This Week's [in]Security - Issue 226

Welcome to This Week’s [in]Security. Union Pay and PCI, New FAQ, Magecart. UI Rant. New breaches, New Ransomware: Ports. Blood Services, gangs. Follow-ups & Fall-out. Privacy: Deanonymizing, Android. Laws & Regs: Backdoors, Fines, Pegasus, Data Residency. Defense: Misinformation, Disruption, No More Ransomware, Galileo, Tools. Vulnerabilities: Top 30, Foxit, Wordpress, Trojaned AI, Schneier. Cybercrime: Trends. Nation States: Escalation, Russians, Catphishing, Crime. Other Risks: Breach cost, Users, Mobile Drivers Licenses, Bulletproof TLS, de-Polarization. Health, Safety & Environment: Overdoses, Plague, Buzzed Bees, Bears, Condo, UFO, ISS. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Ugly; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Union Pay's alignment with PCI continues:

  • Last November they became the first (and so far only) Strategic Member of the SSC https://www.pcisecuritystandards.org/about_us/press_releases/pr_11022020 (https://www.pcisecuritystandards.org/get_involved/strategic_members))
  • FAQ 1091 on truncation tidy up and adds Union Pay https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-are-acceptable-formats-for-truncation-of-primary-account-numbers
• For PCI DSS, why is storage of sensitive authentication data (SAD) after authorization not permitted even when there are no primary account numbers (PANs) in an environment? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/For-PCI-DSS-why-is-storage-of-sensitive-authentication-data-SAD-after-authorization-not-permitted-even-when-there-are-no-primary-account-numbers-PANs-in-an-environment
• Card Stealer Malware Uses New Evasion Technique https://www.databreachtoday.com/card-stealer-malware-uses-new-evasion-technique-a-17178
• Louis Rossmann rant tearing a strip off Chase for their merchant credit card management system UI and displaying full PAN (NSFW language if that means anything in our WFH reality) https://www.youtube.com/watch?v=GFvaRgFf4LU

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • NC: Sandhills Center remains silent after threat actors claim to have hacked them and exfiltrated 634 GB of their files https://www.databreaches.net/nc-sandhills-center-remains-silent-after-threat-actors-claim-to-have-hacked-them-and-exfiltrated-634-gb-of-their-files/
  • EE: Threat actor downloads close to 300,000 personal ID photos https://www.databreaches.net/ee-threat-actor-downloads-close-to-300000-personal-id-photos/
  • Ca: Unknown number of people's personal information for sale online after Homewood Health hacked https://www.databreaches.net/ca-unknown-number-of-peoples-personal-information-for-sale-online-after-homewood-health-hacked/
  • Ca: SD73's insurance provider for international students suffers cybersecurity breach https://www.databreaches.net/ca-sd73s-insurance-provider-for-international-students-suffers-cybersecurity-breach/
  • Calgary's parking authority exposed drivers' personal data and tickets https://www.databreaches.net/calgarys-parking-authority-exposed-drivers-personal-data-and-tickets/
• SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube https://www.theregister.com/2021/07/27/stolen_scaleway_ssd_recovered/

• New Ransomware and "Incidents":

  • Enterprise Data Breach Cost Reached Record High During Pandemic https://packetstormsecurity.com/news/view/32509/Enterprise-Data-Breach-Cost-Reached-Record-High-During-Pandemic.html
  • Ransomware: Average Ransom Payment Drops to $137,000 https://www.databreachtoday.com/blogs/ransomware-average-ransom-payment-drops-to-137000-p-3071
  • S.Africa's Port Terminals Still Disrupted Days After Cyber-Attack https://www.securityweek.com/safricas-port-terminals-still-disrupted-days-after-cyber-attack
  • Za: Blood service hit by cyberattack https://www.databreaches.net/za-blood-service-hit-by-cyberattack/
  • Grief ransomware operation is DoppelPaymer rebranded https://www.bleepingcomputer.com/news/security/grief-ransomware-operation-is-doppelpaymer-rebranded/
  • New Ransomware Gangs - Haron and BlackMatter - Emerge on Cybercrime Forums https://thehackernews.com/2021/07/new-ransomware-gangs-haron-and.html

• Follow-ups and fall-out:

  • Hackers leak full EA data after failed extortion attempt https://www.databreaches.net/hackers-leak-full-ea-data-after-failed-extortion-attempt/
  • Northern Ireland suspends vaccine passport system after data leak https://www.bleepingcomputer.com/news/security/northern-ireland-suspends-vaccine-passport-system-after-data-leak/
  • D-BOX provides update following ransomware incident two weeks ago https://www.databreaches.net/d-box-provides-update-following-ransomware-incident-two-weeks-ago/
  • When Ransomware Group REvil Vanished, Its Victims Were Stranded https://www.databreaches.net/when-ransomware-group-revil-vanished-its-victims-were-stranded/
  • Kaseya Denies Paying Cybercriminals Who Launched Ransomware Attack https://www.securityweek.com/kaseya-denies-paying-cybercriminals-who-launched-ransomware-attack
  • Risky Business #632 -- The Kaseya incident wasn't nearly as big as we thought https://risky.biz/RB632
  • DOJ: SolarWinds hackers breached emails from 27 US Attorneys' offices https://www.bleepingcomputer.com/news/security/doj-solarwinds-hackers-breached-emails-from-27-us-attorneys-offices/
  • SolarWinds: Top US prosecutors hit by suspected Russian hack https://www.bbc.co.uk/news/world-us-canada-58042344
  • Lawsuits Against CaptureRx Pile Up - So Do Victim Counts https://www.databreachtoday.com/lawsuits-against-capturerx-pile-up-so-do-victim-counts-a-17143

Privacy

Articles about privacy related news, risks, and trends.

• De-anonymization Story https://www.schneier.com/blog/archives/2021/07/de-anonymization-story.html
• Upcoming Android privacy changes include ability to blank advertising ID, and 'safety section' in Play store https://www.theregister.com/2021/07/29/android_privacy_changes/
• Google shows off Play Store's upcoming data privacy section https://www.theverge.com/2021/7/28/22597534/google-play-store-safety-section-privacy-info-app-store-privacy-nutrition-labels
• Google: Android apps must provide privacy information by April 2022 https://www.bleepingcomputer.com/news/google/google-android-apps-must-provide-privacy-information-by-april-2022/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 96: More Harm Than Good - My Appearance Before the Senate Transport Committee on a Copyright Bill to Support Media Organizations https://www.michaelgeist.ca/2021/07/law-bytes-podcast-episode-96/

• US:

  • Should Congress Close the FBI's Backdoor for Spying on American Communications? Yes. https://www.eff.org/deeplinks/2021/07/should-congress-close-fbis-backdoor-spying-american-communications-yes
  • The SEC has frozen US listings of Chinese companies as it demands new disclosures of government meddling risks https://markets.businessinsider.com/news/stocks/sec-china-ipo-freeze-didi-vie-regulatory-crackdown-2021-07
  • Facebook Antitrust Suit Dismissal Will Be Appealed, States Say https://www.nytimes.com/2021/07/28/technology/state-facebook-antitrust-lawsuit.html
  • Microsoft is facing a subpoena for millions of documents in Google's antitrust case https://www.theverge.com/2021/7/30/22601166/us-google-antitrust-case-microsoft-document-discovery

• World:

  • Amazon has been fined a record $887 million for violating data privacy rules in Europe https://www.businessinsider.com/amazon-eu-fine-data-privacy-gdpr-luxembourg-european-union-2021-7
  • Another Chinese Regulator Cracks Competition Whip At Big Tech https://www.pymnts.com/news/regulation/2021/another-chinese-regulator-cracks-competition-whip-at-big-tech/
  • Australia Says Uber 'Interfered' With Users' Privacy https://www.databreachtoday.com/australia-says-uber-interfered-users-privacy-a-17141
  • Pegasus Spyware: World Leaders Demand Israeli Probe https://www.databreachtoday.com/pegasus-spyware-world-leaders-demand-israeli-probe-a-17152
  • Israel begins investigation into NSO Group spyware abuse https://www.technologyreview.com/2021/07/28/1030244/israel-investigation-nso-group-pegasus-spyware/
  • VPN Servers Seized By Ukrainian Authorities Weren't Encrypted https://packetstormsecurity.com/news/view/32505/VPN-Servers-Seized-By-Ukrainian-Authorities-Werent-Encrypted.html
  • Salesforce Marketing Cloud and Data Residency Concerns https://www.datex.ca/blog/salesforce-marketing-cloud-and-data-residency-concerns
  • German lawyers wrangle over pensioner's WW2 tank in basement https://www.bbc.co.uk/news/world-europe-57965260

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Disentangling Disinformation: Not as Easy as it Looks https://www.eff.org/deeplinks/2021/07/disentangling-disinformation-not-easy-it-looks
• Warnings That Work: Combating Misinformation Without Deplatforming https://freedom-to-tinker.com/2021/07/26/warnings-that-work-combating-misinformation-without-deplatforming/
• Disrupting Ransomware by Disrupting Bitcoin https://www.schneier.com/blog/archives/2021/07/disrupting-ransomware-by-disrupting-bitcoin.html
• No More Ransom saves almost €1 billion in ransomware payments in 5 years https://www.bleepingcomputer.com/news/security/no-more-ransom-saves-almost-1-billion-in-ransomware-payments-in-5-years/
• Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists https://blog.cloudflare.com/project-galileo-and-the-global-cyber-alliance-cybersecurity-toolkit-for-journalists/
• CISA launches vulnerability disclosure platform for federal agencies https://www.bleepingcomputer.com/news/security/cisa-launches-vulnerability-disclosure-platform-for-federal-agencies/
• Google launches new Bug Hunters vulnerability rewards platform https://www.bleepingcomputer.com/news/google/google-launches-new-bug-hunters-vulnerability-rewards-platform/
• Turn off, turn on: Simple step can thwart top phone hackers https://www.databreaches.net/turn-off-turn-on-simple-step-can-thwart-top-phone-hackers/
• Making Client Certificates Available By Default in Firefox 90 https://blog.mozilla.org/security/2021/07/28/making-client-certificates-available-by-default-in-firefox-90/
• Microsoft Defender ATP now secures removable storage, printers https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-atp-now-secures-removable-storage-printers/
• Microsoft Teams now automatically blocks phishing attempts https://www.bleepingcomputer.com/news/security/microsoft-teams-now-automatically-blocks-phishing-attempts/
• 8 Security Tools to be Unveiled at Black Hat USA https://www.darkreading.com/attacks-breaches/8-security-tools-to-be-unveiled-at-black-hat-usa/d/d-id/1341574
• Can Fake Accounts Save the Internet? https://www.nytimes.com/2021/07/31/style/anonymity-pseudonymity-online-identity.html
• GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies https://www.securityweek.com/gitlab-releases-open-source-tool-hunting-malicious-code-dependencies
• Reboot of PunkSpider Tool at DEF CON Stirs Debate https://threatpost.com/punkspider-def-con-debate/168223/
• Registry Explorer is the registry editor every Windows user needs https://www.bleepingcomputer.com/news/microsoft/registry-explorer-is-the-registry-editor-every-windows-user-needs/
• Best Practices to Thwart Business Email Compromise (BEC) Attacks https://thehackernews.com/2021/07/best-practices-to-thwart-business-email_29.html
• Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques https://www.microsoft.com/security/blog/2021/07/27/combing-through-the-fuzz-using-fuzzy-hashing-and-deep-learning-to-counter-malware-detection-evasion-techniques/
• Waging a War on Cybercrime With Big Data and AI https://www.databreachtoday.com/interviews/waging-war-on-cybercrime-big-data-ai-i-4938

• Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack https://www.theregister.com/2021/07/27/apple_patches_zeroday/
• Kaseya's Unitrends Technology Has Zero-Day Flaws https://www.databreachtoday.com/kaseyas-unitrends-technology-has-zero-day-flaws-a-17165
• Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers https://packetstormsecurity.com/news/view/32511/Three-Zero-Day-Bugs-Plague-Kaseya-Unitrends-Backup-Servers.html
• Researchers warn of unpatched Kaseya Unitrend backup vulnerabilities https://www.bleepingcomputer.com/news/security/researchers-warn-of-unpatched-kaseya-unitrend-backup-vulnerabilities/
• FBI reveals top targeted vulnerabilities of the last two years https://www.bleepingcomputer.com/news/security/fbi-reveals-top-targeted-vulnerabilities-of-the-last-two-years/
• Top 30 Critical Security Vulnerabilities Most Exploited by Hackers https://thehackernews.com/2021/07/top-30-critical-security.html
• Several Bugs Found in 3 Open-Source Software Used by Several Businesses https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html
• Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader https://blog.talosintelligence.com/2021/07/vulnerability-spotlight-use-after-free.html
• Node.js fixes severe HTTP bug that could let attackers crash apps https://www.bleepingcomputer.com/news/security/nodejs-fixes-severe-http-bug-that-could-let-attackers-crash-apps/
• Linux eBPF bug gets root privileges on Ubuntu - Exploit released https://www.bleepingcomputer.com/news/security/linux-ebpf-bug-gets-root-privileges-on-ubuntu-exploit-released/
• Remote Code Execution Flaws Patched in WordPress Download Manager Plugin https://www.securityweek.com/remote-code-execution-flaws-patched-wordpress-download-manager-plugin
• Critical Vulnerability Found in Sunhillo Aerial Surveillance Product https://www.securityweek.com/critical-vulnerability-found-sunhillo-aerial-surveillance-product
• Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors https://www.securityweek.com/serious-vulnerabilities-found-firmware-used-many-ip-camera-vendors
• How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability https://thehackernews.com/2021/07/how-to-mitigate-microsoft-windows-10-11.html
• Microsoft Rushes Fix for 'PetitPotam' Attack PoC https://threatpost.com/microsoft-petitpotam-poc/168163/
• Vulnerability in Popular Survey Tool Exploited in Possible Chinese Attacks on U.S. https://www.securityweek.com/vulnerability-popular-survey-tool-exploited-possible-chinese-attacks-us
• Compsci student walks off with $50,000 after bug bounty report blows gaping hole in Shopify software repos https://www.theregister.com/2021/07/27/shopify_bug_bounty_payout/
• Old Kindle devices will be kicked off the internet, Amazon warns https://www.independent.co.uk/life-style/gadgets-and-tech/kindle-old-internet-3g-wifi-b1894042.html
• Hiding Malware in ML Models https://www.schneier.com/blog/archives/2021/07/hiding-malware-in-ml-models.html
• I Am Parting With My Crypto Library https://www.schneier.com/blog/archives/2021/07/i-am-parting-with-my-crypto-library.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Window of Exposure is Expanding and Hackers Know Exactly Where to Strike https://www.securityweek.com/window-exposure-expanding-and-hackers-know-exactly-where-strike
• Malicious Content Delivered Through archive.org, (Thu, Jul 29th) https://isc.sans.edu/diary/rss/27688
• Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers https://thehackernews.com/2021/07/phony-call-centers-tricking-users-into.html
• Several Malicious Typosquatted Python Libraries Found On PyPI Repository https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html
• Threat Actors Exploit Misconfigured Apache Hadoop YARN https://www.trendmicro.com/en_us/research/21/g/threat-actors-exploit-misconfigured-apache-hadoop-yarn.html

• Trends, Alerts, and Events (other than major breaches):

  • Malware developers turn to 'exotic' programming languages to thwart researchers https://www.zdnet.com/article/malware-developers-turn-to-exotic-programming-languages-to-thwart-researchers
  • Researchers Link Mysterious 'MeteorExpress' Wiper to Iranian Train Cyberattack https://www.securityweek.com/researchers-link-mysterious-meteorexpress-wiper-iranian-train-cyberattack
  • LockBit ransomware automates Windows domain encryption via group policies https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/
  • Experts Uncover Several C&C Servers Linked to WellMess Malware https://thehackernews.com/2021/07/experts-uncover-several-c-servers.html
  • Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs https://thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html
  • Infected With a .reg File, (Fri, Jul 30th) https://isc.sans.edu/diary/rss/27692

• Nation State Actors:

  • Biden warns cyber attacks could lead to a "real shooting war" https://arstechnica.com/tech-policy/2021/07/biden-warns-cyber-attacks-could-lead-to-a-real-shooting-war/
  • Russian Hackers Continue With Attacks Despite Biden Warning https://www.bloomberg.com/news/articles/2021-07-30/russian-hackers-continue-with-attacks-despite-biden-warning
  • Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers https://www.riskiq.com/blog/external-threat-management/apt29-bear-tracks/
  • Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ https://www.theregister.com/2021/07/30/riskiq_reveals_30_svr_apt29_c2_servers/
  • Hackers Pose as Flirty Aerobics Instructor to Target Employees https://www.databreaches.net/hackers-pose-as-flirty-aerobics-instructor-to-target-employees/

• Crime & Arrests, etc.:

  • Twitter handle swatter jailed after victim dies following home raid https://www.zdnet.com/article/twitter-handle-swatter-jailed-after-victim-dies-following-home-raid
  • PlugwalkJoe Does the Perp Walk https://krebsonsecurity.com/2021/07/plugwalkjoe-does-the-perp-walk/
  • Belarusian Nationals Arrested for Hacking ATMs Across Europe https://www.securityweek.com/belarusian-nationals-arrested-hacking-atms-across-europe

Other Security / Risk

Articles covering other types of risks.

• IBM: Average Cost of Data Breach Exceeds $4.2 Million https://www.securityweek.com/ibm-average-cost-data-breach-exceeds-42-million
• Security breaches where working from home is involved are costlier, claims IBM report https://www.theregister.com/2021/07/28/cost_of_a_data_breach_report_2021/
• Why Are Users Ignoring Multi-Factor Authentication? https://www.securityweek.com/why-are-users-ignoring-multi-factor-authentication
• Security Standoff: IT Department vs. City Councilman https://www.secureworld.io/industry-news/security-standoff-it-city-councilman
• NSA Warns Public Networks are Hacker Hotbeds https://threatpost.com/nsa-warns-public-networks-are-hacker-hotbeds/168268/
• DHS's Flawed Plan for Mobile Driver's Licenses https://www.eff.org/deeplinks/2021/07/dhss-flawed-plan-mobile-drivers-licenses
• Bulletproof TLS issue#79 - browsers deprecating FTP, detailed analysis of Active Directory Certificate Services, and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue_79_the_end_of_ftp_in_browsers
• AI Creates False Documents That Fake Out Hackers https://www.scientificamerican.com/article/ai-creates-false-documents-that-fake-out-hackers/
• Germany Found a Way to Reduce Polarization. Could It Work in the U.S.? https://www.theatlantic.com/ideas/archive/2021/07/what-germany-can-teach-america-about-polarization/619582/
• Of course you can't trust scientists on politics https://blog.erratasec.com/2021/07/of-course-you-cant-trust-scientists-on.html
• Misplaced trust: When trust in science fosters pseudoscience https://scienmag.com/misplaced-trust-when-trust-in-science-fosters-pseudoscience/
• Windows 11 now has its first beta release https://www.theverge.com/2021/7/29/22600261/windows-11-beta-release-insider-microsoft-download-test
• Walmart to sell its e-commerce technologies to other retailers https://techcrunch.com/2021/07/28/walmart-to-sell-its-e-commerce-technologies-to-other-retailers/
• Crypto's 'Snake Oil' Problem May Stymie Payment Ambitions https://www.pymnts.com/cryptocurrency/2021/cryptos-snake-oil-problem-may-stymie-payment-ambitions/
• Canadian border workers vote in favour of striking as soon as Aug. 6: union https://www.ctvnews.ca/business/canadian-border-workers-vote-in-favour-of-striking-as-soon-as-aug-6-union-1.5524775

• Health, Safety & Environment:

  • Canada could see resurgence of potentially deadly childhood respiratory virus this summer: report https://globalnews.ca/news/8061708/canada-respiratory-syncytial-virus/
  • Toronto police issue warning about spike in suspected overdose deaths https://toronto.ctvnews.ca/toronto-police-issue-warning-about-spike-in-suspected-overdose-deaths-1.5528596
  • Fentanyl detected in Toronto's sewer system more than triples in pandemic, federal survey finds https://toronto.ctvnews.ca/fentanyl-detected-in-toronto-s-sewer-system-more-than-triples-in-pandemic-federal-survey-finds-1.5526980
  • Scientists Developed a New Vaccine For Plague, And It's Ready For Human Trials https://www.sciencealert.com/a-new-vaccine-for-plague-is-about-to-undergo-human-trials
  • Virtual Roller Coaster Ride Reveals Key Brain Differences in People With Migraine https://www.sciencealert.com/virtual-roller-coaster-ride-reveals-key-differences-in-migraine-sufferers
  • Caffeine Boosts Bees' Focus and Helps Them Learn https://www.scientificamerican.com/article/caffeine-boosts-bees-focus-and-helps-them-learn/
  • A mother bear rushed a woman snapping a photo of her cubs. The parkgoer now faces federal charges. https://www.washingtonpost.com/nation/2021/07/30/yellowstone-grizzly-bear-charge/
  • Florida condo collapse death toll put at 98 after last victim identified https://globalnews.ca/news/8062098/florida-condo-collapse-final-death-toll/
  • UFO or Iron Man? Mystery jetpack user spotted flying near L.A. airport https://globalnews.ca/news/8073471/lax-jetpack-man-iron-ufo-airport/
  • How a US Navy submarine survived a full-speed collision with an undersea mountain https://www.businessinsider.com/how-us-navy-submarine-survived-collision-with-undersea-mountain-2021-7
  • The Entire ISS Just Spun Around as New Russian Module Malfunctioned After Docking https://www.sciencealert.com/new-russian-iss-module-accidently-spun-the-whole-space-station-around
  • Tidal turbine in Orkney starts generating power https://www.bbc.co.uk/news/uk-scotland-57991442
  • Entire Buildings Can Be Wrapped in Jackets to Save Energy https://www.scientificamerican.com/article/entire-buildings-can-be-wrapped-in-jackets-to-save-energy/
  • How 6 million pounds of electronic waste gets recycled each month https://www.businessinsider.com/how-6-million-pounds-of-electronic-waste-gets-recycled-month-2021-5
  • How 'rain drones' in Dubai use electric shocks against clouds to trigger rain to battle extreme temperatures https://www.businessinsider.com/drone-technology-research-temperature-middle-east-weather-engineering-emirates-meteorology-2021-7

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Scientists model 'true prevalence' of COVID-19 throughout pandemic https://scienmag.com/scientists-model-true-prevalence-of-covid-19-throughout-pandemic/
  • The Delta variant is as contagious as chickenpox, leaked CDC presentation warns https://www.businessinsider.com/delta-variant-as-contagious-chickenpox-leaked-cdc-document-2021-7
  • U.S. events led to massive COVID-19 outbreak - mostly among fully vaccinated https://globalnews.ca/news/8074394/most-covid-cases-among-vaccinated-u-s-cdc/
  • Unvaccinated people 6.4 times more likely to get COVID-19: Ontario's top doctor https://globalnews.ca/news/8064248/unvaccinated-more-likely-to-get-covid-ontario-top-doctor/
  • 6 vaccinated people who got COVID-19 reveal where they were infected: weddings, summer camps, and a Vegas trip https://www.businessinsider.com/risky-activities-vaccinated-people-breakthrough-case-delta-2021-7
  • Delta variant cases have spiked in the UK, but deaths have not - a sign vaccines are working https://www.businessinsider.com/uk-covid-19-delta-variant-cases-spiked-deaths-have-not-2021-7
  • A Resistant SARS-CoV-2 Variant Could Emerge Any Time. Here's What Raises The Risk https://www.sciencealert.com/freedom-day-from-covid-raises-the-risk-of-a-resistant-covid-strain-emerging
  • Ontario logs more than 200 new COVID-19 cases for fourth straight day https://toronto.ctvnews.ca/ontario-logs-more-than-200-new-covid-19-cases-for-fourth-straight-day-1.5531164
  • San Francisco bars saw a 'surge' of breakthrough covid cases. Now they're requiring vaccine cards to enter. https://www.washingtonpost.com/nation/2021/07/27/san-francisco-bars-vaccine-proof/
  • Tokyo heading towards 'explosive expansion' in COVID-19 cases as Olympics continue https://globalnews.ca/news/8069607/tokyo-new-record-covid-19-olympics/
  • Nanjing: New virus outbreak worst since Wuhan, say Chinese state media https://www.bbc.co.uk/news/world-asia-china-58021911

• Guidance, Response, and Recovery:

  • Coexisting with the Coronavirus https://www.newyorker.com/science/annals-of-medicine/coexisting-with-the-coronavirus
  • Covid-19: CDC brings back indoor mask guidance for virus hot spots https://www.bbc.co.uk/news/world-us-canada-57989777
  • Time for Covidnomics https://www.theatlantic.com/ideas/archive/2021/07/vaccine-covidnomics-free-market/619620/
  • No quarantine for fully jabbed EU and US arrivals in England https://www.bbc.co.uk/news/uk-57999362
  • Fully vaccinated Canadians excluded from new U.K. quarantine exception rules https://globalnews.ca/news/8066952/fully-vaccinated-canadians-u-k-quarantine/
  • Ontario reveals details about lifting restrictions after Step 3, masks will remain mandatory indoors https://toronto.ctvnews.ca/ontario-reveals-details-about-lifting-restrictions-after-step-3-masks-will-remain-mandatory-indoors-1.5529505
  • Toronto Pearson Airport scraps decision to separate arrivals by vaccination status https://toronto.ctvnews.ca/toronto-pearson-airport-scraps-decision-to-separate-arrivals-by-vaccination-status-1.5524451
  • Toronto restaurant asking unvaccinated people to sit outside https://toronto.ctvnews.ca/toronto-restaurant-asking-unvaccinated-people-to-sit-outside-1.5523514
  • Unvaccinated students will follow stricter COVID-19 outbreak rules, Ontario's top doctor says https://globalnews.ca/news/8064422/unvaccinated-ontario-students-covid-outbreak-rules/
  • Alberta taking 'risky gamble' by ending COVID isolation: Canadian Paediatric Society https://globalnews.ca/news/8073936/alberta-covid-measutes-canadian-paediatric-society/
  • California, NYC to require employees to get COVID-19 vaccine or face testing https://globalnews.ca/news/8062053/covid-vaccine-california-new-york-employees/
  • Malcolm Turnbull: Australia ex-PM says vaccine rollout 'a colossal failure' https://www.bbc.co.uk/news/world-australia-57980530

• Immunity and Vaccinations:

  • The Atlantic Daily: Unvaccinated Is Different From Anti-Vax https://www.theatlantic.com/newsletters/archive/2021/07/what-america-is-getting-wrong-about-unvaccinated-people/619572/
  • Canada won't achieve herd immunity without vaccinating children under 12, experts say https://toronto.ctvnews.ca/canada-won-t-achieve-herd-immunity-without-vaccinating-children-under-12-experts-say-1.5528497
  • Pfizer says its shot protection wanes after 6 months https://www.businessinsider.com/insiders-top-healthcare-stories-for-july-29-2021-7
  • AstraZeneca-Pfizer mix provides more antibodies than 2 AstraZeneca doses: study https://globalnews.ca/news/8060207/pfizer-astrazeneca-antibodies-study/
  • Canada, Mexico imported AstraZeneca doses from facility not fully inspected: regulator https://globalnews.ca/news/8069675/astrazeneca-baltimore-facility-inspection/
  • COVID-19: Okanagan couple can't book cruise because of mixing-and-matching vaccines https://globalnews.ca/news/8075363/okanagan-couple-cruise-line-mixed-matched-vaccines/

• More of the good, the bad, and the ugly:

  • Former general manager at Ontario retirement home charged after door handles to rooms removed https://globalnews.ca/news/8067405/white-cliffe-retirement-home-charges-door-handles/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • 2 U.S. travellers fined $20K each for presenting fake COVID-19 vaccine documents in Toronto https://globalnews.ca/news/8075438/covid-fake-vaccine-documents-toronto-pearson-airport/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Why So Many Young People Hate STEM Courses https://www.scientificamerican.com/article/why-so-many-young-people-hate-stem-courses/
• Australia's Jessica Fox fixed her kayak with a condom, then won a medal https://globalnews.ca/news/8073308/australia-jessica-fox-kayak-condom/
• A Former NASA Engineer Set a New World Record With His Domino-Laying Robot https://www.mentalfloss.com/article/648912/nasa-engineer-set-domino-world-record-with-robot
• 13 Facts about Astronaut Alan Shepard, the First American in Space https://www.mentalfloss.com/article/648839/astronaut-alan-shepard-facts
• The man who 'killed' Pluto https://www.bbc.co.uk/news/stories-57989204
• A Black Hole Emitted a Flare Away From us, but its Intense Gravity Redirected the Blast Back in our Direction https://www.universetoday.com/152032/a-black-hole-emitted-a-flare-away-from-us-but-its-intense-gravity-redirected-the-blast-back-in-our-direction/
• When the Sun Dies, Earth's Magnetosphere won't Provide Protection any More https://www.universetoday.com/151966/when-the-sun-dies-earths-magnetosphere-wont-provide-protection-any-more/