This Week's [in]Security - Issue 211

Welcome to This Week’s [in]Security. PCI 3DS Updates. New breaches: ParkMobile, Codecov, Upstox, ClubHouse. New Ransomware: Follow-ups & Fall-out: Facebook. Breach spin and Greed. Privacy. Laws & Regs: Class Actions, Breach Notification, LEA requests. BYOD. IOT. Defense: Anti-Caller ID Spoofing, Rockets, Code, Coders, Free Course, Cyber Careers, Power Grid, FLoC off, OSCAL. Vulnerabilities: Browser ZeroDays, Faster Bug Disclosure, DNS, NAME:WRECKIoT, Un-awareness, Dependencies, Pwn2Own, Kubernetes, Juniper, Zoom, Crypto. Cybercrime: FBI Patching. Trends. Nation States. Crime. Other Risks. Child Abuse Images. Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants. The Good, Bad, and Ugly (Behaviour). And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI SSC At-a-Glance https://www.pcisecuritystandards.org/documents/P2PE_At_a_Glance_v3.pdf
• 3DS Core v1.x Technical FAQs https://www.pcisecuritystandards.org/documents/PCI_SSC_3DS_Core_v1.x_Technical_FAQs_Apr2021.pdf
• 3DS SDK v1.x Technical FAQs https://www.pcisecuritystandards.org/documents/PCI_SSC_3DS_SDK_v1.x_Technical_FAQs_Apr2021.pdf

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Attack on Codecov Affects Customers https://www.databreachtoday.com/attack-on-codecov-affects-customers-a-16420
  • ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users https://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/
  • Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack https://www.securityweek.com/codecov-bash-uploader-dev-tool-compromised-supply-chain-hack
  • Federal investigators looking into breach at software code testing company Codecov https://www.theverge.com/2021/4/18/22390379/federal-investigators-breach-software-codecov-solarwinds
  • Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data https://thehackernews.com/2021/04/indian-brokerage-firm-upstox-suffers.html
  • 1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free https://threatpost.com/clubhouse-users-data-hacker-forum/165354/
  • “Without Undue Delay,” Saturday edition: D.C.’s Planned Parenthood reports data was breached last fall https://www.databreaches.net/without-undue-delay-saturday-edition-d-c-s-planned-parenthood-reports-data-was-breached-last-fall/
  • Gay dating site Manhunt hacked, thousands of accounts stolen https://www.databreaches.net/gay-dating-site-manhunt-hacked-thousands-of-accounts-stolen/
  • Ca: Privacy Breach at Algoma Public Health https://www.databreaches.net/ca-privacy-breach-at-algoma-public-health/
  • Ca: Privacy breach at RDRHC Diagnostic Imaging department https://www.databreaches.net/ca-privacy-breach-at-rdrhc-diagnostic-imaging-department/

• New Ransomware and "Incidents":

  • BR: The National Library website falls victim to a ransomware attack and goes offline https://www.databreaches.net/br-the-national-library-website-falls-victim-to-a-ransomware-attack-and-goes-offline/
  • Ransomware Attack Creates Cheese Shortages in Netherlands https://threatpost.com/ransomware-cheese-shortages-netherlands/165407/

• Follow-ups and fall-out:

  • The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/
  • In: In a game of Data Breach Hot Potato, companies deny being source of data for sale online https://www.databreaches.net/in-in-a-game-of-data-breach-hot-potato-companies-deny-being-source-of-data-for-sale-online/
  • Presidio Employee Files Class Action Over Data Breach https://www.databreaches.net/presidio-employee-files-class-action-over-data-breach/

• Important differences between breaches and other leaks (Spin and Greed):

  • Data Breaches, Class Actions and Ambulance Chasing https://www.troyhunt.com/data-breaches-class-actions-and-ambulance-chasing/
  • ‘This was not a breach’: How Big Tech gaslights the world on data leaks https://www.politico.eu/article/how-to-leak-data-and-get-away-with-it/

Privacy

Articles about privacy related news, risks, and trends.

• Proctoring Tools and Dragnet Investigations Rob Students of Due Process https://www.eff.org/deeplinks/2021/04/proctoring-tools-and-dragnet-investigations-rob-students-due-process
• School custodian refuses to download phone app that monitors location, says it got her fired https://www.cbc.ca/news/gopublic/tattleware-privacy-employment-1.5978337

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Ca: Data Breach Class Actions: Canadian Courts Taking a Harder Look https://www.databreaches.net/ca-data-breach-class-actions-canadian-courts-taking-a-harder-look/
  • Workers in Ontario can be fired if they refuse return to office, employment lawyer says https://toronto.ctvnews.ca/workers-in-ontario-can-be-fired-if-they-refuse-return-to-office-employment-lawyer-says-1.5389376
  • The Law Bytes Podcast, Episode 83: Inside in the Industry Committee Hearing on the Proposed Rogers-Shaw Merger https://www.michaelgeist.ca/2021/04/law-bytes-podcast-episode-83/
  • Why the Liberals Have Become the Most Anti-Internet Government in Canadian History https://www.michaelgeist.ca/2021/04/why-the-liberals-have-become-the-most-anti-internet-government-in-canadian-history/

• US:

  • Senators Push for Changes in Wake of SolarWinds Attack https://www.databreachtoday.com/senators-push-for-changes-in-wake-solarwinds-attack-a-16409
  • Bank Groups Object to Proposed Breach Notification Regulation https://www.databreachtoday.com/bank-groups-object-to-proposed-breach-notification-regulation-a-16412
  • New York State just passed a law requiring ISPs to offer $15 broadband https://www.theverge.com/2021/4/16/22388184/new-york-affordable-internet-cost-low-income-price-cap-bill
  • Microsoft received almost 25,000 requests for consumer data from law enforcement over the past six months https://www.theregister.com/2021/04/16/microsoft_digital_transparency/
  • From pencil sharpeners to a $539m lawsuit: how big tech weaponised design patents https://www.theguardian.com/artanddesign/2021/apr/13/pencil-sharpeners-539m-lawsuit-big-tech-weaponised-patents
  • A federal ‘revenge porn’ ban could transform online harassment laws https://www.theverge.com/2021/4/15/22340260/vawa-shield-act-revenge-porn-first-amendment-questions

• World:

  • Watchdog thinks Google tricked Australians into giving up data, sues. Judge semi-agrees https://www.theregister.com/2021/04/16/australia_competition_commission_vs_google/
  • Ireland’s Privacy Watchdog Launches GDPR Probe of Facebook https://www.databreachtoday.com/blogs/irelands-privacy-watchdog-launches-gdpr-probe-facebook-p-3018
  • Draft EU AI Regulation Would Ban Social Scoring, Limit ‘High-Risk’ Uses https://epic.org/2021/04/draft-eu-ai-regulation-would-b.html
  • Turkey says it will ban the use of cryptocurrencies as a form of payment https://markets.businessinsider.com/currencies/news/turkey-ban-cryptocurrencies-payment-bitcoin-lira-ether-crypto-digital-asset-2021-4-1030311899

• Standards News:

  • NIST Draft Special Publication (SP) 1800-22 practice guide, Mobile Device Security: Bring Your Own Device (BYOD) available for comment until May 3 https://csrc.nist.gov/publications/detail/sp/1800-22/draft
  • NIST Draft Project Trusted IoT Device Network-Layer Onboarding and Lifecycle Management available for comment until April 19 https://csrc.nist.gov/publications/detail/white-paper/2021/03/16/trusted-iot-device-network-layer-onboarding-and-lcm/draft
  • NIST has updated their Risk Management Framework website https://csrc.nist.gov/Projects/risk-management
  • The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project “Automation of the Cryptographic Module Validation Program (CMVP)”. It is open for comments until May 12. https://csrc.nist.gov/publications/detail/white-paper/2021/04/12/automation-of-the-cryptographic-module-validation-program-cmvp/draft
  • NIST (NICE) Draft Interagency or Internal Report (NISTIR) 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work is open through May 3 https://csrc.nist.gov/publications/detail/nistir/8355/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• CRTC directs service providers to implement STIR/SHAKEN (Anti-Caller ID spoofing measures), file readiness reports https://mobilesyrup.com/2021/04/08/crtc-service-providers-stir-shaken-implementation/
• Inaugural Space Cybersecurity Symposium: Access for Start-ups Department of Commerce | Department of Homeland Security Wednesday, May 5, 2021 10:00 am – 4:00 pm EDT https://www.nist.gov/news-events/events/2021/05/inaugural-space-cybersecurity-symposium-access-start-up
• Top 20 most popular programming language list (not best or most used) https://www.tiobe.com/tiobe-index/
• Wanted: Software Developers with a Security Mindset https://blog.isc2.org/isc2_blog/2021/04/wanted-software-developers-with-a-security-mindset.html
• Ryerson launches free cybersecurity e-course for SMBs https://www.itworldcanada.com/article/ryerson-launches-free-cybersecurity-e-course-for-smbs/445140
• The VIRTUAL NICE K12 Cybersecurity Education Conference “Broadening the Path to Cybersecurity Careers Through K12 Education” CALL FOR PROPOSALS for opens today, April 13 through June 18, 2021. https://content.govdelivery.com/accounts/USNIST/bulletins/2cbb122
• What are the different roles within cybersecurity? https://thehackernews.com/2021/04/what-are-different-roles-within.html
• Biden Races to Shore Up Power Grid Against Hacks https://threatpost.com/biden-power-grid-hacks/165428/
• HTTPS Everywhere Now Uses DuckDuckGo’s Smarter Encryption https://www.eff.org/deeplinks/2021/04/https-everywhere-now-uses-duckduckgos-smarter-encryption
• Vivaldi, Brave, DuckDuckGo reject Google's FLoC ad tracking tech https://www.bleepingcomputer.com/news/security/vivaldi-brave-duckduckgo-reject-googles-floc-ad-tracking-tech/
• WordPress to automatically disable Google FLoC on websites https://www.bleepingcomputer.com/news/security/wordpress-to-automatically-disable-google-floc-on-websites/
• Why and How You Should be Using an Internal Certificate Authority, (Thu, Apr 15th) https://isc.sans.edu/diary/rss/27314
• Security Assessment Automation Open Security Controls Assessment Language (OSCAL) 1.0.0 Release Candidate 2 (RC2) is open for feedback until May 7, 2021 https://github.com/usnistgov/OSCAL/releases/tag/v1.0.0-rc2 (main page at https://pages.nist.gov/OSCAL/))
• Windows 10 is getting a 'Windows Tools' control panel for power users https://www.bleepingcomputer.com/news/microsoft/windows-10-is-getting-a-windows-tools-control-panel-for-power-users/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Chrome Zero-Day Exploit Posted on Twitter https://threatpost.com/chrome-zero-day-exploit-twitter/165363/
• Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter https://www.bleepingcomputer.com/news/security/google-chrome-microsoft-edge-zero-day-vulnerability-shared-on-twitter/
• Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period https://threatpost.com/google-project-zero-cuts-bug-disclosure-timeline-to-a-30-day-grace-period/165432/
• April 2021 Patch Tuesday – 108 Vulnerabilities, 19 Critical, Adobe https://blog.qualys.com/vulnerabilities-research/2021/04/14/april-2021-patch-tuesday-108-vulnerabilities-19-critical-adobe
• Domain Name Security Neglected by U.S. Energy Companies: Report https://www.securityweek.com/domain-name-security-neglected-us-energy-companies-report
• Major BGP leak disrupts thousands of networks globally https://www.bleepingcomputer.com/news/security/major-bgp-leak-disrupts-thousands-of-networks-globally/
• Microsoft fixes Windows 10 bug that can corrupt NTFS drives https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-10-bug-that-can-corrupt-ntfs-drives/
• Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes https://threatpost.com/microsoft-april-patch-tuesday-zero-days/165393/
• Microsoft Patches 4 Additional Exchange Flaws https://www.databreachtoday.com/microsoft-patches-4-additional-exchange-flaws-a-16396
• NSA Discloses Vulnerabilities in Microsoft Exchange https://www.schneier.com/blog/archives/2021/04/nsa-discloses-vulnerabilities-in-microsoft-exchange.html
• NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers https://thehackernews.com/2021/04/nsa-discovers-new-vulnerabilities.html
• NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches https://www.theregister.com/2021/04/13/patch_tuesday_april/
• 100 million more IoT devices are exposed (Name:Wreck) and they won’t be the last https://www.wired.com/story/namewreck-iot-vulnerabilities-tcpip-millions-devices/
• NAME:WRECK DNS vulnerabilities affect over 100 million devices https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/
• NAME:WRECK: Nine DNS Vulnerabilities Found in Four Open Source TCP/IP Stacks https://www.tenable.com/blog/namewreck-nine-dns-vulnerabilities-found-in-four-open-source-tcpip-stacks
• New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices https://thehackernews.com/2021/04/new-namewreck-vulnerabilities-impact.html
• Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems https://thehackernews.com/2021/04/severe-bugs-reported-in-ethernetip.html
• 61 percent of employees fail basic cybersecurity quiz https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/
• Azure DevOps Server 2020 Defaults to HTTP and facilitates supply chain attacks https://www.trendmicro.com/en_us/research/21/d/https-over-http-a-supply-chain-attack-on-azure-devops-server-202.html
• Dependency Problems Increase for Open Source Components https://www.darkreading.com/application-security/dependency-problems-increase-for-open-source-components/d/d-id/1340665
• Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021 https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
• 1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them https://thehackernews.com/2021/04/1-click-hack-found-in-popular-desktop.html
• Security Bug Allows Attackers to Brick Kubernetes Clusters https://threatpost.com/security-bug-brick-kubernetes-clusters/165413/
• Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices https://www.securityweek.com/critical-vulnerability-can-allow-attackers-hijack-or-disrupt-juniper-devices
• Security Analysis of End-to-End Encryption for Zoom Meetings, by Takanori Isobe and Ryoma Ito https://eprint.iacr.org/2021/486
• Cryptanalysis of `MAKE', by Daniel Brown and Neal Koblitz and Jason LeGrow https://eprint.iacr.org/2021/465
• Improving Recent Side-Channel Attacks Against the DES Key Schedule, by Andreas Wiemers and Johannes Mittmann https://eprint.iacr.org/2021/463

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• FBI patching the Internet:

  • FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins https://www.theregister.com/2021/04/14/fbi_exchange_server_malware_deletion/
  • FBI nuked web shells from hacked Exchange Servers without telling owners https://www.bleepingcomputer.com/news/security/fbi-nuked-web-shells-from-hacked-exchange-servers-without-telling-owners/
  • Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities https://www.databreaches.net/justice-department-announces-court-authorized-effort-to-disrupt-exploitation-of-microsoft-exchange-server-vulnerabilities/
  • The FBI Is Now Securing Networks Without Their Owners’ Permission https://www.schneier.com/blog/archives/2021/04/the-fbi-is-now-securing-networks-without-their-owners-permission.html

• Trends, Alerts, and Events (other than major breaches):

  • 100,000 Google Sites Used to Install SolarMarker RAT https://threatpost.com/google-sites-solarmarket-rat/165396/
  • Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs https://www.theregister.com/2021/04/14/google_sites_malware/
  • YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs https://thehackernews.com/2021/04/yikes-cybercriminals-flood-intrenet.html
  • 7 new social engineering tactics threat actors are using now https://www.csoonline.com/article/3613937/7-new-social-engineering-tactics-threat-actors-are-using-now.html
  • Backdoored developer tool that stole credentials escaped notice for 3 months https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/
  • Bad Bot Report 2021: The Pandemic of the Internet https://www.imperva.com/blog/bad-bot-report-2021-the-pandemic-of-the-internet/
  • Capcom Says Older VPN Device at Heart of Ransomware Attack https://www.securityweek.com/capcom-says-older-vpn-device-heart-ransomware-attack
  • Most imitated brands in phishing emails in first quarter of 2021: report https://www.databreaches.net/most-imitated-brands-in-phishing-emails-in-first-quarter-of-2021-report/
  • New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

• Nation State Actors:

  • Nation-State Attacks Force a New Paradigm: Patching as Incident Response https://www.darkreading.com/risk/nation-state-attacks-force-a-new-paradigm-patching-as-incident-response/a/d-id/1340609
  • NSA: 5 Security Bugs Under Active Nation-State Cyberattack https://threatpost.com/nsa-security-bugs-active-nation-state-cyberattack/165446/
  • The $1 billion Russian cyber company that the US says hacks for Moscow https://www.technologyreview.com/2021/04/15/1022895/us-sanctions-russia-positive-hacking/
  • US government strikes back at Kremlin for SolarWinds hack campaign https://arstechnica.com/tech-policy/2021/04/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign/
  • US Pulls Back Curtain on Russian Cyber Operations https://www.databreachtoday.com/us-pulls-back-curtain-on-russian-cyber-operations-a-16419
  • US Sanctions on Russia Rewrite Cyberespionage's Rules https://www.wired.com/story/us-russia-sanctions-solarwinds-svr

• Crime & Arrests, etc.:

  • SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence https://thehackernews.com/2021/04/sysadmin-of-billion-dollar-hacking.html
  • Someone just moved a bitcoin fortune – 5 years after it was stolen https://www.independent.co.uk/life-style/gadgets-and-tech/bitcoin-hack-bitfinex-hack-mystery-b1831952.html
  • Software developer charged with damaging the computer system of a Cleveland company https://www.databreaches.net/software-developer-charged-with-damaging-the-computer-system-of-a-cleveland-company/
  • Teenager charged after four swatting incidents in Vaughan, Ont. https://toronto.ctvnews.ca/teenager-charged-after-four-swatting-incidents-in-vaughan-ont-1.5389049
  • Postman pinched for parcel pilfering, say police https://globalnews.ca/news/7763852/postman-pinched-for-parcel-pilfering-say-police/

Other Security / Risk

Articles covering other types of risks.

• Automatic gender recognition tech is dangerous, say campaigners: it’s time to ban it https://www.theverge.com/2021/4/14/22381370/automatic-gender-recognition-sexual-orientation-facial-ai-analysis-ban-campaign
• Chip shortage that has caused problems across tech industry could last in 2023, CEOs say https://www.independent.co.uk/life-style/gadgets-and-tech/chip-shortage-2023-intel-ceo-b1832618.html
• DNI’s Annual Threat Assessment https://www.schneier.com/blog/archives/2021/04/dnis-annual-threat-assessment.html
• Dutch supermarkets run out of cheese after ransomware attack https://www.bleepingcomputer.com/news/security/dutch-supermarkets-run-out-of-cheese-after-ransomware-attack/
• Epic’s tool that lets you make realistic digital humans is now in early access https://www.theverge.com/2021/4/14/22382757/epic-games-unreal-engine-metahuman-creator-early-access
• Google Docs went down https://www.zdnet.com/article/google-docs-down/
• Here’s how the FBI managed to get into the San Bernardino shooter’s iPhone https://www.theverge.com/2021/4/14/22383957/fbi-san-bernadino-iphone-hack-shooting-investigation
• Say what? More jargon in a paper means fewer scientists will read it, study finds https://www.cbc.ca/radio/asithappens/as-it-happens-tuesday-edition-1.5985611/say-what-more-jargon-in-a-paper-means-fewer-scientists-will-read-it-study-finds-1.5985613
• Spy agency GCHQ told me Gmail's more secure than Microsoft 365, insists British MP as facepalming security bods tell him to zip it https://www.theregister.com/2021/04/14/tom_tugendhat_email_security_outburst/
• The Threat of Electric Vehicles to the Grid https://vividcomm.com/2021/04/18/the-threat-of-electric-vehicles/
• This Is The Point When People Start Trusting Algorithms More Than Other Humans https://www.sciencealert.com/this-is-when-people-start-to-trust-algorithms-more-than-humans
• Twitter begins analyzing harmful impacts of its algorithms https://www.theverge.com/2021/4/15/22385563/twitter-algorithms-machine-learning-bias
• Stories of child abuse images in the blockchain go back years. In this update last month, Blockchain Sleuth Says OKEx, Huobi Stonewalled Him in Child Porn Investigation https://www.coindesk.com/cipherblade-okex-huobi-csem-morphtoken
• We haven’t confirmed these posts but, if accurate, it raises a number of legal, ethical, and risk issues for Image Search Providers and Canada Child Protection – https://linustechtips.com/topic/1322512-canada-child-protect-caught-spreading-child-porn-using-aws-services/, https://varishangout.com/index.php?threads/canadian-centre-for-child-protection-uploading-and-self-reporting-cp-on-saucenao.259/

• Health, Safety & Environment:

  • $1.9 million award could keep Zika virus at bay https://scienmag.com/1-9-million-award-could-keep-zika-virus-at-bay/
  • Simple genetic modification aims to stop mosquitoes spreading malaria https://scienmag.com/simple-genetic-modification-aims-to-stop-mosquitoes-spreading-malaria/
  • A landmark study shows the main compound in magic mushrooms could rival a leading depression drug https://www.businessinsider.com/psilocybin-magic-mushroom-for-depression-takeaways-from-icl-report-nejm-2021-4
  • What's Really in Your Water? https://www.scientificamerican.com/article/whats-really-in-your-water/

• Student's heart failure linked to 'excessive' energy drinks https://www.bbc.co.uk/news/newsbeat-56747731

  • 2 Killed in Driverless Tesla Car Crash, Officials Say https://www.nytimes.com/2021/04/18/business/tesla-fatal-crash-texas.html
  • FedEx will 'reevaluate' its policy requiring employees to lock up phones during shifts following Thursday's shooting at a FedEx facility in Indianapolis https://www.businessinsider.com/fedex-reevaluating-no-phone-policy-after-mass-shooting-2021-4
  • North Shore Rescue warn about danger to crews after slackline strung across two peaks https://globalnews.ca/news/7764463/north-shore-rescue-slackline-peaks/
  • Bitcoin and crypto markets crash on US crackdown reports https://ca.finance.yahoo.com/news/bitcoin-price-sunday-18-april-us-treasury-digital-assets-ethereum-litecoin-coinbase-doge-094926937.html
  • Why everyone incorporates in Delaware https://thehustle.co/why-delaware-is-the-sexiest-place-in-america-to-incorporate-a-company/
• How product placements may soon be added to classic films https://www.bbc.co.uk/news/business-56758376
• Reuters finally decides to charge you for its online news stories with a paywall https://www.theverge.com/2021/4/15/22386037/reuters-paywall-online-news-content-publishers

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • India records over 200K COVID-19 cases in a day amid festivals, election rallies https://globalnews.ca/news/7766426/india-covid-19-election7766426/
  • More than 4,200 new COVID-19 cases reported in Ontario, hospitalizations reach 2,100 https://toronto.ctvnews.ca/more-than-4-200-new-covid-19-cases-reported-in-ontario-hospitalizations-reach-2-100-1.5392114
  • 10 people test positive for COVID-19 from Kingston legion outbreak https://globalnews.ca/news/7761099/10-covid-19-kingston-legion-outbreak/
  • Alberta birthday party COVID-19 outbreak described by Premier Kenney has few details https://globalnews.ca/news/7761984/alberta-coronavirus-birthday-party-premier-kenney/
  • All Grey-Bruce residents should consider themselves a COVID-19 carrier for 48 hours https://northernontario.ctvnews.ca/all-grey-bruce-residents-should-consider-themselves-a-covid-19-carrier-for-48-hours-1.5388447
  • Edmonton schools experience spike in COVID-19 cases: ‘It is concerning’ https://globalnews.ca/news/7757539/edmonton-schools-covid-19-case-spike-april/
  • ‘It’s not the old COVID’: Whistler doctor urges B.C. to overcome pandemic fatigue https://globalnews.ca/news/7766672/bc-pandemic-fatigue-cathy-zeglinski/
  • B.1.1.7 variant linked to 100-plus person ‘superspreader’ outdoor party near Maple Creek, Sask. https://globalnews.ca/news/7765037/100-plus-person-superspreader-party-maple-creek/

• Guidance, Response, and Recovery:

  • ‘Every order applies to you’: A vaccine does not mean you can ignore health guidelines https://globalnews.ca/news/7760591/post-vaccine-public-health-orders-information/
  • ‘Worst nightmare’: Ont. hospitals scramble to make room for COVID-19 patients as cases skyrocket https://globalnews.ca/news/7763873/ontario-hospitals-scramble-make-room-covid-19-patients-cases/
  • Ontario will have to triage ICU patients soon as COVID-19 hospitalizations climb, doctor says https://toronto.ctvnews.ca/ontario-will-have-to-triage-icu-patients-soon-as-covid-19-hospitalizations-climb-doctor-says-1.5390246
  • Ontario’s new COVID-19 restrictions have science ‘absolutely upside-down,’ experts say https://globalnews.ca/news/7765156/ontario-covid-19-restrictions-ford-david-fisman/
  • Anand doesn’t rule out using Canada Emergencies Act to help curb COVID-19 third wave https://globalnews.ca/news/7765882/canada-emergencies-act-the-west-block/
  • Full list of new COVID-19 emergency restrictions in Ontario https://toronto.ctvnews.ca/full-list-of-new-covid-19-emergency-restrictions-in-ontario-1.5390803
  • Ontario gives police authority to stop people, vehicles, ask purpose of travel https://toronto.ctvnews.ca/ontario-gives-police-authority-to-stop-people-vehicles-ask-purpose-of-travel-1.5390805
  • Ontario walks back new police powers following backlash https://toronto.ctvnews.ca/ontario-walks-back-new-police-powers-following-backlash-1.5391464
  • Premier Ford reverses decision to close Ontario playgrounds amid backlash https://toronto.ctvnews.ca/premier-ford-reverses-decision-to-close-ontario-playgrounds-amid-backlash-1.5391546
  • What you can and cannot do now that Ontario has tightened its stay-at-home order https://www.cbc.ca/news/canada/toronto/ontario-restrictions-what-you-can-what-you-cannot-do-1.5991941
  • Ontario will place restrictions on interprovincial travel, limit recreational activities as COVID-19 cases soar, sources say https://toronto.ctvnews.ca/ontario-will-place-restrictions-on-interprovincial-travel-limit-recreational-activities-as-covid-19-cases-soar-sources-say-1.5390016
  • Quebec changes outdoor mask rule aimed at controlling COVID-19 spread https://globalnews.ca/news/7758079/quebec-outdoor-mask-rules-covid-changes/
  • 1st Pedal Pub in Saskatchewan plans to get rolling in June https://globalnews.ca/news/7765280/pedal-pub-saskatchewan/
  • Australia opens travel bubble with New Zealand https://www.bbc.co.uk/news/world-australia-56796679
  • Post-Covid America Isn’t Going to Be Anything Like the Roaring ’20s https://www.politico.com/news/magazine/2021/03/18/roaring-2020s-coronavirus-flu-pandemic-john-m-barry-477016
  • Trained Dogs Can Detect COVID-19 With Surprising Accuracy by Sniffing Your Pee https://www.sciencealert.com/trained-dogs-are-able-to-smell-covid-19-in-human-pee

• Treatments, Testing, Triage, Trials, and things we Learned:

  • NIH trial of anti-CD14 antibody to treat COVID-19 respiratory disease begins https://scienmag.com/nih-trial-of-anti-cd14-antibody-to-treat-covid-19-respiratory-disease-begins/
  • Canada is ignoring the science on second doses https://financialpost.com/diane-francis/diane-francis-canada-is-ignoring-the-science-on-second-doses
  • Chinese official says local vaccines 'don't have high protection rates' https://www.bbc.co.uk/news/world-asia-china-56713663
  • B.C. encouraging anyone 18+ to register for COVID-19 vaccine this week https://globalnews.ca/news/7767959/bc-vaccine-registration-everyone/
  • How a Twitter account is helping Canadians find vaccination appointments https://www.ctvnews.ca/health/coronavirus/how-a-twitter-account-is-helping-canadians-find-vaccination-appointments-1.5389136
  • Vaccines are failing to get to where COVID-19 is spreading fastest in Ontario, data shows https://toronto.ctvnews.ca/vaccines-are-failing-to-get-to-where-covid-19-is-spreading-fastest-in-ontario-data-shows-1.5389983
  • About 10K vaccination appointments cancelled at two Ontario clinics due to lack of supply https://toronto.ctvnews.ca/about-10k-vaccination-appointments-cancelled-at-two-ontario-clinics-due-to-lack-of-supply-1.5386636
  • AstraZeneca COVID-19 vaccine to stop being used in Denmark https://globalnews.ca/news/7756911/astrazeneca-covid-19-vaccine-stop-used-denmark/
  • Moderna cuts April vaccine deliveries by almost half as Canada battles third wave https://globalnews.ca/news/7762939/moderna-vaccine-shipments-delayed-canada/
  • Ontario to lower age eligibility for AstraZeneca vaccine to 40 https://toronto.ctvnews.ca/ontario-to-lower-age-eligibility-for-astrazeneca-vaccine-to-40-1.5392503
  • N.B. mother upset daughter, a paramedic student, wasn’t vaccinated before hospital training https://globalnews.ca/news/7764098/paramedic-students-covid-19-vaccinations-nb-mother/
  • A million vaccines in freezers: Ontario defends ‘buffer’ as thousands of appointments cancelled https://globalnews.ca/news/7758546/coronavirus-covid-vaccines-ontario-buffer-cancelled/
  • The story behind the J&J one dose vaccine https://nymag.com/intelligencer/2021/04/the-story-of-one-dose.html
  • Third dose of COVID-19 vaccine ‘likely’ needed within 12 months: Pfizer CEO https://globalnews.ca/news/7761973/covid-19-vaccine-third-dose-pfizer-ceo/
  • Blood clots from COVID-19 up to 10 times more likely than vaccines: researchers https://globalnews.ca/news/7759372/blood-clots-covid-more-likely-vaccines/
  • Is it time to ditch disinfecting? CDC updates data surrounding COVID-19 surface transmission https://globalnews.ca/news/7761171/is-it-time-to-ditch-disinfecting-cdc-updates-data-surrounding-covid-19-surface-transmission/
  • Coping Strategies of Ocean Castaways Hold Lessons for the COVID Pandemic https://www.scientificamerican.com/article/coping-strategies-of-ocean-castaways-hold-lessons-for-the-covid-pandemic/
  • How CO2 sensors might help us return to ‘normal’ https://www.theverge.com/2021/4/14/22382361/covid-carbon-dioxide-co2-ventilation-sensor-bars-restaurant
  • We May Have Found a Cellular Difference That Protects Kids From COVID-19 https://www.sciencealert.com/children-have-a-weird-difference-in-their-b-cells-which-might-be-helping-protect-them-from-covid
  • Our Pandemic Trash Is Killing Wildlife on a Devastating Scale, Scientists Warn https://www.sciencealert.com/face-masks-protect-humans-but-they-re-a-deathtrap-for-everything-else

• More of the good, the bad, and the ugly:

  • Masks, anti-maskers, distancing, compliance, and repercussions:
  • Surrey RCMP issues $17,000 in COVID-19 restriction fines in one week https://globalnews.ca/news/7758945/surrey-rcmp-17k-covid-fines/
  • COVID-19: Montreal protesters denounce 8 p.m. curfew as unscientific, harmful to vulnerable https://globalnews.ca/news/7768269/covid-19-montreal-protesters-denounce-curfew-as-unscientific/
  • Three people fined after anti-mask protest held in Mississauga last month https://toronto.ctvnews.ca/three-people-fined-after-anti-mask-protest-held-in-mississauga-last-month-1.5388493
  • Standoff includes police as Mississauga gym owner reopens despite COVID-19 emergency orders https://globalnews.ca/news/7762210/covid-huf-gym-mississauga/
  • COVID-19: Unlicensed Kelowna gym under investigation for anti-mask, anti-vaccine policies https://globalnews.ca/news/7758961/unlicensed-kelowna-gym-under-investigation-covid/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• (We never knew) Audrey Hepburn: The Secret WW2 History of a Dutch Resistance Spy https://www.denofgeek.com/movies/audrey-hepburn-secret-ww2-history-dutch-resistance-spy/
• If you Want to Move an Asteroid, you Need the Right Kind of Nuclear Explosion https://www.universetoday.com/150844/if-you-want-to-move-an-asteroid-you-need-the-right-kind-of-nuclear-explosion/
• P.E.I. man captures on-ice battle between Canada goose and bald eagle https://www.cbc.ca/news/canada/prince-edward-island/pei-bald-eagle-canadian-goose-battle-photographer-1.5958964
• Rebuilding Notre-Dame cathedral... with 1,000 oak trees https://www.bbc.co.uk/news/world-europe-56761834
• A total of some 2.5 billion T. rex roamed the Earth, study finds https://www.cbc.ca/news/technology/trex-billions-1.5989151
• Scientists may detect signs of extraterrestrial life in the next 5 to 10 years https://scienmag.com/scientists-may-detect-signs-of-extraterrestrial-life-in-the-next-5-to-10-years/
• 'At least the crater is in the right place,' Elon Musk says after SpaceX SN11 Mars rocket prototype test https://www.9news.com.au/world/spacex-sn11-mars-rocket-explodes-elon-musk-crater-tweet/b83d3f90-f3d0-4cdd-ba3f-b8382542dd31
• Nasa chooses SpaceX to build Moon lander https://www.bbc.co.uk/news/science-environment-56781556
• 100-meter Asteroid Created a Strange Impact Event in Antarctica 430,000 Years Ago https://www.universetoday.com/150881/100-meter-asteroid-created-a-strange-impact-event-in-antarctica-430000-years-ago/
• EmDrive: Does It Really Work? - Inventor Defends Failed Tests https://www.popularmechanics.com/science/a36098824/emdrive-inventor-defends-failed-tests/
• Ground-Based Lasers Could Push Space Debris off Collision-Course Orbits https://www.universetoday.com/150896/ground-based-lasers-could-push-space-debris-off-collision-course-orbits/
• Space Junk Removal Is Not Going Smoothly https://www.scientificamerican.com/article/space-junk-removal-is-not-going-smoothly/
• SpaceX: Elon Musk satellite came within 60m of crash with another owned by British-backed firm https://www.independent.co.uk/life-style/gadgets-and-tech/space/spacex-elon-musk-satellite-crash-b1830998.html