This Week's [in]Security - Issue 229

Welcome to This Week’s [in]Security. Big-Hacks: T-Mobile. New breaches: Terrorist Watchlist, US census, Baby monitors and cams, Chase, HVAC as a vector, New Ransomware: State Department, Brazil. Major outages: Pakistan. Follow-ups & Fall-out: Colonial, Blackbaud, Pearson. Privacy: FB. Laws & Regs: Canada: Copyright. US: LEA data loss, Tesla. Standards: NIST CMVP. Defense: Hiring, ZeroTrust,, Tools. Vulnerabilities: more PrintNightmare, Apple photos, STARTTLS, Chrome, Cisco, Fortinet, LinkedIn Jobs, Wordpress, Realtek IoT Wi-Fi, Blackberry, DDoS. Cybercrime: Irony, Trends: HolesWarm. Phishing costs, QR malware, Nation States. Crime. Other Risks: Edge, IoT, Trolley problem, Windows 11, facial recognition. China, stunting. Health, Safety & Environment: Zombies, Haiti, EV fires, space junk, Whalesafe, Batteries. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Covid Ugly; And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Updated FAQ 1176 How does an organization maintain compliance when a standard changes? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-does-an-organization-maintain-compliance-when-a-standard-changes

• UK's $14B Class Action Suit Against Mastercard Moving Forward https://www.pymnts.com/mastercard/2021/uks-14b-class-action-suit-against-mastercard-moving-forward/

  Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major incidents:

  • T-Mobile Investigating Claims of Massive Data Breach https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/
  • T-Mobile US probes claims of 100m stolen customer records up for sale on dark web https://www.theregister.com/2021/08/16/in_brief_security/
  • T-Mobile says hackers stole personal info of 7.8 million customers https://www.bleepingcomputer.com/news/security/t-mobile-says-hackers-stole-personal-info-of-78-million-customers/
  • T-Mobile: Breach Exposed SSN/DOB of 40M+ People https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/
  • T-Mobile data breach just got worse — now at 54 million customers https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-just-got-worse-now-at-54-million-customers/

• New Breaches:

  • Terrorist Watchlist Exposed Online with Nearly 1.9M Records https://threatpost.com/terrorist-watchlist-exposed-online/168737/
  • Postmortem on U.S. Census Hack Exposes Cybersecurity Failures https://threatpost.com/postmortem-on-u-s-census-hack-exposes-cybersecurity-failures/168814/
  • US Census Bureau hacked in January 2020 using Citrix exploit https://www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/
  • Millions of Web Camera and Baby Monitor Feeds Are Exposed https://www.wired.com/story/kalay-iot-bug-video-feeds
  • Chase bank accidentally leaked customer info to other customers https://www.bleepingcomputer.com/news/security/chase-bank-accidentally-leaked-customer-info-to-other-customers/
  • (Not the first time: Target) Alleged HVAC Hack Shines Spotlight on OT Risks to Healthcare https://www.databreachtoday.com/alleged-hvac-hack-shines-spotlight-on-ot-risks-to-healthcare-a-17320
  • Atlanta Allergy & Asthma first mails notices to patients; data was dumped back in March https://www.databreaches.net/atlanta-allergy-data-was-dumped-back-in-march/
  • Data breach from contact tracing survey ‘low risk' to Hoosier privacy, 750,000 affected https://www.databreaches.net/data-breach-from-contact-tracing-survey-low-risk-to-hoosier-privacy-750000-affected/

• New Ransomware and "Incidents":

  • SynAck Ransomware Group Releases Decryption Keys And Rebrands https://packetstormsecurity.com/news/view/32565/SynAck-Ransomware-Group-Releases-Decryption-Keys-And-Rebrands.html
  • Hive ransomware attacks Memorial Health System, steals patient data https://www.databreaches.net/hive-ransomware-attacks-memorial-health-system-steals-patient-data/
  • U.S. State Department recently hit by a cyber attack – Fox News https://www.databreaches.net/u-s-state-department-recently-hit-by-a-cyber-attack-fox-news/
  • Brazilian National Treasury hit with ransomware attack https://www.databreaches.net/brazilian-national-treasury-hit-with-ransomware-attack/
  • Tokio Marine Insurance Singapore Hit by Ransomware Attack https://www.databreaches.net/tokio-marine-insurance-singapore-hit-by-ransomware-attack/

• Major outages/downs:

  • Pakistan's tax office services go dark after migration project goes awry https://www.theregister.com/2021/08/17/pakistan_federal_board_of_revenue_outage/

• Follow-ups and fall-out:

  • Colonial Pipeline Confirms Personal Information Impacted in Ransomware Attack https://www.securityweek.com/colonial-pipeline-confirms-personal-information-impacted-ransomware-attack
  • Blackbaud – firm that paid off crooks after 2020 ransomware attack – fails to get California privacy law claim dropped https://www.theregister.com/2021/08/17/ccpa_blackbaud/
  • Education giant Pearson fined $1M for downplaying data breach https://www.bleepingcomputer.com/news/security/education-giant-pearson-fined-1m-for-downplaying-data-breach/

Privacy

Articles about privacy related news, risks, and trends.

• FTC says Facebook has been a monopoly ‘since at least 2011' in amended antitrust complaint https://www.theverge.com/2021/8/19/22627032/ftc-facebook-amended-antitrust-complaint-monopoly-instagram-whatsapp

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 98: Kim Nayyer on the Supreme Court of Canada's Landmark Access Copyright v. York University Copyright Ruling https://www.michaelgeist.ca/2021/08/law-bytes-podcast-episode-98/

• US:

  • Dallas cops lost 8TB of criminal case data during bungled migration, says the DA... four months later https://www.theregister.com/2021/08/16/dallas_data_migration_8tb_deletion/
  • Jewel v. NSA: Americans (Still) Deserve Their Day in Court https://www.eff.org/deeplinks/2021/08/jewel-v-nsa-americans-still-deserve-their-day-court
  • California regulators think T-Mobile lied to get Sprint merger approved https://www.theverge.com/2021/8/16/22627940/t-mobile-dish-network-cdma-sunset-cpuc-ruling
  • FFIEC Updates Authentication Guidance https://www.databreachtoday.com/ffiec-updates-authentication-guidance-a-17300
  • Tesla Autopilot Faces U.S. Inquiry After Series of Crashes https://www.nytimes.com/2021/08/16/business/tesla-autopilot-nhtsa.html

• Standards News:

  • CMVP Validation Authority Updates: Draft Revisions of NIST SP 800-140C/D/F Available for Comment through September 20 https://csrc.nist.gov/publications/detail/sp/800-140c/rev-1/draft, https://csrc.nist.gov/publications/detail/sp/800-140d/rev-1/draft, and https://csrc.nist.gov/publications/detail/sp/800-140f/rev-1/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Control Gap's Offensive Security Hiring Process https://controlgap.com/blog/Offensive-Security-Hiring
• CISA shares guidance on how to prevent ransomware data breaches https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-on-how-to-prevent-ransomware-data-breaches/
• Microsoft and NIST collaborate on EO to drive Zero Trust adoption https://www.microsoft.com/security/blog/2021/08/17/microsoft-and-nist-collaborate-on-eo-to-drive-zero-trust-adoption/
• NCSC updated 10 Steps to Cyber Security https://www.ncsc.gov.uk/blog-post/10-years-of-10-steps-to-cyber-security
• Here's another free CA as an alternative to Let's Encrypt! https://scotthelme.co.uk/heres-another-free-ca-as-an-alternative-to-lets-encrypt/
• Introducing Shadow IT Discovery https://blog.cloudflare.com/introducing-shadow-it-discovery/
• NCSC IT: Installing software updates without breaking things https://www.ncsc.gov.uk/blog-post/ncsc-it-installing-software-updates-without-breaking-things
• New Versions Of Sysinternals Tools, (Sat, Aug 21st) https://isc.sans.edu/diary/rss/27774
• DtSR Episode 459 - TPA A Defenders Endpoint Perspective http://podcast.wh1t3rabbit.net/dtsr-episode-459-tpa-a-defenders-endpoint-perspective
• GitHub urges users to enable 2FA after going passwordless https://www.bleepingcomputer.com/news/security/github-urges-users-to-enable-2fa-after-going-passwordless/
• NCSC Dealing with suspicious emails and text messages https://www.ncsc.gov.uk/guidance/suspicious-email-actions
• Twitter tests 'misleading' post report button for first time https://www.bbc.co.uk/news/technology-58258377
• This suitcase-sized power station is designed to get you through a blackout https://www.theverge.com/2021/8/17/22628532/zendure-superbase-pro-2000-power-station-solar-charge-blackout-camping

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958) https://www.tenable.com/blog/the-printnightmare-continues-another-zero-day-in-print-spooler-awaits-patch-cve-2021-36958

• Apple's Photo Scanning Controversy continues:

  • Apple's NeuralHash Algorithm Has Been Reverse-Engineered https://www.schneier.com/blog/archives/2021/08/apples-neuralhash-algorithm-has-been-reverse-engineered.html
  • Researchers produce collision in Apple's child-abuse hashing system https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography
  • Apple: CSAM Image-Detection Backdoor ‘Narrow' in Scope https://threatpost.com/apple-image-detection-backdoor/168727/
  • More on Apple's iPhone Backdoor https://www.schneier.com/blog/archives/2021/08/more-on-apples-iphone-backdoor.html
• Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients https://thehackernews.com/2021/08/dozens-of-starttls-related-flaws-found.html
• Google Awards $42,000 for Two Serious Chrome Vulnerabilities https://www.securityweek.com/google-awards-42000-two-serious-chrome-vulnerabilities
• Hackers can bypass Cisco security products in data theft attacks https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/
• Researchers find high-severity command injection vuln in Fortinet's web app firewall https://www.theregister.com/2021/08/18/fortinet_fortiweb_flaw/
• You can post LinkedIn jobs as almost ANY employer — so can attackers https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-almost-any-employer-so-can-attackers/
• Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed https://thehackernews.com/2021/08/critical-flaw-found-in-older-cisco.html
• XSS Bug in SEOPress WordPress Plugin Allows Site Takeover https://threatpost.com/xss-bug-seopress-wordpress-plugin/168702/
• Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices https://thehackernews.com/2021/08/multiple-flaws-affecting-realtek-wi-fi.html
• CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX https://www.bleepingcomputer.com/news/security/cisa-badalloc-impacts-critical-infrastructure-using-blackberry-qnx/
• Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro https://blog.talosintelligence.com/2021/08/vulnerability-spotlight-memory.html
• Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks https://thehackernews.com/2021/08/attackers-can-weaponize-firewalls-and.html
• Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets https://threatpost.com/valve-bug-unlimited-funds/168710/
• High-Severity DoS Vulnerability Patched in BIND DNS Software https://www.securityweek.com/high-severity-dos-vulnerability-patched-bind-dns-software
• Web Censorship Systems Can Facilitate Massive DDoS Attacks https://threatpost.com/censorship-systems-ddos-attacks/168853/
• Revisiting cryptanalysis on ChaCha from Crypto 2020 and Eurocrypt 2021r https://eprint.iacr.org/2021/1059
• Cryptanalysis of Caesar using Quantum Support Vector Machine https://eprint.iacr.org/2021/1058

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Malware dev infects own PC and data ends up on intel platform https://www.bleepingcomputer.com/news/security/malware-dev-infects-own-pc-and-data-ends-up-on-intel-platform/

• Trends, Alerts, and Events (other than major breaches):

  • HolesWarm Malware use 20+ Exploits to Infect over 100 Unpatched Windows & Linux Cloud Servers https://threatpost.com/holeswarm-malware-windows-linux/168759/
  • Phishing Costs Nearly Quadrupled Over 6 Years https://threatpost.com/phishing-costs-quadrupled/168716/
  • Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html
  • Scanning QR Codes in Restaurants: Why A Meal May Cost You Your Privacy https://www.thequint.com/amp/story/tech-and-auto/scanning-qr-codes-in-restaurants-risk-privacy-cybercriminals-hacking-data
  • Copyright scammers turn to phone numbers instead of web links https://nakedsecurity.sophos.com/2021/08/16/copyright-scammers-turn-to-phone-numbers-instead-of-web-links/
  • FINRA Warns Members of Phishing Scheme https://www.databreachtoday.com/finra-warns-members-phishing-scheme-a-17298
  • Malware campaign uses clever 'captcha' to bypass browser warning https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/
  • WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html
  • Neurevt trojan takes aim at Mexican users https://blog.talosintelligence.com/2021/08/neurevt-trojan-takes-aim-at-mexican.html
  • New AdLoad Variant Bypasses Apple's Security Defenses to Target macOS Systems https://thehackernews.com/2021/08/new-adload-variant-bypasses-apples.html

• Nation State Actors:

  • Govt hackers impersonate HR employees to hit Israeli targets https://www.bleepingcomputer.com/news/security/govt-hackers-impersonate-hr-employees-to-hit-israeli-targets/
  • Hackers behind Iranian wiper attacks linked to Syrian breaches https://www.bleepingcomputer.com/news/security/hackers-behind-iranian-wiper-attacks-linked-to-syrian-breaches/

• Crime & Arrests, etc.:

  • The US State Department knows it's 'pushing the envelope' as it offers up to $10 million rewards for crypto-hacking intel, according to new interview https://markets.businessinsider.com/news/currencies/state-department-cyberhacks-tips-10-million-cryptocurrency-dark-web-tor-2021-8
  • Hacker Steals $97 Million From Crypto Exchange 'Liquid' https://www.databreachtoday.com/hacker-steals-97-million-from-crypto-exchange-liquid-a-17333
  • Binance Ordered to Freeze Attackers' Accounts https://www.databreachtoday.com/binance-ordered-to-freeze-attackers-accounts-a-17299
  • Florida Woman Convicted Of Damaging Her Former Employer's Computers After She Was Fired https://www.databreaches.net/florida-woman-convicted-of-damaging-her-former-employers-computers-after-she-was-fired/
  • SIM swap scammer pleads guilty to Instagram account hijacks, crypto theft https://www.bleepingcomputer.com/news/security/sim-swap-scammer-pleads-guilty-to-instagram-account-hijacks-crypto-theft/

Other Security / Risk

Articles covering other types of risks.

• A new age of data means embracing the edge https://www.technologyreview.com/2021/08/16/1031738/a-new-age-of-data-means-embracing-the-edge/
• Desire To Connect IoT Devices Can Lead To Risky New Flaws https://packetstormsecurity.com/news/view/32567/Desire-To-Connect-IoT-Devices-Can-Lead-To-Risky-New-Flaws.html
• Should a self-driving car kill the baby or the grandma? Depends on where you’re from. https://www.technologyreview.com/2018/10/24/139313/a-global-ethics-study-aims-to-help-ai-solve-the-self-driving-trolley-problem/
• Microsoft releases the first official Windows 11 ISOs https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-first-official-windows-11-isos/
• Justice Department says facial recognition helped end an almost 15-year manhunt https://www.theverge.com/2021/8/19/22629149/facial-recognition-austria-catches-admitted-offshore-gambling-scammer-cryptocurrency
• Microsoft is making it harder to switch default browsers in Windows 11 https://www.theverge.com/22630319/microsoft-windows-11-default-browser-changes
• China's Big Tech Crackdown Could Chill Innovation https://www.pymnts.com/news/international/2021/china-big-tech-crackdown-chill-innovation/
• Halton police reporting increases in high-end auto thefts using technology https://globalnews.ca/news/8119447/halton-increases-auto-thefts-technology/
• Ontario man forced to pay $18,000 in rental fees after being caught stunt driving in Lamborghini https://toronto.ctvnews.ca/ontario-man-forced-to-pay-18-000-in-rental-fees-after-being-caught-stunt-driving-in-lamborghini-1.5551655

• Health, Safety & Environment:

  • A Simple Diet Can Send Type 2 Diabetes Into Remission, According to Science https://www.sciencealert.com/science-proves-diet-can-send-type-2-diabetes-into-remission-and-there-s-more-than-one-option
  • Mosquitoes infected with West Nile virus detected in Saskatchewan https://globalnews.ca/news/8122470/mosquito-west-nile-virus-saskatchewan/
  • West Nile virus-positive mosquitoes found in London, Ont. https://globalnews.ca/news/8116682/west-nile-virus-positive-mosquitoes-london-ont/
  • Years Before COVID-19, Zombies Helped Prepare One Hospital System for the Real Pandemic https://www.scientificamerican.com/podcast/episode/years-before-covid-zombies-helped-prepare-one-hospital-system-for-the-real-pandemic/
  • Death toll from Haiti earthquake climbs to 1,419 as hospitals overwhelmed https://globalnews.ca/news/8117818/haiti-quake-death-toll-rises/
  • Firefighters tackling a Tesla blaze in Austin said they had to use 40 times more water than for a regular vehicle fire because of the car's lithium battery cells https://www.businessinsider.com/tesla-crash-fire-lithium-battery-austin-more-water-than-regular-2021-8
  • Bitten N.S. woman was in ‘classic shark hunting ground', expert says https://globalnews.ca/news/8115615/bitten-cape-breton-woman-shark-hunting-ground/
  • Level 4 Autonomous Cars Allowed on German Roads https://www.trendmicro.com/en_us/research/21/h/level-4-autonomous-cars-allowed-on-german-roads.html
  • A Chinese Satellite Mysteriously Shattered in Space. Now We May Know Why https://www.sciencealert.com/a-chinese-satellite-mysteriously-shattered-in-march-now-we-know-why
  • Water cuts are coming to Arizona and Nevada after the US declared the first-ever Colorado River water shortage https://www.businessinsider.com/us-declares-first-colorado-river-shortage-arizona-nevada-water-cuts-2021-8
  • Fundy fishermen eager to try whalesafe gear https://www.cbc.ca/news/canada/new-brunswick/fundy-fishermen-welcome-whalesafe-gear-fund-1.6142715
  • Millions of electric car batteries will retire in the next decade. What happens to them? https://www.theguardian.com/environment/2021/aug/20/electric-car-batteries-what-happens-to-them

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Nearly 95,000 health-care workers contracted COVID-19 and 43 died throughout pandemic: report https://toronto.ctvnews.ca/nearly-95-000-health-care-workers-contracted-covid-19-and-43-died-throughout-pandemic-report-1.5553146
  • Rates of COVID-19 more than 20 times higher among unvaccinated in Ottawa https://globalnews.ca/news/8124967/ottawa-unvaccinated-covid-rates-higher/
  • Ontario reports more than 700 COVID-19 cases for 1st time since early June https://globalnews.ca/news/8132161/covid-19-ontario-cases-vaccine-august-22-coronavirus/
  • Vaughan, Ont. parent fined after allegedly sending child with COVID-19 symptoms to daycare https://toronto.ctvnews.ca/vaughan-ont-parent-fined-after-allegedly-sending-child-with-covid-19-symptoms-to-daycare-1.5548677
  • Florida school district calls emergency meeting after 5,500+ students forced to quarantine over COVID-19 outbreak https://www.businessinsider.com/covid-19-students-forced-to-quarantine-in-florida-school-district-2021-8
  • Lukashenko hid the real data of Covid-19 mortality. A cyber attack has revealed figures about 14 times higher https://www.databreaches.net/lukashenko-hid-the-real-data-of-covid-19-mortality-a-cyber-attack-has-revealed-figures-about-14-times-higher/
  • WHO calls on experts to join new advisory group probing COVID-19 origins https://globalnews.ca/news/8128607/who-calls-experts-covid-origins-probe/

• Guidance, Response, and Recovery:

  • Delta Has Changed the Pandemic Risk Calculus https://www.theatlantic.com/health/archive/2021/08/delta-variant-pandemic-risk-safety/619798/
  • The Coronavirus Is Here Forever. This Is How We Live With It. https://www.theatlantic.com/science/archive/2021/08/how-we-live-coronavirus-forever/619783/
  • Those Plastic COVID-19 Barriers in Stores Probably Aren't Helping Anyone https://www.mentalfloss.com/article/649615/plastic-covid-19-barriers-stores-are-not-helping
  • Mandatory COVID-19 vaccines a hot-button issue as election race kicks off https://globalnews.ca/news/8117939/canada-election-mandatory-covid-vaccine/
  • Some provinces won't allow polling stations in schools this federal election https://globalnews.ca/news/8126265/election-school-poll-stations/
  • Unvaccinated PC MPPs will be removed from caucus, Doug Ford spokesperson says https://globalnews.ca/news/8120714/unvaccinated-pc-mpps-will-be-removed-from-caucus-ford/
  • UHN considers leave of absence and terminations for unvaccinated staff https://toronto.ctvnews.ca/uhn-considers-leave-of-absence-and-terminations-for-unvaccinated-staff-1.5552056
  • City of Toronto and TTC workers must be fully vaccinated against COVID-19 by Oct. 30 https://toronto.ctvnews.ca/city-of-toronto-and-ttc-workers-must-be-fully-vaccinated-against-covid-19-by-oct-30-1.5553334
  • U.S. extending land border restrictions with Canada, Mexico for another 30 days https://globalnews.ca/news/8128063/u-s-land-border-restrictions-canada-mexico-extension/
  • New Zealand enters nationwide lockdown over one Covid case https://www.bbc.co.uk/news/world-asia-58241619
  • A year and a half after Sweden decided not to lock down, its COVID-19 death rate is up to 10 times higher than its neighbors https://www.businessinsider.com/sweden-covid-no-lockdown-strategy-failed-higher-death-rate-2021-8

• Immunity and Vaccinations:

  • Workers who aren't vaccinated for COVID-19 should be prepared to pay more for health coverage https://www.businessinsider.com/unvaccinated-workers-could-pay-more-for-health-coverage-2021-8
  • Iceland is proof that COVID-19 vaccines work, a leading US expert said. Infections are at record highs, but the nation hasn't recorded a single virus death since May. https://www.businessinsider.com/iceland-proves-covid-19-vaccines-work-expert-no-death-may-2021-8
  • Antibody tests offered to UK public for first time https://www.bbc.co.uk/news/uk-58293249
  • 3rd dose of Pfizer COVID-19 vaccine lowers infection risk, Israel study finds https://globalnews.ca/news/8132599/covid-19-vaccine-booster-lowers-infection-risk-israel/

• More of the good, the bad, and the ugly:

  • Covishield: WHO flags fake jabs in India, Africa https://www.bbc.co.uk/news/world-asia-india-58253488
  • Pharmacist faces 120 years in prison for selling vaccination cards on eBay https://www.bleepingcomputer.com/news/security/pharmacist-faces-120-years-in-prison-for-selling-vaccination-cards-on-ebay/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• 15 Origins of Urban Legends https://www.mentalfloss.com/article/649385/urban-legends-origins
• IKEA publishes their Swedish meatball recipe https://globalnews.ca/news/6846188/ikea-meatball-recipe-coronavirus/
• Swedish meatballs aren't actually Swedish https://www.mentalfloss.com/article/542429/swedish-meatballs-originated-in-turkey
• Natural Mosquito Repellent's Powers Finally Decoded https://www.scientificamerican.com/article/natural-mosquito-repellents-powers-finally-decoded/
• US lab stands on threshold of key nuclear fusion goal https://www.bbc.co.uk/news/science-environment-58252784
• Swiss scientists calculate pi to new record of 62.8 trillion figures https://www.independent.co.uk/life-style/gadgets-and-tech/pi-calculation-trillion-figure-record-b1903761.html
• SpaceX Thinks it can Send Humans to the Moon Sooner Than 2024 https://www.universetoday.com/152262/spacex-thinks-it-can-send-humans-to-the-moon-sooner-than-2024/
• A newly discovered and huge structure in the Milky Way was hidden right in front of us https://www.syfy.com/syfywire/newly-discovered-structure-in-the-milky-way
• The Grand Canyon Is Missing a Billion Years' Worth of Rocks. Scientists May Know Why https://www.sciencealert.com/scientists-get-closer-to-explaining-the-grand-canyon-s-great-unconformity