This Week's [in]Security - Issue 206 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI Updates. PIN v3.1. PIN Block Format 4 Deprecated. Exchange server mass-exploitation. Big F5 has big CVE's. SolarWinds & Accellion. New breaches: More CRA account problems. Walmart. Massive Security Camera Breach. GitHub. Bad Blockchain. Healthcare. New Ransomware. Followups & Fall-out. No Undo! DarkNetWorth. Crypto-wars. Fuzzing. Zero-days. ZeroDays. GitGate!? Redaction Failure. IoT: Smartmeters. SAP. Research. New CSS tracking side- channel attack. Trends. SolarWinds. Nation States. Crime. AI. The EFF Follies. LastPass. Non-fungible tokens. Hackers. Disinformation. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• Updates from the PCI Council:

  • Just Released: Version 3.1 of the PCI PIN Security Standard https://blog.pcisecuritystandards.org/just-released-version-3-1-of-the-pci-pin-security-standard
  • PCI Security Standards Bulletin: PCI SSC Announces Suspension of ISO Format 4 Pin Block Support Dates https://www.pcisecuritystandards.org/pdfs/PCI_ISO_Format_4_PIN_Blocks_Support_Date_Suspension_Bulletin.pdf

• Other Payment News:

  • A Sneak Peek From Visa Shows U.S. Debit Volume Growth Continues As Credit Volume Dips https://www.digitaltransactions.net/a-sneak-peak-from-visa-shows-u-s-debit-volume-growth-continues-as-credit-volume-dips/
  • The Architect of Debit Price Caps Attacks Visa And Mastercard for Planned Credit Card Hikes https://www.digitaltransactions.net/the-architect-of-debit-price-caps-attacks-visa-and-mastercard-for-planned-credit-card-hikes/
  • Moneris First Processor in Canada Certified to Process Interac Debit for Open Loop Transit Payments https://www.newswire.ca/news-releases/moneris-first-processor-in-canada-certified-to-process-interac-r-debit-for-open-loop-transit-payments-893772938.html

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• The story of the massive zero-day-exploitation of Microsoft Exchange Servers continues:

  • Warning the World of a Ticking Time Bomb https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/
  • A Basic Timeline of the Exchange Mass-Hack https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
  • Microsoft Exchange Server hacks ‘doubling’ every two hours https://www.zdnet.com/article/microsoft-exchange-server-hacks-doubling-every-two-hours
  • How China’s attack on Microsoft escalated into a “reckless” hacking spree https://www.technologyreview.com/2021/03/10/1020596/how-chinas-attack-on-microsoft-escalated-into-a-reckless-hacking-spree/
  • FireEye CEO: Reckless Microsoft Hack Unusual for China https://www.securityweek.com/fireeye-ceo-reckless-microsoft-hack-unusual-china
  • There’s a vexing mystery surrounding the 0-day attacks on Exchange servers https://arstechnica.com/gadgets/2021/03/security-unicorn-exchange-server-0-days-were-exploited-by-6-apts/
  • CISA Alert Update (AA20-206A) Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 https://us-cert.cisa.gov/ncas/alerts/aa20-206a
  • Hackers Are Targeting Microsoft Exchange Servers With Ransomware https://thehackernews.com/2021/03/icrosoft-exchange-ransomware.html
  • Å nei! Norway's Stortinget struck by Microsoft Exchange malware https://www.theregister.com/2021/03/11/stortinget_attack/
  • European Banking Authority restores email service in wake of Microsoft Exchange hack https://www.theregister.com/2021/03/09/eba_exchange_breach/
  • Protecting on-premises Exchange Servers against recent attacks https://www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/
  • Security Advisory: Mitigating the Risk of Microsoft Exchange Zero-Day ProxyLogon Vulnerabilities https://blog.qualys.com/product-tech/2021/03/10/security-advisory-mitigating-the-risk-of-microsoft-exchange-zero-day-proxylogon-vulnerabilities
  • US National Security Council urges review of Exchange Servers in wake of Hafnium attack https://www.theregister.com/2021/03/08/us_national_security_council_says/

• More on the serious crop of F5 vulnerabilities:

  • Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws https://www.theregister.com/2021/03/11/f5_critical_flaws/
  • CVE-2021-22986: F5 Patches Several Critical Vulnerabilities in BIG-IP, BIG-IQ https://www.tenable.com/blog/cve-2021-22986-f5-patches-several-critical-vulnerabilities-in-big-ip-big-iq
  • Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP! https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html
  • SolarWinds & Accellion breaches continue:
  • SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers https://thehackernews.com/2021/03/solarwinds-hack-new-evidence-suggests.html
  • The Accellion Breach Keeps Getting Worse—and More Expensive https://www.wired.com/story/accellion-breach-victims-extortion

• New Breaches:

  • CRA to lock out 800K taxpayers from online accounts Saturday https://globalnews.ca/news/7693382/cra-800k-locked-accounts/
  • Walmart: Notice of Data Security Incident https://www.databreaches.net/walmart-notice-of-data-security-incident/
  • Security Breach of Surveillance Start-Up Exposes Private Residences, Schools, Companies https://epic.org/2021/03/security-breach-of-surveillanc.html
  • Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more https://www.theverge.com/2021/3/9/22322122/verkada-hack-150000-security-cameras-tesla-factory-cloudflare-jails-hospitals
  • A hacker who exposed Verkada’s surveillance camera snafu has been raided https://www.theverge.com/2021/3/12/22328344/tillie-kottmann-hacker-raid-switzerland-verkada-cameras
  • Breach Exposes Data of 200K Health System Staff, Patients https://www.securityweek.com/breach-exposes-data-200k-health-system-staff-patients
  • PEI-Genesis, Inc. Provides Notice of Data Privacy Event https://www.databreaches.net/pei-genesis-inc-provides-notice-of-data-privacy-event/
  • GitHub bug briefly gave valid authenticated session cookies to wrong users https://www.theregister.com/2021/03/09/github_authentication_bug/
  • India pauses blockchain-powered SMS spam-scrubber after it swallows people's one-time login codes https://www.theregister.com/2021/03/10/india_sms_blocking_mess/
  • Utah COVID-19 testing service exposes 50,000 patients’ photo IDs, test results on the web https://www.comparitech.com/blog/information-security/utah-covid-test-center-leak/
  • Security firm notifies 36,762 after malware attack https://www.databreaches.net/security-firm-notifies-36762-after-malware-attack/
  • Personal information of over 50,000 Premier Diagnostics customers exposed on unsecured server https://www.databreaches.net/personal-information-of-over-50000-premier-diagnostics-customers-exposed-on-unsecured-server/
  • More Health Data Breaches Tied to Vendor Incidents https://www.databreachtoday.com/more-health-data-breaches-tied-to-vendor-incidents-a-16167
  • Data leak at Dutch foreign credential assessment service impacts 18,000 https://www.databreaches.net/data-leak-at-dutch-foreign-credential-assessment-service-impacts-18000/
  • AR: Total Life Healthcare data breached in ‘ransomware attack’ https://www.databreaches.net/ar-total-life-healthcare-data-breached-in-ransomware-attack/
  • Mobile Anesthesiologists notifies patients of ePHI leak https://www.databreaches.net/mobile-anesthesiologists-notifies-patients-of-ephi-leak/
  • Israeli car financing company hacked, dozens of personal documents leaked https://www.databreaches.net/israeli-car-financing-company-hacked-dozens-of-personal-documents-leaked/
  • AU: Victoria privacy breach of vulnerable youth data https://www.databreaches.net/au-victoria-privacy-breach-of-vulnerable-youth-data/
  • Fastway Couriers Notifies Irish Data Protection Commission of a Hack https://www.databreaches.net/fastway-couriers-notifies-irish-data-protection-commission-of-a-hack/

• New Ransomware and "Incidents":

  • Cyberattack Forces Brewery Shutdown at Molson Coors https://www.securityweek.com/cyberattack-forces-brewery-shutdown-molson-coors
  • Cyberattack: Houston-area school district investigates troubling messages sent during technology breach https://www.databreaches.net/cyberattack-houston-area-school-district-investigates-troubling-messages-sent-during-technology-breach/
  • Hackers attack City of Covington computer systems https://www.databreaches.net/hackers-attack-city-of-covington-computer-systems/
  • ZA: PPS hit by cyber attack https://www.databreaches.net/za-pps-hit-by-cyber-attack/
  • Ransomware Attack Strikes Spain’s Employment Agency https://threatpost.com/ransomware-attack-spain-employment-agency/164703/
  • University of the Highlands and Islands working to recover from cyberattack https://www.databreaches.net/university-of-the-highlands-and-islands-working-to-recover-from-cyberattack/

• Follow-ups and fall-out:

  • Federal government mistakenly sent 'sensitive' information to lawyer — and now wants it back in the box https://www.cbc.ca/news/politics/cbsa-ircc-national-security-redactions-1.5942306
  • Travel Oklahoma - 637,279 breached accounts https://haveibeenpwned.com/PwnedWebsites#TravelOK
  • Liker - 465,141 breached accounts https://haveibeenpwned.com/PwnedWebsites#Liker
  • Rekt Casino Revisited: Operational Series Part 1 https://www.sans.org/blog/rekt-casino-revisited-operational-series-part-1
  • CIPL Submits Response to the EDPB Guidelines on Examples Regarding Data Breach Notification https://www.databreaches.net/cipl-submits-response-to-the-edpb-guidelines-on-examples-regarding-data-breach-notification/
  • Told your organisation is leaking data? Here’s how not to respond https://www.databreaches.net/told-your-organisation-is-leaking-data-heres-how-not-to-respond/
  • Debt Collection Firm Reaches Breach Settlement With States https://www.databreachtoday.com/debt-collection-firm-reaches-breach-settlement-states-a-16175
  • Multi-state settlement in 2019 American Medical Collection Agency breach https://www.databreaches.net/multi-state-settlement-in-2019-american-medical-collection-agency-breach/
  • You Are Worth $1,010 on the Dark Web https://www.datex.ca/blog/you-are-worth-1010-on-the-dark-web

Privacy

Articles about privacy related news, risks, and trends.

• T-Mobile will sell your web usage data to advertisers unless you opt out https://arstechnica.com/tech-policy/2021/03/t-mobile-will-tell-advertisers-how-you-use-the-web-starting-next-month/
• Scholars Under Surveillance: How Campus Police Use High Tech to Spy on Students https://www.eff.org/deeplinks/2021/03/scholars-under-surveillance-how-campus-police-use-high-tech-spy-students

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Crypto-wars:

  • The FBI Should Stop Attacking Encryption and Tell Congress About All the Encrypted Phones It’s Already Hacking Into https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones

• Canada:

  • The Law Bytes Podcast, Episode 79: David Kaye on the Challenges of Reconciling Freedom of Expression and the Regulation of Online Harms https://www.michaelgeist.ca/2021/03/law-bytes-podcast-episode-79/
  • The Key Takeaway From Steven Guilbeault’s Facebook Use: Linking Should Not Require a Licence https://www.michaelgeist.ca/2021/03/the-key-takeaway-from-steven-guilbeaults-facebook-use-linking-should-not-require-a-licence/
  • Do As I Say, Not As I Do: Heritage Minister Steven Guilbeault’s Curious Use of Facebook https://www.michaelgeist.ca/2021/03/do-as-i-say-not-as-i-do-heritage-minister-steven-guilbeaults-curious-use-of-facebook/

• US:

  • EFF, ACLU and EPIC File Amicus Brief Challenging Warrantless Cell Phone Search, Retention, and Subsequent Search https://www.eff.org/deeplinks/2021/03/eff-files-amicus-brief-challenging-warrantless-cell-phone-search-retention-and
  • Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors https://www.securityweek.com/proposed-bill-would-allow-americans-sue-foreign-cyber-actors
  • EPIC to Supreme Court: Congress Allows People to Sue when their Privacy Rights are Violated https://epic.org/2021/03/epic-to-supreme-court-congress.html
  • Lawmakers Urge FTC to Enforce Health Breach Notification Rule https://www.databreachtoday.com/lawmakers-urge-ftc-to-enforce-health-breach-notification-rule-a-16143
  • Congress Proposes Bold Plan to End the Digital Divide https://www.eff.org/deeplinks/2021/03/house-proposes-bold-plan-end-digital-divide
  • How Facebook could escape the FTC’s antitrust lawsuit https://www.theverge.com/2021/3/11/22325164/facebook-ftc-antitrust-lawsuit

• World:

  • Australia, India, Japan, and USA create joint critical tech working group https://www.theregister.com/2021/03/14/quad_critical_tech_working_group/
  • Google slams Microsoft for trying ‘to break the way the open web works’ https://www.theverge.com/2021/3/12/22327306/google-microsoft-attack-open-web-online-news-australia-laws

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Home Assistant, Pwned Passwords and Security Misconceptions https://www.troyhunt.com/home-assistant-pwned-passwords-and-security-misconceptions/
• Domain dumpster diving https://blog.talosintelligence.com/2021/03/domain-dumpster-diving.html
• White House Weighs New Cybersecurity Approach After Failure to Detect Hacks https://www.nytimes.com/2021/03/14/us/politics/us-hacks-china-russia.html
• CISA Will Manage .Gov Domain in Effort to Enhance Security https://www.databreachtoday.com/cisa-will-manage-gov-domain-in-effort-to-enhance-security-a-16159
• Missing colleagues in cybersecurity? That’s no surprise – the world is missing 3.5 million https://www.theregister.com/2021/03/10/managing_your_cybersec_talent/
• 5 ways to spot if someone is trying to mislead you when it comes to science https://phys.org/news/2021-03-ways-science.html
• Chrome for Android can now preview a page before opening a link https://www.theverge.com/2021/3/11/22324883/chrome-android-link-preview-sneak-peek
• A Spectre proof-of-concept for a Spectre-proof web https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
• Continuing to Raise the Bar for Verifiable Security on Pixel https://security.googleblog.com/2021/03/continuing-to-raise-bar-for-verifiable.html
• The future of data privacy: confidential computing, quantum safe cryptography take center stage https://www.zdnet.com/article/the-future-of-tech-confidential-computing-quantum-safe-cryptography-take-center-stage
• DtSR Episode 438 - TPA Implementing Zero Trust Principles http://podcast.wh1t3rabbit.net/dtsr-episode-438-tpa-implementing-zero-trust-principles
• Fast Random Bit Generation https://www.schneier.com/blog/archives/2021/03/fast-random-bit-generation.html
• Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory http://internal-www.fireeye.com/blog/threat-research/2021/03/fuzzing-image-parsing-in-windows-uninitialized-memory.html
• Fuzzing Java in OSS-Fuzz https://security.googleblog.com/2021/03/fuzzing-java-in-oss-fuzz.html
• HowTo: Protect E-Commerce Sites from Client-Side Attacks https://sourcedefense.com/company/press/howto-protect-e-commerce-sites-from-client-side-attacks/
• Finalists announced in second annual Microsoft Security 20/20 awards https://www.microsoft.com/security/blog/2021/03/11/finalists-announced-in-second-annual-microsoft-security-20-20-awards/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• ZeroDays:

  • Critical 0-day that targeted security researchers gets a patch from Microsoft https://arstechnica.com/gadgets/2021/03/microsoft-patches-critical-0day-that-north-korea-used-to-target-researchers/
  • Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild https://thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html
  • Microsoft's March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed https://www.zdnet.com/article/microsoft-march-patch-tuesday-critical-remote-code-execution-flaws-fixed

• Other Vulnerabilities:

  • New Windows update crashes computers as soon as they print anything out - and here’s how to fix it https://www.independent.co.uk/life-style/gadgets-and-tech/windows-update-crash-computer-printer-fix-b1816391.html
  • GAO: CISA Has Many Unfinished Tasks https://www.databreachtoday.com/gao-cisa-has-many-unfinished-tasks-a-16177
  • On Not Fixing Old Vulnerabilities https://www.schneier.com/blog/archives/2021/03/on-not-fixing-old-vulnerabilities.html
  • Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices https://thehackernews.com/2021/03/apple-issues-patch-for-remote-hacking.html
  • Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/
  • Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln https://www.theregister.com/2021/03/12/github_disappears_exploit/
  • Metadata Left in Security Agency PDFs https://www.schneier.com/blog/archives/2021/03/metadata-left-in-security-agency-pdfs.html
  • Hacking Digitally Signed PDF Files https://www.schneier.com/blog/archives/2021/03/hacking-digitally-signed-pdf-files.html
  • Critical Security Hole Can Knock Smart Meters Offline https://threatpost.com/critical-security-smart-meter-offline/164753/
  • Serious Vulnerabilities Found in Schneider Electric Power Meters https://www.securityweek.com/serious-vulnerabilities-found-schneider-electric-power-meters
  • SAP Stomps Out Critical RCE Flaw in Manufacturing Software https://threatpost.com/sap-critical-rce-flaw-manufacturing/164666/
  • Microsoft is ending support for the old non-Chromium Edge https://www.theverge.com/2021/3/9/22321779/microsoft-edge-legacy-spartan-browser-support-ended

• Research:

  • New Browser Attack Allows Tracking Users Online With JavaScript Disabled https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
  • The Key-Dependent Message Security of Key-Alternating Feistel Ciphers, by Pooya Farshim and Louiza Khati and Yannick Seurin and Damien Vergnaud https://eprint.iacr.org/2021/330
  • Private AI: Machine Learning on Encrypted Data, by Kristin E. Lauter https://eprint.iacr.org/2021/324
  • Epoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting, by Xavier Boyen and Thomas Haines and Johannes Mueller https://eprint.iacr.org/2021/304

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events:

  • Malicious apps on Google Play dropped banking Trojans on user devices https://www.zdnet.com/article/malicious-apps-on-google-play-dropped-banking-trojans-on-user-devices/
  • TrickBot Takes Over, After Cops Kneecap Emotet https://threatpost.com/trickbot-takes-over-emotet/164710/
  • New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 http://internal-www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html
  • ZLoader Malware Hidden in Encrypted Excel File https://www.databreachtoday.com/zloader-malware-hidden-in-encrypted-excel-file-a-16146
  • Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection https://threatpost.com/fake-ad-blocker-cryptominer-ransomware/164669/
  • Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords https://threatpost.com/google-recaptcha-phishing-office-365/164566/
  • Researchers Spotted Malware Written in Nim Programming Language https://thehackernews.com/2021/03/researchers-spotted-malware-written-in.html
  • App Stores Have Kicked Out Some Location Data Brokers. Good, Now Kick Them All Out. https://www.eff.org/deeplinks/2021/03/apple-and-google-kicked-two-location-data-brokers-out-their-app-stores-good-now

• Nation State Actors:

  • Researchers Unveil New Linux Malware Linked to Chinese Hackers https://thehackernews.com/2021/03/researchers-unveil-new-linux-malware.html
  • Iranian Hackers Using Remote Utilities Software to Spy On Its Targets https://thehackernews.com/2021/03/iranian-hackers-using-remote-utilities.html

• Crime & Arrests, etc.:

  • Risky Biz Feature Podcast: Chasing crooks through the blockchain https://risky.biz/HF10
  • Canadian company’s encrypted devices helped drug traffickers, U.S. indictment says https://globalnews.ca/news/7694624/sky-global-us-drug-trafficking/
  • Police Target Criminal Users of Sky ECC Cryptophone Service https://www.databreachtoday.com/police-target-criminal-users-sky-ecc-cryptophone-service-a-16162
  • Belgian cops crack down on encrypted phone network Sky ECC in 200 overnight raids as firm denies criminal ties https://www.theregister.com/2021/03/10/sky_ecc_encrypted_phones_belgium_police_raids/
  • Nebraska Man Sentenced to 21 Months in Prison for Stealing and Selling Employer’s Confidential Information https://www.databreaches.net/nebraska-man-sentenced-to-21-months-in-prison-for-stealing-and-selling-employers-confidential-information/
  • Owner of Connecticut Mental Health Services Agency Pleads Guilty to Health Care Fraud Charge https://www.databreaches.net/owner-of-connecticut-mental-health-services-agency-pleads-guilty-to-health-care-fraud-charge/
  • Winnipeg man charged in alleged credit card fraud, money laundering scheme https://globalnews.ca/news/7692842/winnipeg-man-charged-in-alleged-credit-card-fraud-money-laundering-scheme/

Other Security / Risk

Articles covering other types of risks.

• EPIC Obtains More Internal Emails From AI Commission https://epic.org/2021/03/epic-obtains-more-internal-ema.html
• The Foilies 2021 - Recognizing the year's worst in government transparency. https://www.eff.org/deeplinks/2021/03/foilies-2021
• Demand for fee to use password app LastPass sparks backlash https://www.ft.com/content/c19dceda-c8c8-4cde-80ce-80372692237c
• How to Export Your Passwords From LastPass https://www.wired.com/story/lastpass-how-to-export-your-data-and-leave
• US newspaper's 'Biden will hack Russia' claim: A good way to reassure Putin you'll leave him alone https://www.theregister.com/2021/03/09/us_wont_hack_russia/
• Facebook’s next big AI project is training its machines on users’ public videos https://www.theverge.com/2021/3/12/22326975/facebook-training-ai-public-videos-digital-memories
• Netflix wants to stop you sharing your password https://www.zdnet.com/article/netflix-wants-to-stop-you-sharing-your-password
• Uber, Lyft to share data on drivers banned for sexual, physical assault https://www.zdnet.com/article/uber-lyft-to-share-data-on-drivers-banned-for-sexual-physical-assault
• 'Non-fungible tokens': the etymology behind this new digital swag https://www.theguardian.com/books/2021/mar/12/non-fungible-tokens-the-etymology-behind-this-new-digital-swag
• Non-fungible tokens are revolutionising the art world – and art theft https://www.theguardian.com/technology/2021/mar/12/non-fungible-tokens-revolutionising-art-world-theft
• (This linguistic battle was lost years ago but still keeps trying) So it appears some of you really don't want us to use the word 'hacker' when we really mean 'criminal' https://www.theregister.com/2021/03/09/debate_hacker_result/
• Canadian Tire Testing First-of-its-Kind-in-the-World Autonomous Trucking Technology https://www.retail-insider.com/retail-insider/2021/03/canadian-tire-testing-first-of-its-kind-in-the-world-autonomous-trucking-technology/
• McAfee to Sell Enterprise Unit for $4 Billion https://www.databreachtoday.com/mcafee-to-sell-enterprise-unit-for-4-billion-a-16144

• Disinformation:

  • The disinformation tactics used by China https://www.bbc.co.uk/news/56364952
  • FBI Warns Of Deepfake Content From Russia, China https://www.pymnts.com/news/security-and-risk/2021/fbi-warns-of-deepfake-content-from-russia-china/

• Health, Safety & Environment:

  • Outbreak of Mysterious Paralyzing Condition Squashed by COVID–19 Pandemic https://www.sciencealert.com/outbreak-of-mysterious-paralyzing-condition-squashed-by-covid-19-pandemic
  • Modern Alchemists Turn Airborne CO2 into Diamonds https://www.scientificamerican.com/article/modern-alchemists-turn-airborne-co2-into-diamonds/
  • Compressed air, flywheels and more: Energy storage solutions being tested in Canada https://www.cbc.ca/news/technology/what-on-earth-energy-storage-compressed-air-flywheel-1.5945923
  • Direct Air Capture of CO2 Is Suddenly a Carbon Offset Option https://www.scientificamerican.com/article/direct-air-capture-of-co2-is-suddenly-a-carbon-offset-option/
  • Bacterial film separates water from oil https://scienmag.com/bacterial-film-separates-water-from-oil/
  • Bill Gates's next-gen nuclear plant packs in grid-scale energy storage https://newatlas.com/energy/natrium-molten-salt-nuclear-reactor-storage/

• Ecomonic Risks:

  • UK exports to Europe fall 41% as Brexit hits trade https://www.cnn.com/2021/03/12/business/brexit-uk-europe-exports/index.html

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • Canada surpasses 900K cases of COVID-19 as variant spread raise concern over 3rd wave https://globalnews.ca/news/7694437/coronavirus-canada-update-march-12/
  • Public Health closes Amazon Brampton facility due high-risk exposure to COVID-19 https://toronto.citynews.ca/2021/03/12/amazon-brampton-exposure-covid-19/

• New Variants:

  • 1 COVID-19 variant of concern, 15 total cases associated with Queen’s University https://globalnews.ca/news/7693687/covid-19-variant-of-concern-cases-queens-university/
  • Rate of COVID-19 variant spread ‘very concerning’ as cases near 3,000 https://globalnews.ca/news/7693373/covid-19-variants-of-concern-canada-cases/

• Guidance, Response, and Recovery:

  • Major Amazon warehouse ordered closed in Brampton, Ont. due to COVID-19 outbreak inside https://toronto.ctvnews.ca/major-amazon-warehouse-ordered-closed-in-brampton-ont-due-to-covid-19-outbreak-inside-1.5345208
  • Ontario will need 'harsher' third lockdown due to B.1.1.7 coronavirus variant spread: top adviser https://www.cp24.com/mobile/news/ontario-will-need-even-harsher-third-lockdown-soon-due-to-covid-19-variants-top-epidemiologist-says-1.5343242

• Impact:

  • Canada saw over 13,000 ‘excess deaths’ during 1st year of COVID-19: StatCan https://globalnews.ca/news/7687727/excess-deaths-coronavirus-canada-covid-19/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • SARS-CoV-2 'ready-made' for human transmission, study suggests https://www.ctvnews.ca/health/coronavirus/sars-cov-2-ready-made-for-human-transmission-study-suggests-1.5346131
  • COVID-19: Those with weakened immune systems may reveal the secrets to the variant mystery https://globalnews.ca/news/7692307/covid-19-variants-origin/
  • Why the lovable llama might be a secret weapon against COVID-19 https://scienmag.com/why-the-lovable-llama-might-be-a-secret-weapon-against-covid-19/

• Immunity, Vaccines, and Vaccination:

  • Should vaccinated people across Canada get certain freedoms? Here’s what health experts say https://globalnews.ca/news/7687492/vaccination-freedoms-health-experts/
  • Can COVID-19 vaccines reduce transmission? Here’s what we know so far https://globalnews.ca/news/7686306/coronavirus-vaccines-transmission-covid-19/
  • Vaccination of Toronto's homeless well underway with about 1,000 getting a shot https://toronto.ctvnews.ca/vaccination-of-toronto-s-homeless-well-underway-with-about-1-000-getting-a-shot-1.5343715
  • Toronto residents 80+ can start booking COVID-19 vaccination appointments online today https://toronto.ctvnews.ca/toronto-residents-80-can-start-booking-covid-19-vaccination-appointments-online-today-1.5344501
  • How to navigate Ontario’s COVID-19 vaccine booking system https://globalnews.ca/news/7696112/navigating-ontario-covid-19-vaccine-booking-system/
  • ‘We need the vaccines’: Doug Ford says Ontario could administer 150K shots per day https://globalnews.ca/news/7695638/doug-ford-ontario-covid-19-vaccine-capacity/
  • Ontarians asked to stop region hopping to receive COVID-19 vaccine quicker https://toronto.ctvnews.ca/ontarians-asked-to-stop-region-hopping-to-receive-covid-19-vaccine-quicker-1.5345213
  • Canada expecting 1M Pfizer COVID-19 vaccine doses a week until early May https://globalnews.ca/news/7692884/covid-canada-pfizer-vaccine-spring/
  • Guidelines for vaccinated Canadians will only evolve ‘when safe,’ Tam says https://globalnews.ca/news/7685995/canada-covid-tam-cdc-vaccine-guidelines/
  • Some Ontarians will soon be able to book COVID-19 vaccine appointments at more than 300 pharmacies https://globalnews.ca/news/7686334/coronavirus-astrazeneca-vaccine-ontario-pharmacies/
  • Poor communications undermine trust in Ontario's vaccine plan, experts say https://toronto.ctvnews.ca/poor-communications-undermine-trust-in-ontario-s-vaccine-plan-experts-say-1.5340295
  • Covid-19: UK rejects 'false' vaccine export ban claim by EU https://www.bbc.co.uk/news/uk-politics-56339188
  • U.S. has now administered more than 107M COVID-19 vaccine doses, CDC says https://globalnews.ca/news/7695906/us-107-million-vaccinated-coronavirus/
  • Euphoria In Israel As Pfizer Vaccine Ends Lockdown https://www.pymnts.com/coronavirus/2021/euphoria-in-israel-as-pfizer-vaccine-ends-lockdown/
  • Faulty Software Snarls Vaccine Sign-Ups https://www.nytimes.com/2021/03/12/technology/faulty-software-snarls-vaccine-sign-ups.html
  • People Are Keeping Their Vaccines Secret https://www.theatlantic.com/health/archive/2021/03/covid-vaccine-secrecy/618253/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • CDC's 'Huge Mistake': Did Misguided Mask Advice Drive Up COVID Death Toll for Health Workers? https://www.scientificamerican.com/article/cdcs-huge-mistake-did-misguided-mask-advice-drive-up-covid-death-toll-for-health-workers/
  • An Uber passenger refused a mask and coughed on her driver. Then she ripped off his mask. https://www.washingtonpost.com/nation/2021/03/10/uber-driver-assault-mask-san-francisco/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Pi Day is here and Google’s calculator will test how well you know the mathematical constant https://www.theverge.com/2021/3/14/22330036/pi-day-google-calculator-math
• The Surprising Link Between an 1851 Chess Tournament and Today's March Madness Bracket https://www.mentalfloss.com/article/643661/march-madness-sports-tournament-bracket-history
• Scientists unlock mysteries of world's oldest 'computer' https://www.bbc.co.uk/news/science-environment-56377567
• That Mouse in Your House--It's Smarter, Thanks to You https://www.scientificamerican.com/podcast/episode/that-mouse-in-your-house-its-smarter-thanks-to-you/
• Who Would Kidnap a Space Telescope? https://www.theatlantic.com/science/archive/2021/03/nasa-james-webb-space-telescope-pirates/618268/
• There Should be About 7 Interstellar Objects Passing Through the Inner Solar System Every Year https://www.universetoday.com/150478/there-should-be-about-7-interstellar-objects-passing-through-the-inner-solar-system-every-year/
• Fantastic Analysis of SN-10 Landing and Explosion by Scott Manley https://www.universetoday.com/150477/fantastic-analysis-of-sn-10-landing-and-explosion-by-djsnm-1/
• This Exoplanetary System Breaks all the Rules https://www.universetoday.com/150431/this-exoplanetary-system-breaks-all-the-rules/
• The Universe is acting funny. Or we’re looking at it wrong. https://www.syfy.com/syfywire/the-universe-is-acting-funny-or-were-looking-at-it-wrong