This Week's [in]Security - Issue 217

Welcome to This Week’s [in]Security. PCI: SLC v1.1, Sunsetting P2PE v2 and PA-DSS. MasterCard resources. Control Gap SSA & SSLC. Magecart mobile, Carders. New breaches: Japanese Dating & government, Canada Post, Nukes, Dominos India, Hospitals, Compound redaction leak, New Ransomware: RCMP, Defensive shutdown. Privacy: Facial Recognition, Hiding controls. Laws & Regs - Canada: C-10 impact. US: Breach law. The world: Mass Surveillance, Data residency. Standards: NIST: Cloud, IoT/MuD. USB-C upgrade. Defense: Webinars, Webinars. Pipeline response, Cyber budgets, Unknown-unknowns, FBI supporting HIBP. Vulnerabilities: HPE, Certified PDFs, Bluetooth, Chrome & Edge, VMware, Siemens PLC, SonicWall, Trend Micro, New Rowhammer research. Feistel Randomness. Cybercrime - Trends: Low-tech, Solarwinds APT, Fake reviews, Spam, Nation States. RSA 2011 Hack, Turnabout? Crime. Skimmer, Drugs, Cops lift palm-print from social media, Bitcoin, Other Risks: Aircraft interceptions, Supply chain, Cloud risk/incentive, Non-replicable science, Orwell, Proctored Exam Pilot, Get cracking? Disinformation. Health, Safety & Environment: Food poisoning, Longevity, Flu, Space debris, Solar flares. Covid-19: Spread, Curves, Waves, and Variants. Response. Immunity. Impact. Covid Ugly. Covid Compliance. And more.

This week's cover image from the Unity Portal Project - credit VILNIUS TECH LinkMenų fabrikas (see Science and Tech).

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI SSC Releases PCI Secure Software Lifecycle (SLC) Standard 1.1 https://www.helpnetsecurity.com/2021/02/23/pci-slc-1-1/
• Reminder: P2PE v2 begins final sunset phase as P2PE v3 becomes mandatory after June 30 https://blog.pcisecuritystandards.org/3-things-to-know-about-p2pe-v3-0New
• Reminder: PA-DSS begins last phase of sunset after June 30 https://blog.pcisecuritystandards.org/new-software-security-framework-programs-timeline-and-key-milestonesubmssions

• MasterCard ran a QSA webinar last week and highlighted some of their PCI360 resources https://www.mastercard.com/globalrisk/en/resources/pci360.html:

  • A Quarterly newsletter! https://www.mastercard.com/content/dam/public/mastercardcom/globalrisk/pdf/Q1-2021-PCI-Quarterly-Newsletter.pdf
  • Free merchant security awareness training! https://mastercardeacademy.adobeconnect.com/p1i896wp9thr/
  • MasterCard on 8-digit BIN https://www.mastercard.com/content/dam/public/mastercardcom/globalrisk/pdf/8-Digit-BIN-Expansion-Mandate-and-PCI-DSS-Impact.pdf
  • Summary of types of service providers under SDP and which need to validate compliance and at what level (other brands may differ) https://www.mastercard.us/en-us/business/overview/safety-and-security/security-recommendations/site-data-protection-PCI/service-providers-need-to-know.html
  • PDF with details of different MasterCard service provider types www.mastercard.com/content/dam/public/mastercardcom/globalrisk/pdf/Service%20Provider%20Categories%20and%20PCI%20(30%20Sept.%202020).pdf
  • Merchant Compliance Requirements https://www.mastercard.com/content/dam/public/mastercardcom/globalrisk/pdf/Revised_PCI_DSS_Compliance_Requirements_for_L2_Merchants.pdf
• Control Gap is a PCI Secure Software Framework Company https://www.pcisecuritystandards.org/assessors_and_solutions/software_security_framework_assessors
• MobileInter: A Popular Magecart Skimmer Redesigned For Your Phone https://www.riskiq.com/blog/external-threat-management/mobile-inter/
• U.S. Charges 22 in Stolen Payment Cards Crackdown https://www.securityweek.com/us-charges-22-stolen-payment-cards-crackdown

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Japan's Biggest Dating App Hack Exposes Two Million Accounts https://www.databreaches.net/japans-biggest-dating-app-hack-exposes-two-million-accounts/
  • Japanese government agencies suffer data breaches after Fujitsu hack https://www.databreaches.net/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/
  • Canada Post informs 44 large business customers of data breach affecting 950K customers https://www.databreaches.net/canada-post-informs-44-large-business-customers-of-data-breach-affecting-950k-customers/
  • US nuclear weapon bunker security secrets spill from online flashcards since 2013 https://www.theregister.com/2021/05/28/flashcards_military_nuclear/
  • Domino's India discloses data breach after hackers sell data online https://www.bleepingcomputer.com/news/security/dominos-india-discloses-data-breach-after-hackers-sell-data-online/
  • MA: Sturdy Hospital pays ransom after patient information is stolen https://www.databreaches.net/ma-sturdy-hospital-pays-ransom-after-patient-information-is-stolen/
  • UMD-Baltimore updates Accellion breach notification after finding PII and PHI involved https://www.databreaches.net/umd-baltimore-updates-accellion-breach-notification-after-finding-pii-and-phi-involved/
  • (Irony? Is redaction that hard?) Goldberg Segalla sued over redaction leak while defending client being sued over another redaction leak https://www.databreaches.net/law-firm-responds-to-data-breach-claim-by-leaking-data-checkmate/
  • Caravus impacted by Netgain Technology breach because vendor failure to destroy legacy data https://www.databreaches.net/caravus-impacted-by-netgain-technology-breach-because-vendor-failure-to-destroy-legacy-data/
  • Hoboken Radiology reveals breach of imaging server that began in 2019 https://www.databreaches.net/hoboken-radiology-reveals-breach-of-imaging-server-that-began-in-2019/
  • It: Municipality of Porto Sant'Elpidio publicly quiet after ransomware attack and partial dump of files https://www.databreaches.net/it-municipality-of-porto-santelpidio-publicly-quiet-after-ransomware-attack-and-partial-dump-of-files/

• New Ransomware and "Incidents":

  • Ransomware attack compromises RCMP's ability to issue pay stubs https://toronto.ctvnews.ca/ransomware-attack-compromises-rcmp-s-ability-to-issue-pay-stubs-1.5442421
  • California: Azusa Police reveal ransomware attack in March https://www.databreaches.net/ca-azusa-police-reveal-ransomware-attack-in-march/
  • Headphone and speaker maker Bose discloses ransomware attack https://www.databreaches.net/headphone-and-speaker-maker-bose-discloses-ransomware-attack/
  • Tulsa Computer System Hacks Stopped by Security Shutdown https://www.securityweek.com/tulsa-computer-system-hacks-stopped-security-shutdown

Privacy

Articles about privacy related news, risks, and trends.

• EU Privacy Groups Set Sights on Facial Recognition Firm https://www.securityweek.com/eu-privacy-groups-set-sights-facial-recognition-firm
• Google reportedly made it difficult for smartphone users to find privacy settings https://www.theverge.com/2021/5/29/22460070/google-difficult-android-privacy-settings-arizona

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Bill C-10 Effect: Why Canadian Consumers Face a Future of CanCon Surcharges and Blocked Services https://www.michaelgeist.ca/2021/05/the-bill-c-10-effect-why-canadian-consumers-face-a-future-of-cancon-surcharges-and-blocked-services/
  • Why Bill C-10 Undermines the Government's Commitment to the Principle of Net Neutrality https://www.michaelgeist.ca/2021/05/why-bill-c-10-undermines-the-governments-commitment-to-the-principle-of-net-neutrality/

• US:

  • Iowa Law Safeguards Insurance Consumers' Private Data https://www.databreaches.net/iowa-law-safeguards-insurance-consumers-private-data/
  • One Employee's Accidental Email Leads To A Significant Data Breach Ruling in Federal Appeals Court https://www.databreaches.net/one-employees-accidental-email-leads-to-a-significant-data-breach-ruling-in-federal-appeals-court/
  • Having your ePHI dumped on the dark web by threat actors doesn't necessarily give you standing to sue https://www.databreaches.net/having-your-ephi-dumped-on-the-dark-web-by-threat-actors-doesnt-necessarily-give-you-standing-to-sue/

• World:

  • Computer Misuse Act: Tell the Home Office infosec needs a public interest defence in law, says CyberUp campaign https://www.theregister.com/2021/05/26/cyberup_techuk_public_interest_call/
  • European Court on Human Rights Bought Spy Agencies' Spin on Mass Surveillance https://www.eff.org/deeplinks/2021/05/european-court-human-rights-bought-spy-agencies-spin-mass-surveillance
  • NSA spying row: Denmark helped US gather data on European officials, says report https://www.bbc.co.uk/news/world-europe-57302806
  • Top Human Rights Court Rules UK Mass Surveillance Program Violated Privacy Rights https://epic.org/2021/05/top-human-rights-court-rules-u.html
  • Russia will force Facebook and Twitter to keep data on its citizens within the country https://www.independent.co.uk/life-style/gadgets-and-tech/russia-facebook-twitter-data-b1854189.html
  • WhatsApp Sues India's Government to Stop New Internet Rules https://www.nytimes.com/2021/05/25/technology/whatsapp-india-lawsuit.html
  • Iran bans bitcoin mining after mass blackouts https://www.independent.co.uk/life-style/gadgets-and-tech/iran-bitcoin-mining-ban-blackouts-b1854852.html

• Standards News:

  • NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a new draft report, NISTIR 8320 Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases, for public comment through June 30 https://csrc.nist.gov/publications/detail/nistir/8320/draft
  • NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity Practice Guide Special Publication (SP) 1800-15 Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD) https://csrc.nist.gov/publications/detail/sp/1800-15/final
  • USB-C is about to go from 100W to 240W, enough to power beefier laptops https://www.theverge.com/circuitbreaker/2021/5/25/22453936/usb-c-power-delivery-extended-power-range-epr

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• U.S. announces new security directives for pipelines after hack https://www.cbc.ca/news/world/united-states-pipeline-security-cyberattack-1.6042197
• Gartner: Global Security Spending Will Reach $150 Billion in 2021 https://www.securityweek.com/gartner-global-security-spending-will-reach-150-billion-2021
• Better cybersecurity means finding the “unknown unknowns” https://www.technologyreview.com/2021/05/26/1025339/better-cybersecurity-means-finding-the-unknown-unknowns/
• Biden Budget Seeks to Invest Billions in US Cybersecurity https://www.databreachtoday.com/biden-budget-seeks-to-invest-billions-in-us-cybersecurity-a-16768
• The FBI will feed hashes of hacked passwords directly into Have I Been Pwned https://www.databreaches.net/the-fbi-will-feed-hashes-of-hacked-passwords-directly-into-have-i-been-pwned/
• Introducing Security By Design https://security.googleblog.com/2021/05/introducing-security-by-design.html
• Updates to Firefox's Breach Alert Policy https://blog.mozilla.org/security/2021/05/25/updates-to-firefoxs-breach-alert-policy/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• HPE fixes critical zero-day vulnerability disclosed in December https://www.bleepingcomputer.com/news/security/hpe-fixes-critical-zero-day-vulnerability-disclosed-in-december/
• PDF Feature ‘Certified' Widely Vulnerable to Attack https://threatpost.com/pdf-certified-widely-vulnerable-to-attack/166505/
• Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents https://thehackernews.com/2021/05/researchers-demonstrate-2-new-hacks-to.html
• A Survey of Bluetooth Vulnerabilities Trends, (Wed, May 26th) https://isc.sans.edu/diary/rss/27460
• Google Patches 32 Vulnerabilities With Release of Chrome 91 https://www.securityweek.com/google-patches-32-vulnerabilities-release-chrome-91
• Microsoft Edge 91 brings new bugs and annoying popup messages https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-91-brings-new-bugs-and-annoying-popup-messages/
• CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution https://www.tenable.com/blog/cve-2021-21985-critical-vmware-vcenter-server-remote-code-execution
• Siemens Patches Major PLC Flaw that Bypasses Its 'Sandbox' Protection https://www.darkreading.com/physical-security/siemens-patches-major-plc-flaw-that-bypasses-its-sandbox-protection/d/d-id/1341161
• SonicWall urges customers to 'immediately' patch NSM On-Prem bug https://www.bleepingcomputer.com/news/security/sonicwall-urges-customers-to-immediately-patch-nsm-on-prem-bug/
• Trend Micro Bugs Threaten Home Network Security https://threatpost.com/trend-micro-bugs-home-network-security/166453/
• Bulletproof TLS Newsletter#77 QUIC/RFC9000, Malicious browiser extensions, Hardenize, Certificate use/misuse https://www.feistyduck.com/bulletproof-tls-newsletter/issue77quicgraduatestorfc9000
• Introducing Half-Double: New hammering technique for DRAM Rowhammer bug https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html
• 3-round Feistel is Not Superpseudorandom Over Any Group, by Hector B. Hougaard https://eprint.iacr.org/2021/675

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises http://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html
  • Russian SolarWinds hackers launch email attack on government agencies https://www.databreaches.net/russian-solarwinds-hackers-launch-email-attack-on-government-agencies/
  • SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html
  • Using Fake Reviews to Find Dangerous Extensions https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/
  • Watch out: These unsubscribe emails only lead to further spam https://www.bleepingcomputer.com/news/security/watch-out-these-unsubscribe-emails-only-lead-to-further-spam/

• Nation State Actors:

  • The Story of the 2011 RSA Hack https://www.schneier.com/blog/archives/2021/05/the-story-of-the-2011-rsa-hack.html
  • Russia's FSB reports 'unprecedented' hacking campaign aimed at government agencies https://www.databreaches.net/russias-fsb-reports-unprecedented-hacking-campaign-aimed-at-government-agencies/

• Crime & Arrests, etc.:

  • Boss of ATM Skimming Syndicate Arrested in Mexico https://krebsonsecurity.com/2021/05/boss-of-atm-skimming-syndicate-arrested-in-mexico/
  • Russian national jailed for running stolen data, hijacked account seller platform deer.io https://www.zdnet.com/article/russian-national-jailed-for-running-stolen-data-hijacked-account-seller-platform
  • NH: Sentenced to Over a Year in Prison for Hacking Police Department in Revenge for Drug Arrest https://www.databreaches.net/nh-sentenced-to-over-a-year-in-prison-for-hacking-police-department-in-revenge-for-drug-arrest/
  • Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall https://www.theregister.com/2021/05/25/cheese_fingerprint_prison/
  • Massive theft of electricity was not a grow op - Sandwell Bitcoin mine https://www.bbc.co.uk/news/uk-england-birmingham-57280115

Other Security / Risk

Articles covering other types of risks.

• The Belarus airline interception:

  • Belarus plane: What happens with a military jet interception? https://www.bbc.co.uk/news/world-europe-57236086
  • Belarus plane arrest - is it a first? https://www.bbc.co.uk/news/world-europe-57240770
  • Other Regimes Will Hijack Planes Too https://www.theatlantic.com/ideas/archive/2021/05/belarus-lukashenko-hijack-plane-precedent-dictators/618971/
  • Belarus: Russia blocks some flights for avoiding its ally https://www.bbc.co.uk/news/world-europe-57271949
• Federal Agencies Struggling With Supply Chain Security https://www.databreachtoday.com/federal-agencies-struggling-supply-chain-security-a-16746
• The Misaligned Incentives for Cloud Security https://www.schneier.com/blog/archives/2021/05/the-misaligned-incentives-for-cloud-security.html
• The 'Replication Crisis' Could Be Worse Than We Thought, New Analysis Reveals https://www.sciencealert.com/non-replicable-studies-make-the-most-impact-scientists-find
• Microsoft president: Orwell's 1984 could happen in 2024 https://www.bbc.co.uk/news/technology-57122120
• ISC2 Online Proctor Exam Pilot Results - process is not quite good enough https://blog.isc2.org/isc2_blog/2021/05/online-proctor-exam-pilot-results.html
• Fake human rights organization, UN branding used to target Uyghurs in ongoing cyberattacks https://www.zdnet.com/article/fake-human-rights-organization-un-branding-used-to-target-uyghurs-in-ongoing-cyberattacks
• Voting by mail in NJ 2020 https://freedom-to-tinker.com/2020/09/12/voting-by-mail-in-nj-2020/
• Check if your Verizon or AT&T phone will keep working after the networks' 3G shutdowns https://www.theverge.com/2021/5/27/22457255/verizon-att-3g-shutdown-date
• Nvidia teases GeForce RTX 3080 Ti announcement for May 31st https://www.theverge.com/2021/5/26/22454930/nvidia-geforce-rtx-3080-ti-announcement-may-31st-event
• An Unorthodox Strategy to Stop Cars From Hitting Deer https://www.theatlantic.com/science/archive/2021/05/wolves-reduce-deer-vehicle-collisions/618978/
• Facebook Takes on Superspreaders https://www.nytimes.com/2021/05/28/technology/facebook-superspreaders-misinformation.html

• Health, Safety & Environment:

  • Even if COVID didn't leak out a lab, we should be concerned. Biosecurity warning over loosely-regulated virus labs https://www.bbc.co.uk/news/world-57206510
  • Food agency urges Canadians to not eat apricot kernel brand over cyanide poisoning risks https://globalnews.ca/news/7905958/cfia-apricot-kernels-cyanide/
  • Even Random, Sporadic Bursts of Walking Are Linked to Living Longer, Scientists Find https://www.sciencealert.com/even-random-sporadic-bursts-of-walking-are-linked-to-living-longer-scientists-find
  • Radical Discovery Suggests The Maximum Human Lifespan Is 150 Years of Age https://www.sciencealert.com/a-new-kind-of-blood-test-for-biological-age-predicts-humans-could-feasibly-live-to-150
  • Three years younger in just eight weeks? A new study suggests yes! https://scienmag.com/three-years-younger-in-just-eight-weeks-a-new-study-suggests-yes/
  • Highly Pathogenic Bird Flu Outbreak Already Reported in 46 Countries, Scientists Warn https://www.sciencealert.com/highly-pathogenic-h5n8-virus-outbreak-needs-to-be-stopped-scientists-warn
  • What Breakthrough Infections Can Tell Us https://www.theatlantic.com/science/archive/2021/05/tracking-breakthrough-infections/619027/
  • A Clue to Why the 1918 Pandemic Came Back Stronger Than Before https://www.theatlantic.com/science/archive/2021/05/pandemic-virus-mutations-1918-flu/618972/
  • Parents of baby found locked inside hot car charged with abandoning a child https://toronto.ctvnews.ca/parents-of-baby-found-locked-inside-hot-car-charged-with-abandoning-a-child-1.5444344
  • Space Debris Has Hit And Damaged The International Space Station https://www.sciencealert.com/space-debris-has-damaged-the-international-space-station
  • Solar flares: what are they, what causes them, and how dangerous are they to humans? https://www.independent.co.uk/life-style/gadgets-and-tech/solar-flares-sun-geomagnetic-storm-earth-b1854385.html
  • Voracious caterpillars threatening Ontario's trees https://www.cbc.ca/news/canada/ottawa/gypsy-moth-infestation-invasive-species-burlap-soapy-water-solution-1.6035662
  • Climate change-resistant corals could provide lifeline to battered reefs https://scienmag.com/climate-change-resistant-corals-could-provide-lifeline-to-battered-reefs/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Flattening the curve: COVID-19 on the decline across most of Canada, modelling shows https://www.ctvnews.ca/health/coronavirus/flattening-the-curve-covid-19-on-the-decline-across-most-of-canada-modelling-shows-1.5446611
  • Cases of B.1.617 COVID-19 variant in Ontario grew nearly six-fold last week https://toronto.ctvnews.ca/cases-of-b-1-617-covid-19-variant-in-ontario-grew-nearly-six-fold-last-week-1.5444830
  • Fully-vaccinated Ontario long-term care resident tests positive for COVID-19 https://toronto.ctvnews.ca/fully-vaccinated-ontario-long-term-care-resident-tests-positive-for-covid-19-1.5444117

• Guidance, Response, and Recovery:

  • If the Lab-Leak Theory Is Right, What's Next? https://www.theatlantic.com/ideas/archive/2021/05/chinese-lab-leak-hypothesis-coronavirus/619000/
  • The idea of returning to normal is making many people feel anxious https://toronto.ctvnews.ca/the-idea-of-returning-to-normal-is-making-many-people-feel-anxious-1.5444324

• Immunity and Vaccinations:

  • Only Have Your First Vaccine Dose So Far? Here's The Data on How Protected You Are https://www.sciencealert.com/only-have-your-first-vaccination-so-far-here-s-the-data-on-how-protected-you-are
  • 'Beyond frustrated': Frontline health care workers eligible for second dose say they cant access vaccine https://toronto.ctvnews.ca/beyond-frustrated-frontline-health-care-workers-eligible-for-second-dose-say-they-cant-access-vaccine-1.5445798
  • Ontario pharmacies race to avoid 'tragic' vaccine wastage https://toronto.ctvnews.ca/ontario-pharmacies-race-to-avoid-tragic-vaccine-wastage-1.5447246
  • Penn researchers discover drug that blocks multiple SARS-CoV-2 variants in mice https://scienmag.com/penn-researchers-discover-drug-that-blocks-multiple-sars-cov-2-variants-in-mice/
  • Covid: Russia starts vaccinating animals https://www.bbc.co.uk/news/world-europe-57259961

• Impact:

  • Global computer chip shortage may worsen unless Taiwan gets vaccines https://www.independent.co.uk/life-style/gadgets-and-tech/taiwan-covid-chip-shortage-b1852659.html
  • How COVID Changed Science https://www.scientificamerican.com/article/how-covid-changed-science/

• More of the good, the bad, and the ugly:

  • France puzzled by mystery anti-Pfizer campaign offer https://www.bbc.co.uk/news/world-europe-57250285

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Military officer facing mutiny charge after anti-vaccine speech in Toronto https://toronto.ctvnews.ca/military-officer-facing-mutiny-charge-after-anti-vaccine-speech-in-toronto-1.5441954

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Vilnius Gediminas Technical University pilots the unity portal (with a Stargate or Guardian of Forever vibe) to connect people in different countries and launches it in the pandemic (brilliant timing) https://www.theverge.com/2021/5/30/22460964/vilnius-lithuania-portal-poland-connection-pandemic, https://vilniustech.lt/linkmenu-fabrikas/about-us/news/portal-an-interactive-bridge-to-unity-connects-two-countries/104262?nid=328416, and a video https://www.youtube.com/watch?v=2GrXTLe9ztA
• 'Unbelievable' Video Shows Two Bees Work Together to Unscrew a Soda Bottle https://www.sciencealert.com/unbelievable-video-shows-two-bees-unscrewing-a-bottle-of-fanta
• Weird Electromagnetic Bursts Appear Before Earthquakes – And We May Finally Know Why https://www.sciencealert.com/weird-electromagnetic-bursts-appear-before-earthquakes-and-we-may-finally-know-why
• The Top Unsolved Questions in Mathematics Remain Mostly Mysterious https://www.scientificamerican.com/article/the-top-unsolved-questions-in-mathematics-remain-mostly-mysterious/
• Canada announces plans to land a rover on the moon https://www.cbc.ca/news/science/canada-moon-mission-1.6041214
• NASA's Mars helicopter had a midair brain fart https://www.theverge.com/2021/5/28/22457316/nasa-ingenuity-mars-helicopter-navigation-glitch-sixth-flight
• Is the Hubble constant not…Constant? https://www.universetoday.com/151325/is-the-hubble-constant-notconstant/