This Week's [in]Security - Issue 227

Welcome to This Week’s [in]Security. Community Meeting, Featured FAQs, PCI, MageCart, & JavaScript, Python PyPI library skimmer, Payment APIs. New Ransomware, Follow-ups & Fall-out. Privacy: Apple backdoor, Spotify, Facebook, Subscriptions. Laws & Regs: US: Repair, Stupid Patent, Copyright, Standards: 6 NIST announcements, Zero Trust, Cryptography, FIPS 198-1 HMAC, Retiring standards. Defense: Blackhat, Kubernetes, EU-Cybersecurity, Bitcoin monitoring, Vulnerabilities: Routers, IoT, Rust, HTTP/2, DNS, PwnedPiper, Blackhat, Hotels, VMWare. Cybercrime: Paragon, Pegasus, Word. Nation States: DeadRinger. Other Risks: Quantum simulation, Phishing AI, Handprints. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Registration for 2021 PCI Community Meeting https://events.pcisecuritystandards.org/global2021/register
• Updated PCI FAQ Index https://controlgap.com/index-pci-frequently-asked-questions/

• Control Gap's featured PCI FAQ's & articles (from time to time we will feature articles and FAQ's) :

  • FAQ 1283 Merchant developed consumer apps are in-scope https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/If-a-merchant-develops-an-application-that-runs-on-a-consumer-s-device-e-g-smartphone-tablet-or-laptop-that-is-used-to-accept-payment-card-data-what-are-the-merchant-s-obligations-regarding-PCI-DSS-and-PA-DSS-for-that-application

• Control Gaps series on e-commerce security and compliance: The DSS, MageCart, and the DOM:

  • The DSS, MageCart, and the DOM - Part 1: The PCI DSS e-Commerce Rules https://controlgap.com/blog/PCI-MageCart-DOM-Part1
  • The DSS, MageCart, and the DOM - Part 2 Browsers, the DOM, and 3rd Party JavaScript https://controlgap.com/blog/PCI-MageCart-DOM-Part2
  • The DSS, MageCart, and the DOM - Part 3 e-Commerce Skimming https://controlgap.com/blog/PCI-MageCart-DOM-Part3
• Credit-card-stealing, backdoored packages found in Python's PyPI library hub https://www.theregister.com/2021/08/02/in_brief_security/
• A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification https://eprint.iacr.org/2021/1012

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Ransomware and "Incidents":

  • LockBit ransomware recruiting insiders to breach corporate networks https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
  • Data Breaches Are Down, But the Severity of the Attacks Is on the Rise https://www.digitaltransactions.net/data-breaches-are-down-but-the-severity-of-the-attacks-is-on-the-rise/
  • Analysis: Oh, the Lies Ransomware Operators Tell https://www.databreachtoday.com/interviews/analysis-oh-lies-ransomware-operators-tell-i-4943
  • Disgruntled ransomware affiliate leaks the Conti gang's technical manuals https://www.databreaches.net/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
  • Computer hardware giant GIGABYTE hit by RansomEXX ransomware https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/
  • Judson ISD says it paid hackers more than $500K to protect sensitive information https://www.databreaches.net/judson-isd-says-it-paid-hackers-more-than-500k-to-protect-sensitive-information/
  • Ransomware attack hits Italy's Lazio region, affects COVID-19 site https://www.bleepingcomputer.com/news/security/ransomware-attack-hits-italys-lazio-region-affects-covid-19-site/
  • U.S. medical entities fall prey to Pysa threat actors, but many haven't disclosed it - at least, not yet. https://www.databreaches.net/u-s-medical-entities-fall-prey-to-pysa-threat-actors-but-many-havent-disclosed-it-at-least-not-yet/

• Follow-ups and fall-out:

  • Implications for ATE insurance after data breach 'privacy' claim struck out https://www.databreaches.net/implications-for-ate-insurance-after-data-breach-privacy-claim-struck-out/
  • MMG Fusion - 2,660,295 breached accounts https://haveibeenpwned.com/PwnedWebsites#MMGFusion
  • OrderSnapp - 1,304,447 breached accounts https://haveibeenpwned.com/PwnedWebsites#OrderSnapp

Privacy

Articles about privacy related news, risks, and trends.

• Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life
• If you live in the US, Apple reportedly plans to scan your iPhone for child sexual abuse images https://www.businessinsider.com/apple-plans-software-scan-us-iphones-child-abuse-images-report-2021-8
• Apple to scan iPhones for child sex abuse images https://www.bbc.co.uk/news/technology-58109748
• All the Ways Spotify Tracks You-and How to Stop It https://www.wired.com/story/spotify-tracking-how-to-stop-it
• Facebook is trying to analyse users' encrypted messages without reading their texts, says new report https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-whatsapp-encryption-instagram-reading-data-b1896579.html
• Facebook's Illusory Promise of Transparency https://freedom-to-tinker.com/2021/08/05/facebooks-illusory-promise-of-transparency/
• 'I'm Calling About Your Car Warranty', aka PII Hijinx https://threatpost.com/im-calling-about-your-car-warranty-aka-pii-hijinx/168375/
• Google fired 80 employees for abusing user data and spying on people, with some even sharing personal information outside the company, a new report says https://www.businessinsider.com/google-fired-employees-abusing-user-data-sharing-personal-info-vice-2021-8

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• US:

  • Why right to repair matters - according to a farmer, a medical worker, a computer store owner https://www.theguardian.com/technology/2021/aug/02/why-right-to-repair-matters-according-to-a-farmer-a-medical-worker-a-computer-store-owner
  • This Captcha Patent Is An All-American Nightmare https://www.eff.org/deeplinks/2021/08/captcha-patent-all-american-nightmare
  • Why Companies Keep Folding to Copyright Pressure, Even If They Shouldn't https://www.eff.org/deeplinks/2021/08/why-companies-keep-folding-copyright-pressure-even-if-they-shouldnt
  • Black Hat: How cybersecurity incidents can become legal minefields https://www.zdnet.com/article/black-hat-how-cybersecurity-can-be-a-legal-minefield-for-lawyers

• Standards News:

  • NIST Planning for a Zero Trust Architecture: Draft Cybersecurity White Paper Available for Comment through September 3rd https://csrc.nist.gov/publications/detail/white-paper/2021/08/04/planning-for-zero-trust-architecture-starting-guide-for-admins/draft
  • NIST Assessing Security and Privacy Controls: Draft SP 800-53A Revision 5 is Available for Comment through October 1st https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/draft
  • NIST Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: NIST SP 800-204B https://csrc.nist.gov/publications/detail/sp/800-204b/final
  • NIST Developing Cyber-Resilient Systems: Draft SP 800-160 Volume 2 Revision 1 is Available for Comment through September 20th https://csrc.nist.gov/publications/detail/sp/800-160/vol-2-rev-1/draft

• NIST Requests Public Comments on FIPS 198-1 and Special Publications on Hash Functions, Statistical Randomness Tests, and Block Cipher Modes of Operation through October 1st https://csrc.nist.gov/news/2021/call-for-comments-fips-198-1-hash-pubs-and-others

  • Federal Information Processing Standard (FIPS) 198-1, The Keyed-Hash Message Authentication Code (HMAC), 2008
  • NIST Special Publication (SP) 800-22 Rev. 1a, A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Operations, 2010
  • NIST SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, 2007
  • NIST SP 800-38E, Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices, 2010

• NIST Announcement of Proposal to Withdraw Special Publications: https://csrc.nist.gov/news/2021/proposal-to-withdraw-sp-800-15-sp-800-25-sp-800-32

  • NIST SP 800-107 Rev. 1, Recommendation for Applications Using Approved Hash Functions, 2012.
  • SP 800 15, MISPC Minimum Interoperability Specification for PKI Components, Version 1,
  • SP 800-25, Federal Agency Use of Public Key Technology for Digital Signatures and Authentication, and
  • SP 800-32, Introduction to Public Key Technology and the Federal PKI Infrastructure.

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Black Hat 2021: New CISA Boss Unveils Anti-Ransomware Collab With Big Tech https://www.securityweek.com/black-hat-2021-new-cisa-boss-unveils-anti-ransomware-collab-big-tech
• Black Hat: Let's All Help Cyber-Immunize Each Other https://threatpost.com/black-hat-usa-2021-mitigating-cyber-and-covid/168361/
• Unpacking the U.S. National Security Memorandum on Improving Cybersecurity for Critical Infrastructure https://www.tenable.com/blog/unpacking-the-u-s-national-security-memorandum-on-improving-cybersecurity-for-critical
• Why you need a Bitlocker PIN - Trusted platform module security defeated in 30 minutes, no soldering required https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/
• NSA and CISA share Kubernetes security recommendations https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-kubernetes-security-recommendations/
• The European Union Agency for Cybersecurity https://www.enisa.europa.eu/
• Microsoft wonders if disabling just-in-time compilation of JavaScript improves browser security https://www.theregister.com/2021/08/06/edge_super_duper_security_mode/
• Twitter works with news sites to tackle disinformation https://www.bbc.co.uk/news/business-58065463
• Windows 10 to automatically block potentially unwanted apps https://www.bleepingcomputer.com/news/microsoft/windows-10-to-automatically-block-potentially-unwanted-apps/
• Windows admins now can block external devices via layered Group Policy https://www.bleepingcomputer.com/news/microsoft/windows-admins-now-can-block-external-devices-via-layered-group-policy/
• How to use DuckDuckGo's email protection app https://www.theverge.com/22609841/duckduckgo-email-spam-prevent-trackers-how-to
• Russia plans to build a bitcoin tracking tool to monitor crypto wallets linked to crime and terrorism https://markets.businessinsider.com/news/stocks/russia-bitcoin-tracking-tool-monitor-crime-terrorism-cryptocurrency-btc-cryptocurrency-2021-8
• There's now a subscription service for college textbooks https://www.theverge.com/2021/8/2/22606423/pearson-plus-college-textbook-subscription-service-app-launch
• Why You Should Never Laminate Your Social Security Card https://www.mentalfloss.com/article/649145/can-you-laminate-your-social-security-card

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Actively exploited bug bypasses authentication on millions of routers https://www.bleepingcomputer.com/news/security/actively-exploited-bug-bypasses-authentication-on-millions-of-routers/
• Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices https://thehackernews.com/2021/08/critical-flaws-affect-embedded-tcpip.html
• Go, Rust "net" library affected by critical IP address validation vulnerability https://www.bleepingcomputer.com/news/security/go-rust-net-library-affected-by-critical-ip-address-validation-vulnerability/
• HTTP/2 Implementation Errors Exposing Websites to Serious Risks https://www.darkreading.com/application-security/http-2-implementation-errors-exposing-websites-to-serious-risks/d/d-id/1341593
• New DNS vulnerability allows 'nation-state level spying' on companies https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/
• PwnedPiper vulns have potential to turn Swisslog's PTS hospital products into Swiss cheese, says Armis https://www.theregister.com/2021/08/02/pwnedpiper_swisslog_pts/
• 'PwnedPiper': Devastating Bugs in >80% of Hospital Pneumatics https://threatpost.com/pwnedpiper-bugs-hospital-pneumatics/168277/
• Black Hat: BadAlloc bugs expose millions of IoT devices to hijack https://www.zdnet.com/article/black-hat-badalloc-bugs-expose-millions-of-iot-devices-to-hijack
• Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms https://threatpost.com/security-bugs-takeover-capsule-hotel/168376/
• Watch a Hacker Hijack a Hotel Room's Lights, Fans, and Beds https://www.wired.com/story/capsule-hotel-hack-lights-fan-bed
• Google Patches High-Risk Android Security Flaws https://www.securityweek.com/google-patches-high-risk-android-security-flaws
• Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions https://www.securityweek.com/google-patches-several-chrome-flaws-can-be-exploited-malicious-extensions
• Microsoft Database Engine Vulnerabilities Patched https://www.databreachtoday.com/microsoft-database-engine-vulnerabilities-patched-a-17213
• India's Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks https://thehackernews.com/2021/08/indias-koo-twitter-like-service-found.html
• VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-critical.html
• VMware Patches Severe Vulnerability in Workspace ONE Access, Identity Manager https://www.securityweek.com/vmware-patches-severe-vulnerability-workspace-one-access-identity-manager

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/
• Supply Chain Attacks Are Getting Worse, And You Are Not Ready For Them https://packetstormsecurity.com/news/view/32527/Supply-Chain-Attacks-Are-Getting-Worse-And-You-Are-Not-Ready-For-Them.html
• Paragon: Yet Another Cyberweapons Arms Manufacturer https://www.schneier.com/blog/archives/2021/08/paragon-yet-another-cyberweapons-arms-manufacturer.html
• Pegasus spyware found on journalists' phones, French intelligence confirms https://www.theguardian.com/news/2021/aug/02/pegasus-spyware-found-on-journalists-phones-french-intelligence-confirms
• Malicious Microsoft Word Remains A Key Infection Vector, (Fri, Aug 6th) https://isc.sans.edu/diary/rss/27716
• New RAT Targets Russian Speakers https://www.databreachtoday.com/new-rat-targets-russian-speakers-a-17207
• Raccoon Stealer Bundles Malware, Propagates Via Google SEO https://threatpost.com/raccoon-stealer-google-seo/168301/
• We COVID-Clicked on Garbage, Report Finds: Podcast https://threatpost.com/we-covid-clicked-on-garbage-report-podcast/168340/

• Nation State Actors:

  • Chinese Cyberspy Group APT31 Starts Targeting Russia https://www.securityweek.com/chinese-cyberspy-group-apt31-starts-targeting-russia
  • 'DeadRinger' Targeted Exchange Servers Long Before Discovery https://threatpost.com/deadringer-targeted-exchange-servers-before-discovery/168300/
  • DeadRinger: Chinese APTs strike major telecommunications companies https://www.zdnet.com/article/deadringer-chinese-apts-strike-major-telecommunications-companies
  • Research finds cyber-snoops working for 'Chinese state interests' lurking in SE Asian telco networks since 2017 https://www.theregister.com/2021/08/03/cybereason_deadringer/
  • Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus https://thehackernews.com/2021/08/russian-federal-agencies-were-attacked.html

Other Security / Risk

Articles covering other types of risks.

• Scientists Just Simulated Quantum Technology on Classical Computing Hardware https://www.sciencealert.com/quantum-circuits-simulated-on-classical-computers-test-the-limits-of-future-technology
• AI Wrote Better Phishing Emails Than Humans in a Recent Test https://www.wired.com/story/ai-phishing-emails
• Amazon will give you a whole $10 for your palm print https://www.theverge.com/2021/8/3/22607218/amazon-one-palm-print-technology-10-dollar-promo
• Google Chrome to no longer show secure website indicators https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/
• Facebook's ban of third-party researchers 'deeply concerning' https://www.theverge.com/2021/8/5/22610898/facebook-bans-ad-privacy-misinformation-researchers-critics-warner-mozilla-klobuchar
• Facebook's justification for banning third-party researchers 'inaccurate,' says FTC https://www.theverge.com/2021/8/6/22612545/facebook-banned-third-party-researchers-inaccurate-says-ftc
• Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch https://www.zdnet.com/article/black-hat-this-is-how-a-naive-nsa-staffer-helped-build-an-offensive-uae-security-branch
• The State Department and 3 other US agencies earn a D for cybersecurity https://arstechnica.com/information-technology/2021/08/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity/
• The collapse of Enron and the dark side of business https://www.bbc.com/news/business-58026162
• Microsoft is ready to rent Windows 365 cloud PCs for as little as $20 per month https://www.theverge.com/2021/8/2/22605800/microsoft-windows-365-cloud-pc-streaming-html5
• Microsoft halts Windows 365 trials after running out of servers https://www.bleepingcomputer.com/news/microsoft/microsoft-halts-windows-365-trials-after-running-out-of-servers/
• New US military photos show the damage an Iranian-made 'kamikaze' drone packed with explosives did in a deadly tanker attack https://www.businessinsider.com/us-shares-evidence-iran-used-kamikaze-drones-deadly-tanker-attack-2021-8
• U.S. bread, donut makers say biofuel requirements could increase cost of certain foods https://globalnews.ca/news/8081839/us-biofuel-baked-goods/
• Victoria B.C. police nabbed so many impaired drivers at roadblock they ran out of tow trucks https://globalnews.ca/news/8083418/victoria-police-roadblocks-tow-trucks/
• Warship positions faked including UK aircraft carrier https://www.bbc.co.uk/news/technology-58027363
• German pensioner given hefty fine for WW2 tank in house https://www.bbc.co.uk/news/world-europe-58077039
• Ethan Allen is changing its stock ticker from ETH to ETD to stop people from confusing it with ethereum https://markets.businessinsider.com/news/currencies/eth-ethan-allen-ether-ethereum-ticker-etd-cryptocurrency-furniture-design-2021-8

• Health, Safety & Environment:

  • Newly Designed 'Smart' Insulin Could Majorly Improve Type 1 Diabetes Treatment https://www.sciencealert.com/a-new-kind-of-smart-insulin-could-help-diabetics-avoid-the-risks-of-low-blood-sugar-levels
  • The Global Pandemic Could Be Causing More Shortsightedness in Kids Than Ever Before https://www.sciencealert.com/the-global-pandemic-might-be-weakening-the-eyes-of-children
  • Mosquito fogging to begin in parts of Winnipeg to reduce West Nile Virus risk https://globalnews.ca/news/8086566/winnipeg-to-start-mosquito-control-program-to-reduce-west-nile-virus-risk/
  • 'It's awful. You don't want to get this disease': Here are 5 tips to protect against Lyme disease during peak tick season. https://www.businessinsider.com/how-to-protect-against-lyme-disease-during-tick-season-2021-8
  • Californians Warned of Plague Risk After Pathogen Found in Infected Chipmunks https://www.sciencealert.com/californians-warned-of-plague-risk-after-pathogen-found-in-infected-chipmunks
  • Incident on International Space Station was worse than previously thought and a 'spacecraft emergency', report says https://www.independent.co.uk/life-style/gadgets-and-tech/space-international-station-iss-russian-module-emergency-b1895814.html
  • Reprogrammable satellites (what could go wrong?) https://phys.org/news/2021-07-world-re-progammable-commercial-satellite.html and https://www.schneier.com/blog/archives/2021/08/the-european-space-agency-launches-hackable-satellite.html
  • Canada, U.S. unable to share resources as both battle severe wildfires: memo https://globalnews.ca/news/8085814/canada-us-wildfires-resources/
  • New Signs Indicate a Major Ocean Current Is on The Edge of Collapse Right Now https://www.sciencealert.com/there-s-clear-signs-a-major-atlantic-current-system-is-on-the-edge-of-collapse
  • NOAA's revised hurricane outlook sees more storms in 2021 Atlantic season https://www.cbc.ca/news/science/noaa-hurricane-season-1.6129291

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Watch the U.K. to Understand Delta https://www.theatlantic.com/health/archive/2021/08/watch-uk-understand-delta/619647/
  • Unvaccinated People Need to Bear the Burden https://www.theatlantic.com/ideas/archive/2021/08/unvaccinated-flight-vaccine-tsa-mandate/619643/
  • Fully Vaccinated Still at Considerable Risk of Getting COVID, Giant UK Study Shows https://www.sciencealert.com/study-suggests-fully-vaccinated-people-are-a-third-as-likely-to-get-covid-as-non-vaccinated
  • Baton Rouge's largest hospital has reportedly run out of hospital beds due to COVID-19 spike in Louisiana https://www.businessinsider.com/baton-rouges-largest-hospital-has-run-out-of-hospital-beds-2021-8
  • Louisiana has a higher rate of COVID-19 infections than any country in the world https://www.businessinsider.com/louisiana-has-more-covid-cases-per-capita-than-any-country-2021-8
  • Fauci: COVID-19 cases in the US could reach 200,000 cases a day in latest outbreak https://www.businessinsider.com/fauci-us-covid-19-cases-could-reach-200000-a-day-2021-8
  • 100,000 new COVID-19 cases on average per day now being reported in U.S. https://globalnews.ca/news/8094631/covid-us-daily-cases-average/
  • Covid third wave: Americans 'scared and angry' as pandemic worsens https://www.bbc.co.uk/news/world-us-canada-58014719
  • Covid third wave: Florida surpasses all-time record for hospital admissions https://www.bbc.co.uk/news/world-us-canada-58077209
  • Startling Discovery Suggests 40% of Wild Deer in The US Have Had The Coronavirus https://www.sciencealert.com/more-than-a-third-of-wild-deer-in-the-us-have-been-exposed-to-the-novel-coronavirus
  • Unvaccinated Ontarians bigger concern than breakthrough COVID-19 cases, medical experts say https://toronto.ctvnews.ca/unvaccinated-ontarians-bigger-concern-than-breakthrough-covid-19-cases-medical-experts-say-1.5533172
  • Doctors predict potential 4th wave of COVID-19 could hit Canada's youth https://globalnews.ca/news/8073505/doctors-predict-4th-wave-schools-kids/
  • More Canadians think COVID-19 will worsen as Delta variant spreads: poll https://globalnews.ca/news/8084443/canada-covid-19-delta-variant-poll/
  • New COVID-19 cases in Ontario jump above 400 for first time since mid-June https://toronto.ctvnews.ca/new-covid-19-cases-in-ontario-jump-above-400-for-first-time-since-mid-june-1.5538982
  • B.C. reports 742 new COVID-19 cases over 4 days as total case count tops 150K https://globalnews.ca/news/8082958/bc-covid-19-update-august-3-2021/
  • Nanjing: Concerns in China grow as Delta outbreak spreads https://www.bbc.co.uk/news/world-asia-china-58052894

• Guidance, Response, and Recovery:

  • Canada set to welcome fully vaccinated U.S. travellers as border rules ease https://globalnews.ca/news/8095944/canada-us-border-rules-aug-9/
  • Canada, U.S. businesses seek clarity from Congress on land border reopening https://globalnews.ca/news/8089242/canada-us-businesses-land-border-plan/
  • Japan to only hospitalize seriously ill COVID-19 cases as medical system strains https://globalnews.ca/news/8080774/covid-japan-olympics-hospital/
  • Louisiana governor reissues statewide mask mandate as state leads the country in new COVID-19 cases https://www.businessinsider.com/louisiana-indoor-mask-mandate-covid-cases-2021-8
  • Ontario government releases guidance for return of in-person classes at province's schools https://globalnews.ca/news/8081785/covid-ontario-government-school-reopening-plan/
  • U.S. to require travellers to be vaccinated against COVID-19: official https://globalnews.ca/news/8087260/us-travel-covid-19-vaccine/
  • Wuhan: Chinese city to test entire population after virus resurfaces https://www.bbc.co.uk/news/world-asia-china-58066744

• Immunity and Vaccinations:

  • No, it's not a HIPAA violation for businesses to ask for proof you've been vaccinated. Here's what the healthcare privacy law actually means and what it protects. https://www.businessinsider.com/vaccine-proof-requirements-not-hipaa-violation-explained-2021-8
  • A growing number of 'multi-vaxxers' are getting unauthorized booster shots. Most are mixing and matching. https://www.businessinsider.com/mulit-vaxxers-unauthorized-booster-shots-delta-variant-2021-8
  • Amazon has reportedly instituted a lottery that will give frontline workers the chance to win $500,000 and other prizes if they're vaccinated against COVID-19 https://www.businessinsider.com/amazon-vaccinated-frontline-workers-lottery-win-500000-2021-8
  • Can U.S. employers require COVID-19 vaccination? Here are the ones cracking down https://globalnews.ca/news/8079529/covid-vaccines-required-in-the-workplace-usa/
  • Canada set to receive 2.3M COVID-19 vaccine doses this week https://globalnews.ca/news/8079065/canada-covid-19-vaccine-doses-2/
  • Canada to donate 82,000 AstraZeneca vaccine doses to Trinidad and Tobago https://globalnews.ca/news/8087235/canada-vaccine-trinidad-donation/
  • Carleton University mandates COVID-19 vaccines for students in residence, playing sports https://globalnews.ca/news/8089335/carleton-university-covid-vaccine-mandate-residence-sports-music/
  • CDC director: Provincetown proves vaccines work https://www.bbc.co.uk/news/world-us-canada-58065854
  • Final vaccination hurdles remain before Ontario further lifts COVID-19 pandemic restrictions https://globalnews.ca/news/8092320/ontario-covid-pandemic-vaccination-hurdle/
  • First winners of the COVID-19 vaccine lottery will be announced https://globalnews.ca/news/8094678/first-winners-of-the-covid-19-vaccine-lottery-will-be-announced/
  • Georgian College to require students in campus residences to be fully vaccinated against COVID-19 https://globalnews.ca/news/8082072/georgian-college-student-residences-fully-vaccinated-covid-19/
  • Microsoft will require proof of COVID-19 vaccination to enter buildings in the US https://www.theverge.com/2021/8/3/22607690/microsoft-proof-vaccination-covid-19-us-buildings-office-reopening
  • Pfizer's 3rd COVID-19 shot has similar side effects to 2nd, Israeli survey finds https://globalnews.ca/news/8096515/israeli-survey-3rd-pfizer-shot-side-effects/
  • Tennessee isn't offering incentives for COVID shots - but paid nearly $500,000 to vaccinate cows https://www.businessinsider.com/tennessee-offers-no-covid-vaccine-incentives-but-pays-cow-shots-2021-8
  • 'The surge is upon us:' Tory says there needs to be some sort of plan on vaccine passports https://toronto.ctvnews.ca/the-surge-is-upon-us-tory-says-there-needs-to-be-some-sort-of-plan-on-vaccine-passports-1.5537358
  • Thinking of travelling? Here's where mixed COVID-19 vaccines aren't accepted https://globalnews.ca/news/8086370/mixed-vaccines-travel-policy/
  • Trudeau suggests mandatory COVID-19 vaccines under review for some workers https://globalnews.ca/news/8088697/canada-mandatory-covid-vaccines/
  • U.S. hits 70% single dose COVID-19 vaccine goal - a month later than expected https://globalnews.ca/news/8079947/us-hits-70-per-cent-vaccine-goal-delta-surge/
  • United is the first US airline to require all employees be vaccinated against COVID-19 https://www.businessinsider.com/united-requiring-us-employees-get-covid-19-vaccine-2021-8
  • Vaccine Mandates Are Lawful, Effective and Based on Rock-Solid Science https://www.scientificamerican.com/article/vaccine-mandates-are-lawful-effective-and-based-on-rock-solid-science/
  • WHO calls for global pause on COVID-19 vaccine boosters https://globalnews.ca/news/8084585/who-moratorium-covid-19-vaccine-boosters/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Masks Are Back, Maybe for the Long Term https://www.theatlantic.com/health/archive/2021/08/remasking-vaccine-covid/619681/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• The Secret behind Songbirds' Magnetic Migratory Sense https://www.scientificamerican.com/podcast/episode/the-secret-behind-songbirds-magnetic-migratory-sense/
• The Tears of the Hero: Get Ready for the 2021 Perseid Meteors https://www.universetoday.com/152056/the-tears-of-the-hero-get-ready-for-the-2021-perseid-meteors/
• Canadian-made space telescope to search for distant planets, explore 'origins of life' https://globalnews.ca/news/8092905/canadian-made-space-telescope-distant-planets/
• Starship is Stacked on the Super Heavy Booster. The Tallest Rocket Ever Built https://www.universetoday.com/152090/starship-is-stacked-on-the-super-heavy-booster-the-tallest-rocket-ever-built/
• NASA is Going Ahead With a Hopping Lander to Explore the Lunar Surface https://www.universetoday.com/152053/nasa-is-going-ahead-with-a-hopping-lander-to-explore-the-lunar-surface/
• Astronomers Find a Huge Planet Orbiting its Star at 6,000 Times the Earth-Sun Distance https://www.universetoday.com/152059/astronomers-find-a-huge-planet-orbiting-its-star-at-6000-times-the-earth-sun-distance/
• Good News! Red Dwarfs Blast Their Superflares out the Poles, Sparing Their Planets From Destruction https://www.universetoday.com/152104/good-news-red-dwarfs-blast-their-superflares-out-the-poles-sparing-their-planets-from-destruction/