CDC warns https://www.bbc.co.uk/news/world-us-canada-55684878
  • How worrying are the UK, South Africa, and Brazil coronavirus variants? https://www.bbc.co.uk/news/health-55659820
  • How tracking variants of the novel coronavirus is like building a family tree https://globalnews.ca/news/7567835/covid-19-variant-research/
  • The Coronavirus Is Evolving Before Our Eyes https://www.theatlantic.com/health/archive/2021/01/coronavirus-mutations-variants/617694/

• Impact:

  • The COVID-19 pandemic in brazil has overwhelmed its health systems https://scienmag.com/the-covid-19-pandemic-in-brazil-has-overwhelmed-its-health-systems/
  • WHO: Second year of pandemic ‘could even be tougher’ as coronavirus surges https://globalnews.ca/news/7573929/who-year-2-coronavirus-pandemic/
  • Long-haulers claim they’ve been left to fend for themselves https://globalnews.ca/news/7558364/coronavirus-long-haulers-10-months-later/

• Guidance, Response, and Recovery:

  • Canada building facilities to make vaccines for COVID-19 and other viruses https://www.cbc.ca/news/health/vaccine-development-production-in-canada-1.5868398
  • Canada-U.S. border closure extended to Feb. 21 https://globalnews.ca/news/7570781/coronavirus-canada-us-border-closure-february-21/
  • Ontario extends nearly all emergency orders under Reopening Ontario Act another 30 days https://toronto.ctvnews.ca/ontario-extends-nearly-all-emergency-orders-under-reopening-ontario-act-another-30-days-1.5269684
  • Ontario health officials chastise residents for ignoring basic public health advice https://www.cp24.com/news/how-much-clearer-could-we-be-ontario-health-official-admonishes-some-residents-for-flouting-public-health-advice-1.5267295
  • OPP reveals how it is enforcing Ontario's stay-at-home order https://toronto.ctvnews.ca/opp-reveals-how-it-is-enforcing-ontario-s-stay-at-home-order-1.5268877
  • Ontario stay-at-home order in effect, but police can’t randomly stop people https://globalnews.ca/news/7576649/ontario-stay-at-home-order-enforcement-coronavirus/
  • Ontario orders halt to residential evictions during state of emergency https://toronto.ctvnews.ca/ontario-orders-halt-to-residential-evictions-during-state-of-emergency-1.5266879
  • Ontario addresses confusion about new stay-at-home rules https://toronto.ctvnews.ca/ontario-addresses-confusion-about-new-stay-at-home-rules-these-are-the-answers-to-your-top-questions-1.5264068
  • TTC facing calls from riders, operators for better safety measures https://toronto.ctvnews.ca/ttc-facing-calls-from-riders-operators-for-better-safety-measures-1.5267188
  • Canada Considers Ban On Outbound International Travel https://www.traveloffpath.com/canada-considers-ban-on-outbound-international-travel/
  • Big White cluster grows another 19 cases to 162 https://globalnews.ca/news/7571710/big-white-cluster-grows-19-cases/
  • UK to close all travel corridors from Monday https://www.bbc.co.uk/news/uk-55681861
  • Air passengers entering U.S. must have pre-arrival negative COVID-19 test https://globalnews.ca/news/7574948/us-canada-air-travel-covid-19-test/
  • France PM Castex announces tighter curfew https://www.bbc.co.uk/news/world-europe-55669172
  • China builds new hospital in 5 days to fight surge in coronavirus cases https://globalnews.ca/news/7580618/china-coronavirus-hospital-5-days/
  • Lebanon to impose round-the-clock curfew as cases spike https://www.bbc.co.uk/news/world-middle-east-55631398
  • More COVID-19 rules? Experts say ‘band-aid solutions’ won’t deal with the source https://globalnews.ca/news/7578310/coronavirus-covid-19-canada-lockdown-restrictions/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Hamilton lab apologizes after 31 people receive incorrect COVID-19 test results https://toronto.ctvnews.ca/hamilton-lab-apologizes-after-31-people-receive-incorrect-covid-19-test-results-1.5262215
  • WHO team probing origin of virus arrives in China https://www.bbc.co.uk/news/world-asia-china-55657781, https://globalnews.ca/news/7575573/who-team-investigation-wuhan-coronavirus-origins/
  • Rapid blood test identifies COVID-19 patients at high risk of severe disease https://scienmag.com/rapid-blood-test-identifies-covid-19-patients-at-high-risk-of-severe-disease/
  • Iceland Genetically Sequences Every COVID-19 Case in World-Leading Strategy https://www.sciencealert.com/iceland-tracks-and-contains-covid-19-by-genetically-sequencing-every-positive-case
  • We Don’t Know How Many People Have Recovered From COVID-19 https://www.theatlantic.com/health/archive/2021/01/how-many-have-recovered-covid-19-we-dont-know/617679/
  • The Black Hole in America’s COVID-19 Data https://www.theatlantic.com/health/archive/2021/01/rapid-antigen-covid19-tests-unreported/617668/
  • New promising antibodies against SARS-CoV-2 https://scienmag.com/new-promising-antibodies-against-sars-cov-2/
  • Scientists identify “immune cop” that detects SARS-CoV-2 https://scienmag.com/scientists-identify-immune-cop-that-detects-sars-cov-2/
  • Animal sanctuary says surrenders on the rise during COVID-19 pandemic https://globalnews.ca/news/7579462/animal-sanctuary-surrenders-coronavirus-pandemic/

• Immunity, Vaccines, and Vaccination:

  • How Nine Covid-19 Vaccines Work https://www.nytimes.com/interactive/2021/health/how-covid-19-vaccines-work.html
  • Norwegian health officials have adjusted their advice on who gets a COVID-19 vaccine as 29 frail elderly people die https://www.businessinsider.com/norway-raises-concern-of-covid-19-vaccine-on-frail-elderly-2021-1
  • The country vaccinating younger people first https://www.bbc.co.uk/news/world-asia-55620356
  • Vaccine passports: what are they and do they pose a danger to privacy? https://www.theguardian.com/society/2021/jan/15/covid-vaccine-passports-what-are-they-and-do-they-pose-a-danger-to-privacy
  • The Problem With Vaccine Websites https://www.nytimes.com/2021/01/12/technology/the-problem-with-vaccine-websites.html
  • Confidence in Chinese vaccines has taken a hit. But as coronavirus cases grow, some countries are still pushing ahead https://www.cnn.com/2021/01/17/asia/sinovac-vaccine-asia-efficacy-intl-hnk/index.html
  • Pfizer could withdraw vaccine supply from Quebec if two-dose schedule not followed: Legault https://montreal.ctvnews.ca/pfizer-could-withdraw-vaccine-supply-from-quebec-if-two-dose-schedule-not-followed-legault-1.5262256
  • Ontario considers delaying second COVID-19 doses ahead of potential vaccine shortage https://toronto.ctvnews.ca/ontario-considers-delaying-second-covid-19-doses-ahead-of-potential-vaccine-shortage-1.5268893
  • 64% of Canadians in favour of mandatory coronavirus vaccines https://globalnews.ca/news/7576390/coronavirus-covid-19-vaccine-mandatory-ipsos-poll/
  • All of Toronto’s long-term care homes have held clinics offering 1st COVID-19 vaccine dose https://globalnews.ca/news/7579351/coronavirus-toronto-long-term-care-homes-vaccines/
  • Canada has now given enough COVID-19 vaccine doses to cover 1 per cent of the population https://www.ctvnews.ca/health/coronavirus/canada-has-now-given-enough-covid-19-vaccine-doses-to-cover-1-per-cent-of-the-population-1.5264794
  • Canada in agreement to buy 20M more Pfizer vaccines https://globalnews.ca/news/7570648/coronavirus-vaccine-rollout-justin-trudeau/
  • Ontario releases list of those eligible for COVID-19 vaccine under Phase 2 https://toronto.ctvnews.ca/ontario-releases-list-of-those-eligible-for-covid-19-vaccine-under-phase-2-1.5264702
  • England 'delivering 140 vaccine jabs a minute' https://www.bbc.co.uk/news/uk-55694967
  • The U.K. has vaccinated more people than it has confirmed COVID-19 cases https://globalnews.ca/news/7581753/uk-coronavirus-vaccinations/
  • 'We did not want to waste them': Top Ontario vaccine official says after non-front-line staff get shot https://toronto.ctvnews.ca/we-did-not-want-to-waste-them-top-ontario-vaccine-official-says-after-non-front-line-staff-get-shot-1.5265368
  • Fraser Health directors, staff accused of jumping COVID-19 vaccine queue in B.C. https://globalnews.ca/news/7572603/coronavirus-fraser-health-vaccine-queue/
  • There are no extra COVID-19 vaccines doses left to send to states https://www.businessinsider.com/no-extra-covid-19-vaccine-doses-left-to-release-us-2021-1
  • Random People Are Lining Up to Get Vaccinated in D.C. Grocery Stores https://www.theatlantic.com/health/archive/2021/01/covid-19-vaccine-giveaways-are-getting-out-control/617669/
  • Florida is becoming a vaccine tourism destination as foreigners and out-of-staters head there to get a COVID-19 shot https://www.businessinsider.com/vaccine-tourists-are-heading-to-florida-to-get-covid-shots-2021-1
  • A quarter of New York City's vaccines are going to people who don't actually live or work there https://www.businessinsider.com/new-york-city-covid-19-vaccine-rules-non-residents-2021-1
  • The super-rich are using luxury concierge services to get COVID-19 vaccine https://globalnews.ca/news/7576534/covid-19-vaccine-knightsbridge-circle-luxury-service/

• Disinformation:

  • COVID-19 Vaccine Documents, Personal Data Leaked https://www.databreachtoday.com/covid-19-vaccine-documents-personal-data-leaked-a-15754
  • Hackers Publish COVID-19 Vaccine Data Stolen From EU Medicines Agency https://www.securityweek.com/hackers-publish-covid-19-vaccine-data-stolen-eu-medicines-agency
  • Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine https://arstechnica.com/information-technology/2021/01/hackers-alter-stolen-regulatory-data-to-sow-mistrust-in-covid-19-vaccine/
  • Covid: The truth behind videos of 'empty' hospitals https://www.bbc.co.uk/news/55560714

• More of the good, the bad, and the ugly:

  • Retired nurses stepping up to help the coronavirus vaccine efforts in London, Ont. https://globalnews.ca/news/7579022/retired-nurses-help-coronavirus-vaccine-london/
  • People being urged to stop calling 911 to ask questions about stay-at-home order https://toronto.ctvnews.ca/people-being-urged-to-stop-calling-911-to-ask-questions-about-stay-at-home-order-1.5267044
  • Nova Scotians warned not to lie to coronavirus contact tracers https://globalnews.ca/news/7579028/nova-scotians-lie-contact-tracers/
  • Yelp lets you tattle on places that don’t enforce masks and social distancing https://www.theverge.com/2021/1/12/22226545/yelp-covid-19-safety-measures-mask-wearing-social-distancing

• There's a been a rash of leaders travelling during the pandemic resulting in public pressure. We note that not all cases are equally bad

  • London, Ont., hospital CEO fired after 5 trips to U.S. during pandemic https://www.cbc.ca/news/canada/london/paul-woods-covid-19-hospital-london-travel-1.5868429
  • 'I did nothing wrong': Chair of Southwestern Ontario's largest hospital resigns amid CEO firing and lawsuit https://london.ctvnews.ca/i-did-nothing-wrong-chair-of-southwestern-ontario-s-largest-hospital-resigns-amid-ceo-firing-and-lawsuit-1.5266612

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Ontario inspectors find 36 of 110 stores violating COVID-19 rules during big-box safety blitz https://toronto.ctvnews.ca/ontario-inspectors-find-36-stores-violating-covid-19-rules-during-big-box-safety-blitz-1.5270432
  • Nine Dollarama stores in Quebec face fines for COVID-19 safety violations https://globalnews.ca/news/7578283/quebec-dollarama-stores-coronavirus-non-compliance/
  • Anti-lockdown protests in Toronto https://toronto.citynews.ca/2021/01/16/police-disperse-anti-lockdown-protest-held-near-yonge-dundas-square/
  • Hamilton police charge organizers of 2 Hugs over Masks events https://globalnews.ca/news/7570808/hamilton-police-charge-organizers-hugs-over-masks/
  • Police charge northern Ontario ice hut owner following violation of COVID-19 restrictions https://globalnews.ca/news/7571674/ontario-ice-hut-owner-coronavirus-restrictions/
  • Husband on leash breached Quebec's Covid curfew https://www.bbc.co.uk/news/world-us-canada-55631198
  • West Van resident slapped with $2,300 COVID-19 fine for late night party at business https://globalnews.ca/news/7577784/west-van-resident-slapped-with-2300-covid-19-fine-for-late-night-party-at-business/
  • Ontario MPP kicked out of PC caucus for calling lockdown 'deadlier than COVID' https://toronto.ctvnews.ca/ontario-mpp-kicked-out-of-pc-caucus-for-calling-lockdown-deadlier-than-covid-1.5268225
  • US Government Agency tells employees to wear masks on video calls to set example https://www.ladbible.com/news/news-us-government-agency-tells-employees-to-wear-masks-on-video-calls-20200814
  • CES showed off the COVID-19 mask gimmick arms race https://www.theverge.com/2021/1/16/22233507/ces-masks-covid-pandemic-capitol-antivirus

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Research Finds There's More Than One Type of Curiosity. Which Do You Have? https://www.sciencealert.com/there-s-more-than-one-type-of-curiosity-which-do-you-have
• Magicians mark 100 years of 'sawing woman in half' trick https://www.bbc.co.uk/news/entertainment-arts-55683508
• The CIA’s Entire Collection of Declassified UFO Documents Is Now Available to Download https://www.mentalfloss.com/article/639763/declassified-cia-ufo-documents-published
• These 1960s megastructures pictured a utopian future https://www.cnn.com/style/article/megastructure-utopian-architecture/index.html
• Nepali climbers make history with winter summit of K2 mountain https://www.bbc.co.uk/news/world-asia-55684149
• Rare 4-Stranded DNA Has Been Observed in Action For The First Time https://www.sciencealert.com/rare-4-stranded-dna-has-been-observed-in-action-for-the-first-time
• Since There’s no Up or Down in Space, How do our Brains Deal With This? https://www.universetoday.com/149559/since-theres-no-up-or-down-in-space-how-do-our-brains-deal-with-this/
• SLS: Nasa's 'megarocket' engine test ends early https://www.bbc.com/news/science-environment-54583588
• A New Satellite Is Going to Try to Maintain low Earth Orbit Without Any Propellant https://www.universetoday.com/149660/a-new-satellite-is-going-to-try-to-maintain-low-earth-orbit-without-any-propellant/
• NASA Has Given Up on Trying to Deploy InSight’s Mole https://www.universetoday.com/149625/nasa-has-given-up-on-trying-to-deploy-insights-mole/
• The UK is Considering Nuclear Propulsion in Space https://www.universetoday.com/149640/the-uk-is-considering-nuclear-propulsion-in-space/
• Astronomers Have Discovered an Alien Planet With Three Suns https://www.sciencealert.com/astronomers-have-found-a-gas-giant-planet-with-three-suns
• Astronomers Find an Astonishing 'Super-Earth' That's Nearly as Old as The Universe https://www.sciencealert.com/an-astonishing-super-earth-exoplanet-is-nearly-as-old-as-the-universe
• Astronomers Have Identified Another Important Aspect of Planets That Could Host Life https://www.sciencealert.com/astronomers-have-identified-another-important-aspect-of-planets-that-could-host-life
• If Wormholes Are Lurking in Our Universe, This Is How We Could Find Them https://www.sciencealert.com/physicists-are-coming-up-with-clever-new-ways-to-keep-up-the-search-for-worm-holes
• Could We Extract Energy From a Black Hole? Scientists Propose a Wild New Plan https://www.sciencealert.com/scientists-have-proposed-a-wild-new-way-of-extracting-energy-from-a-black-hole