This Week's [in]Security - Issue 213 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI Secure Software Update, Community meeting. e_Skimmer. Supply-Chain Backdoors: New breaches: New Ransomware: Follow-ups & Fall-out: Privacy: less FLoC, US poll, Windows. Laws & Regs - Canada: C-10. US: Breaches. UK, EU, HK: Apple, Google. Standards: IoT, 4 NIST, PQ-crypto. Defense: Webinars, Webinars. Cyber-kids, Ransomware taskforce, Defender uploads, HIBP & Emotet. Vulnerabilities: macOS, Unethical patching, BigF5, NTLM, Cellebrite, Cisco, Medical & Industrial IoT, AD, AI Hackers. Cybercrime - Trends: Malvertising notifications, OpenBullet, Linux backdoor, Passwordstate, Sharepoint. Citizenlab & NSO Group. Nation States. Crime: Bitcoin laundering. Other Risks: Supply chain, Schneier, Smishing. eVoting, Health, Safety & Environment. bees, Quakes, Death from above, EV blues, cars. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Learned. Impact. Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Security Standards Council Publishes Version 1.1 of Secure Software Standard and Program and adds support for Payment Terminal Applications:

  • Blog https://blog.pcisecuritystandards.org/new-terminal-software-module-introduced-in-pci-secure-software-standard-version-1-1
  • Summary of Changes from Secure Software Standard https://www.pcisecuritystandards.org/documents/PCI-Secure-Software-Standard-Summary-of-Changes-v1_0-to-v1_1.pdf
  • Standard https://www.pcisecuritystandards.org/documents/PCI-Secure-Software-Standard-v1_1.pdf
  • Program Guide https://www.pcisecuritystandards.org/documents/PCI-Secure-Software-Program-Guide-v1_1.pdf
  • Reporting Template https://www.pcisecuritystandards.org/documents/PCI-Secure-Software-ROV-Template-v1_1.pdf
  • Attestation https://www.pcisecuritystandards.org/documents/PCI-Secure-Software-AOV-v1_1.docx
• The PCI SSC Global Community Forum will take place online from Tuesday, 26 October – Thursday, 28 October. https://events.pcisecuritystandards.org/
• Water Pamola Attacked Online Shops Via Malicious Orders https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Big Hacks, supply-chain compromises and widely used backdoors:
• CISA: 5 Agencies Using Pulse Secure VPNs Possibly Breached https://www.databreachtoday.com/cisa-5-agencies-using-pulse-secure-vpns-possibly-breached-a-16500
• More US agencies potentially hacked, this time with Pulse Secure exploits https://arstechnica.com/gadgets/2021/04/more-us-agencies-potentially-hacked-this-time-with-pulse-secure-exploits/
• Codecov starts notifying customers affected by supply-chain attack https://www.databreaches.net/codecov-starts-notifying-customers-affected-by-supply-chain-attack/
• HashiCorp reveals exposure of private code-signing key after Codecov compromise https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/

• Accellion data breaches drive up average ransom price https://www.bleepingcomputer.com/news/security/accellion-data-breaches-drive-up-average-ransom-price/

  • City of Toronto hit by ‘potential cyber breach’ from Accellion file transfer software https://www.databreaches.net/toronto-hit-by-potential-cyber-breach-from-accellion-file-transfer-software/

• New Breaches:

  • Hackers Threaten to Leak D.C. Police Informants' Info If Ransom Is Not Paid (Could this count as a murder threat?) https://thehackernews.com/2021/04/hackers-threaten-to-leak-dc-police.html
  • Experian API Leaks Most Americans’ Credit Scores https://threatpost.com/experian-api-leaks-american-credit-scores/165731/
  • First Horizon discloses data security breach https://www.databreaches.net/first-horizon-discloses-data-security-breach/
  • AmeriFirst Warns Customers of December Data Breach https://www.databreaches.net/amerifirst-warns-customers-of-december-data-breach/
  • Descomplica - 4,845,378 breached accounts https://haveibeenpwned.com/PwnedWebsites#Descomplica
  • Google COVID-19 Contact-Tracing Tool Exposes Data: Lawsuit https://www.databreachtoday.com/google-covid-19-contact-tracing-tool-exposes-data-lawsuit-a-16492
  • CA/NWT: Privacy commissioner investigating COVID Secretariat data breach https://www.databreaches.net/ca-privacy-commissioner-investigating-covid-secretariat-data-breach/
  • Click Studios - Passwordstate - Hacked, Exposing Users' Passwords https://www.databreachtoday.com/click-studios-hacked-exposing-users-passwords-a-16469
  • Contact tracing data breach exposes health information of 72,000 Pennsylvanians https://www.databreaches.net/contact-tracing-data-breach-exposes-health-information-of-72000-pennsylvanians/
  • COVID-19 Results for 25% of Wyoming Accidentally Posted Online https://threatpost.com/covid-19-results-accidentally-exposed/165709/
  • Dutch government pauses coronavirus app over data leak fears https://www.databreaches.net/dutch-government-pauses-coronavirus-app-over-data-leak-fears/
  • Fr: Baclesse cuts its Internet connection to prevent the spread of a computer worm https://www.databreaches.net/fr-baclesse-cuts-its-internet-connection-to-prevent-the-spread-of-a-computer-worm/
  • Maine government website displayed mental health patients’ confidential information https://www.databreaches.net/maine-government-website-displayed-mental-health-patients-confidential-information/
  • Ph: 345,000 sensitive legal documents from the PH government have been exposed online https://www.databreaches.net/ph-345000-sensitive-legal-documents-from-the-ph-government-have-been-exposed-online/
  • US/CA: St. John’s Well Child and Family Center notifies patients of breach https://www.databreaches.net/ca-st-johns-well-child-and-family-center-notifies-patients-of-breach/
  • DigitalOcean says customer billing data accessed in data breach https://www.databreaches.net/digitalocean-says-customer-billing-data-accessed-in-data-breach/
  • Fourth time's a charm - OGUsers hacking forum hacked again https://www.bleepingcomputer.com/news/security/fourth-times-a-charm-ogusers-hacking-forum-hacked-again/
  • Thrifty Drug discloses security breach https://www.databreaches.net/thrifty-drug-discloses-security-breach/
  • Paleohacks data leak exposes customer records, password reset tokens https://www.zdnet.com/article/paleohacks-data-leak-exposes-customer-records-password-reset-tokens
  • Reverb discloses data breach exposing musicians’ personal info https://www.databreaches.net/reverb-discloses-data-breach-exposing-musicians-personal-info/

• New Ransomware and "Incidents":

  • Whistler resort municipality hit by new ransomware operation https://www.bleepingcomputer.com/news/security/whistler-resort-municipality-hit-by-new-ransomware-operation/
  • Ch: Cyber-attack on Swiss Cloud Computing AG https://www.databreaches.net/ch-cyber-attack-on-swiss-cloud-computing-ag/
  • IT: Hacker attack on pharmaceutical company Zambon https://www.databreaches.net/it-hacker-attack-on-pharmaceutical-company-zambon/
  • UK: Colchester Institute suffers cyber security attack https://www.databreaches.net/uk-colchester-institute-suffers-cyber-security-attack/

• Follow-ups and fall-out:

  • bigbasket - 24,500,011 breached accounts https://haveibeenpwned.com/PwnedWebsites#bigbasket
  • ParkMobile - 20,949,825 breached accounts https://haveibeenpwned.com/PwnedWebsites#ParkMobile
  • Jefit - 9,052,457 breached accounts https://haveibeenpwned.com/PwnedWebsites#Jefit
  • Two Canadian banks could pay up to $23 million to settle lawsuits in 2018 hacks https://www.itworldcanada.com/article/two-canadian-banks-could-pay-up-to-23-million-to-settle-lawsuits-in-2018-hacks/446673
  • Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU https://www.troyhunt.com/data-from-the-emotet-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi-and-nhtcu/
  • GitHub Leaks: Lessons Learned https://www.databreachtoday.com/github-leaks-lessons-learned-a-16504
  • Is It Ethical To Buy Breached Data? https://www.databreaches.net/is-it-ethical-to-buy-breached-data/

Privacy

Articles about privacy related news, risks, and trends.

• GitHub blocks Google FLoC tracking https://www.bleepingcomputer.com/news/security/github-blocks-google-floc-tracking/
• Google's Grand Plan to Eradicate Cookies Is Crumbling https://www.wired.com/story/googles-grand-plan-to-eradicate-cookies-is-crumbling
• Poll: Vast Majority of Americans Support Online Data Protection Legislation https://epic.org/2021/04/poll-vast-majority-of-american.html
• What data does Windows 10 collect in the background? https://www.comparitech.com/blog/information-security/windows-10-data/
• Which country has the most-watched workers in the world? https://www.comparitech.com/blog/vpn-privacy/employee-monitoring-statistics/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Why the Government’s Secret Forthcoming Bill C-10 Amendment Confirms Its Plans to Regulate User Generated Content https://www.michaelgeist.ca/2021/04/ugcamendment/
  • Why Heritage Minister Steven Guilbeault’s Own Department Officials Don’t Support His Claims on Regulating User Generated Content https://www.michaelgeist.ca/2021/04/why-heritage-minister-steven-guilbeaults-own-department-officials-dont-support-his-claims-on-regulating-user-generated-content/
  • Knowing Who to Stand Up For: Heritage Minister Steven Guilbeault and the Regulation of Free Speech https://www.michaelgeist.ca/2021/04/guilbeaultfreespeech/

• US:

  • District Court in Third Circuit Confirms That, When it Comes to Data Breaches, Actual Misuse Must be Alleged https://www.databreaches.net/district-court-in-third-circuit-confirms-that-when-it-comes-to-data-breaches-actual-misuse-must-be-alleged/

• World:

  • Apple fined $12M by Russian regulator over App Store monopoly abuse https://www.theverge.com/2021/4/28/22407293/apple-russia-antitrust-monopoly-fine-kaspersky-parental-control-app
  • Google Data Protection Case to be Heard in UK Supreme Court https://www.securityweek.com/google-data-protection-case-be-heard-uk-supreme-court
  • EU adopts controversial law forcing one-hour takedowns of terrorist content https://www.theverge.com/2021/4/29/22409306/eu-law-one-hour-terrorist-content-takedowns-passes-parliament
  • German climate change law violates rights, court rules https://www.bbc.co.uk/news/world-europe-56927010

• Standards News:

  • Easy-to-guess default device passwords are a step closer to being banned https://www.zdnet.com/article/easy-to-guess-default-device-passwords-are-a-step-closer-to-being-banned/
  • NIST draft SP 800-172A Assessing Enhanced Security Requirements for Controlled Unclassified Information is available for comment through June 11 https://csrc.nist.gov/publications/detail/sp/800-172A/draft
  • NIST is undertaking a major revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161) incorporating next generation cyber supply chain risk management (C-SCRM). This first round draft is open for comments until by June 14. https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/draft
  • NIST is updating Special Publication (SP) 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). A draft update is open for comments through June 15 https://csrc.nist.gov/publications/detail/sp/800-66/rev-2/draft
  • NIST will hold a virtual workshop on the C-SCRM update on May 12, 2021, from 11 am-12:40 pm EDT https://www.nist.gov/news-events/events/2021/05/sp-800-161-revision-1-stakeholder-engagement
  • NIST/ NCCoE Published Cybersecurity White Paper Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms https://csrc.nist.gov/publications/detail/white-paper/2021/04/28/getting-ready-for-post-quantum-cryptography/final

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Australia proposes teaching cyber-security to five-year-old kids https://www.theregister.com/2021/04/30/eaching_cybersecurity_to_five_year_olds/
• CISA, NIST Provide New Resource on Software Supply Chain Attacks https://www.securityweek.com/cisa-nist-provide-new-resource-software-supply-chain-attacks
• ISACA Winnipeg welcomes you to our annual Western Canada Information Security Conference https://live.wcisc.ca/
• An ambitious plan to tackle ransomware faces long odds https://arstechnica.com/information-technology/2021/05/an-ambitious-plan-to-tackle-ransomware-faces-long-odds/
• Security expert coalition shares actions to disrupt ransomware https://www.bleepingcomputer.com/news/security/security-expert-coalition-shares-actions-to-disrupt-ransomware/
• Task Force Seeks to Disrupt Ransomware Payments https://krebsonsecurity.com/2021/04/task-force-seeks-to-disrupt-ransomware-payments/
• Vivaldi is updating its browsers to block annoying cookie pop-ups https://www.theverge.com/2021/4/29/22408098/vivaldi-cookie-crumbler-blocks-pop-ups-floc-gdpr
• Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break) https://www.theregister.com/2021/04/29/vivaldi_3_8/
• How to stop Windows 10 Defender from uploading files to Microsoft https://www.bleepingcomputer.com/news/security/how-to-stop-windows-10-defender-from-uploading-files-to-microsoft/
• SSHing to my Raspberry Pi 400 from a browser, with Cloudflare Tunnel and Auditable Terminal https://blog.cloudflare.com/ssh-raspberry-pi-400-cloudflare-tunnel-auditable-terminal/
• Adobe Releases Open Source Anomaly Detection Tool "OSAS" https://www.securityweek.com/adobe-releases-open-source-anomaly-detection-tool-osas
• 10K Hackers Defend the Planet Against Extraterrestrials (Cyber Apocalypse 2021 - capture the flag event) https://www.darkreading.com/edge/theedge/10k-hackers-defend-the-planet-against-extraterrestrials/b/d-id/1340813
• Bulletproof TLS #76 Dan Kaminsky and the MD2 certificate attack, OpenSSL alpha, SNI exposes host names … https://www.feistyduck.com/bulletproof-tls-newsletter/issue_76_in_memoriam_dan_kaminsky
• FBI shares 4 million email addresses used by Emotet with Have I Been Pwned https://www.bleepingcomputer.com/news/security/fbi-shares-4-million-email-addresses-used-by-emotet-with-have-i-been-pwned/
• Welcoming the Luxemburg Government CERT to Have I Been Pwned https://www.troyhunt.com/welcoming-the-luxemburg-government-cert-to-have-i-been-pwned/
• Welcoming the Romanian Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-romanian-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html
• New ransomware group uses SonicWall zero-day to breach networks https://www.bleepingcomputer.com/news/security/new-ransomware-group-uses-sonicwall-zero-day-to-breach-networks/
• Minnesota University Apologizes for Contributing Malicious Code to the Linux Project https://thehackernews.com/2021/04/minnesota-university-apologizes-for.html
• F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability https://thehackernews.com/2021/04/f5-big-ip-found-vulnerable-to-kerberos.html
• Linux kernel vulnerability exposes stack memory, causes data leaks https://www.zdnet.com/article/linux-kernel-vulnerability-exposes-stack-memory
• NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability https://www.securityweek.com/ntlm-relay-attack-abuses-windows-rpc-protocol-vulnerability
• Security Vulnerabilities in Cellebrite https://www.schneier.com/blog/archives/2021/04/security-vulnerabilities-in-cellebrite.html
• Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks https://www.securityweek.com/several-high-severity-vulnerabilities-expose-cisco-firewalls-remote-attacks
• Signal’s hack of surveillance tech used by police could undermine Australian criminal cases https://www.theguardian.com/australia-news/2021/may/02/how-the-hacking-of-surveillance-tech-used-by-police-could-undermine-australian-criminal-cases
• IoT Device Security Flaws Stalk Medical Providers, Blunt Innovation https://www.pymnts.com/internet-of-things/2021/iot-device-security-flaws-stalk-medical-providers-blunt-innovation/
• Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices https://thehackernews.com/2021/04/microsoft-finds-badalloc-flaws.html
• Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices https://threatpost.com/microsoft-warns-25-critical-iot-industrial-devices/165752/
• Homebrew fixes Cask repo GitHub Actions bug that would have let anyone sneak malicious code onto machines https://www.theregister.com/2021/04/26/in_brief_security/
• Abusing Replication: Stealing AD FS Secrets Over the Network http://www.fireeye.com/blog/threat-research/2021/04/abusing-replication-stealing-adfs-secrets-over-the-network.html
• When AIs Start Hacking https://www.schneier.com/blog/archives/2021/04/when-ais-start-hacking.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Microsoft is finally fixing Windows 10 rearranging apps on multiple monitors https://www.theverge.com/2021/4/28/22407995/microsoft-windows-apps-rearranging-sleep-resume-fix-directx-12
• Trends, Alerts, and Events (other than major breaches):
• Anatomy of how you get pwned – new notification popups and Malvertising https://blog.erratasec.com/2021/04/anatomy-of-how-you-get-pwned.html
• How Cybercriminals Abuse OpenBullet for Credential Stuffing https://www.trendmicro.com/en_us/research/21/d/how-cybercriminals-abuse-openbullet-for-credential-stuffing-.html
• New stealthy Linux malware used to backdoor systems for years https://www.bleepingcomputer.com/news/security/new-stealthy-linux-malware-used-to-backdoor-systems-for-years/
• Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach https://thehackernews.com/2021/04/passwordstate-warns-of-ongoing-phishing.html
• Ransomware gang targets Microsoft SharePoint servers https://www.databreaches.net/ransomware-gang-targets-microsoft-sharepoint-servers/
• Citizen Lab Responds to NSO Group and Continued Spyware Abuse https://citizenlab.ca/2021/04/citizen-lab-responds-to-nso-group-and-continued-spyware-abuse/
• Hackers are attacking the COVID-19 vaccine supply chain https://www.databreaches.net/hackers-are-attacking-the-covid-19-vaccine-supply-chain/

• Nation State Actors:

  • FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers https://thehackernews.com/2021/04/fbi-cisa-uncover-tactics-employed-by.html
  • Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency https://www.theregister.com/2021/04/27/apt29_russia_svr_tactics_cisa/
  • Chinese Hackers Attacking Military Organizations With New Backdoor https://thehackernews.com/2021/04/chinese-hackers-attacking-military.html
  • Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity http://www.fireeye.com/blog/threat-research/2021/04/espionage-group-unc1151-likely-conducts-ghostwriter-influence-activity.html

• Crime & Arrests, etc.:

  • Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin https://www.wired.com/story/bitcoin-fog-dark-web-cryptocurrency-arrest
  • Feds arrest founder of bitcoin ‘mixer’ they say laundered $335 million over ten years https://www.theverge.com/2021/4/29/22409501/feds-arrest-founder-bitcoin-mixer-laundered-cryptocurrency

Other Security / Risk

Articles covering other types of risks.

• Opinion | We’re spending so much time thinking about risk when we should be considering the reward https://www.washingtonpost.com/opinions/global-opinions/our-policymakers-are-still-obsessing-over-risks-but-forgetting-about-rewards/2021/04/22/9ae72c7a-a39b-11eb-a774-7b47ceb36ee8_story.html
• Hygiene Theater https://www.theatlantic.com/ideas/archive/2021/02/hygiene-theater-still-waste/617939/
• More than ever, organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain. These risks can decrease an enterprise’s visibility into and understanding of how the technology that they acquire is developed, integrated, and deployed. They can also affect and be affected by the processes, procedures, and practices used to ensure the security, resilience, reliability, safety, integrity, and quality of products and services.
• Chipmaker says it will ramp up production of older 28nm chips https://arstechnica.com/gadgets/2021/04/chipmaker-says-it-will-ramp-up-production-of-older-28nm-chips/
• Cybersecurity Call to Arms Issued by British Spy Chief https://www.databreachtoday.com/blogs/cybersecurity-call-to-arms-issued-by-british-spy-chief-p-3023
• Cybersecurity Community Unhappy With GitHub's Proposed Policy Updates https://www.securityweek.com/cybersecurity-community-unhappy-githubs-proposed-policy-updates
• Data Brokers and National Security https://www.databreaches.net/data-brokers-and-national-security/
• Second Click Here to Kill Everybody Sale https://www.schneier.com/blog/archives/2021/04/second-click-here-to-kill-everybody-sale.html
• Computer vision in AI: The data needed to succeed https://www.technologyreview.com/2021/04/29/1023746/computer-vision-in-ai-the-data-needed-to-succeed/
• Smishing: Why Text-Based Phishing Should Be on Every CISO’s Radar https://threatpost.com/smishing-text-phishing-ciso-radar/165634/
• Internet Voting is Still Inherently Insecure https://freedom-to-tinker.com/2021/04/27/internet-voting-is-still-inherently-insecure/
• Identifying People Through Lack of Cell Phone Use https://www.schneier.com/blog/archives/2021/04/identifying-people-through-lack-of-cell-phone-use.html
• PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd) https://isc.sans.edu/diary/rss/27376
• Restricting internet searches causes stock market instability: study https://scienmag.com/restricting-internet-searches-causes-stock-market-instability-study/
• Microsoft is preparing to release the Windows 10 May 2021 Update https://www.bleepingcomputer.com/news/microsoft/microsoft-is-preparing-to-release-the-windows-10-may-2021-update/
• The next big Windows 10 update improves Bluetooth audio with AAC support https://www.theverge.com/2021/4/29/22410088/microsoft-windows-10-bluetooth-aac-support-update
• Microsoft previews new APIs for managing Windows Update https://www.bleepingcomputer.com/news/microsoft/microsoft-previews-new-apis-for-managing-windows-update/
• CRA tax-filing portal hits issues day before deadline https://globalnews.ca/news/7821924/cra-website-down-tax-filing/
• Vehicle modification causes insurance complications for Ontario man https://globalnews.ca/news/7825120/vehicle-modifications-insurance-complications/
• How to Save Ourselves From Disinformation, A Times Event https://www.nytimes.com/2021/04/27/technology/fake-news-disinformation-event.html

• Health, Safety & Environment:

  • A Year Without Germs https://www.theatlantic.com/health/archive/2021/04/the-pandemic-changed-our-microbiome-but-thats-okay/618760/
  • Flu Has Disappeared Worldwide during the COVID Pandemic https://www.scientificamerican.com/article/flu-has-disappeared-worldwide-during-the-covid-pandemic/
  • Malaria Vaccine Shows Promise--Now Come Tougher Trials https://www.scientificamerican.com/article/malaria-vaccine-shows-promise-now-come-tougher-trials1/
  • Manitoba reports 2 cases of rare swine flu variants found in separate communities https://globalnews.ca/news/7823256/manitoba-cases-rare-swine-flu-variants/
  • Scientists Have Identified Four Distinct Types of Alzheimer's And What They Do to Us https://www.sciencealert.com/scientists-have-identified-four-distinct-types-of-alzheimer-s
  • Scientists’ discovery of blood clotting mechanism could lead to new antithrombotic drugs https://scienmag.com/scientists-discovery-of-blood-clotting-mechanism-could-lead-to-new-antithrombotic-drugs/
  • Texas Enabled the Worst Carbon Monoxide Poisoning Catastrophe in Recent U.S. History http://feeds.propublica.org/link/9499/14447168/texas-carbon-monoxide-poisoning
  • The Robot Surgeon Will See You Now https://www.nytimes.com/2021/04/30/technology/robot-surgery-surgeon.html
  • There's One Really Unhealthy Effect of Cold Offices, According to Science https://www.sciencealert.com/there-s-one-really-unhealthy-effect-of-cold-offices-according-to-science
  • Man dies, wife hospitalized after attack by swarm of bees in Texas https://globalnews.ca/news/7816611/bee-attack-man-dead-texas/
  • Google expands its Android-based earthquake detection system https://www.theverge.com/2021/4/28/22407676/google-expands-android-earthquake-detection-system
  • A huge rocket from China's space-station launch could fall back to Earth totally uncontrolled https://www.businessinsider.com/huge-chinese-rocket-stage-to-fall-to-earth-uncontrolled-2021-5
  • This world-ending asteroid is the perfect vehicle for Pink Floyd https://www.theverge.com/2021/4/30/22412731/large-asteroid-impact-simulation-pink-floyd-discovery-channel
  • ‘Staggering’ 25,000 barrels found at toxic dump site off Los Angeles coast https://globalnews.ca/news/7816106/ddt-barrels-dump-la-coast/
  • The Climate Solution Actually Adding Millions of Tons of CO2 Into the Atmosphere http://feeds.propublica.org/link/9499/14446151/the-climate-solution-actually-adding-millions-of-tons-of-co2-into-the-atmosphere
  • CO2 catalysis made more accessible https://scienmag.com/co2-catalysis-made-more-accessible/
  • Ottawa's promising a tax credit for carbon capture — but is the tech worth the money? https://www.cbc.ca/news/politics/carbon-capture-storage-fossil-fuel-climate-change-2021-budget-1.6003427
  • University of Alberta entrepreneur transforms waste into jet fuel https://globalnews.ca/news/7819932/university-of-alberta-entrepreneur-transforms-waste-into-jet-fuel/
  • Using microbes to remove microplastics from the environment https://scienmag.com/using-microbes-to-remove-microplastics-from-the-environment/
  • Easily Compost Your Food Waste at Home With This Single-Button Machine https://www.mentalfloss.com/article/646041/compost-machine-lomi-indiegogo
  • Dutch couple move into Europe’s first fully 3D-printed house https://www.theguardian.com/technology/2021/apr/30/dutch-couple-move-into-europe-first-fully-3d-printed-house-eindhoven
  • 1 in 5 electric vehicle owners in California switched back to gas because charging their cars is a hassle, new research shows (F, TSLA, GM) https://www.businessinsider.com/electric-car-owners-switching-gas-charging-a-hassle-study-2021-4
  • First Formula E Race On A Traditional Circuit Ends With Half The Grid Entirely Out Of Power https://jalopnik.com/first-formula-e-race-on-a-traditional-circuit-ends-with-1846755911
  • Toyota built an internal combustion engine that sips hydrogen, and it sounds awesome https://www.slashgear.com/toyota-built-an-internal-combustion-engine-that-sips-hydrogen-and-it-sounds-awesome-30671055/
  • A new green cryptocurrency called Chia uses a less energy-intensive method of minting new coins. Here are 6 things to know about the digital asset before it starts trading on Monday. https://markets.businessinsider.com/currencies/news/green-cryptocurrency-chia-less-energy-intensive-bitcoin-crypto-ethereum-altcoins-2021-4-1030373374

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • COVID-19 hospitalizations, ICU admissions growing for younger Canadians amid 3rd wave https://globalnews.ca/news/7826094/covid-19-young-canadians-hospitalizations/
  • 80 Canada Post employees self-isolating after COVID-19 outbreak declared at Gateway location. https://toronto.citynews.ca/2021/04/27/80-canada-post-employees-self-isolating-after-covid-19-outbreak-declared-at-gateway-location
  • COVID-19 cases linked to quarantine hotel being investigated by Toronto Public Health https://toronto.ctvnews.ca/covid-19-cases-linked-to-quarantine-hotel-being-investigated-by-toronto-public-health-1.5410598
  • N.B. man helping ill family member move from Quebec questions hotel isolation policy https://globalnews.ca/news/7814038/hotel-isolation-rule-criticized/
  • ‘Grief and shock’: Southern Alberta teen dies suddenly after negative COVID-19 test https://globalnews.ca/news/7816526/alberta-teen-dies-negative-covid-19-test/
  • A look at why Atlantic Canada excels at slowing the spread of COVID-19 https://globalnews.ca/news/7826103/atlantic-canada-covid-19/
  • In-person schooling with inadequate mitigation measures raises household member’s COVID-19 risk https://scienmag.com/in-person-schooling-with-inadequate-mitigation-measures-raises-household-members-covid-19-risk/
  • India is the first country to record 400,000 coronavirus cases in a single day https://www.businessinsider.com/india-first-country-to-record-400000-single-day-coronavirus-cases-2021-5
  • MIT calculator shows how long it takes to get exposed to COVID-19 in indoors, depending on mask-wearing, ventilation, and what you are doing https://www.businessinsider.com/indoor-mit-calculator-mask-ventilation-covid-6ft-safety-2021-4
  • COVID-19 mutations that could ‘evade immune response’ flagged by Indian scientists https://globalnews.ca/news/7826151/india-coronavirus-mutation-vaccines/

• Guidance, Response, and Recovery:

  • The CDC Is Still Repeating Its Mistakes https://www.theatlantic.com/health/archive/2021/04/cdc-outdoor-mask-pandemic/618739/
  • COVID-19 burnout is real — and your employer is worried about it, too https://globalnews.ca/news/7810610/covid-19-burnout-employers/
  • How Big Tech Won the Pandemic https://www.nytimes.com/2021/04/30/technology/big-tech-pandemic.html
  • Modelling shows stay-at-home order is working: ‘Cases decreasing earlier, faster than projected’ https://www.680news.com/2021/04/29/modelling-shows-stay-at-home-order-is-working-cases-decreasing-earlier-faster-than-projected/
  • Report reveals Ontario’s hospitals most problematic compared to rest of Canada https://globalnews.ca/news/7817487/report-ontario-hospitals-problematic-canada/
  • ‘A lot of happy faces’ with loosened COVID-19 restrictions in Edmundston region https://globalnews.ca/news/7817040/loosened-covid-19-restrictions-edmundston/
  • 'It breaks my heart': Essential workers in Ontario plead for paid sick days amid COVID-19 wave https://toronto.ctvnews.ca/it-breaks-my-heart-essential-workers-in-ontario-plead-for-paid-sick-days-amid-covid-19-wave-1.5404771
  • Ontario is launching paid sick leave. Should other provinces follow suit? https://globalnews.ca/news/7817060/covid-paid-sick-leave-provinces/
  • Ontario may soon lift some COVID-19 restrictions on outdoor activities, solicitor general says https://toronto.ctvnews.ca/ontario-may-soon-lift-some-covid-19-restrictions-on-outdoor-activities-solicitor-general-says-1.5408851
  • ‘It’s a legal loophole’: British Columbians use U.S.-Canada land border to avoid quarantine hotels https://globalnews.ca/news/7823188/bc-us-canada-border-crossing-loophole/
  • A positive COVID-19 test allows travellers to skirt hotel stay: CBSA officer https://globalnews.ca/news/7823420/covid-19-border-measures-rule/
  • Brazil Seeks to Hold Bolsonaro Accountable for More Than 400,000 Covid-19 Deaths https://theintercept.com/2021/05/01/covid-brazil-deaths-bolsonaro-investigation/
  • 3 additional Toronto businesses partially closed due to COVID-19 https://toronto.citynews.ca/2021/04/29/3-additional-toronto-businesses-partially-closed-due-to-covid-19

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Doctors Identify The Best Treatment For COVID-19 Smell Loss, And It's Not Steroids https://www.sciencealert.com/experts-recommend-a-simple-way-to-recover-your-sense-of-smell-after-covid-19

• Immunity and Vaccinations:

  • CDC: Fully vaccinated people can go maskless outside to exercise, dine, or socialize https://www.businessinsider.com/cdc-fully-vaccinated-americans-can-go-maskless-outside-some-situations-2021-4
  • One dose of Pfizer or AstraZeneca vaccine cuts COVID-19 spread by up to 50% within a household, a study found https://www.businessinsider.com/one-shot-astrazeneca-pfizer-vaccine-halves-covid-spread-study-2021-4
  • The First Billion COVID Vaccinations Have Been Given https://www.scientificamerican.com/article/the-first-billion-covid-vaccinations-have-been-given/
  • 2 vaccine doses better than 1 in preventing COVID-19 hospitalization, study says https://globalnews.ca/news/7821739/covid-vaccine-doses-cdc/
  • Canada is holding back its 1-shot J&J COVID-19 vaccine. Here’s what you need to know https://globalnews.ca/news/7827753/covid-canada-jj-vaccine-delayed-explained/
  • A Canadian vaccine certificate faces science, privacy hurdles: officials https://globalnews.ca/news/7826318/canada-covid-vaccine-certificate-hurdles/
  • The CDC is warning states to remove COVID-19 vaccine-card templates as pro-Trump forums spread tips on how to forge the document https://www.businessinsider.com/pro-trump-forums-spread-tips-forge-covid-vaccine-cards-cdc-2021-4
  • 40 per cent of Toronto adults have now received first shot of COVID-19 vaccine https://toronto.ctvnews.ca/40-per-cent-of-toronto-adults-have-now-received-first-shot-of-covid-19-vaccine-1.5410294
  • Full list of when Ontarians can book their COVID-19 vaccine in May https://toronto.ctvnews.ca/full-list-of-when-ontarians-can-book-their-covid-19-vaccine-in-may-1.5407487
  • 'We whipped up an app in about three hours': Engineer creates tool that finds nearby vaccine clinics in Ontario https://toronto.ctvnews.ca/we-whipped-up-an-app-in-about-three-hours-engineer-creates-tool-that-finds-nearby-vaccine-clinics-in-ontario-1.5410366
  • York Region closing multiple mass vaccine clinics for one day because of supply issues https://toronto.ctvnews.ca/york-region-closing-multiple-mass-vaccine-clinics-for-one-day-because-of-supply-issues-1.5410358
  • Making Vaccines Is Straightforward; Getting People to Take Them Isn't https://www.scientificamerican.com/article/making-vaccines-is-straightforward-getting-people-to-take-them-isnt/
  • Few Would Fear COVID Vaccines if Policy Makers Explained Their Risks Better https://www.scientificamerican.com/article/few-would-fear-covid-vaccines-if-policy-makers-explained-their-risks-better/
  • Critics slam complicated booking system as Toronto turns to Vaccine Hunters Canada for help https://toronto.ctvnews.ca/critics-slam-complicated-booking-system-as-toronto-turns-to-vaccine-hunters-canada-for-help-1.5406357
  • Don’t Wait for Herd Immunity https://www.theatlantic.com/ideas/archive/2021/04/even-without-herd-immunity-us-still-winning/618742/
  • Vaccine envy: Why can't Canada make COVID-19 doses at home? https://www.cbc.ca/news/politics/domestic-vaccine-manufacturing-canada-1.6004427
  • ‘It’s like buying candy’: Expert says it’s easy for Canadians to get vaccinated in U.S. Here’s how https://globalnews.ca/news/7822715/covid-canadians-vaccinated-us/

• Things we learned:

  • Genius investor and Card Counter Ed Thorp predicted the pandemic's US death toll before a single death was recorded https://markets.businessinsider.com/news/stocks/genius-investor-ed-thorp-predicted-pandemic-death-toll-before-lockdown-2021-4-1030359461
  • What Science Forgot About Airborne Pandemics https://www.theatlantic.com/health/archive/2021/02/bad-air/618106/

• Impact:

  • U.S. COVID-19 baby boom appears to be a baby bust, analysis says https://globalnews.ca/news/7816220/covid-19-baby-boom-bust/
  • Burning Man has been canceled for the second year in a row: 'We recognize that the pandemic is not over' https://www.businessinsider.com/burning-man-2021-cancelled-covid-pandemic-2021-4

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Toronto police enforcement teams laid more than 200 charges in first week responding to large gatherings https://toronto.ctvnews.ca/toronto-police-enforcement-teams-laid-more-than-200-charges-in-first-week-responding-to-large-gatherings-1.5409273

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• This geologist found the oldest water on earth—in a Canadian mine https://www.macleans.ca/society/science/this-geologist-found-the-oldest-water-on-earth-in-a-canadian-mine/
• “Put LUCKY on My Tombstone.” Apollo 11 Astronaut Michael Collins Dies at 90 https://www.universetoday.com/151017/put-lucky-on-my-tombstone-apollo-11-astronaut-michael-collins-dies-at-90/
• NASA suspends SpaceX’s $2.9 billion moon lander contract after rivals protest https://www.theverge.com/2021/4/30/22412771/nasa-spacex-hls-moon-lander-blue-origin-protest
• Animation: Black Hole Star Shredder https://apod.nasa.gov/apod/ap210427.html
• There Could Be 14 Antimatter Objects Lurking Out There in The Milky Way https://www.sciencealert.com/these-14-milky-way-objects-could-be-stars-made-of-antimatter