This Week's [in]Security - Issue 205

Welcome to This Week’s [in]Security. Big-Hacks. Microsoft-Exchange, SolarWinds, Accellion, CyberCriminal Forums. New breaches: New Ransomware. CNAME Trackers. Contact Tracing. Apple. FLoC. FACTA and Canada. Supply-chain due diligence. Skills Audits. Brave Search. Secure Coding. Chrome. GenuGate. Android RCE. Intel. Saltstack. More Spectre. Wordpress. Voting Machines. Research. RSA. Quantum and Hashing. letterlocking. Trends. Nation States. Crime. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. The Red & Grey Zones. Impact. Immunity, Vaccines, and Vaccination. Disinformation. The Good, Bad, and Ugly (Behaviour). And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• Reaction to last weeks update to Secure SLC Standard v1.1 https://www.dataguidance.com/news/international-pci-ssc-publishes-version-11-secure-slc, https://www.unifiedguru.com/pci-secure-slc-program-expands-vendor-eligibility-with-version-1-1/, https://hospitalitytech.com/pci-security-standards-council-publishes-version-11-secure-software-lifecycle-slc-standard-and, https://www.helpnetsecurity.com/2021/02/23/pci-slc-1-1/, and https://www.digitaltransactions.net/why-pci-is-refreshing-its-software-lifecycle-standard-and-retiring-pa-dss/
• Call for PCI Speakers https://www.cvent.com/c/abstracts/6ce233cc-dc80-47dd-8e22-01121b22a4a6

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Microsoft-Exchange:

  • CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-cve-2021-26858-cve-2021-27065-four-microsoft-exchange-server-zero-day-vulnerabilities
  • At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
  • Four Microsoft Exchange Zero-Days Exploited by China https://www.schneier.com/blog/archives/2021/03/four-microsoft-exchange-zero-days-exploited-by-china.html
  • Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets https://threatpost.com/microsoft-exchange-zero-day-attackers-spy/164438/
  • Microsoft issues emergency patches for 4 exploited 0-days in Exchange https://arstechnica.com/information-technology/2021/03/microsoft-issues-emergency-patches-for-4-exploited-0days-in-exchange/
  • Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/

• SolarWinds:

  • Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers https://threatpost.com/microsoft-fireeye-malware-solarwinds/164512/
  • Recovering from the SolarWinds hack could take 18 months https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/
  • SolarWinds security fiasco may have started with simple password blunders https://www.zdnet.com/article/solarwinds-security-fiasco-may-have-started-with-simple-password-blunders
  • Three New Malware Strains Linked to SolarWinds Hackers https://www.securityweek.com/three-new-malware-strains-linked-solarwinds-hackers

• Accellion:

  • Accellion Attack Involved Extensive Reverse Engineering https://www.databreachtoday.com/blogs/accellion-attack-involved-extensive-reverse-engineering-p-3001
  • Accellion zero-day claims a new victim in cybersecurity company Qualys https://www.zdnet.com/article/accellion-zero-day-claims-a-new-victim-in-cybersecurity-company-qualys
  • Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit https://thehackernews.com/2021/03/extortion-gang-breaches-cybersecurity.html
  • Mandiant issues final report on its investigation into Accellion breach https://www.databreaches.net/mandiant-issues-final-report-on-its-investigation-into-accellion-breach/
  • Qualys Update on Accellion FTA Security Incident https://blog.qualys.com/vulnerabilities-research/2021/03/03/qualys-update-on-accellion-fta-security-incident
  • US: Trillium Community Health Plan members impacted by Accellion breach https://www.databreaches.net/trillium-community-health-plan-members-impacted-by-accellion-breach/
  • Southern Illinois University School of Medicine impacted by Accellion breach, notifies patients https://www.databreaches.net/southern-illinois-university-school-of-medicine-impacted-by-accellion-breach-notifies-patients/

• CyberCriminal Forums:

  • Maza Russian cybercriminal forum suffers data breach https://www.zdnet.com/article/maza-russian-cybercriminal-forum-suffers-data-breach
  • Three Top Russian Cybercrime Forums Hacked https://krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/
  • Friendly fire: Four well-known cybercriminal forums dealing with breaches https://www.databreaches.net/friendly-fire-four-well-known-cybercriminal-forums-dealing-with-breaches/

• New Breaches:

  • Data Analytics Firm Polecat Exposed 30 TB of Data https://www.databreachtoday.com/data-analytics-firm-polecat-exposed-30-tb-data-a-16114
  • Ticketcounter - 1,921,722 breached accounts https://haveibeenpwned.com/PwnedWebsites#Ticketcounter and https://www.databreaches.net/european-e-ticketing-platform-ticketcounter-extorted-in-data-breach/
  • Thousands of Android and iOS Apps Leak Data From the Cloud https://www.wired.com/story/ios-android-leaky-apps-cloud
  • Gab Has Been Breached https://www.troyhunt.com/gab-has-been-breached/, https://www.databreaches.net/gableaks-claims-by-gab-refuted-by-ddosecrets-com/, https://www.wired.com/story/gab-cto-critical-vulnerability and https://arstechnica.com/gadgets/2021/03/rookie-coding-mistake-prior-to-gab-hack-came-from-sites-cto/
  • Right-wing militants furious after data leak exposes their involvement in paramilitary group https://www.databreaches.net/right-wing-militants-furious-after-data-leak-exposes-their-involvement-in-paramilitary-group/
  • Data of 580,000 Singapore Airlines customers leaked in SITA security breach https://www.databreaches.net/data-of-580000-singapore-airlines-customers-leaked-in-sita-security-breach/
  • Indian Vaccine Makers, Oxford Lab Reportedly Hacked https://www.databreachtoday.com/indian-vaccine-makers-oxford-lab-reportedly-hacked-a-16084
  • Malaysia Airlines Security Incident Spanned 9 Years https://www.zdnet.com/article/malaysia-airlines-suffers-data-security-incident-spanning-nine-years/ and https://threatpost.com/malaysia-air-downplays-data-breach/164472/
  • Massive Supply-Chain Cyberattack Breaches Several Airlines https://threatpost.com/supply-chain-cyberattack-airlines/164549/
  • Oxfam - 1,834,006 breached accounts https://haveibeenpwned.com/PwnedWebsites#Oxfam
  • Petersburg Medical Center talks about breach; says hospital will get new health records system https://www.databreaches.net/petersburg-medical-center-talks-about-breach-says-hospital-will-get-new-health-records-system/
  • American Armed Forces Mutual Aid Association hack impacted more than 161,000 https://www.databreaches.net/american-armed-forces-mutual-aid-association-hack-impacted-more-than-161000/
  • Texas Elara Caring notifies more than 100,000 patients after corporate email accounts hacked https://www.databreaches.net/tx-elara-caring-notifies-more-than-100000-patients-after-corporate-email-accounts-hacked/
  • Personal data of 50,000 Nova Scotia health-care workers may have been compromised by Accellion breach https://www.databreaches.net/ca-personal-data-of-50000-n-s-health-care-workers-may-have-been-compromised-by-accellion-breach/
  • Hollywood’s Elite Private Schools Hacked https://www.databreaches.net/hollywoods-elite-private-schools-hacked/
  • Russian Cybercriminal Forum 'Maza' Breached https://www.databreachtoday.com/russian-cybercriminal-forum-maza-breached-a-16109
  • Security breach prompts lockdown of some Manitoba student databases https://www.databreaches.net/security-breach-prompts-lockdown-of-some-manitoba-student-databases/
  • CA: St. Agnes Medical Center patient data compromised in email breach at St. Alphonsus https://www.databreaches.net/ca-st-agnes-medical-center-patient-data-compromised-in-email-breach-at-st-alphonsus/
  • Housing corporation Stadgenoot hacked; data stolen 30,000 people https://www.databreaches.net/housing-corporation-stadgenoot-hacked-data-stolen-30000-people/

• New Ransomware and "Incidents":

  • Mark of Ransomware's Success: $370 Million in 2020 Profits https://www.databreachtoday.com/mark-ransomwares-success-370-million-in-2020-profits-a-16121
  • Ransomware gang plans to call victim’s business partners about attacks https://www.databreaches.net/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/
  • Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware https://thehackernews.com/2021/03/researchers-unearth-links-between.html
  • Ryuk Ransomware: Now with Worming Self-Propagation https://threatpost.com/ryuk-ransomware-worming-self-propagation/164412/
  • Crypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak https://www.databreaches.net/crypto-firm-tether-says-it-wont-pay-24-million-ransom-after-being-threatened-with-document-leak/
  • Payroll/HR Giant PrismHR Hit by Ransomware? https://krebsonsecurity.com/2021/03/payroll-hr-giant-prismhr-hit-by-ransomware/
  • Czech officials in Prague ‘hit by massive cyber attack’ https://www.databreaches.net/czech-officials-in-prague-hit-by-massive-cyber-attack/
  • Brazil Cyber ​​attack on the CPTrans website and the Educa em Casa platform https://www.databreaches.net/br-cyber-%e2%80%8b%e2%80%8battack-on-the-cptrans-website-and-the-educa-em-casa-platform/
  • Japanese Consulting firm hit with ransomware; 350 households have info possibly leaked https://www.databreaches.net/jp-consulting-firm-hit-with-ransomware-350-households-have-info-possibly-leaked/
  • NC: FBI investigating 8-day cyber attack after ransomware attack on Allergy Partners https://www.databreaches.net/nc-fbi-investigating-8-day-cyber-attack-after-ransomware-attack-on-allergy-partners/
  • Ransomware attacks of two more medical entities disclosed: one in U.S., one in Canada https://www.databreaches.net/ransomware-attacks-of-two-more-medical-entities-disclosed-one-in-u-s-one-in-canada/
  • Texas ProPath Notifies Patients of Data Security Incident https://www.databreaches.net/tx-propath-notifies-patients-of-data-security-incident/

• Follow-ups and fall-out:

  • Why do companies fail to stop breaches despite soaring IT security investment? https://thehackernews.com/2021/03/why-do-companies-fail-to-stop-breaches.html
  • Australia LandMark White data breach trial to put firm under spotlight https://www.databreaches.net/au-landmark-white-data-breach-trial-to-put-firm-under-spotlight/
  • Universal Health Services Takes $67 Million Hit From Cyberattack https://www.securityweek.com/universal-health-services-takes-67-million-hit-cyberattack

Privacy

Articles about privacy related news, risks, and trends.

• AdGuard names 6,000+ web trackers that use CNAME chicanery: Feel free to feed them into your browser's filter https://www.theregister.com/2021/03/04/adguard_cname_tracker/
• Anonymous Tokens with Public Metadata and Applications to Private Contact Tracing, by Tjerand Silde and Martin Strand https://eprint.iacr.org/2021/203
• Bug in Apple's Find My Feature Could've Exposed Users' Location Histories https://thehackernews.com/2021/03/bug-in-apples-find-my-feature-couldve.html
• How to keep your online history private as tracking technology improves https://www.cbc.ca/news/canada/nova-scotia/how-to-keep-online-history-private-tracking-technology-improves-1.5937585
• How to Tell Which Emails Quietly Track You https://www.wired.com/story/how-to-tell-which-emails-track-you
• Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’ https://threatpost.com/critics-googles-browser-cookie-floc/164540/ and https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Is Bill C-10 Unconstitutional? A Former Justice Senior General Counsel Makes the Case It Is https://www.michaelgeist.ca/2021/03/is-bill-c-10-unconstitutional/
  • Misplaced Priorities: Why Has Canada’s Privacy Bill Disappeared from the Government’s Legislative Agenda? https://www.michaelgeist.ca/2021/03/misplaced-prioritiesc11/
  • Electronic and Digital Signatures are not the same https://www.dwpv.com/en/Insights/Publications/2021/Guide-to-Electronic-Signatures-Ontario
  • Sending bank customer info to U.S. avoided potentially ‘catastrophic effects’ https://toronto.citynews.ca/2021/03/02/sending-bank-customer-info-to-u-s-avoided-potentially-catastrophic-effects-canada/

• US:

  • Officials in Baltimore and St. Louis Put the Brakes on Persistent Surveillance Systems Spy Planes https://www.eff.org/deeplinks/2021/03/officials-baltimore-and-st-louis-put-brakes-persistent-surveillance-systems-spy
  • Virginia Governor Signs Consumer Data Protection Act https://epic.org/2021/03/virginia-governor-signs-consum.html
  • Who Has Standing in a Data Breach Litigation? In The Third Circuit, Fear of Speculative Future Harm Still Doesn’t Cut It https://www.databreaches.net/who-has-standing-in-a-data-breach-litigation-in-the-third-circuit-fear-of-speculative-future-harm-still-doesnt-cut-it/
  • NYDFS Penalizes Mortgage Company For Not Disclosing 2019 Breach https://www.databreaches.net/nydfs-penalizes-mortgage-company-for-not-disclosing-2019-breach/
  • Why You Can’t Sue Your Broadband Monopoly https://www.eff.org/deeplinks/2021/03/why-you-cant-sue-your-broadband-monopoly
  • A jury says Intel owes $2.18 billion for infringing a zombie chip company’s patents https://www.theverge.com/2021/3/2/22309864/intel-vlsi-lawsuit-awarded-2-billion-damages-patent-infringement
  • Court Upholds Insurers’ Denial of $6M Crime Claim for Phishing Loss https://www.databreaches.net/court-upholds-insurers-denial-of-6m-crime-claim-for-phishing-loss/
  • Parler sues Amazon (again), claims AWS ban sank a billion-dollar valuation https://arstechnica.com/tech-policy/2021/03/parler-sues-amazon-again-claims-aws-ban-sank-a-billion-dollar-valuation/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• In a year of supply-chain attacks, do you have your business associate agreements in place? https://www.databreaches.net/in-a-year-of-supply-chain-attacks-do-you-have-your-business-associate-agreements-in-place/
• Here’s why it’s important to audit your Amazon Alexa skills (and how to do it) https://www.theverge.com/2021/3/5/22315211/amazon-alexa-skills-how-to-remove-security-privacy-problems
• Privacy-First Browser Brave Is Launching a Search Engine https://www.wired.com/story/privacy-first-browser-brave-launching-search-engine
• Tenable Capture the Flag 2021: The Results Are In! https://www.tenable.com/blog/tenable-capture-the-flag-2021-the-results-are-in
• The best free password manager https://www.theverge.com/22311182/best-free-password-manager-bitwarden-zoho-vault-roboform-sticky-password
• This Is the Fastest Random-Number Generator Ever Built https://www.scientificamerican.com/article/this-is-the-fastest-random-number-generator-ever-built/ and https://www.zdnet.com/article/scientists-have-built-this-an-ultrafast-laser-powered-random-number-generator/
• NSA, DHS Issue Guidance on Protective DNS https://www.securityweek.com/nsa-dhs-issue-guidance-protective-dns

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Flaws Fixed Incorrectly, As Secure Coding Education Lags https://www.scmagazine.com/home/patch-management/flaws-fixed-incorrectly-as-secure-coding-education-lags/
• New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP! https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html
• Firewall Vendor Patches Critical Auth Bypass Flaw https://threatpost.com/firewall-critical-security-flaw/164347/
• Google Patches Critical Remote Code Execution Vulnerability in Android https://www.securityweek.com/google-patches-critical-remote-code-execution-vulnerability-android
• Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds https://www.theregister.com/2021/03/08/intel_ring_flaw/
• Proof of concept code published for latest Saltstack CVE: Don't be an update laggard https://www.theregister.com/2021/03/03/saltstack_cve_poc_exploit_code/
• Should You Be Concerned About the Recently Leaked Spectre Exploits? https://www.securityweek.com/should-you-be-concerned-about-recently-leaked-spectre-exploits
• Vulnerability Spotlight: Remote code execution vulnerability in WebKit WebAudio API https://blog.talosintelligence.com/2021/03/vuln-spotlight-webkit-audio-api.html
• WordPress Injection Anchors Widespread Malware Campaign https://threatpost.com/wordpress-injection-malware-campaign/164555/
• U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures https://threatpost.com/dod-weapons-programs-lack-cybersecurity/164545/
• THE HEALTHCARE INTERNET OF THINGS – FOR BETTER OR WORSE https://blog.isc2.org/isc2_blog/2021/03/the-healthcare-internet-of-things-for-better-or-worse.html
• Voting Machine Hashcode Testing: Unsurprisingly insecure, and surprisingly insecure https://freedom-to-tinker.com/2021/03/05/voting-machine-hashcode-testing-unsurprisingly-insecure-and-surprisingly-insecure/

• Research:

  • Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory http://www.fireeye.com/blog/threat-research/2021/03/fuzzing-image-parsing-in-windows-uninitialized-memory.html
  • No, RSA Is Not Broken https://www.schneier.com/blog/archives/2021/03/no-rsa-is-not-broken.html
  • New Public-Key Crypto-System EHT, by Alessandro Budroni and Igor Semaev https://eprint.iacr.org/2021/234
  • Post-quantum Security of OAEP Transform, by Ehsan Ebrahimi https://eprint.iacr.org/2021/237
  • Quantum Collision Attacks on Reduced SHA-256 and SHA-512, by Akinori Hosoyamada and Yu Sasaki https://eprint.iacr.org/2021/292
  • Reactive Key-Loss Protection in Blockchains, by Sam Blackshear and Konstantinos Chalkias and Panagiotis Chatzigiannis and Riyaz Faizullabhoy and Irakliy Khaburzaniya and Eleftherios Kokoris Kogias and Joshua Lind and David Wong and Tim Zakian https://eprint.iacr.org/2021/289
  • Sampling methods for cryptographic tests , by George Marinakis https://eprint.iacr.org/2021/209
  • A Deeper Look at Machine Learning-Based Cryptanalysis, by Adrien Benamira and David Gerault and Thomas Peyrin and Quan Quan Tan https://eprint.iacr.org/2021/287
  • LL-ORAM: A Forward and Backward Private Oblivious RAM, by Zhiqiang Wu and Xiaoyong Tang and Jin Wang and Tan Deng https://eprint.iacr.org/2021/231
  • Fun with DNS over TLS (DoT), (Mon, Mar 1st) https://isc.sans.edu/diary/rss/27150
  • 17th century tamper detection method 'letterlocking' bypassed with dental X-rays and virtual unfolding https://phys.org/news/2021-03-secrets-17th-century-letters-revealed.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events:

  • More on Dependency Confusion - new type of supply-chain attack with serious consequences is flourishing https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
  • Compromised Website Images Camouflage ObliqueRAT Malware https://threatpost.com/website-images-obliquerat-malware/164395/
  • Emotet One Month After the Takedown https://www.trendmicro.com/en_us/research/21/c/emotet-one-month-after-the-takedown.html
  • Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites https://thehackernews.com/2021/03/gootkit-rat-using-seo-to-distribute.html
  • Hackers are finding ways to hide inside Apple’s walled garden https://www.technologyreview.com/2021/03/01/1020089/apple-walled-garden-hackers-protected/
  • Hackers Control Perl.com Domain Months Before Hijack https://www.securityweek.com/hackers-control-perlcom-domain-months-hijack
  • Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
  • Phishing Attack Uses Fake Google reCAPTCHA https://www.databreachtoday.com/phishing-attack-uses-fake-google-recaptcha-a-16132

• Nation State Actors:

  • China’s and Russia’s spying spree will take years to unpack https://arstechnica.com/information-technology/2021/03/chinas-and-russias-spying-spree-will-take-years-to-unpack/
  • Chinese Hackers Targeted India's Power Grid Amid Geopolitical Tensions https://thehackernews.com/2021/03/chinese-hackers-targeted-indias-power.html

• Crime & Arrests, etc.:

  • Two New Account Frauds You Should Be Investigating https://www.imperva.com/blog/two-new-account-frauds-you-should-be-investigating/
  • Ca: Snooping employee showed interest in pregnant women’s medical records, says lawyer https://www.databreaches.net/ca-snooping-employee-showed-interest-in-pregnant-womens-medical-records-says-lawyer/
  • John McAfee charged with securities fraud for ‘pump and dump’ cryptocurrency scheme https://www.theverge.com/2021/3/5/22315494/john-mcafee-fraud-securities-scheme-charges-cryptocurrency

Other Security / Risk

Articles covering other types of risks.

• The Latest Chatbots Are Capable of 'Resurrecting' The Dead - If We Let Them https://www.sciencealert.com/the-latest-chatbots-are-capable-of-resurrecting-the-dead-if-we-let-them
• It's not easy being green: EV HTTPS cert seller Sectigo questions Chrome's logic in burying EV HTTPS cert info https://www.theregister.com/2021/03/03/sectigo_google_certificates/
• What the AT&T Breakup Teaches Us About a Big Tech Breakup https://www.eff.org/deeplinks/2021/02/what-att-breakup-teaches-us-about-big-tech-breakup
• Hacking is not a crime – and the media should stop using 'hacker' as a pejorative https://www.theregister.com/2021/03/03/debate_hackers_for/
• Biden Must Take Immediate Action to Reduce the Risk of Nuclear War https://www.scientificamerican.com/article/biden-must-take-immediate-action-to-reduce-the-risk-of-nuclear-war/
• ‘Very Montreal’: Snowboarders captured riding down Olympic Stadium https://globalnews.ca/news/7672293/snowboaders-captured-riding-down-olympic-stadium/
• How a car scores zero stars in crash testing https://www.businessinsider.com/how-cars-can-score-zero-stars-in-crash-test-2021-03
• Toronto is getting 50 new speed enforcement cameras. Here's where they will be https://toronto.ctvnews.ca/toronto-is-getting-50-new-speed-enforcement-cameras-here-s-where-they-will-be-1.5335810
• Threat Model Humor https://www.schneier.com/blog/archives/2021/03/threat-model-humor.html

• Health, Safety & Environment:

  • Toronto sees uptick in raccoon bites during the pandemic https://www.cbc.ca/news/canada/toronto/city-raccoon-bite-warning-1.5933623
  • Cost of Carbon Pollution Pegged at $51 a Ton https://www.scientificamerican.com/article/cost-of-carbon-pollution-pegged-at-51-a-ton/
  • The 'LitterCam' that's watching - and fining - you https://www.bbc.co.uk/news/uk-56255823
  • ‘Egg carton’ quantum dot array could lead to ultralow power devices https://scienmag.com/egg-carton-quantum-dot-array-could-lead-to-ultralow-power-devices/
  • How can we make washing machines last? https://www.bbc.co.uk/news/business-56167505
  • Is Toyota’s fuel cell module a hydrogen breakthrough? https://asiatimes.com/2021/03/is-toyotas-fuel-cell-module-a-hydrogen-breakthrough/
  • Nissan Claims Gasoline Engine Tech Breakthrough https://carbuzz.com/news/nissans-claims-a-gasoline-engine-tech-breakthrough
  • Biggest, fastest-known asteroid to pass by Earth later this month https://www.ctvnews.ca/sci-tech/biggest-fastest-known-asteroid-to-pass-by-earth-later-this-month-1.5334659
  • Large asteroid Apophis will safely fly by Earth on Friday (it did, next time it will be really close) https://www.space.com/asteroid-apophis-march-2021-flyby
  • Enjoy It While It Lasts: Dropping Oxygen Will Eventually Suffocate Most Life on Earth https://www.sciencealert.com/earth-s-atmosphere-could-return-to-a-methane-rich-low-oxygen-state-in-a-billion-years-or-so

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • New COVID-19 cases in Ontario drop below 1,000 mark for first time in a week https://toronto.ctvnews.ca/new-covid-19-cases-in-ontario-drop-below-1-000-mark-for-first-time-in-a-week-1.5329994 and https://globalnews.ca/news/7672044/covid-19-outbreak-cases-jump-peterborough-student-residence-coronavirus/
  • Peterborough student residence outbreak could lead to community lockdown: Medical Officer of Health https://globalnews.ca/news/7669842/peterborough-student-residence-outbreak-community-wide-lockdown/
  • This poster shows how a B.C. pub trivia night turned into a COVID-19 superspreader event https://globalnews.ca/news/7674778/bc-pub-trivia-night-covid-19-superspreader-poster/

• New Variants:

  • Covid Brazil variant 'may spread more easily' https://www.bbc.co.uk/news/health-56252779

• Guidance, Response, and Recovery:

  • Commons committee to study safety of quarantine hotels, at-home inspections https://www.ctvnews.ca/politics/commons-committee-to-study-safety-of-quarantine-hotels-at-home-inspections-1.5329120
  • Ontario's Colour Coded COVID Reopening Zones Explained https://toronto.citynews.ca/2021/03/05/grey-zone-red-faq-ontario-covid19/
  • So you got a COVID-19 shot. Now what can you do? https://globalnews.ca/news/7674934/covid-19-vaccine-health-measures/
  • Ontarians need 'realistic' guidance on seeing friends, relatives, expert says https://toronto.ctvnews.ca/ontarians-need-realistic-guidance-on-seeing-friends-relatives-expert-says-1.5330840

• Impact:

  • Canadian economy posted its worst showing on record in 2020 https://www.ctvnews.ca/business/canadian-economy-posted-its-worst-showing-on-record-in-2020-1.5329769
  • KFC, Burger King, and Smashburger are all bringing food lockers to their restaurants. Here's why they're poised to be the next big thing in fast food. https://www.businessinsider.com/what-are-food-lockers-kfc-burger-king-smashburger-2021-3

• Treatments, Testing, Triage, Trials, and things we Learned:

  • The Atlantic Daily: How Our Pandemic Public-Health Messaging Backfired https://www.theatlantic.com/newsletters/archive/2021/03/pandemic-mistakes-we-keep-repeating/618194/
  • ‘When will it end?’: New data suggests COVID-19 could become endemic https://globalnews.ca/news/7675174/coronavirus-pandemic-end7675174/
  • People Are Accidentally Poisoning Themselves Trying to Treat COVID With a Horse Drug https://www.sciencealert.com/people-are-accidentally-poisoning-themselves-using-horse-de-worming-drug-for-covid-19

• Immunity, Vaccines, and Vaccination:

  • Vaccine Hoarding Could Make The Pandemic Drag on an Extra 7 Years https://www.sciencealert.com/vaccine-hoarding-could-make-the-pandemic-drag-on-for-many-more-years
  • Here’s what Ontario’s latest vaccine plan says https://www.tvo.org/article/heres-what-ontarios-latest-vaccine-plan-says
  • Canada on track to get nearly 1M vaccines this week and next: officials https://globalnews.ca/news/7672092/canada-coronavirus-vaccines-one-million-doses/
  • Ford government wants to push back second dose of COVID-19 vaccines to four months https://toronto.ctvnews.ca/ford-government-wants-to-push-back-second-dose-of-covid-19-vaccines-to-four-months-1.5329124
  • Freezer failures and damaged vials behind wasted COVID-19 vaccines in Ontario https://toronto.ctvnews.ca/freezer-failures-and-damaged-vials-behind-wasted-covid-19-vaccines-in-ontario-1.5333298
  • Canada approves Johnson & Johnson’s 1-shot COVID-19 vaccine https://globalnews.ca/news/7669402/canada-approves-johnson-and-johnson-vaccine/
  • Thousands of people who visited a COVID-19 vaccination site in California received the wrong dosage, report says https://www.businessinsider.com/california-thousands-received-wrong-covid-19-vaccine-dosage-report-2021-3
  • Italy 'blocks' AstraZeneca vaccine shipment to Australia https://www.bbc.co.uk/news/world-europe-56279202
  • Why many in Russia are reluctant to have Sputnik vaccine https://www.bbc.co.uk/news/world-europe-56250456
  • Russia has struck deals to supply its vaccine to over 40 countries, as poorer nations struggle to access Western shots https://www.businessinsider.com/russia-sputnik-vaccine-40-countries-west-hoards-shots-2021-3

• Disinformation:

  • Ontario doctor cautioned by regulators for spreading COVID-19 misinformation https://globalnews.ca/news/7676791/ontario-doctor-covid-19-misinformation/
  • Russian intelligence reportedly used fake news sites to spread misinformation about coronavirus vaccines https://www.theverge.com/2021/3/7/22318113/russia-intelligence-fake-news-spread-misinformation-coronavirus-vaccines

• More of the good, the bad, and the ugly:

  • Police break up 'fake vaccine network' in China and South Africa https://www.bbc.co.uk/news/world-africa-56270243
  • Verizon’s NFL Covid-19 Screening Cameras Are Based on Bad Science and Questionable Chinese Hardware https://theintercept.com/2021/03/03/covid-verizon-nfl-fever-thermal-imaging/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Ontario woman forced to pay $3,458 hotel quarantine bill for one-night stay after returning to Canada from father's funeral https://toronto.ctvnews.ca/ontario-woman-forced-to-pay-3-458-hotel-quarantine-bill-for-one-night-stay-after-returning-to-canada-from-father-s-funeral-1.5329229
  • Registered nurse could face discipline after refusing COVID-19 testing, quarantine at Toronto airport https://www.cbc.ca/news/canada/toronto/registered-nurse-could-face-discipline-from-regulator-1.5937126

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Almost 1000 Young Women Just Became the First Female Eagle Scouts in Boy Scout History https://www.mentalfloss.com/article/642930/boy-scouts-induct-first-female-eagle-scouts
• ‘A Bluetooth mouse’–you can wirelessly read a mouse’s mind https://scienmag.com/a-bluetooth-mouse-you-can-wirelessly-read-a-mouses-mind/
• A Cephalopod Has Passed a Cognitive Test Designed For Human Children https://www.sciencealert.com/cuttlefish-can-pass-a-cognitive-test-designed-for-children
• In a Momentous Discovery, Scientists Show Neanderthals Could Produce Human-Like Speech https://www.sciencealert.com/neanderthals-could-both-hear-and-produce-human-like-speech
• 'Hovering ship' photographed off British coast https://www.bbc.co.uk/news/uk-england-cornwall-56286719
• Physicists Just Found 4 New Subatomic Particles That May Test The Laws of Nature https://www.sciencealert.com/scientists-just-discovered-four-new-subatomic-particles-all-tetraquarks
• SpaceX lands Starship prototype for the first time — and then it blows up https://www.theverge.com/2021/3/3/22311916/spacex-starship-prototype-landing-successful
• Billionaire offering ‘free ticket to the moon’ on SpaceX Starship https://globalnews.ca/news/7673958/spacex-moon-starship-flight/
• Mars rover's 1st test drive went so well that NASA took another https://www.cbc.ca/news/technology/nasa-mars-rover-test-drive-perseverance-1.5939218
• Jupiter has Added a Comet to its Trojan Collection https://www.universetoday.com/150359/jupiter-has-added-a-comet-to-its-trojan-collection/
• Engineers Have Proposed The First Model For a Physically Possible Warp Drive https://www.sciencealert.com/engineers-have-proposed-the-first-model-for-a-physical-warp-drive
• Astronomers Have Found The First Evidence For Tectonic Activity on an Exoplanet https://www.sciencealert.com/astronomers-have-found-the-first-evidence-for-tectonic-activity-on-an-exoplanet
• 50, 100 & 150 Years Ago: March 2021 https://www.scientificamerican.com/article/50-100-150-years-ago-march-2021/