This Week's [in]Security - Issue 243

Welcome to This Week’s [in]Security. PCI and payments: magecart, old school jackpot, processors, transit. Big-Hacks: 1M GoDaddy WordPress sites including SSL keys and credentials. New breaches: PNB, Millennium Bank, UHC, lessons learned. New Ransomware: Conti counterhack, IKEA, Vesta Turbines. Privacy: android settings. Laws & Regs - Canada: Misinformation vs. Freedom of Expression, Wills & social media. US: export ban, CISOs, federal privacy, Cryptocurrency, Apple vs. NSO. World: Israel Spy tech ban, UK default passwords, Aus limits anonymity. Standards: NIST Drafts, ICS/IOT defense. Defense: Webinars, Webinars. Cyber labeling, Metrics, Fake Apps, Trust Chains. Vulnerabilities, Zerodays: Windows Installer, Windows 10, Exchange. Other Vulnerabilities: Magento, BGP-IRR, Bad passwords, fingerprint bypass, medical devices, ICS Wi-Fi, passwordless Wi-Fi, open VPN, Virtual Box, Printjacking. Cybercrime: Trends, Infrastructure, Biomanufacturing, phone scams, CronRAT, email reply hijacking, JSWinRAT, Media-Tek DSP. Nation States: Crime: Interpol, Ukraine, holiday scams, and Ontario COVID arrest, flash mobs, RentAHitman? Other Risks: Facebook/Meta, unreal-estate, The Great Firewall, due diligence, quantum computing, Clearview AI, shipping, terminology, who me? Health, Safety & Environment. twindemic, plague, human error, exploding turkeys, insurance. flooding, Covid-19: Spread, Curves, Waves, and Variants; Omicron; Response; Treatments; Immunity; Learned; Impact; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• NCSC Alerts Over 4,000 Retailers With Hackers Card Skimming Using Magento Flaw https://packetstormsecurity.com/news/view/32844/NCSC-Alerts-Over-4-000-Retailers-With-Hackers-Card-Skimming-Using-Magento-Flaw.html
• UK govt warns thousands of SMBs their online stores were hacked https://www.bleepingcomputer.com/news/security/uk-govt-warns-thousands-of-smbs-their-online-stores-were-hacked/
• New Golang-based Linux Malware Targeting eCommerce Websites https://thehackernews.com/2021/11/new-golang-based-linux-malware.html
• Video shows ATM being ripped out of business by pickup truck driver in Mississauga https://toronto.ctvnews.ca/video-shows-atm-being-ripped-out-of-business-by-pickup-truck-driver-in-mississauga-1.5676731
• 5 Most Reliable Payment Processing Software for SMBs in Canada https://canadiansme.ca/5-most-reliable-payment-processing-software-for-smbs-in-canada/
• Moneris Open Payments for Transit certified by Discover and UnionPay, simplifying fare payments for tourists https://www.moneris.com/en/About-Moneris/News/Moneris-Open-Payments-for-Transit-certified-by-Discover-and-UnionPay
• TransLink to accept contactless debit card fare payments https://globalnews.ca/news/8396629/translink-debit-card-contactless-payments/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major incidents:

  • Over a million WordPress sites breached https://www.zdnet.com/article/over-a-million-godaddy-managed-wordpress-sites-cracked
  • SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password' https://www.theregister.com/2021/11/22/godaddy_managed_wordpress_ssl_keys/
  • GoDaddy Breach Widens to Include Reseller Subsidiaries https://threatpost.com/godaddy-breach-widens-reseller-subsidiaries/176575/

• New Breaches:

  • Indian bank smacks down allegation it exposed 180 million customers' accounts https://www.theregister.com/2021/11/23/punjab_national_bank_cyberx9_exchange_allegation/
  • Polish DPA: Bank Millennium fined 80,000 EUR for failure to notify the breach and the data subjects about the incident https://www.databreaches.net/polish-dpa-bank-millennium-fined-80000-eur-for-failure-to-notify-the-breach-and-the-data-subjects-about-the-incident/
  • Three months after ransomware attack and two months after data was dumped, UHC has yet to notify patients in writing https://www.databreaches.net/three-months-after-ransomware-attack-and-two-months-after-data-was-dumped-uhc-has-yet-to-notify-patients-in-writing/
  • Hackers hit Iran's Mahan airline, claim confidential data theft https://www.bleepingcomputer.com/news/security/hackers-hit-irans-mahan-airline-claim-confidential-data-theft/
  • Update: Astoria notifying 940,000 consumers after breach earlier this year https://www.databreaches.net/update-astoria-notifying-940000-consumers-after-breach-earlier-this-year/
  • Utah Medical Group Discloses Data Breach Affecting Over 580,000 Patients https://www.securityweek.com/utah-medical-group-discloses-data-breach-affecting-over-580000-patients
  • Alberta government reveals vaccine records website was taken down over ‘potential breach' of privacy https://globalnews.ca/news/8403688/alberta-covid-vaccine-qr-code-website-down/
  • Ph: Personal data of 22,000 S&R shopping members compromised in cyber attack https://www.databreaches.net/ph-personal-data-of-22000-sr-shopping-members-compromised-in-cyber-attack/
  • Little Rock officer arrested for ‘unauthorized access' of personal information https://www.databreaches.net/little-rock-officer-arrested-for-unauthorized-access-of-personal-information/
  • What CISOs can learn from the US Navy insider who stole nuclear secrets https://www.csoonline.com/article/3641410/what-cisos-can-learn-from-the-navy-insider-who-went-undetected-stealing-us-nuclear-secrets.html

• New Ransomware and "Incidents":

  • Researchers Hack Conti Ransomware Infrastructure https://www.securityweek.com/researchers-hack-conti-ransomware-infrastructure
  • IKEA email systems hit by ongoing cyberattack https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/
  • Turbine maker Vestas Wind Systems admits to cyber incident, refuses to confirm if ransomware is at play https://www.theregister.com/2021/11/22/vestas_wind_systems/

Privacy

Articles about privacy related news, risks, and trends.

• The Android 12 Privacy Settings You Should Update Now https://www.wired.com/story/android-12-privacy-settings-updates

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 109: Striking the Balance on Misinformation and Freedom of Expression – My Examination of Canadian Policy Solutions https://www.michaelgeist.ca/2021/11/law-bytes-podcast-episode-109/
  • Does your social media profile belong in your will? Why Canadians should plan their ‘digital inheritance' now https://globalnews.ca/news/8386984/canada-planning-digital-inheritance/

• US:

  • US bans Chinese firms – including one linked to HPE's China JV – for feeding tech to Beijing's military https://www.theregister.com/2021/11/25/us_chinese_ban/
  • US blocks export of quantum computing tech to Chinese organizations https://www.cnet.com/tech/computing/us-blocks-export-of-quantum-computing-tech-to-chinese-organizations/
  • 3 Key Questions for CISOs on the Wave of Historic Industrial Cybersecurity Legislation https://www.securityweek.com/3-key-questions-cisos-wave-historic-industrial-cybersecurity-legislation
  • Lawmakers push for federal data privacy law after report revealed Amazon is gutting state legislation https://www.databreaches.net/lawmakers-push-for-federal-data-privacy-law-after-report-revealed-amazon-is-gutting-state-legislation/
  • For Cryptocurrency, the Challenge Is to Balance Code and Law https://www.nytimes.com/2021/11/23/business/dealbook/cryptocurrency-code-law-technology.html
  • Apple sues spyware-maker NSO Group, notifies iOS exploit targets https://www.bleepingcomputer.com/news/apple/apple-sues-spyware-maker-nso-group-notifies-ios-exploit-targets/
  • Apple's Pegasus lawsuit a 'declaration of war' against offensive software developers, says Kaspersky director https://www.theregister.com/2021/11/24/apples_pegasus_lawsuit/

• World:

  • Israel Bans Sales of Hacking and Surveillance Tools to 65 Countries https://thehackernews.com/2021/11/israel-bans-sales-of-hacking-and.html
  • Huge fines and a ban on default passwords in new UK law https://www.databreaches.net/huge-fines-and-a-ban-on-default-passwords-in-new-uk-law/
  • Australia will introduce legislation requiring social media companies to reveal anonymous users who post defamatory comments https://www.businessinsider.com/australia-legislation-social-media-companies-reveal-anonymous-trolls-2021-11
  • Government-favoured child safety app warned it could violate the UK's Investigatory Powers Act with message-scanning tech https://www.theregister.com/2021/11/26/safetonet_message_scanning_legal_warning/
  • Max Schrems hits Irish Data Protection Commissioner with corruption complaint https://www.theregister.com/2021/11/24/max_schrems_files_corruption_complaint/
  • Indonesian Court Allows Internet Blocking During Unrest, Tightening Law Enforcement Control Over Users' Communications and Data https://www.eff.org/deeplinks/2021/11/indonesian-court-allows-internet-blocking-during-unrest-tightening-law-enforcement
  • Germany to force ISPs to give discounts for slow Internet speeds https://www.bleepingcomputer.com/news/legal/germany-to-force-isps-to-give-discounts-for-slow-internet-speeds/

• Standards News:

  • NCCoE Releases Preliminary Draft SP 1800-34 Volume C of the Supply Chain Assurance Practice Guide open for comments through January 17 https://www.nccoe.nist.gov/supply-chain-assurance
  • SANS Addresses ICS/OT Cyber Defence https://www.sans.org/blog/sans-addresses-ics-ot-cyber-defence

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars, Virtual Events, and other training related:
• Registration is now OPEN! Workshop on Cybersecurity Labeling for Consumer IoT and Software: Executive Order Update and Discussion December 9, 2021 from 11:00 AM – 3:00 PM EST https://www.nist.gov/news-events/events/2021/12/cybersecurity-labeling-consumer-iot-and-software-executive-order-update
• Security Awareness Metrics – What to Measure and How https://www.sans.org/blog/security-awareness-metrics-what-to-measure-and-how
• How to Defend Against Mobile App Impersonation https://threatpost.com/defend-app-impersonation/176519/
• How to investigate service provider trust chains in the cloud https://www.microsoft.com/security/blog/2021/11/22/how-to-investigate-service-provider-trust-chains-in-the-cloud/
• Report URI Penetration Test 2021 https://scotthelme.co.uk/report-uri-penetration-test-2021/
• Report URI is now using CSP nonces in an enforced policy https://scotthelme.co.uk/report-uri-is-now-using-csp-nonces-in-an-enforced-policy/
• Microsoft Edge adds Super Duper Secure Mode to Stable channel https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-adds-super-duper-secure-mode-to-stable-channel/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • Zero-Day Vulnerability in Windows 10, 11 & Server Installer Enables Threat Actors To Gain Admin Rights https://www.blumira.com/windows-zero-day-admin-rights/
  • New Windows zero-day with public exploit lets you become an admin https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/
  • Exploit released for Microsoft Exchange RCE bug, patch now https://www.bleepingcomputer.com/news/security/exploit-released-for-microsoft-exchange-rce-bug-patch-now/

• Other Vulnerabilities:

  • Ecommerce platforms (cough, Magento) need patching before Black Friday, warns UK's National Cyber Security Centre https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/
  • The Internet is Held Together With Spit & Baling Wire https://krebsonsecurity.com/2021/11/the-internet-is-held-together-with-spit-baling-wire/
  • People Are Still Using Dumb Passwords In 2021 https://packetstormsecurity.com/news/view/32841/People-Are-Still-Using-Dumb-Passwords-In-2021.html
  • Biometric auth bypassed using fingerprint photo, printer, and glue https://www.bleepingcomputer.com/news/security/biometric-auth-bypassed-using-fingerprint-photo-printer-and-glue/
  • Philips Working on Patches for Vulnerabilities Found in Medical Products https://www.securityweek.com/philips-working-patches-vulnerabilities-found-medical-products
  • Serious Vulnerabilities Found in Wi-Fi Module Designed for Critical Industrial Applications https://www.securityweek.com/serious-vulnerabilities-found-wi-fi-module-designed-critical-industrial-applications
  • UK Ministry of Justice secures HVAC systems 'protected' by passwordless Wi-Fi after Register tipoff https://www.theregister.com/2021/11/23/unsecured_rcj_hvac_wifi_routers/
  • Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications https://www.securityweek.com/severe-code-execution-vulnerabilities-affect-openvpn-based-applications
  • Microsoft Defender for Endpoint laid low. Not by malware, but by another buggy Windows patch https://www.theregister.com/2021/11/25/defender_for_endpoint_problems/
  • Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover https://threatpost.com/linux-web-servers-imunify360-bug/176508/
  • Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers https://www.theregister.com/2021/11/23/in_brief_security/
  • Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox https://thehackernews.com/2021/11/researchers-detail-privilege-escalation.html
  • Researchers warn of severe risks from ‘Printjack' printer attacks https://www.bleepingcomputer.com/news/security/researchers-warn-of-severe-risks-from-printjack-printer-attacks/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • CISA, FBI Warn of Potential Critical Infrastructure Attacks on Holidays https://www.securityweek.com/cisa-fbi-warn-potential-critical-infrastructure-attacks-holidays
  • FBI warns of phishing targeting high-profile brands' customers https://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-targeting-high-profile-brands-customers/
  • Devious ‘Tardigrade' Malware Hits Biomanufacturing Facilities (Vaccine Makers) https://www.wired.com/story/tardigrade-malware-biomanufacturing and https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/
  • The top 10 phone scams of 2021 https://brothke.medium.com/the-top-10-phone-scams-of-2021-69051f905d97
  • CronRAT: A New Linux Malware That's Scheduled to Run on February 31st https://thehackernews.com/2021/11/cronrat-new-linux-malware-thats.html
  • Cryptocurrency miners using hacked cloud accounts, Google warns https://www.theguardian.com/technology/2021/nov/25/cryptocurrency-miner-hacked-google-cloud-account-cybersecurity-action-team-threat-horizon-report
  • Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds https://www.bleepingcomputer.com/news/security/hackers-exploit-microsoft-mshtml-bug-to-steal-google-instagram-creds/
  • Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws https://threatpost.com/attackers-hijack-email-threads-proxylogon-proxyshell/176496/
  • Stealthy new JavaScript malware infects Windows PCs with RATs https://www.bleepingcomputer.com/news/security/stealthy-new-javascript-malware-infects-windows-pcs-with-rats/
  • Over 9 Million Android Phones Running Malware Apps from Huawei's AppGallery https://thehackernews.com/2021/11/over-9-million-android-phones-running.html
  • More Stealthier Version of BrazKing Android Malware Spotted in the Wild https://thehackernews.com/2021/11/more-stealthier-version-of-brazking.html
  • How a malicious Android app could covertly turn the DSP in your MediaTek-powered phone into an eavesdropping bug https://www.theregister.com/2021/11/24/mediatek_audio_vulnerabilty/

• Nation State Actors:

  • New Android Spyware Variants Linked to Middle Eastern APT https://www.darkreading.com/threat-intelligence/new-android-spyware-variants-linked-to-middle-eastern-apt

• Crime & Arrests, etc.:

  • Interpol arrests over 1,000 suspects linked to cyber crime https://www.bleepingcomputer.com/news/legal/interpol-arrests-over-1-000-suspects-linked-to-cyber-crime/
  • Ukraine arrests ‘Phoenix' hackers behind Apple phishing attacks https://www.bleepingcomputer.com/news/security/ukraine-arrests-phoenix-hackers-behind-apple-phishing-attacks/
  • FBI: Online shoppers risk losing over $53M to holiday scams https://www.bleepingcomputer.com/news/security/fbi-online-shoppers-risk-losing-over-53m-to-holiday-scams/
  • Ontario government employee among two charged in COVID-19 vaccine portal breach https://toronto.ctvnews.ca/ontario-government-employee-among-two-charged-in-covid-19-vaccine-portal-breach-1.5677801
  • Arrest in ‘Ransom Your Employer' Email Scheme https://krebsonsecurity.com/2021/11/arrest-in-ransom-your-employer-email-scheme/
  • Jury Convicts Maryland Man for Membership in Computer Fraud and Identity Theft Ring that Targeted State Governments https://www.databreaches.net/jury-convicts-maryland-man-for-membership-in-computer-fraud-and-identity-theft-ring-that-targeted-state-governments/
  • Black Friday ‘flash mob' robberies surge across U.S. https://globalnews.ca/news/8407673/black-friday-flash-mob-robberies-us/
  • Coordinated smash-and-grab robberies are 'traumatic experiences' for Best Buy workers, and could worsen the company's labor challenges https://www.businessinsider.com/shoplifting-robberies-traumatic-for-best-buy-workers-potential-staffing-impact-2021-11
  • A Michigan woman tried to hire an assassin online at RentAHitman.com. Now, she's going to prison. https://www.washingtonpost.com/nation/2021/11/22/rent-a-hitman-website/

Other Security / Risk

Articles covering other types of risks.

• Can Facebook Be Contained? https://www.theatlantic.com/magazine/archive/2021/12/the-commons/620520/
• Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023 https://thehackernews.com/2021/11/facebook-postpones-plans-for-e2e.html
• A plot of digital land was just sold in the metaverse for $2.43 million — more than most homes in NYC and San Francisco https://markets.businessinsider.com/news/currencies/metaverse-property-record-sale-million-home-in-new-york-city-san-francisco-2021-11
• China trying to export its Great Firewall and governance model https://www.theregister.com/2021/11/24/aspi_chinese_internet_governance_report/
• The Importance of IT Security in Your Merger Acquisition https://thehackernews.com/2021/11/the-importance-of-it-security-in-your.html
• Math may have caught up with Google’s quantum-supremacy claims https://arstechnica.com/science/2021/11/math-may-have-caught-up-with-googles-quantum-supremacy-claims/
• New Platform for Quantum Computing? Artificial Material Mimics Quantum Entangled Rare Earth Compounds https://scitechdaily.com/new-platform-for-quantum-computing-artificial-material-mimics-quantum-entangled-rare-earth-compounds/
• Clearview AI does well in another round of facial recognition accuracy tests. https://www.nytimes.com/2021/11/23/technology/clearview-facial-recognition-accuracy.html
• Mozilla is ending support for its Firefox password manager sync app https://www.theverge.com/2021/11/23/22798811/mozilla-is-ending-support-for-firefox-lockwise-password-manager
• One chart shows the dramatic drop-off in ship tracking data from China. This could be a sign of a worsening global supply chain crisis. https://www.businessinsider.com/chart-shows-dramatic-fall-in-ship-tracking-data-from-china-2021-11
• Everything you ever wanted to know about UDP sockets but were afraid to ask, part 1 https://blog.cloudflare.com/everything-you-ever-wanted-to-know-about-udp-sockets-but-were-afraid-to-ask-part-1/
• “Crypto” Means “Cryptography,” not “Cryptocurrency” https://www.schneier.com/blog/archives/2021/11/crypto-means-cryptography-not-cryptocurrency.html
• A tiny typo in an automated email to thousands of customers turns out to be a big problem for legal https://www.theregister.com/2021/11/22/who_me/
• Need your ducts cleaned? Here's what to look for so you don't get ripped off https://toronto.ctvnews.ca/need-your-ducts-cleaned-here-s-what-to-look-for-so-you-don-t-get-ripped-off-1.5680267

• Health, Safety & Environment:

  • Are we heading towards a 'twindemic' with COVID-19 and the flu? https://toronto.ctvnews.ca/are-we-heading-towards-a-twindemic-with-covid-19-and-the-flu-1.5676634
  • We May Have Underestimated The First Known Outbreak of Bubonic Plague https://www.sciencealert.com/we-may-have-underestimated-the-first-known-outbreak-of-bubonic-plague
  • Everything Is a Multivitamin https://www.theatlantic.com/health/archive/2021/11/dietary-supplements-mutlivitamins/620776/
  • Declining Eyesight Could Be Given a Boost by Short Morning Doses of Seeing Red https://www.sciencealert.com/declining-eyesight-could-be-given-a-boost-by-short-morning-doses-of-seeing-red
  • The Deadly Myth That Human Error Causes Most Car Crashes https://www.theatlantic.com/ideas/archive/2021/11/deadly-myth-human-error-causes-most-car-crashes/620808/
  • Why Frozen Turkeys Explode When Deep-Fried https://www.scientificamerican.com/article/why-frozen-turkeys-explode-when-deep-fried/
  • Solar Orbiter risks damage as it flies past Earth's blanket of space debris https://www.independent.co.uk/space/solar-orbiter-spacecraft-debris-esa-b1964902.html
  • Up to 10% of homes could now be 'uninsurable' because of flood risk. Yours may be one of them https://www.cbc.ca/news/canada/marketplace-home-insurance-1.6262386
  • Years of warnings about poor flood plans ignored prior to B.C. floods, says consulting firm https://globalnews.ca/news/8397330/bc-flood-warnings-ignored/
  • Bird-safe windows taking wing at University of Guelph https://globalnews.ca/news/8395300/bird-safe-windows-guelph-university/
  • Rolls-Royce says it has developed the 'world's fastest all-electric aircraft' topping 345.4 mph — check out the Spirit of Innovation https://www.businessinsider.com/photos-show-rolls-royces-worlds-fastest-electric-aircraft-2021-11

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Almost half of Canadians to ditch social distancing at holiday parties: poll https://globalnews.ca/news/8395098/canadians-ditch-social-distancing-holiday-parties/
  • Covid: New variant classed 'of concern' and named Omicron https://www.bbc.co.uk/news/world-59438723
  • Scientists Are Closely Watching New COVID Variant With a 'Very High' Number of Mutations https://www.sciencealert.com/highly-mutated-south-african-covid-variant-has-scientists-on-high-alert
  • Chart shows how quickly the new coronavirus variant spread in part of South Africa, totally supplanting Delta https://www.businessinsider.com/covid-19-variant-overtook-south-african-province-2-weeks-chart-2021-11
  • New variant symptoms mild, says doctor who spotted it https://www.bbc.co.uk/news/uk-59450988
  • We Know Almost Nothing About the Omicron Variant https://www.theatlantic.com/science/archive/2021/11/omicron-coronavirus-variant-what-we-know/620827/
  • Covid: 13 test positive for Omicron after S Africa-Netherlands flights https://www.bbc.co.uk/news/world-europe-59451103
  • Covid: Third case of Omicron variant detected in the UK https://www.bbc.co.uk/news/uk-59453744
  • Canada finds first cases of Omicron COVID-19 variant in Ontario. Here's what we know https://globalnews.ca/news/8408492/canada-omicron-variant-covid/
  • Europe's COVID-19 battle could lead to 700k more deaths by spring: WHO https://globalnews.ca/news/8395117/europe-covid-19-deaths-who-projection/

• Guidance, Response, and Recovery:

  • International travelers to England must self-isolate until they test negative for COVID-19 after 2 cases of Omicron variant identified https://www.businessinsider.com/omicron-england-travelers-tested-self-isolate-2021-11
  • South Africa 'punished' for finding Omicron https://www.bbc.co.uk/news/world-59442129
  • Coronavirus: EU latest to call for border closures over new variant fears https://www.bbc.co.uk/news/world-59427770
  • Canada clamps down on Omicron COVID-19 variant. Experts say it's likely ‘already here' https://globalnews.ca/news/8404811/omicron-variant-covid-canada-here/
  • Canada bans travellers from southern Africa as concerns mount over coronavirus variant https://www.ctvnews.ca/health/coronavirus/canada-bans-travellers-from-southern-africa-as-concerns-mount-over-coronavirus-variant-1.5682764
  • New Zealand to reopen to vaccinated visitors https://www.bbc.co.uk/news/world-asia-59397637
  • U.S. to require COVID-19 vaccines for non-residents crossing land border in January https://globalnews.ca/news/8396863/us-border-covid-vaccine-requirement/
  • Ontario to extend emergency orders under Reopening Ontario Act https://toronto.ctvnews.ca/ontario-to-extend-emergency-orders-under-reopening-ontario-act-1.5678336

• Treatments, Testing, Triage, Trials, and things we Learned:

  • New COVID Antivirals Do Not Replace the Need to Vaccinate https://www.scientificamerican.com/article/new-covid-antivirals-do-not-replace-the-need-to-vaccinate/

• Immunity and Vaccinations:

  • Several Manufacturers Are Already Testing Their COVID-19 Vaccines Against Omicron https://www.sciencealert.com/moderna-cmo-suggests-early-2022-date-if-vaccines-need-to-be-updated-for-omicron
  • Omicron variant: BioNTech, Moderna expect data on vaccine protection soon https://globalnews.ca/news/8405946/omicron-covid-19-variant-vaccine-protection/
  • Canadians divided over when COVID-19 vaccine mandates should be lifted: poll https://globalnews.ca/news/8404034/covid-vaccine-mandates-ipsos-poll/
  • Things we learned:
  • Infectious COVID-19 particles can spread beyond 2 meters when a person coughs, study suggests https://www.businessinsider.com/covid-19-cough-particles-spread-beyond-2-meters-scientists-study-2021-11
  • COVID-19: Plastic dividers widely ineffective or even counterproductive, Ontario expert says https://globalnews.ca/news/8403790/plastic-shields-ineffective-covid-ontario-expert-says/
  • COVID Tests Weren't Designed for This https://www.theatlantic.com/health/archive/2021/11/coronavirus-testing-still-confusing/620783/
  • The Lab-Leak Theory Meets Its Perfect Match https://www.theatlantic.com/ideas/archive/2021/11/lab-leak-covid-origin-coincidence-wet-market/620794/

• Impact:

  • Dow plunges 905 points as new coronavirus variant stokes fears of stalled global recovery https://markets.businessinsider.com/news/stocks/stock-market-news-dow-coronavirus-strain-south-africa-variant-2021-11

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Covid: Dutch police arrest quarantine hotel escapees https://www.bbc.co.uk/news/world-europe-59456332

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Spooky Quantum Effect That Turns Matter Invisible Finally Demonstrated https://www.sciencealert.com/spooky-quantum-effect-turns-matter-invisible-has-finally-been-demonstrated
• Wiarton Willie dead, to be replaced by brown groundhog for annual February festival https://globalnews.ca/news/8398739/wiarton-willie-dead-groundhog-day/
• NASA Reveals Bold Plan to Put a Nuclear Reactor on The Moon Within 10 Years https://www.sciencealert.com/nasa-is-planning-how-to-build-a-nuclear-reactor-on-the-moon
• A Machine-Learning Algorithm Just Found 301 Additional Planets in Kepler Data https://www.universetoday.com/153441/a-machine-learning-algorithm-just-found-301-additional-planets-in-kepler-data/
• Record-Breaking Exoplanet With Insanely Extreme Orbit Is Totally Doomed https://www.sciencealert.com/gas-giant-exoplanet-has-the-most-extreme-orbit-discovered-yet-and-it-s-totally-doomed
• Uncertain future: Is Andromeda going to collide with the Milky Way or not? https://www.syfy.com/syfy-wire/bad-astronomy-the-andromeda-galaxymilky-way-collision-is-now-in-doubt