This Week's [in]Security - Issue 238

Welcome to This Week’s [in]Security. PCI and payments: PCI & Ransomware, 3DS RFCs, PCI Halloween, AI shoulder surfing, Rapid Dispute, V-cards, UP Express. New breaches: Argentina!, CoinMarketCap, Durham police. New Ransomware: New Ransomware, Challenges, Revil (Strikeback), BlackMatter. Follow-ups & Fall-out. Privacy: ISPs, Alexa, Lunch Money. Laws & Regs - Canada, Online Harms. US: Export restrictions, Sanctions & Crypto, Notifications, Supplychains, Missouri, Facebook, World: GDPR bypass. Standards: NIST KDF, HTTPA. Defense: Detection, Blackhat, L0PHTcrack, Win11. Vulnerabilities, Zerodays: Apple. Other Vulnerabilities: Chrome, CVEs, MFA, Chinese hacking contest, Kerberos, DCOM, Gummy Browser attack, Tesla, Health Apps. Cybercrime: Trends: Fake pentest contracts, more fakes, Discord, Microsoft, Buggy malware, Obfuscation, NPM JavaScript, Youtube. Nation States. Crime: $35M deepfake heist, no honor among thieves, jail. Other Risks: IoT, third-parties, economic supply-chains, bias, Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Covid Ugly; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:

  • Ransomware Resource Guide https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Ransomware_Resource_Guide.pdf
  • Request for Comments: PCI 3DS SDK and 3DS Core Security Standards https://blog.pcisecuritystandards.org/request-for-comments-pci-3ds-sdk-and-3ds-core-security-standards
• PCI Security Standards Council Earns Gold dotCOMM Award for Women in Payments Podcast Series https://www.pcisecuritystandards.org/about_us/press_releases/pr_10202021
• We look back at our favorite PCI Halloween story, The ENTITY (a scary PCI monster) https://controlgap.com/blog/the-entity-a-scary-pci-monster
• Using Machine Learning to Guess PINs from Video https://www.schneier.com/blog/archives/2021/10/using-machine-learning-to-guess-pins-from-video.html
• Visa Requires All Issuers, Issuer Processors to Join Its Rapid Dispute Resolution Service https://www.pymnts.com/visa/2021/visa-requires-all-issuers-processors-join-rapid-dispute-resolution-service/
• The Rise of Virtual Cards https://www.pymnts.com/digital-payments/2021/the-rise-of-virtual-cards/
• UP Express riders can now pay fares through debit cards as part of ongoing pilot project https://globalnews.ca/news/8287377/up-express-fares-debit-metrolinx/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Hacker steals government ID database for Argentina's entire population https://www.databreaches.net/hacker-steals-government-id-database-for-argentinas-entire-population/
  • CoinMarketCap - 3,117,548 breached accounts https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap
  • Ca: Hackers leak police takedown video, medical records in Durham Region breach by CL0P https://www.databreaches.net/ca-hackers-leak-police-takedown-video-medical-records-in-durham-region-breach-by-cl0p/
  • Chico State employee charged with hacking, leaking vaccine exemption requests https://www.databreaches.net/chico-state-employee-charged-with-hacking-leaking-vaccine-exemption-requests/
  • Dental Alliance Reports Vendor Breach Affecting 170,000 https://www.databreachtoday.com/dental-alliance-reports-vendor-breach-affecting-170000-a-17775
  • A massive ‘stalkerware' leak puts the phone data of thousands at risk https://www.databreaches.net/a-massive-stalkerware-leak-puts-the-phone-data-of-thousands-at-risk/
  • Hacker sells the data for millions of Moscow drivers for $800 https://www.bleepingcomputer.com/news/security/hacker-sells-the-data-for-millions-of-moscow-drivers-for-800/

• New Ransomware and "Incidents":

  • Why is Cybersecurity Failing Against Ransomware? https://threatpost.com/cybersecurity-failing-ransomware/175637/
  • Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline https://thehackernews.com/2021/10/feds-reportedly-hacked-revil-ransomware.html
  • REvil Ransomware Gang Hit by Law Enforcement Hack-Back Operation https://www.securityweek.com/revil-ransomware-gang-hit-law-enforcement-hack-back-operation
  • Unhappy customers and their own tricks used against them, REvil ransomware gang reportedly pulled offline by 'multi-country' operations https://www.theregister.com/2021/10/22/revil_offline_again/
  • CISA Alert (AA21-291A) BlackMatter Ransomware https://www.databreaches.net/cisa-alert-aa21-291a-blackmatter-ransomware/
  • BlackByte ransomware decryptor released https://www.zdnet.com/article/blackbyte-ransomware-decryptor-released
  • Olympus US and Sinclair Broadcast Group hacks tied to sanctioned Russian ransomware group https://www.databreaches.net/olympus-us-and-sinclair-broadcast-group-hacks-tied-to-sanctioned-russian-ransomware-group/
  • Pakistani agents hack Sambalpur University website https://www.databreaches.net/pakistani-agents-hack-sambalpur-university-website/
  • UK: Tesco website hacked and down for second day https://www.databreaches.net/uk-tesco-website-hacked-and-down-for-second-day/
  • Hacker Defaces Donald Trump's Website https://packetstormsecurity.com/news/view/32737/Hacker-Defaces-Donald-Trumps-Website.html

• Follow-ups and fall-out:

  • Kemper Proposes $17.6M Settlement of Data Breach Claims https://www.databreaches.net/kemper-proposes-17-6m-settlement-of-data-breach-claims/

Privacy

Articles about privacy related news, risks, and trends.

• FTC: ISPs collect and monetize far more user data than you'd think https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/
• Woman finds vast trove of voice recordings collected by Amazon's Alexa – and you can hear yours https://www.independent.co.uk/life-style/gadgets-and-tech/alexa-amazon-echo-voice-recordings-b1943527.html
• UK schools are using facial recognition to take pupils' lunch money https://www.theverge.com/2021/10/18/22732330/uk-schools-facial-recognition-lunch-payments-north-ayrshire

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 104: Taylor Owen on What the Latest Facebook Revelations Mean for Canada's Online Harms Legislative Plans https://www.michaelgeist.ca/2021/10/law-bytes-podcast-episode-104/

• US:

  • US to Curb Hacking Tool Exports to Russia, China https://www.securityweek.com/us-curb-hacking-tool-exports-russia-china
  • Cryptocurrencies pose a threat to effectively enforcing sanctions, says US Treasury Department https://markets.businessinsider.com/news/currencies/digital-assets-cryptocurrencies-threat-effectiveness-sanctions-security-treasury-transactions-financial-2021-10
  • CISA Leader Backs 24-Hour Timeline for Incident Reporting https://www.databreachtoday.com/cisa-leader-backs-24-hour-timeline-for-incident-reporting-a-17767
  • House Passes Bills on Both Supply Chain, Telecom Security https://www.databreachtoday.com/house-passes-bills-on-both-supply-chain-telecom-security-a-17777
  • Police Can't Demand You Reveal Your Phone Passcode and Then Tell a Jury You Refused https://www.eff.org/deeplinks/2021/10/police-cant-demand-you-reveal-your-phone-passcode-and-then-tell-jury-you-refused
  • Attorney General James Directs Unregistered Crypto Lending Platforms to Cease Operations In New York, Announces Additional Investigations https://www.databreaches.net/attorney-general-james-directs-unregistered-crypto-lending-platforms-to-cease-operations-in-new-york-announces-additional-investigations/
  • Missouri Governor Doesn't Understand Responsible Disclosure https://www.schneier.com/blog/archives/2021/10/the-missouri-governor-doesnt-understand-responsible-disclosure.html
  • Missouri Governor Urged to Appoint Cybersecurity Panel https://www.securityweek.com/missouri-governor-urged-appoint-cybersecurity-panel
  • A new Facebook whistleblower has come forward with more allegations https://www.theverge.com/2021/10/22/22741024/facebook-new-whistleblower-allegations-sec
  • Mark Zuckerberg to Be Added to Facebook Privacy Suit https://www.nytimes.com/2021/10/20/technology/mark-zuckerberg-facebook-lawsuit.html
  • Supreme Court refuses to stop vaccine mandates for health workers in Maine https://www.businessinsider.com/scotus-wont-stop-maine-vaccine-mandates-for-health-workers-2021-10

• World:

  • Has Facebook Sidestepped GDPR's User Consent Requirements? https://www.securityweek.com/has-facebook-sidestepped-gdprs-user-consent-requirements
  • Facebook fined £50.5m for breaching order in Giphy takeover investigation https://www.theguardian.com/technology/2021/oct/20/facebook-fined-for-breaching-order-in-giphy-takeover-investigation
  • Facebook is suing a Ukrainian hacker it alleges scraped and sold publicly available user information from 178 million accounts https://www.businessinsider.com/facebook-suing-a-ukranian-hacker-it-alleges-scraped-and-sold-its-data-2021-10
  • (Last week) On Global Encryption Day, Let's Stand Up for Privacy and Security https://www.eff.org/deeplinks/2021/10/global-encryption-day-lets-stand-privacy-and-security
  • Russia Strengthens Its Internet Censorship Powers https://www.nytimes.com/2021/10/22/technology/russia-internet-censorship-putin.html
  • Chinese tech minister says he's 'dealt with' 73,000 sites that breached the law https://www.theregister.com/2021/10/18/china_tech_crackdown_impact/

• Standards News:

  • Draft Special Publication (SP) 800-108 Revision 1, Recommendation for Key Derivation Using Pseudorandom Functions, is now available for public comment until January 18 https://csrc.nist.gov/publications/detail/sp/800-108/rev-1/draft
  • Proposed HTTPA Protocol Uses TEEs to Secure the Web https://www.darkreading.com/emerging-tech/proposed-httpa-protocol-uses-tees-to-secure-web

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Security Teams Still Favor Prevention Over Detection https://www.darkreading.com/tech-trends/security-teams-still-favor-prevention-over-detection
• Penetration Testing in the Cloud Demands a Different Approach https://www.darkreading.com/cloud/pentesting-in-the-cloud-demands-a-different-approach
• 10 Hot Red Team Tools Set to Hit Black Hat Europe https://www.darkreading.com/application-security/10-killer-red-team-tools-set-to-hit-black-hat-europe
• Password Auditing Tool L0phtCrack Released as Open Source https://www.securityweek.com/password-auditing-tool-l0phtcrack-released-open-source
• (ISC)² Plans Entry-Level Certification for Aspiring Security Pros https://www.darkreading.com/attacks-breaches/-isc-plans-entry-level-certification-for-aspiring-security-pros
• 11 Security Settings You Should Know About in Windows 11 https://www.wired.com/story/11-security-settings-windows-11
• Microsoft now lets you test Android apps on Windows 11 https://www.theverge.com/2021/10/20/22736528/microsoft-android-apps-windows-11-test
• Google will make it easier to separate your work and personal life on Android https://www.theverge.com/2021/10/21/22737060/google-work-personal-life-android-12-enterprise-authentication-integration-bounty
• Android 12 is now available for Pixel phones https://www.theverge.com/2021/10/19/22724322/android-12-official-launch-date-pixel-phones-samsung-oneplus-xiaomi

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices https://blog.qualys.com/vulnerabilities-threat-research/2021/10/18/apple-fixes-zero-day-in-ios-and-ipados-15-0-2-emergency-release-detect-and-prioritize-vulnerabilities-using-vmdr-for-mobile-devices

• Other Vulnerabilities:

  • Google Patches 19 Vulnerabilities in Chrome 95 Browser Refresh https://www.securityweek.com/google-patches-19-vulnerabilities-chrome-95-browser-refresh
  • Narrow Focus on CVEs Leaves Organizations Vulnerable to Attacks https://www.tenable.com/blog/narrow-focus-on-cves-leaves-organizations-vulnerable-to-attacks
  • Problems with Multifactor Authentication https://www.schneier.com/blog/archives/2021/10/problems-with-multifactor-authentication.html
  • $1.9 Million Paid Out for Exploits at China's Tianfu Cup Hacking Contest https://www.securityweek.com/19-million-paid-out-exploits-chinas-tianfu-cup-hacking-contest
  • Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
  • Using Kerberos for Authentication Relay Attacks https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
  • Windows Exploitation Tricks: Relaying DCOM Authentication https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html
  • New Gummy Browser attack lets hackers spoof tracking profiles https://www.bleepingcomputer.com/news/security/new-gummy-browser-attack-lets-hackers-spoof-tracking-profiles/
  • A Dutch lab decrypted Tesla's heavily guarded driving data storage system, which could be instrumental in investigating accidents https://www.businessinsider.com/dutch-lab-decrypted-teslas-driving-data-storage-system-2021-10
  • Third-party health apps are vulnerable to hacks, report finds https://www.theverge.com/2021/10/18/22732615/health-record-app-hacks-patinet-data

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • FIN7 tries to trick pentesters into launching ransomware attacks (we're surprised this hasn’t been done before) https://www.bleepingcomputer.com/news/security/fin7-tries-to-trick-pentesters-into-launching-ransomware-attacks/
  • FBI warns of fake govt sites used to steal financial, personal data https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/
  • Discord CDN Abuse Found to Deliver 27 Unique Malware Types https://www.riskiq.com/blog/external-threat-management/discord-cdn-abuse-malware/
  • Microsoft Called Out As Big Malware Hoster https://packetstormsecurity.com/news/view/32736/Microsoft-Called-Out-As-Big-Malware-Hoster.html
  • Microsoft-Signed Rootkit Targets Gaming Environments in China https://www.darkreading.com/attacks-breaches/microsoft-signed-rootkit-targets-gaming-environments-in-china

• Bugs in Malware Serve As Backdoor to Undo Damage https://www.databreachtoday.com/bugs-in-malware-serve-as-backdoor-to-undo-damage-a-17763

  • About 26% of all malicious JavaScript threats are obfuscated https://www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/
  • Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices https://thehackernews.com/2021/10/malicious-npm-packages-caught-running.html
  • Google: YouTubers' accounts hijacked with cookie-stealing malware https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/ and https://www.theverge.com/2021/10/21/22737580/google-youtube-channel-phishing-campaign-report-malware

• Nation State Actors:

  • Nation-State Attacker of Telecommunications Networks https://www.schneier.com/blog/archives/2021/10/nation-state-attacker-of-telecommunications-networks.html
  • LightBasin hacking group breaches 13 global telecoms in two years https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/
  • Crims target telcos' Linux and Solaris boxes, which don't get enough infosec love https://www.theregister.com/2021/10/20/linux_solaris_under_attack_at_telcos/
  • Group With Potential Links to Iranian Threat Actor Resurfaces https://www.darkreading.com/attacks-breaches/group-with-potential-links-to-iranian-threat-actor-resurfaces

• Crime & Arrests, etc.:

  • Deepfake Audio Scores $35M in Corporate Heist https://www.darkreading.com/attacks-breaches/deepfake-audio-scores-35-million-in-corporate-heist
  • Twitter accounts linked to cyberattacks against security researchers suspended https://www.zdnet.com/article/twitter-accounts-linked-to-cyberattacks-against-researchers-suspended
  • Sim Swapper Doxes And SWATs His Accomplice https://packetstormsecurity.com/news/view/32743/Sim-Swapper-Doxes-And-SWATs-His-Accomplice.html
  • Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals https://thehackernews.com/2021/10/two-eastern-europeans-sentenced-for.html
  • Hacker in UPMC Data Theft, Fraud Case Gets Maximum Sentences https://www.databreachtoday.com/hacker-in-upmc-data-theft-fraud-case-gets-maximum-sentences-a-17770

Other Security / Risk

Articles covering other types of risks.

• Research finds consumer-grade IoT devices showing up... on corporate networks https://www.theregister.com/2021/10/21/iot_devices_corporate_networks_security_warning/
• Third-Party Attacks Are Increasing, But Third-Party Risk Management Is Failing https://www.securityweek.com/third-party-attacks-are-increasing-third-party-risk-management-failing
• Satellite images show massive congestion at the Port of Long Beach this year compared to 2020 and 2019 https://www.businessinsider.com/satellite-images-show-congestion-at-the-port-of-long-beach-2021-10
• The US is running out of cardboard and packaging materials as the supply chain crisis drags on, making it harder for retailers to ship online orders https://www.businessinsider.com/us-is-running-out-of-cardboard-supply-chain-crisis-2021-10
• County Clerk Leaked Voting System Passwords To QAnon https://packetstormsecurity.com/news/view/32731/Trumpist-County-Clerk-Leaked-Voting-System-Passwords-To-QAnon.html
• The True Cost of Upgrading Your Phone https://www.nytimes.com/2021/10/20/technology/personaltech/iphone-upgrades-cost.html
• Twitter admits bias in algorithm for rightwing politicians and news outlets https://www.theguardian.com/technology/2021/oct/22/twitter-admits-bias-in-algorithm-for-rightwing-politicians-and-news-outlets
• Robot artist Ai-Da released by Egyptian border guards https://www.bbc.co.uk/news/world-us-canada-58993682

• Health, Safety & Environment:

  • Blood tests that can detect cancer are about to hit the market. But experts are still waiting to see if they can upend deadly disease. https://www.businessinsider.com/cancer-detecting-blood-tests-are-set-to-hit-the-market-by-2022-2021-10
  • US surgeons test pig kidney transplant in a human https://www.bbc.co.uk/news/health-58993696
  • What Makes People Hesitate to Get Vaccinated? Psychologists Break It Down https://www.sciencealert.com/what-is-driving-vaccine-hesitancy-amid-a-global-pandemic-psychologists-break-it-down
  • Raw onions recalled due to possible Salmonella contamination https://www.ctvnews.ca/health/raw-onions-recalled-due-to-possible-salmonella-contamination-1.5633858
  • Bat tests positive for rabies in a popular Toronto park https://toronto.ctvnews.ca/bat-tests-positive-for-rabies-in-popular-toronto-park-1.5635644
  • Calgarians vote to bring fluoride back into drinking water https://globalnews.ca/news/8275778/calgary-fluoride-back-drinking-water/
  • 8 of History's Most Misguided Anti-Vaxxers https://www.mentalfloss.com/article/651410/anti-vaxxers-in-history
  • Mini ‘mod' homes can help rough sleepers get off the streets for good – UK study https://scienmag.com/mini-mod-homes-can-help-rough-sleepers-get-off-the-streets-for-good-uk-study/
  • What Are Your Options When you've Only Got Hours or Days to Prevent an Asteroid Impact? https://www.universetoday.com/152974/what-are-your-options-when-youve-only-got-hours-or-days-to-prevent-an-asteroid-impact/
  • Giant retailers pledge to leave fossil-fueled ships behind https://www.theverge.com/2021/10/20/22736701/amazon-ikea-shipping-pollution-major-retailers
  • A half-mile plastic-trapping device in the Pacific caught 64,000 pounds of trash - including a fridge, mannequin, and toilet seats https://www.businessinsider.com/pacific-ocean-cleanup-device-caught-fridge-mannequin-toilet-seats-2021-10
  • NASA's tiny electrical aircraft is almost ready for lift-off https://www.theverge.com/2021/10/21/22738351/nasa-x57-maxwell-electric-airplane-bill-nelson-interview
  • How Airborne Microplastics Affect Climate Change https://www.scientificamerican.com/article/how-airborne-microplastics-affect-climate-change1/
  • Thousands of Ontario homeowners are eligible for a free smart thermostat and here's how to get one https://toronto.ctvnews.ca/thousands-of-ontario-homeowners-are-eligible-for-a-free-smart-thermostat-and-here-s-how-to-get-one-1.5629920
  • Baby Octopuses Grow Hundreds of Mystery Organs Only to Lose Them as They Grow Up https://www.sciencealert.com/here-s-why-baby-octopuses-grow-hundreds-of-organs-only-to-lose-them-as-they-grow-up
  • St. Lawrence estuary is swimming with abundance of whales https://www.cbc.ca/news/canada/montreal/abundance-of-whales-in-st-lawrence-estuary-1.6215748
  • Great white egret attracts attention in Rankin Inlet, Nunavut https://www.cbc.ca/news/canada/north/egret-in-rankin-inlet-nunavut-1.6219037

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Covid: Virus may have killed 80k-180k health workers, WHO says https://www.bbc.co.uk/news/health-58973697
  • Covid: Why are UK cases so high? https://www.bbc.co.uk/news/health-58954793
  • Covid-19: New mutation of Delta variant under close watch in UK https://www.bbc.co.uk/news/health-58965650
  • Russia's Covid nightmare driven by vaccine rejection https://www.bbc.co.uk/news/world-europe-58998366
  • Will Giving COVID Booster Shots Make It Harder to Vaccinate the Rest of the World? https://www.scientificamerican.com/article/will-giving-covid-booster-shots-make-it-harder-to-vaccinate-the-rest-of-the-world/
  • Ontario reports 328 new COVID-19 cases as seven-day average drops https://toronto.ctvnews.ca/ontario-reports-328-new-covid-19-cases-as-seven-day-average-drops-1.5628933
  • Conservative radio host said he constantly hugged strangers to catch covid: ‘What I hoped for the entire time' https://www.washingtonpost.com/nation/2021/10/19/dennis-prager-covid/

• Guidance, Response, and Recovery:

  • Canada lifts blanket advisory against non-essential travel introduced amid COVID-19 https://globalnews.ca/news/8288195/covid-canada-travel-advisory-lifted/
  • Ontario's enhanced COVID-19 vaccine certificates with QR codes now in effect https://globalnews.ca/news/8288347/covid-ontario-enhanced-vaccine-certificates-qr-code/
  • Covid: Moscow imposes new restrictions as infections soar https://www.bbc.co.uk/news/world-europe-58966477
  • Apple wallet supporting verifiable vaccine cards https://techcrunch.com/2021/09/21/apple-wallet-is-getting-verifiable-covid-19-vaccination-cards/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Don't use ivermectin for COVID-19, Health Canada warns as poison control calls increase https://globalnews.ca/news/8283660/ivermectin-health-canada-warning-poison-control/

• Immunity and Vaccinations:

  • U.S. FDA says Pfizer's COVID-19 vaccine is safe, effective for kids aged 5-11 https://globalnews.ca/news/8291584/covid-us-fda-pfizer-vaccine-kids/
  • Pfizer officially requests Health Canada approval for kids' COVID-19 shot https://www.ctvnews.ca/health/coronavirus/pfizer-officially-requests-health-canada-approval-for-kids-covid-19-shot-1.5627999
  • Things we learned:
  • Pathogen-Sensing Mask Could Detect COVID Infection https://www.scientificamerican.com/article/pathogen-sensing-mask-could-detect-covid-infection/
  • There May Be People Who Are Genetically Resistant to COVID-19, Scientists Say https://www.sciencealert.com/scientists-think-that-there-are-people-out-there-who-could-be-genetically-resistant-to-covid
  • New study finds no risk of pregnancy loss from COVID-19 vaccination https://scienmag.com/new-study-finds-no-risk-of-pregnancy-loss-from-covid-19-vaccination/
  • A Cancer Survivor Had a Record-Breaking COVID-19 Infection For 335 Days in Total https://www.sciencealert.com/cancer-survivor-sets-a-record-by-having-a-covid-infection-for-335-days

• More of the good, the bad, and the ugly:

  • Black Market Cashes In On Fake COVID-19 Vaccination Records https://packetstormsecurity.com/news/view/32741/Black-Market-Cashes-In-On-Fake-COVID-19-Vaccination-Records.html
  • Quebec investigating after forged Ontario vaccine documents selling online for up to $500 https://montreal.ctvnews.ca/mobile/forged-ontario-vaccine-proofs-prompt-quebec-to-tighten-verification-process-police-investigating-1.5623646

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Two Ontario doctors barred from issuing medical exemptions for COVID vaccine, masks, testing https://globalnews.ca/news/8273772/ontario-doctors-barred-medical-exemptions-covid-vaccine-masks-testing/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Censored Vaccine Card https://xkcd.com/2532/
• Good Moos: Cow Tipping Is a Myth https://www.mentalfloss.com/article/651526/cow-tipping-myth
• Watching Elephants Smash Giant Pumpkins Is Incredibly Satisfying https://www.mentalfloss.com/article/651593/watch-elephants-squash-giant-pumpkins
• Cancel Columbus Day: Sun storms pinpoint Europeans being in Canada in 1021 A.D. https://www.syfy.com/syfywire/cancel-columbus-day-sun-storms-pinpoint-europeans-being-in-canada-in-1021-ad
• Nuclear Fusion Edges Toward the Mainstream https://www.nytimes.com/2021/10/18/business/fusion-energy.html
• Orion: Nasa's Moon ship ready to be attached to rocket https://www.bbc.co.uk/news/science-environment-58965610
• This Simple Experiment Could Challenge Standard Quantum Theory https://www.scientificamerican.com/article/this-simple-experiment-could-challenge-standard-quantum-theory/
• Two Planets Smashed Together So Hard One of Them Lost Its Atmosphere https://www.sciencealert.com/two-planets-smashed-together-so-hard-one-of-them-lost-its-atmosphere
• Want to pitch in to help discover unknown planets? https://www.cbc.ca/radio/quirks/help-discover-planets-1.6219775
• Earth Tipped on Its Side 84 Million Years Ago, New Evidence Suggests https://www.sciencealert.com/there-s-evidence-that-earth-tipped-on-its-side-84-million-years-ago
• The Early Solar System Had a Gap Where the Asteroid Belt is Today https://www.universetoday.com/153048/the-early-solar-system-had-a-gap-where-the-asteroid-belt-is-today/
• There are 6×10^80 Bits of Information in the Observable Universe https://www.universetoday.com/153035/there-are-6x1080-bits-of-information-in-the-observable-universe/