This Week's [in]Security - Issue 208

Welcome to This Week’s [in]Security. PCI Updates: PTS FAQ, PIN 3.1, QSA Program. Big-Hacks: Exchange, SolarWinds, F5, Accellion. New breaches: New Ransomware: Follow-ups & Fall-out: Amazon sued. Privacy: Facial Recognition. Laws & Regs: Facebook sued, Section 230, Breach Disclosures, Location Tracking Guidelines, NIST. Defense: Isolate IoT, Tools, Browsers. Vulnerabilities: Android, iOS ZeroDay, Apple iOS. ColdFusion, NetMask code, Android, Wordpress. Arresting the messenger? Cybercrime: Trends. Account Takeovers. Other Risks: Disinformation, IoT Weapons, PII a Risk, Autopilot, Grid, Shipping, More NFTs, Win95, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. Immunity, Vaccines, and Vaccination. The Good, Bad, and Ugly (Behaviour). And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PTS POI Technical (mandatory) FAQ update https://www.pcisecuritystandards.org/documents/PTSPOITechnicalFAQsv6Mar2021.pdf

• PCI PIN 3.1 Updates:

  • Attestation https://www.pcisecuritystandards.org/documents/PCIPINv3.1AOC.pdf
  • Reporting Template https://www.pcisecuritystandards.org/documents/PCIPINv3.1ROCReportingTemplate.pdf
  • Summary of changes from 3.0 to 3.1 https://www.pcisecuritystandards.org/documents/PINSecurityRqrmtsModificationsv3.1-SummaryofChanges.pdf
  • Testing procedures https://www.pcisecuritystandards.org/documents/PCIPINSecurityRequirementsTestingv31.pdf

• QSA Program Updates

  • Continuing Professional Education changes to rely upon selected other accreditation bodies for CPEs https://www.pcisecuritystandards.org/documents/PCISSCCPEMaintenanceGuidev5.0.pdf
  • Program Guide https://www.pcisecuritystandards.org/documents/QSAProgramGuidev3.0.pdf
  • Qualification Requirements https://www.pcisecuritystandards.org/documents/QSAQualificationRequirementsv4.0.pdf

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major incidents:

  • Exchange Server attacks: Microsoft shares intelligence on post-compromise activities https://www.zdnet.com/article/exchange-server-attacks-microsoft-shares-intelligence-on-post-compromise-activities/
  • Microsoft is struggling to contact some vulnerable clients as it scrambles to protect against Exchange Server hacks, leaked audio shows (MSFT) https://www.businessinsider.com/microsoft-challenges-exchange-server-hacks-leaked-audio-2021-3
  • Microsoft: 92% of vulnerable Exchange servers are now patched, mitigated https://www.zdnet.com/article/microsoft-92-of-vulnerable-exchange-servers-are-now-patched-mitigated
  • No, I Did Not Hack Your MS Exchange Server https://krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/
  • Ransomware operators are piling on already hacked Exchange servers https://arstechnica.com/gadgets/2021/03/ransomware-operators-are-piling-on-already-hacked-exchange-servers/
• SolarWinds Attackers Manipulated OAuth App Certificates https://www.databreachtoday.com/solarwinds-attackers-manipulated-oauth-app-certificates-a-16253
• Swiss Firm Says It Accessed SolarWinds Attackers' Servers https://www.databreachtoday.com/swiss-firm-says-accessed-solarwinds-attackers-servers-a-16243

• Researchers Raise Alarm for F5 BIG-IP Malware Attacks https://www.securityweek.com/researchers-raise-alarm-f5-big-ip-malware-attacks

  • Attacks Spike Following The Disclosure Of CVE-2021-22986: F5 Networks BIG-IP iControl Remote Command Execution Vulnerability https://www.imperva.com/blog/attacks-spike-following-the-disclosure-of-cve-2021-22986-f5-networks-big-ip-icontrol-remote-command-execution-vulnerability/
• Shell Says Personal, Corporate Data Stolen in Accellion Security Incident https://www.securityweek.com/shell-says-personal-corporate-data-stolen-accellion-security-incident
• Transport NSW documents posted on dark web after Accellion hack https://www.databreaches.net/transport-nsw-documents-posted-on-dark-web-after-accellion-hack/

• Energy Giant Shell Is Latest Victim of Accellion Attacks https://threatpost.com/shell-victim-of-accellion-attacks/164973/

  • Accellion Supply Chain Hack https://www.schneier.com/blog/archives/2021/03/accellion-supply-chain-hack.html

• New Breaches:

  • British Clothing Retailer Fat Face Discloses Data Breach https://www.databreachtoday.com/british-clothing-retailer-fat-face-discloses-data-breach-a-16249
  • Phish Leads to Breach at Calif. State Controller https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/
  • Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts https://www.theregister.com/2021/03/23/council_tax_texts_exposure/
  • Threat actors leak files with protected health information from U. Miami https://www.databreaches.net/threat-actors-leak-files-with-protected-health-information-from-u-miami/
  • NZ: Canterbury District Health Board apologizes for software privacy breach https://www.databreaches.net/nz-canterbury-district-health-board-apologizes-for-software-privacy-breach/

• New Ransomware and "Incidents":

  • Anatomy of a Targeted Ransomware Attack https://blog.cloudflare.com/targeted-ransomware-attack/
  • 'Black Kingdom' Ransomware Hits Unpatched Exchange Servers https://www.databreachtoday.com/black-kingdom-ransomware-hits-unpatched-exchange-servers-a-16258
  • CZ: Railway administration was attacked by hackers, operations not endangered https://www.databreaches.net/cz-railway-administration-was-attacked-by-hackers-operations-not-endangered/
  • IoT Vendor Sierra Wireless Reports Ransomware Attack https://www.databreachtoday.com/iot-vendor-sierra-wireless-reports-ransomware-attack-a-16256
  • Fr: MND victim of a cyberattack https://www.databreaches.net/fr-mnd-victim-of-a-cyberattack/
  • IL: Alton confirms ‘data incident’ in early March https://www.databreaches.net/il-alton-confirms-data-incident-in-early-march/
  • Insurer CNA Disconnects Systems After 'Cybersecurity Attack' https://www.databreachtoday.com/insurer-cna-disconnects-systems-after-cybersecurity-attack-a-16265
  • NY: Personal Touch Holding Corp. hit by ransomware attack at MSP, more than 750,000 affected https://www.databreaches.net/ny-personal-touch-holding-corp-hit-by-ransomware-attack-at-msp-more-than-750000-affected/

• Follow-ups and fall-out:

  • Astoria (unverified) - 11,498,146 breached accounts https://haveibeenpwned.com/PwnedWebsites#Astoria
  • After Breach, Mental Healthcare Provider 'SalusCare' Sues Amazon over storage bucket used by attackers https://www.databreachtoday.com/after-breach-mental-healthcare-provider-sues-amazon-a-16278
  • How Old Breaches Fuel New Identity Crimes https://www.databreachtoday.com/how-old-breaches-fuel-new-identity-crimes-a-16280

Privacy

Articles about privacy related news, risks, and trends.

• What a Gambling App Knows About You https://www.nytimes.com/2021/03/24/technology/gambling-apps-tracking.html
• Security Analysis Clears TikTok of Censorship, Privacy Accusations https://threatpost.com/security-analysis-tiktok-censorship-privacy/164990/
• Facial recognition website finds pictures of anyone from across the internet https://www.independent.co.uk/life-style/gadgets-and-tech/pimeyes-facial-recognition-privacy-b1821658.html
• Facial recognition beats the Covid-mask challenge - https://www.bbc.co.uk/news/technology-56517033
• Please stop leaking your own personal data online, Indonesia's COVID-19 taskforce tells citizens https://www.theregister.com/2021/03/25/indonesiacovidqrcode/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • RCMP breached policy on collection of online information https://www.ctvnews.ca/canada/rcmp-breached-policy-on-collection-of-online-information-audit-1.5358295
• CISA Prepares to Use New Subpoena Power https://www.databreachtoday.com/cisa-prepares-to-use-new-subpoena-power-a-16252

• US:

  • Wiretapping Claims Against Facebook Move Forward as Supreme Court Denies Review https://epic.org/2021/03/supreme-court-refuses-to-revie.html
  • Facebook’s Pitch to Congress: Section 230 for Me, But not for Thee https://www.eff.org/deeplinks/2021/03/facebooks-pitch-congress-section-230-me-not-thee
  • What’s Behind the Fight Over Section 230 https://www.nytimes.com/2021/03/25/technology/section-230-explainer.html

• Utah Becomes the Second U.S. State to Establish Affirmative Defenses for Data Breach https://www.databreaches.net/utah-becomes-the-second-u-s-state-to-establish-affirmative-defenses-for-data-breach/

  • Massachusetts Supreme Court Rules Facebook Cannot Shield All Information on Apps that Violated User Privacy https://epic.org/2021/03/massachusetts-supreme-court-ru.html
  • The Obscure Case That Could Blow Up American Civil-Rights and Consumer-Protection Laws https://www.theatlantic.com/ideas/archive/2021/03/cedar-point-scotus/618405/
  • Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov't Customers https://www.darkreading.com/attacks-breaches/exec-order-could-force-software-vendors-to-disclose-breaches-to-federal-govt-customers/d/d-id/1340526?mc=rssxdrredtauddrxx-rss-simple
  • Free as in Climbing: Rock Climber’s Open Data Project Threatened by Bogus Copyright Claims https://www.eff.org/deeplinks/2021/03/free-climbing-rock-climbers-open-data-project-threatened-bogus-copyright-claims

• World:

  • Groups Call for Ethical Guidelines on Location-Tracking Tech https://www.wired.com/story/groups-call-ethical-guidelines-location-tracking-tech
  • LINE stops data flowing to China after Japanese officials ditch app over privacy concerns https://www.theregister.com/2021/03/24/line_blocks_china_server_access/

• Standards News:

  • Draft NIST Internal Report (NISTIR) 8360, Machine Learning for Access Control Policy Verificationis comment period is open through May 7. https://csrc.nist.gov/publications/detail/nistir/8360/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Gartner on Enterprise IoT: Segment and Isolate Everything https://www.databreachtoday.com/gartner-on-enterprise-iot-segment-isolate-everything-a-16257
• How one data scientist is pioneering techniques to detect security threats https://www.microsoft.com/security/blog/2021/03/24/how-one-data-scientist-is-pioneering-techniques-to-detect-security-threats/
• Microsoft Offers Up to $30,000 for Vulnerabilities in Teams Desktop Client https://www.securityweek.com/microsoft-offers-30000-vulnerabilities-teams-desktop-client
• Heartbleed Revisited and defense in depth https://blog.cloudflare.com/private-key-compromises/
• Announcing antivirus in Cloudflare Gateway https://blog.cloudflare.com/announcing-antivirus-in-cloudflare-gateway/
• Announcing Cloudflare’s Data Loss Prevention platform https://blog.cloudflare.com/data-loss-prevention/
• Keyless SSL now supports FIPS 140-2 L3 hardware security module (HSM) offerings from all major cloud providers https://blog.cloudflare.com/keyless-ssl-supports-fips-140-2-l3-hsm/
• Protecting Cloudflare Customers from BGP Insecurity with Route Leak Detection https://blog.cloudflare.com/route-leak-detection/
• A Year in the Life of a Compiler Fuzzing Campaign https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/
• TCPView v4.0 Released, (Sun, Mar 28th) https://isc.sans.edu/diary/rss/27252
• How to Keep Nearby Strangers from Sending You Files https://www.wired.com/story/stop-strangers-sending-files-airdrop-nearby-share
• Chrome 90 goes HTTPS by default while Firefox injects substitute scripts to foil tracking tech https://www.theregister.com/2021/03/24/chrome_firefox_privacy/
• Firefox 87 introduces SmartBlock for Private Browsing https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/
• Best free cyber-awareness courses for older adults https://www.comparitech.com/blog/information-security/cyber-awareness-courses-older-adults/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Recently Patched Android Vulnerability Exploited in Attacks https://www.securityweek.com/recently-patched-android-vulnerability-exploited-attacks
• WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack https://thehackernews.com/2021/03/warning-new-android-zero-day.html
• Apple fixes iOS zero-day vulnerability exploited in the wild https://www.bleepingcomputer.com/news/security/apple-fixes-ios-zero-day-vulnerability-exploited-in-the-wild/
• Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html
• Adobe Fixes Critical ColdFusion Flaw in Emergency Update https://threatpost.com/adobe-critical-coldfusion-flaw-update/164946/
• Critical netmask networking bug impacts thousands of applications https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
• Microsoft releases Windows 10 SSU to fix security update issue https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-ssu-to-fix-security-update-issue/
• Nearly Half of Popular Android Apps Built With High-Risk Components https://www.darkreading.com/application-security/nearly-half-of-popular-android-apps-built-with-high-risk-components/d/d-id/1340522?mc=rssxdrredtauddrxx-rss-simple
• Severe vulnerabilities patched in Facebook for WordPress Plugin https://www.zdnet.com/article/severe-vulnerabilities-patched-in-facebook-for-wordpress-plugin
• OpenSSL fixes severe DoS, certificate validation vulnerabilities https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/
• Engineer reports data leak to Apperta, hears from the police https://www.bleepingcomputer.com/news/security/engineer-reports-data-leak-to-apperta-hears-from-the-police/
• Determining Key Shape from Sound https://www.schneier.com/blog/archives/2021/03/determining-key-shape-from-sound.html
• Improved Quantum Algorithms for the k-XOR Problem, by André Schrottenloher https://eprint.iacr.org/2021/407

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Facebook shuts down hackers who infected iOS and Android devices https://arstechnica.com/information-technology/2021/03/facebook-shuts-down-hackers-who-infected-ios-and-android-devices/
• Phishers targeting employers getting back to the office https://www.helpnetsecurity.com/2021/03/22/phishers-employees/
• Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html
• Scammers tried slurping folks' login details through 70,000 coronavirus-themed phishing URLs during 2020 https://www.theregister.com/2021/03/24/covid_phishing_2020_palo_alto_networks_research/
• Trends, Alerts, and Events (other than major Exchange, SolarWinds, F5, and Accellion):
• Watch Out! That Android System Update May Contain A Powerful Spyware https://thehackernews.com/2021/03/watch-out-that-android-system-update.html
• Websites Hosting Cracks Spread Malware, Adware https://www.trendmicro.com/en_us/research/21/c/websites-hosting-cracks-spread-malware-adware.html
• DtSR Episode 440 - TPA Fighting Back Against ATO http://podcast.wh1t3rabbit.net/dtsr-episode-440-tpa-fighting-back-against-ato
• Details of a Computer Banking Scam https://www.schneier.com/blog/archives/2021/03/details-of-a-computer-banking-scam.html
• US Sentences Russian, North Macedonian in Cyber Fraud Case https://www.securityweek.com/us-sentences-russian-north-macedonian-cyber-fraud-case
• Vengeful IT Contractor Sentenced to Two Years for Deleting Carlsbad Company’s Microsoft User Accounts https://www.databreaches.net/vengeful-it-contractor-sentenced-to-two-years-for-deleting-carlsbad-companys-microsoft-user-accounts/

Other Security / Risk

Articles covering other types of risks.

• Zuckerberg, Dorsey and Pichai testify about disinformation. https://www.nytimes.com/2021/03/25/technology/zuckerberg-dorsey-and-pichai-testify-about-disinformation.html
• Hacking Weapons Systems https://www.schneier.com/blog/archives/2021/03/hacking-weapons-systems.html
• How Personally Identifiable Information Can Put Your Company at Risk https://www.darkreading.com/endpoint/how-personally-identifiable-information-can-put-your-company-at-risk/a/d-id/1340449?mc=rssxdrredtauddrxx-rss-simple
• Tesla’s Autopilot Technology Faces Fresh Scrutiny https://www.nytimes.com/2021/03/23/business/teslas-autopilot-safety-investigations.html
• Dead Power Grid Revived with Solar and Wind, Not Diesel https://www.scientificamerican.com/article/dead-power-grid-revived-with-solar-and-wind-not-diesel/
• RedTorch Formed from Ashes of Norse Corp. https://krebsonsecurity.com/2021/03/redtorch-formed-from-ashes-of-norse-corp/
• Facebook Treats Punk Rockers Like Crazy Conspiracy Theorists, Kicks Them Offline https://www.eff.org/deeplinks/2021/03/facebook-treats-punk-rockers-crazy-conspiracy-theorists-kicks-them-offline
• Film on the face behind 'hacktivist' group Anonymous among Hot Docs world premieres https://toronto.ctvnews.ca/film-on-the-face-behind-hacktivist-group-anonymous-among-hot-docs-world-premieres-1.5359902
• Large container ship blocks Suez Canal: reports https://globalnews.ca/news/7715327/suez-canal-blocked-container-ship/
• Record numbers of Containers falling off ships https://www.wired.com/story/where-shoes-ordered-check-ocean-floor/
• Why Ships Keep Crashing https://www.theatlantic.com/ideas/archive/2021/03/ever-given-and-suez-why-ships-keep-crashing/618436/
• Tired of video conferencing? Research suggests you’re right to question its effectiveness https://scienmag.com/tired-of-video-conferencing-research-suggests-youre-right-to-question-its-effectiveness/
• Why ambiverts are better leaders - http://www.bbc.com/worklife/article/20210319-why-ambiverts-are-better-leaders
• Toronto: dump truck driver charged after pushing mini cooper onto Gardiner Expressway https://globalnews.ca/video/7715918/dump-truck-driver-charged-after-pushing-mini-cooper-onto-gardiner-expressway

• More Non-Fungible Tokens:

  • NFT Artwork by Sophia the Robot Sells for Nearly $700,000 https://www.nytimes.com/2021/03/25/arts/sophia-robot-nft.html
  • Crypto token (NFT) of New York Times column sells for $560,000. https://www.nytimes.com/2021/03/25/business/nyt-column-nft.html
  • Digital Art - Virtual House sells for CDN$600K as a NFT (Non-Fungible Token) https://www.blogto.com/tech/2021/03/toronto-digital-house-nft-600k/
  • Your million-dollar NFT can break tomorrow if you’re not careful https://www.theverge.com/2021/3/25/22349242/nft-metadata-explained-art-crypto-urls-links-ipfs
• Windows 95 Easter egg discovered after being hidden for 25 years https://www.bleepingcomputer.com/news/microsoft/windows-95-easter-egg-discovered-after-being-hidden-for-25-years/

• Health, Safety & Environment:

  • A Banned Experimental Stimulant From 1940s Was Just Found in Weight Loss Supplements https://www.sciencealert.com/wwii-era-stimulant-drug-discovered-in-weight-loss-supplements
  • Body, car cameras of Calgary police create accountability, reduce force: reports https://globalnews.ca/news/7714934/calgary-police-cameras-review/
  • One of the World's Spiciest Hot Sauces Is Two Times Hotter Than Pepper Spray https://www.mentalfloss.com/article/644194/one-hottest-hot-sauces-world-comes-disclaimer
  • Why America’s Great Crime Decline Is Over https://www.theatlantic.com/ideas/archive/2021/03/is-americas-great-crime-decline-over/618381/
  • Canada’s carbon price is increasing on April 1 https://globalnews.ca/news/7719247/canada-carbon-price-increase-april-1/
  • Canada’s carbon tax is constitutional, Supreme Court rules https://globalnews.ca/news/7718355/canada-carbon-tax-supreme-court-of-canada-constitutional/
  • Turning wood into plastic https://scienmag.com/turning-wood-into-plastic/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Coronavirus: 'Double mutant' Covid variant found in India https://www.bbc.co.uk/news/world-asia-india-56507988

• Guidance, Response, and Recovery:

  • B.C. to more than double COVID-19 fines for attending social gatherings https://globalnews.ca/news/7719100/b-c-to-more-than-double-covid-19-fines-for-attending-social-gatherings/
  • Epidemiologist says stricter measures needed to reduce Ontario’s COVID-19 variant spread https://globalnews.ca/news/7719263/ontario-stricter-measures-reduce-covid-variant-spread-epidemiologist/
  • Covid: Barcelona hosts large gig after testing crowd https://www.bbc.co.uk/news/world-europe-56556451
  • Signs of collapse across Brazil as Covid spirals out of control. Bolsonaro seems to have little response https://www.cnn.com/2021/03/27/americas/brazil-covid-19-collapse-intl/index.html

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Flu Shots Are Linked to a Drop in COVID-19 Infections, And Scientists Aren't Sure Why https://www.sciencealert.com/flu-shots-linked-to-drop-in-covid-19-infections-and-scientists-aren-t-sure-why
  • Can vitamin D lower the risk of COVID-19? Here’s what we know so far https://globalnews.ca/news/7719367/covid-19-vitamin-d-link/
  • Could an Air Sampler Help Detect Airbone Coronavirus Particles? https://www.nytimes.com/2021/03/24/health/coronavirus-testing-airborne-aerosol-indoor.html
  • Dentists seeing ‘mask mouth’ and stress-related issues during COVID-19 pandemic https://globalnews.ca/news/7719939/dentists-mask-mouth-teeth-dental-stress-jaw-covid-19/
  • Long-Haulers Are Pushing the Limits of COVID-19 Vaccines https://www.theatlantic.com/health/archive/2021/03/vaccines-long-covid/618406/

• Immunity, Vaccines, and Vaccination:

  • A look at how Canada approved 5 COVID-19 vaccines in under a year https://globalnews.ca/news/7724399/health-canada-covid-19-vaccines/
  • Out of 800,000 fully vaccinated people in Minnesota, only 89 tested positive for COVID-19 https://www.businessinsider.com/800000-vaccinated-people-in-minnesota-only-89-got-covid-19-2021-3
  • EU proposes vaccine controls as 'raid' in Italy uncovers millions of AstraZeneca doses https://www.cnn.com/2021/03/24/europe/eu-vaccine-export-controls-intl/index.html
  • One mistake after the other.' How AstraZeneca went from pandemic hero to villain https://www.cnn.com/2021/03/25/business/astrazeneca-covid-vaccine/index.html

• More of the good, the bad, and the ugly:

  • The Dark Web Is Teeming With Vaccine Listings Right Now https://www.wired.com/story/dark-web-teeming-with-vaccine-listings

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • 30 travellers entering Canada caught with suspected fake COVID-19 test results: CBSA https://globalnews.ca/news/7724514/canada-cbsa-travellers-fake-tests/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Beaver wanders inside Toronto subway station, prompting entrance to close https://toronto.ctvnews.ca/beaver-wanders-inside-toronto-subway-station-prompting-entrance-to-close-1.5361676
• P.E.I. man captures on-ice battle between Canada goose and bald eagle https://www.cbc.ca/news/canada/prince-edward-island/pei-bald-eagle-canadian-goose-battle-photographer-1.5958964
• Apophis asteroid will not hit Earth for 100 years, Nasa says https://www.bbc.co.uk/news/science-environment-56547727
• The SE200 - A New Green 264 Seat Triple Wind Widebody Jet https://simpleflying.com/next-generation-widebody-low-emissions/amp/
• It looks like a saxophone but plays 512 notes - Infinitone https://expmag.com/2021/03/it-looks-like-a-saxophone-but-plays-512-notes-many-youve-never-heard-before/
• Was Earth once a water world? https://www.syfy.com/syfywire/was-earth-once-a-water-world
• Event Horizon Telescope sees the magnetic engine behind a supermassive black hole's immense power https://www.syfy.com/syfywire/event-horizon-telescope-sees-the-magnetic-engine-behind-a-supermassive-black-holes-immense
• Gravitational Lenses Could Allow a Galaxy-Wide Internet https://www.universetoday.com/150671/gravitational-lenses-could-allow-a-galaxy-wide-internet/