This Week's [in]Security - Issue 233

Welcome to This Week’s [in]Security. PCI and payments: Crypto-agility. New breaches: Wearable aggregator megabreach, Epik, Walgreens, Indonesian Intelligence Agency, multiple healthcare. New Ransomware: Threats. Follow-ups & Fall-out. Privacy: Re-identification, FTC privacy bureau. Laws & Regs: Canada: Copyright. US: Crypto-exchanges, Facebook, location warrants. World: GDPR, Assistance requests. Standards: NIST Machine Learning. Defense: Passwordless, OpenSSLv3, Android. Zoom, Design, Trolls, Kali. Vulnerabilities, Zerodays: Apple, Windows, Chrome, Azure OMIGOD, IBM. Databases, Citrix, Windows EOL, WSL, Laserfiche Ad Porn, WordPress, Drupal, WooCommerce, Travis CI, SSID stripping, Apple Cloudkit, SpookJS, RSA variant. Cybercrime: What's exploited, Multiple zerodays, Open redirects. Crime: Other Risks: Ethics, DNS, moderation, WFH, facial fakes. Health, Safety & Environment: Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Ugly; And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• New PCI Documents:

  • PCI PIN v3.0 ISO 4 PIN Blocks - effective dates are suspended https://www.pcisecuritystandards.org/documents/Implementing_ISO_Format_4_PIN_Blocks_Information_Supplement.pdf
  • SSF v1.1 FAQs https://www.pcisecuritystandards.org/documents/SSF-v1_1-FAQs.pdf
  • PA-DSS to SSF transition https://www.pcisecuritystandards.org/documents/Transitioning_from_PA-DSS_to_SSF_Resource_Guide.pdf
• Updated PCI FAQ’s:

• Why Organizations Need to Become Crypto-Agile and What that Means https://controlgap.com/blog/Cryptographic-Agility

  • 1117 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Are-truncated-Primary-Account-Numbers-PAN-required-to-be-protected-in-accordance-with-PCI-DSS
  • 1146 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-is-the-difference-between-masking-and-truncation
  • 1176 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-does-an-organization-maintain-compliance-when-a-standard-changes
• Data Brief: 55% of Consumers Don't Store Payment Details, Cite Security Fears https://www.pymnts.com/news/security-and-risk/2021/data-brief-55-of-consumers-dont-store-payment-details-cite-security-fears/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Over 60 million wearable, fitness tracking records exposed via unsecured database https://www.zdnet.com/article/over-60-million-records-exposed-in-wearable-fitness-tracking-data-breach-via-unsecured-database
  • Anonymous leaks gigabytes of data from alt-right web host Epik https://www.databreaches.net/anonymous-leaks-gigabytes-of-data-from-alt-right-web-host-epik/
  • Walgreens' Covid-19 test registration system exposed — and still exposes? — patient data https://www.databreaches.net/walgreens-covid-19-test-registration-system-exposed-and-still-exposes-patient-data/
  • Indonesian Intelligence Agency Reportedly Breached https://www.databreachtoday.com/indonesian-intelligence-agency-reportedly-breached-a-17518
  • Cyberattack on Alaska DHSS website includes HIPAA and APIPA breach https://www.databreaches.net/cyberattack-on-alaska-dhss-website-includes-hipaa-and-apipa-breach/
  • Mass Personal Data Theft From Paris Covid Tests: Hospitals https://www.securityweek.com/mass-personal-data-theft-paris-covid-tests-hospitals
  • Ottawa Hospital apologizes to unvaccinated staff for privacy breach https://www.databreaches.net/ottawa-hospital-apologizes-to-unvaccinated-staff-for-privacy-breach/

• New Ransomware and "Incidents":

  • The state of ransomware: national emergencies and million-dollar blackmail https://www.zdnet.com/article/the-state-of-ransomware-national-emergencies-and-million-dollar-blackmail
  • REvil's Back; Coder Fat-Fingered Away Its Decryptor Key? https://threatpost.com/revil-back-coder-decryptor-key/169403/
  • Ransomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anyway https://www.theregister.com/2021/09/15/grief_corp_ransomware_negotiator_rage/
  • BlackMatter ransomware hits medical technology giant Olympus https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/
  • City of Yonkers Hacked, No Computers for the Past Week: Ransom Demanded, City Hall Says No https://www.databreaches.net/city-of-yonkers-hacked-no-computers-for-the-past-week-ransom-demanded-city-hall-says-no/

• Follow-ups and fall-out:

  • Epik - 15,003,961 breached accounts https://haveibeenpwned.com/PwnedWebsites#Epik
  • Free REvil ransomware master decrypter released for past victims https://www.bleepingcomputer.com/news/security/free-revil-ransomware-master-decrypter-released-for-past-victims/
  • Northern Light Health reports data breach linked to Blackbaud incident https://www.databreaches.net/northern-light-health-reports-data-breach-linked-to-blackbaud-incident/

Privacy

Articles about privacy related news, risks, and trends.

• De-identify, re-identify: Anonymised data's dirty little secret https://www.theregister.com/2021/09/16/anonymising_data_feature/
• House Committee Approves $1B to Create New Privacy Bureau at FTC https://epic.org/2021/09/house-committee-approves-1b-to.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 100: David Vaver With a Masterclass on Copyright and User Rights https://www.michaelgeist.ca/2021/09/law-bytes-podcast-episode-100/
  • Grieving mother questions why Toronto licensed 40,000 ride-hail drivers without mandatory training https://toronto.ctvnews.ca/grieving-mother-questions-why-toronto-licensed-40-000-ride-hail-drivers-without-mandatory-training-1.5588230

• US:

  • U.S. to sanction crypto exchanges, wallets used by ransomware https://www.bleepingcomputer.com/news/security/us-to-sanction-crypto-exchanges-wallets-used-by-ransomware/
  • House Bill Seeks to Insulate CISA Director From Politics https://www.databreachtoday.com/house-bill-seeks-to-insulate-cisa-director-from-politics-a-17519
  • Senators Announce Probe into Facebook's Alleged Coverup of its Negative Influence on Children and Teens https://epic.org/2021/09/senators-announce-probe-into-f.html
  • Court Rejects Lawsuit Against NSA on "State Secrets" Grounds https://www.securityweek.com/court-rejects-lawsuit-against-nsa-state-secrets-grounds
  • EPIC, Coalition to Senators: Reject Plan Requiring SSN Collection by Peer-to-Peer Payment Services https://epic.org/2021/09/epic-coalition-to-senators-rej.html
  • FTC: Health App, Device Makers Must Report Breaches https://www.databreachtoday.com/ftc-health-app-device-makers-must-report-breaches-a-17555
  • Joe Biden to nominate facial recognition critic to FTC https://www.theverge.com/2021/9/13/22671880/biden-alvaro-bedoya-privacy-ftc-commissioner-facial-recognition
  • The new warrant: how US police mine Google for your location and search history https://www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-google
  • The investigation into Tesla Autopilot's emergency vehicle problem is getting bigger https://www.theverge.com/2021/9/14/22673497/tesla-nhtsa-autopilot-investigation-data-ford-gm-vw-toyota
  • Massachusetts Attorney General Probing T-Mobile Breach https://www.databreachtoday.com/massachusetts-attorney-general-probing-t-mobile-breach-a-17529
  • Texas' Social Media Law is Not the Solution to Censorship https://www.eff.org/deeplinks/2021/09/texas-social-media-law-not-solution-censorship
  • DoorDash Takes On Restaurants In Fight Over NYC Data-Sharing Mandate https://www.pymnts.com/data/2021/doordash-takes-on-restaurants-in-fight-over-nyc-data-sharing-mandate/

• World:

  • You can 'go your own way' over GDPR, says UK's new Information Commissioner https://www.theregister.com/2021/09/13/new_uk_ico_promises_to/
  • Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021 https://www.securityweek.com/kaspersky-received-105-government-law-enforcement-requests-h1-2021
  • Kaspersky releases its first Transparency Report https://www.databreaches.net/kaspersky-releases-its-first-transparency-report/
  • Ransomware-hit law firm secures High Court judgment against unknown criminals https://www.theregister.com/2021/09/16/ransomware_judgment_4_new_square_chambers/

• Standards News:

  • Machine Learning for Access Control Policy Verification: NISTIR 8360 Published https://csrc.nist.gov/publications/detail/nistir/8360/final

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• The passwordless future is here for your Microsoft account https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/
• OpenSSL 3.0 Released After 3 Years of Development https://www.securityweek.com/openssl-30-released-after-3-years-development
• Billions more Android devices will reset risky app permissions https://www.bleepingcomputer.com/news/security/billions-more-android-devices-will-reset-risky-app-permissions/
• Zoom Introduces End-to-End Encrypted Phone Calls https://www.securityweek.com/zoom-introduces-end-end-encrypted-phone-calls
• Designing Contact-Tracing Apps https://www.schneier.com/blog/archives/2021/09/designing-contact-tracing-apps.html
• Facebook will treat coordinated rule breakers using real accounts like troll farms https://www.theverge.com/2021/9/16/22677732/facebook-coordinated-authentic-inauthentic-behavior-moderation-policy
• Kali Linux 2021.3 released with new pentest tools, improvements https://www.bleepingcomputer.com/news/security/kali-linux-20213-released-with-new-pentest-tools-improvements/
• ELFant in the Room – capa v3 tool http://www.fireeye.com/blog/threat-research/2021/09/elfant-in-the-room-capa-v3.html
• New Encryption Technique Better Protects Photographs in the Cloud https://www.scientificamerican.com/article/new-encryption-technique-better-protects-photographs-in-the-cloud/
• Google Supports Open Source Technology Improvement Fund https://security.googleblog.com/2021/09/google-supports-open-source-technology.html
• Trying to Google a Word You Can't Remember? There's a Trick for That https://www.mentalfloss.com/article/650341/how-to-google-a-word-you-forgot

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day https://www.securityweek.com/us-agencies-warn-apts-exploiting-recent-adselfservice-plus-zero-day
  • Apple fixes iOS zero-day used to deploy NSO iPhone spyware https://www.bleepingcomputer.com/news/apple/apple-fixes-ios-zero-day-used-to-deploy-nso-iphone-spyware/
  • Zero-Click iMessage Exploit https://www.schneier.com/blog/archives/2021/09/zero-click-imessage-exploit.html
  • FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
  • Stop and update your iPhone to iOS 14.8 right now https://www.theverge.com/2021/9/13/22672352/apple-spyware-gateway-iphone-software-update-nso-pegasus
  • Microsoft September 2021 Patch Tuesday fixes 2 zero-days, 60 flaws https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2021-patch-tuesday-fixes-2-zero-days-60-flaws/
  • Pair of Google Chrome Zero-Day Bugs Actively Exploited https://threatpost.com/google-chrome-zero-day-exploited/169442/
  • Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk https://threatpost.com/azure-zero-day-supply-chain/169508/
  • No Patch for High-Severity Bug in Legacy IBM System X Servers https://threatpost.com/no-patch-for-ibm-system-x-servers/169491/
• Close to half of on-prem databases contain vulnerabilities, with many critical flaws https://www.zdnet.com/article/close-to-half-of-on-prem-databases-contain-vulnerabilities-with-many-critical-flaws
• Citrix Patches Hypervisor Vulnerabilities Allowing Host Compromise https://www.securityweek.com/citrix-patches-hypervisor-vulnerabilities-allowing-host-compromise
• Microsoft: Windows 10 2004 reaches end of service in December https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-2004-reaches-end-of-service-in-december/
• New malware uses Windows Subsystem for Linux for stealthy attacks https://www.bleepingcomputer.com/news/security/new-malware-uses-windows-subsystem-for-linux-for-stealthy-attacks/
• New Windows security updates break network printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
• US govt sites showing porn, viagra ads share a common software vendor https://www.bleepingcomputer.com/news/security/us-govt-sites-showing-porn-viagra-ads-share-a-common-software-vendor/
• WordPress 5.8.1 Patches Several Vulnerabilities https://www.securityweek.com/wordpress-581-patches-several-vulnerabilities
• Several Access Bypass, CSRF Vulnerabilities Patched in Drupal https://www.securityweek.com/several-access-bypass-csrf-vulnerabilities-patched-drupal
• WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing https://threatpost.com/woocommerce-multi-currency-bug-pricing/169394/
• Travis CI flaw exposed secrets of thousands of open source projects https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/
• HP Omen Hub Exposes Millions of Gamers to Cyberattack https://threatpost.com/hp-omen-hub-gamers-cyberattack/169739/
• SSID Stripping: New Method for Tricking Users Into Connecting to Rogue APs https://www.securityweek.com/ssid-stripping-new-method-tricking-users-connecting-rogue-aps
• This is how a cybersecurity researcher accidentally broke Apple Shortcuts https://www.zdnet.com/article/this-is-how-a-cybersecurity-researcher-accidentally-broke-apple-shortcuts
• New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection https://thehackernews.com/2021/09/new-spookjs-attack-bypasses-google.html
• Simple Analysis Of A CVE-2021-40444 .docx Document, (Sat, Sep 18th) https://isc.sans.edu/diary/rss/27848
• Classical Attacks on a Variant of the RSA Cryptosystem https://eprint.iacr.org/2021/1160

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years https://thehackernews.com/2021/09/malware-attack-on-aviation-sector.html
• Researchers compile list of vulnerabilities abused by ransomware gangs https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/
• Belarus, Ukraine Saw Largest Increase in ICS Attacks During H1 2021: Kaspersky https://www.securityweek.com/belarus-ukraine-saw-largest-increase-ics-attacks-during-h1-2021-kaspersky
• FBI and CISA warn of state hackers exploiting critical Zoho bug https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-exploiting-critical-zoho-bug/
• Social engineering explained: How criminals exploit human behavior https://www.csoonline.com/article/2124681/what-is-social-engineering.html#tk.rss_all
• Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations https://www.securityweek.com/links-found-between-mshtml-zero-day-attacks-and-ransomware-operations
• Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/
• Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance https://www.securityweek.com/mirai-botnet-starts-exploiting-omigod-flaw-microsoft-issues-more-guidance
• New Malware Targets Windows Subsystem for Linux to Evade Detection https://thehackernews.com/2021/09/new-malware-targets-windows-subsystem.html
• HHS Warns Health Sector of BlackMatter Attacks https://www.databreachtoday.com/hhs-warns-health-sector-blackmatter-attacks-a-17522
• New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads https://thehackernews.com/2021/09/new-stealthier-zloader-variant.html
• Hacker-made Linux Cobalt Strike beacon used in ongoing attacks https://www.bleepingcomputer.com/news/security/hacker-made-linux-cobalt-strike-beacon-used-in-ongoing-attacks/
• Open redirect on UK council website was being used for Royal Mail-themed parcel payments scam https://www.theregister.com/2021/09/13/open_redirect_council_property_website_spam/
• The danger of open redirects! https://scotthelme.co.uk/the-danger-of-open-redirects/
• Talos Takes Ep. #68: The various pivots and pitfalls in a malware investigation https://blog.talosintelligence.com/2021/09/talos-takes-ep-68-various-pivots-and.html

• Crime & Arrests, etc.:

  • Ex-U.S. Intelligence Officers Admit to Hacking Crimes in Work for Emiratis https://www.nytimes.com/2021/09/14/us/politics/darkmatter-uae-hacks.html
  • Russia Has Taken No Action to Combat Ransomware, FBI Says https://www.databreachtoday.com/russia-has-taken-no-action-to-combat-ransomware-fbi-says-a-17539
  • AT&T lost $200M in seven years to illegal phone unlocking scheme https://www.bleepingcomputer.com/news/security/atandt-lost-200m-in-seven-years-to-illegal-phone-unlocking-scheme/
  • Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude' https://www.theregister.com/2021/09/14/too_polite_brits_scammed/
  • FBI: $113 million lost to online romance scams this year https://www.bleepingcomputer.com/news/security/fbi-113-million-lost-to-online-romance-scams-this-year/
  • Pakistani Man Involved in AT&T Hacking Scheme Sentenced to Prison in U.S. https://www.securityweek.com/pakistani-man-involved-att-hacking-scheme-sentenced-prison-us
  • Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms https://www.databreaches.net/illinois-man-convicted-of-federal-criminal-charges-for-operating-subscription-based-computer-attack-platforms/
  • Operator of 'DownThem' DDoS Attack Service Convicted https://www.securityweek.com/operator-downthem-ddos-attack-service-convicted
  • Telegram emerges as new dark web for cyber criminals https://arstechnica.com/information-technology/2021/09/telegram-emerges-as-new-dark-web-for-cyber-criminals/
  • Financial Cybercrime: Following Cryptocurrency via Public Ledgers https://threatpost.com/financial-cybercrime-cryptocurrency-public-ledgers/169987/

Other Security / Risk

Articles covering other types of risks.

• Australia's Curtin University wants 'unethical' AI study retracted https://www.bbc.co.uk/news/world-australia-58571618
• Is it OK to use stolen data? What if it's scientific research in the public interest? https://www.theregister.com/2021/09/17/unethical_data_research/
• How surveillance capitalism will totally transform the domain name system https://www.zdnet.com/article/how-surveillance-capitalism-will-totally-transform-the-domain-name-system/
• Facebook program reportedly let celebrities avoid moderation https://www.theverge.com/2021/9/13/22671565/facebook-xcheck-moderation-system-high-profile-exemptions
• Facebook's AI moderation reportedly can't interpret many languages, leaving users in some countries more susceptible to harmful posts https://www.businessinsider.com/facebook-content-moderation-ai-cant-speak-all-languages-2021-9
• CISOs Faced With Friction, Resistance From Remote Workers Over Security Controls https://www.securityweek.com/cisos-faced-friction-resistance-remote-workers-over-security-controls
• Identifying Computer-Generated Faces https://www.schneier.com/blog/archives/2021/09/identifying-computer-generated-faces.html
• Windows 11 is no longer compatible with Oracle VirtualBox VMs https://www.bleepingcomputer.com/news/microsoft/windows-11-is-no-longer-compatible-with-oracle-virtualbox-vms/
• Firefox now bypasses Windows 11's messy default browser settings https://www.bleepingcomputer.com/news/microsoft/firefox-now-bypasses-windows-11s-messy-default-browser-settings/
• Manitoba Hydro working to fix purple street lights in Winnipeg https://globalnews.ca/news/8186378/manitoba-hydro-purple-street-lights-winnipeg/

• Health, Safety & Environment:

  • Cholesterol drives Alzheimer's plaque formation, study finds https://scienmag.com/cholesterol-drives-alzheimers-plaque-formation-study-finds/
  • Grow and eat your own vaccines? https://scienmag.com/grow-and-eat-your-own-vaccines/
  • 400,000 people are infected each year with coronaviruses carried by bats, an early study suggests. Researchers say the data could help prevent future pandemics. https://www.businessinsider.com/people-infected-virus-bat-covid-19-sars-cov-2-pandemic-2021-9
  • Toronto ranked 2nd 'safest city' in the world for 2021: report https://www.ctvnews.ca/lifestyle/toronto-ranked-2nd-safest-city-in-the-world-for-2021-report-1.5589711
  • Tesla's use of the term Full Self-Driving is 'irresponsible,' NTSB chief told the Wall Street Journal https://www.businessinsider.com/tesla-safety-fsd-term-irresponsible-elon-musk-ntsb-2021-9
  • Will DART slamming into an asteroid's moon cause it to tumble chaotically? https://www.syfy.com/syfywire/will-dart-slamming-into-an-asteroids-moon-cause-it-to-tumble-chaotically
  • Bitcoin transactions could generate the weight of 128,000 grand pianos in wasted electronics per year, researchers predict https://www.independent.co.uk/life-style/gadgets-and-tech/bitcoin-ethereum-waste-proof-work-piano-b1922240.html
  • Australian Bush Fires Belched Out Immense Quantity of Carbon https://www.scientificamerican.com/article/australian-bush-fires-belched-out-immense-quantity-of-carbon/
  • This rubber duck started a river race in Alberta and washed ashore in Russia https://www.cbc.ca/news/canada/edmonton/rubber-duck-alberta-russia-1.6175532
  • Jet stream changes could amplify weather extremes by 2060s https://scienmag.com/jet-stream-changes-could-amplify-weather-extremes-by-2060s/
  • EV startup Lucid's first car can travel 520 miles on a full battery - beating Tesla by 115 miles https://www.businessinsider.com/lucid-motors-air-dream-ev-range-tesla-model-s-2021-9
  • Green and clean: New eco-friendly and sustainable algae-based way to fight water pollution https://scienmag.com/green-and-clean-new-eco-friendly-and-sustainable-algae-based-way-to-fight-water-pollution/
  • New meat analogue developed by Lithuanian scientists – healthier, more flavours and environmentally friendly https://scienmag.com/new-meat-analogue-developed-by-lithuanian-scientists-healthier-more-flavours-and-environmentally-friendly/
  • Solar 'Superflares' Rocked Earth Less Than 10,000 Years Ago--and Could Strike Again https://www.scientificamerican.com/article/solar-superflares-rocked-earth-less-than-10-000-years-ago-and-could-strike-again/
  • U of R research shows satellites will have ‘devastating' effect on light pollution in coming years https://globalnews.ca/news/8188903/u-of-r-research-satellites-light-pollution/
  • Apple cofounder Steve Wozniak is starting a mysterious space company called Privateer, possibly to clean up space debris https://www.businessinsider.com/steve-wozniak-privateer-space-company-elon-musk-apple-cofounder-2021-9
  • A Hefty History of Fat Bear Week https://www.mentalfloss.com/article/650110/fat-bear-week-history

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Our Most Reliable Pandemic Number Is Losing Meaning https://www.theatlantic.com/health/archive/2021/09/covid-hospitalization-numbers-can-be-misleading/620062/
  • The Atlantic Daily: A New Phase of Pandemic Uncertainty https://www.theatlantic.com/newsletters/archive/2021/09/new-phase-pandemic-uncertainty/620097/
  • More than 243,000 kids in the US got COVID-19 last week, the second-highest weekly total among kids since the pandemic started https://www.businessinsider.com/kids-getting-covid-america-second-highest-weekly-total-pandemic-2021-9
  • Over 50,000 have died from COVID-19 in Florida — a quarter of them this summer https://globalnews.ca/news/8197827/florida-covid-50k-deaths/
  • Ontario reports 864 new COVID-19 cases as daily testing increases https://globalnews.ca/news/8195207/ontario-covid-cases-september-16-coronavirus/
  • Ontario schools report 189 active COVID-19 cases; one school is already shut down https://toronto.ctvnews.ca/ontario-schools-report-189-active-covid-19-cases-one-school-is-already-shut-down-1.5583096
  • Tens of thousands experiencing ‘long COVID-19' symptoms in Ontario, science group says https://globalnews.ca/news/8189363/long-covid-symptoms-ontario/

• Guidance, Response, and Recovery:

  • The World Needs a Pandemic Plan B https://www.theatlantic.com/ideas/archive/2021/09/pandemic-proofing-global-order/620022/
  • Government of Canada Covid resources and information https://www.canada.ca/en/government/publicservice/covid-19.html
  • Canadians more worried about 4th COVID-19 wave, but experts say lockdowns unlikely https://globalnews.ca/news/8182724/covid-canada-4th-wave-fears-poll/
  • New details released on Ontario's COVID-19 vaccine certificates, non-compliance fines start at $750 https://globalnews.ca/news/8189100/covid-ontario-vaccine-certificates-fines-exemptions/
  • Ontario lays out exemptions where proof of vaccination is not required https://toronto.ctvnews.ca/ontario-lays-out-exemptions-where-proof-of-vaccination-is-not-required-1.5584895
  • 'The next few weeks are going to be disastrous,' employment lawyer says of Ontario's vaccine certificate rollout https://toronto.ctvnews.ca/the-next-few-weeks-are-going-to-be-disastrous-employment-lawyer-says-of-ontario-s-vaccine-certificate-rollout-1.5586223
  • B.C.'s vaccine card comes into effect Monday. Here's what you need to know https://globalnews.ca/news/8180908/bc-covid-vaccine-card-vaccine-passport-need-to-know/
  • Quebec says no capacity to take on COVID-19 patients from Alberta https://globalnews.ca/news/8198604/quebec-alberta-covid-patients-help/
  • City of Toronto holding ‘Days of Vaxtion' in bid to boost COVID-19 vaccination coverage https://globalnews.ca/news/8192228/toronto-days-of-vaxtion-covid-vaccines/
  • England overhauls Covid-19 travel rules https://www.bbc.co.uk/news/uk-58602481
  • Southwest Airlines pays staff extra to get jabbed https://www.bbc.co.uk/news/business-58588334

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Scientists are getting closer to classifying long COVID as an autoimmune disease https://www.businessinsider.com/long-covid-syndrome-autoimmune-disease-symptoms-2021-9

• Immunity and Vaccinations:

  • Mistrust of government tops reasons for vaccine hesitancy https://scienmag.com/mistrust-of-government-tops-reasons-for-vaccine-hesitancy/
  • Sorry, a Coronavirus Infection Might Not Be Enough to Protect You https://www.theatlantic.com/science/archive/2021/09/infection-immunity-covid-19-vaccines/620099/
  • These 25 Countries Have the Highest COVID-19 Vaccination Rates https://www.mentalfloss.com/article/650419/highest-covid-19-vaccination-rates
  • The CDC says you can get your COVID-19 vaccine and flu shot at the same time https://www.businessinsider.com/cdc-approves-getting-covid-19-shot-with-other-vaccines-2021-9
  • COVID-19 nasal vaccine candidate effective at preventing disease transmission https://scienmag.com/covid-19-nasal-vaccine-candidate-effective-at-preventing-disease-transmission/
  • Vaccinate the World before Starting COVID Booster Shots https://www.scientificamerican.com/article/vaccinate-the-world-before-starting-covid-booster-shots/
  • COVID-19 booster debate in U.S. heads to FDA vaccine advisory committee https://globalnews.ca/news/8198294/covid-19-booster-u-s-fda-vaccine/
  • Alberta's new proof of vaccination cards can be easily edited, residents say https://globalnews.ca/news/8203414/alberta-vaccination-cards-covid-19/

• More of the good, the bad, and the ugly:

  • Winnipeg police investigating missing box of COVID-19 vaccine from supersite https://globalnews.ca/news/8195636/winnipeg-covid-19-vaccine-theft/
  • COVID-19 hospital protests ‘a morale blow' to Canada's exhausted health-care workers https://globalnews.ca/news/8186324/hospital-protests-morale-blow-hcw/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• For The First Time, Scientists Have Entangled Three Qubits on Silicon https://www.sciencealert.com/scientists-have-entangled-three-qubits-in-silicon-for-the-first-time
• The World's Longest Cave System Just Got Even Bigger https://www.sciencealert.com/explores-have-mapped-even-more-hidden-passages-in-the-mammoth-cave-system
• A New Company With a Wild Mission: Bring Back the Woolly Mammoth https://www.nytimes.com/2021/09/13/science/colossal-woolly-mammoth-DNA.html
• Iconic landmark near Toronto lands spot in the Guinness World Record books https://toronto.ctvnews.ca/iconic-landmark-near-toronto-lands-spot-in-the-guinness-world-record-books-1.5585386
• Model solar system creates interactive experience across Lethbridge https://globalnews.ca/news/8190787/model-solar-system-lethbridge/
• SpaceX's Inspiration4 crew returns to Earth, capping first fully private mission in orbit https://www.theverge.com/2021/9/18/22681339/spacex-inspiration4-crew-return-earth-splashdown
• Here's Our Best View Yet of Asteroid Kleopatra https://www.universetoday.com/152513/heres-our-best-view-yet-of-asteroid-kleopatra/
• Something big Just hit Jupiter! https://www.universetoday.com/152583/something-big-just-hit-jupiter/
• A 6-Year Search of the Outer Solar System Turns up 461 new Objects (but no Planet 9) https://www.universetoday.com/152507/a-6-year-search-of-the-outer-solar-system-turns-up-461-new-objects/
• A New Way to Search for Exomoons https://www.universetoday.com/152527/a-new-way-to-search-for-exomoons/
• Physicists Just Accidentally Made a New Discovery About Black Holes https://www.sciencealert.com/physicists-just-accidentally-made-a-new-discovery-about-black-holes