This Week's [in]Security - Issue 245

Welcome to This Week’s [in]Security. Log4J/Log4shell! PCI and payments: PCI updates: PIN, SSF. Non-Compliance Lesson No.3. Magecart, Supply-Chain Backdoors: New breaches: Kafka. Volvo. New Ransomware: Follow-the-money, Cybercommand, Utilities, Healthcare, SPAR stores. Major outages: Amazon. Follow-ups & Fall-out. Privacy: Tor, surveillance capitalism, facial recognition. Alexa can you keep a secret? Laws & Regs - Canada: website blocking, JusTech. US: Copyright takedowns. World: Espionage tools, Botnet lawsuit, Assange. Cybercriminal Court? Standards: Cyber-resilience. testing. IPv6 transition. Defense: Cyber & the board, AI, Smishing, pirates. Vulnerabilities, Zerodays. Other Vulnerabilities: HTTP-no- S, Home grown, Chrome, Win/URI, WD SanDisk, SonicWall, MikroTik, Bluetooth, factoring. Cybercrime: Trends, Phising. WordPress, npm. Moobot. Nation States. Crime & Enforcement. Other Risks: AWS, Quantum, BurnOut, Tor, Kids, Cryptominers, AirTag abuse. Health, Safety & Environment. CO2 capture, batteries, nukes. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:

  • PTS PIN Technical Frequently Asked Questions https://www.pcisecuritystandards.org/documents/PTS_PIN_Technical_FAQs_v3_Dec_2021.pdf
  • Qualification Requirements for SSF Assessors https://www.pcisecuritystandards.org/documents/PCI-SSF-Qualification-Requirements-v1_1r1.pdf

• Non-Compliance Lesson No. 3: Don't upgrade or patch your old stuff https://controlgap.com/blog/Non-Compliance-Lesson-No-3

  • Hackers infect random WordPress plugins to steal credit cards https://www.bleepingcomputer.com/news/security/hackers-infect-random-wordpress-plugins-to-steal-credit-cards/
  • Retailers Now Pay Consumers to Pick Up Their Online Orders https://www.pymnts.com/news/retail/2021/retailers-now-pay-consumers-to-pick-up-their-online-orders/
  • Meta's WhatsApp Launches Payments Pilot With Novi Crypto Wallet https://www.pymnts.com/cryptocurrency/2021/whatsapp-launches-payments-pilot-with-novi-crypto-wallet/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major attacks, supply-chain compromises and widely used backdoors:

• New Breaches:

  • Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies https://threatpost.com/apache-kafka-cloud-clusters-expose-data/176778/
  • Hackers Steal Research Data From Sweden's Volvo Cars https://www.securityweek.com/hackers-steal-research-data-swedens-volvo-cars
  • LINE Pay leaks around 133,000 users' data to GitHub, of all places https://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/
  • Data breach impacts 80,000 South Australian govt employees https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/
  • Hackers publish Vestas data following cyber attack https://www.databreaches.net/hackers-publish-vestas-data-following-cyber-attack/

• New Ransomware and "Incidents":

  • Companies Linked to Russian Ransomware Hide in Plain Sight https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html
  • STOP Ransomware vaccine released to block encryption https://www.bleepingcomputer.com/news/security/stop-ransomware-vaccine-released-to-block-encryption/
  • Cyber Command Publicly Joins Fight Against Ransomware Groups https://threatpost.com/cyber-command-ransomware-groups/176801/
  • Australian Electricity Provider 'CS Energy' Hit by Ransomware https://www.securityweek.com/australian-electricity-provider-cs-energy-hit-ransomware
  • Cyberattack Causes Significant Disruption at Colorado Electric Utility https://www.securityweek.com/cyberattack-causes-significant-disruption-colorado-electric-utility
  • Cyberattack freezes Maryland health department https://www.databreaches.net/cyberattack-freezes-maryland-health-department/
  • Maryland health department says there's no evidence of data lost after cyberattack; website is back online https://www.databreaches.net/maryland-health-department-says-theres-no-evidence-of-data-lost-after-cyberattack-website-is-back-online/
  • Hundreds of SPAR stores shut down, switch to cash after cyberattack https://www.bleepingcomputer.com/news/security/hundreds-of-spar-stores-shut-down-switch-to-cash-after-cyberattack/
  • Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet https://www.bleepingcomputer.com/news/security/nordic-choice-hotels-hit-by-conti-ransomware-no-ransom-demand-yet/

• Major outages/downs:

  • Amazon outage isn't just online: delivery vans and warehouse bots aren't moving packages https://www.theverge.com/2021/12/7/22822736/amazon-delivery-van-atoz-app-warehouse-outage-aws
  • An Amazon server outage is causing problems for Alexa, Ring, Disney Plus, and others https://www.theverge.com/2021/12/7/22822332/amazon-server-aws-down-disney-plus-ring-outage
  • Why did Amazon Web Services crash? Here's what it means https://globalnews.ca/news/8434673/why-amazon-web-services-crash/

• Follow-ups and fall-out:

  • Over 40 million people had health information leaked this year https://www.theverge.com/2021/12/8/22822202/health-data-leaks-hacks
  • Irish Health Service ransomware attack happened after one staffer opened malware-ridden email https://www.theregister.com/2021/12/10/ireland_health_conti_ransomware_attack_report/
  • Ie: Hackers accessed HSE system eight weeks before cyber attack https://www.databreaches.net/ie-hackers-accessed-hse-system-eight-weeks-before-cyber-attack/

Privacy

Articles about privacy related news, risks, and trends.

• Someone Is Running Lots of Tor Relays https://www.schneier.com/blog/archives/2021/12/someone-is-running-lots-of-tor-relays.html
• Tor is under threat from Russian censorship and Sybil attacks https://arstechnica.com/information-technology/2021/12/tor-is-under-threat-from-russian-censorship-and-sybil-attacks/
• What is 'surveillance capitalism'? What we know, and why it's raising privacy fears https://globalnews.ca/news/8437052/what-is-surveillance-capitalism-privacy-issues/
• Eurostar tests facial recognition system on London train station https://www.bleepingcomputer.com/news/technology/eurostar-tests-facial-recognition-system-on-london-train-station/
• How to stop Alexa from ruining holiday surprises https://www.theverge.com/22828561/how-to-stop-alexa-from-announcing-packages

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Canadian Government's Groundhog Day Copyright Consultations: The Never-Ending Lobbying Battle for Website Blocking and Weakened User Rights Continues https://www.michaelgeist.ca/2021/12/the-canadian-governments-groundhog-day-copyright-consultations-the-never-ending-lobbying-battle-for-website-blocking-and-weakened-user-rights-continues/
  • The Law Bytes Podcast, Episode 111: The Story Behind JusTech - How Three University of Ottawa Law Students Created a Technology Compliance Solution for Privacy Breach Rules https://www.michaelgeist.ca/2021/12/law-bytes-podcast-episode-111/
  • Gap allegedly violated Canada's anti-spam law, agrees to pay $200K fine: CRTC https://globalnews.ca/news/8434193/gap-fine-canada-anti-spam-law-crtc/

• US:

  • YouTube reveals millions of videos get hit with incorrect copyright claims https://www.theverge.com/2021/12/6/22820318/youtube-copyright-claims-transparency-report
  • T-Mobile litigation over major data breach to proceed in Missouri https://www.databreaches.net/t-mobile-litigation-over-major-data-breach-to-proceed-in-missouri/
  • Appellate Court Partially Revives Medical Data Breach Class Action https://www.databreaches.net/appellate-court-partially-revives-medical-data-breach-class-action/

• World:

  • Fearing Misuse, Israel Tightens Supervision of Cyber Exports https://www.securityweek.com/fearing-misuse-israel-tightens-supervision-cyber-exports
  • Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators https://threatpost.com/google-glupteba-botnet-lawsuit/176826/
  • Julian Assange can be extradited to the US, court rules https://www.bbc.co.uk/news/uk-59608641
  • Virtual Worlds, Real People: Human Rights in the Metaverse https://www.eff.org/deeplinks/2021/12/virtual-worlds-real-people-human-rights-metaverse
  • Hacker Named Bowser Must Pay Nintendo $10 Million In Piracy Case https://packetstormsecurity.com/news/view/32893/Hacker-Named-Bowser-Must-Pay-Nintendo-10-Million-In-Piracy-Case.html
  • When Scammers Get Scammed, They Take It to Cybercrime Court https://threatpost.com/scammers-cybercrime-court/176834/

• Standards News:

  • NIST Publishes SP 800-160 Vol. 2, Revision 1 Developing Cyber-Resilient Systems: A Systems Security Engineering Approach https://csrc.nist.gov/publications/detail/sp/800-160/vol-2-rev-1/final
  • Draft NIST Cybersecurity White Paper Combination Frequency Differencing for Testing open for comments until February 7 https://csrc.nist.gov/publications/detail/white-paper/2021/12/06/combination-frequency-differencing/draft
  • NCCoE Releases Draft Project Description for IPv6 Transition open for comment until January 27 https://www.nccoe.nist.gov/projects/ipv6-transition

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Bringing Cybersecurity to the Board (and Vice Versa) https://blog.isc2.org/isc2_blog/2021/12/bringing-cybersecurity-to-the-board.html
• Why the C-Suite Doesn't Need Access to All Corporate Data https://www.darkreading.com/vulnerabilities-threats/why-the-c-suite-doesn-t-need-access-to-all-corporate-data
• For truly ethical AI, its research must be independent from big tech | Timnit Gebru https://www.theguardian.com/commentisfree/2021/dec/06/google-silicon-valley-ai-timnit-gebru
• The Importance of Out-of-Band Networks, (Mon, Dec 6th) https://isc.sans.edu/diary/rss/28102
• How to Guard Against Smishing Attacks on Your Phone https://www.wired.com/story/smishing-sms-phishing-attack-phone
• New Study: 90% of Consumers Willing to Ditch Passwords for Safer Authentication https://www.pymnts.com/authentication/2021/new-study-90-pct-consumers-willing-to-ditch-passwords-for-safer-authentication/
• Firefox's latest security feature is designed to protect itself from buggy code https://www.theverge.com/2021/12/6/22820045/firefox-rlbox-sandboxing-technology-security-subcomponents-modules
• Keep it Locked https://www.theverge.com/c/22796344/cybersecurity-how-to-protect-hacked-account
• New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure https://www.microsoft.com/security/blog/2021/12/07/new-secured-core-servers-are-now-available-from-the-microsoft-ecosystem-to-help-secure-your-infrastructure/
• Microsoft: Secured-core servers help prevent ransomware attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-secured-core-servers-help-prevent-ransomware-attacks/
• Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
• Microsoft offers 50% subscription discounts to Office pirates https://www.bleepingcomputer.com/news/microsoft/microsoft-offers-50-percent-subscription-discounts-to-office-pirates/
• Continuous Security Hardening and Monitoring for IBM® z/OS® Mainframes and Databases Using Qualys Policy Compliance https://blog.qualys.com/product-tech/2021/12/07/continuous-security-hardening-and-monitoring-for-ibm-z-os-mainframes-and-databases-using-qualys-policy-compliance
• U.S. Military Has Acted Against Ransomware Groups, General Acknowledges https://www.databreaches.net/u-s-military-has-acted-against-ransomware-groups-general-acknowledges/
• Vulnerability Scanning Frequency Best Practices https://thehackernews.com/2021/12/vulnerability-scanning-frequency-best.html

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• The log4J/Log4shell zeroday supplychain remote code injection vulnerability may be one of the most significant vulnerabilities of all time:

  • Recently uncovered software flaw 'most critical vulnerability of the last decade' https://www.theguardian.com/technology/2021/dec/10/software-flaw-most-critical-vulnerability-log-4-shell
  • Zeroday exploit for critical Log4j bug poses a grave threat to the Internet https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/
  • New zero-day exploit for Log4j Java library is an enterprise nightmare https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
  • The Internet's biggest players are all affected by critical Log4Shell 0-day https://arstechnica.com/information-technology/2021/12/the-critical-log4shell-zero-day-affects-a-whos-who-of-big-cloud-services/
  • Log4J affects VMware https://www.vmware.com/security/advisories/VMSA-2021-0028.html
  • Apache Log4j Flaw Puts Third-Party Software in the Spotlight https://www.tenable.com/blog/apache-log4j-flaw-puts-third-party-software-in-the-spotlight
  • CVE-2021-44228: Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell) https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability
  • Actual CVE-2021-44228 payloads captured in the wild https://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/
  • RCE in log4j, Log4Shell, or how things can get bad quickly, (Fri, Dec 10th) https://isc.sans.edu/diary/rss/28120
  • Log4Shell exploited to implant coin miners, (Mon, Dec 13th) https://isc.sans.edu/diary/rss/28124
  • CVE-2021-44228 - Log4j RCE 0-day mitigation https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/
  • Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data), (Sat, Dec 11th) https://isc.sans.edu/diary/rss/28122
  • Canada Revenue Agency shuts down online services over global 'security vulnerability' https://globalnews.ca/news/8444254/canada-revenue-agency-security-offline/
  • Massive software flaw with global reach forces Quebec to shut government websites https://globalnews.ca/news/8444811/massive-software-flaw-quebec-government-websites/
  • Update: GO Transit website back online after being taken offline and updated during latest global cybersecurity vulnerability (i.e. Log4J) https://blog.metrolinx.com/2021/12/10/metrolinx-statement-on-go-transit-website-taken-offline-out-of-abundance-of-caution/

• Other Zero-day news:

  • CVE-2021-44515: ZoHo Patches ManageEngine Zero-Day Exploited in the Wild https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild
  • Windows 'InstallerFileTakeOver' zero-day bug gets free micropatch https://www.bleepingcomputer.com/news/security/windows-installerfiletakeover-zero-day-bug-gets-free-micropatch/

• Other Vulnerabilities:

  • A third of you slackers out there still aren't using HTTPS by default https://www.theregister.com/2021/12/09/top_1_million_report_scott_helme/
  • Newly Found Authentication Flaws Highlight Dangers of Coding From Scratch https://www.darkreading.com/application-security/authentication-flaws-highlight-dangers-of-coding-from-scratch
  • AWS Among 12 Cloud Services Affected By Flaws In Eltima SDK https://packetstormsecurity.com/news/view/32895/AWS-Among-12-Cloud-Services-Affected-By-Flaws-In-Eltima-SDK.html
  • Google Patches Serious Use-After-Free Vulnerabilities in Chrome https://www.securityweek.com/google-patches-serious-use-after-free-vulnerabilities-chrome
  • 27 flaws in USB-over-network SDK affect millions of cloud users https://www.bleepingcomputer.com/news/security/27-flaws-in-usb-over-network-sdk-affect-millions-of-cloud-users/
  • Windows 10 Drive-By RCE Triggered by Default URI Handler https://threatpost.com/windows-10-rce-uri-handler/176830/
  • WD Updates SanDisk SecureAccess to Prevent Dictionary, Brute Force Attacks https://www.securityweek.com/wd-updates-sandisk-secureaccess-prevent-dictionary-brute-force-attacks
  • SonicWall Urges Users to Patch Several Vulnerabilities in Secure Mobile Access Products (CVE-2021-20038) https://www.tenable.com/blog/sonicwall-urges-users-to-patch-several-vulnerabilities-in-secure-mobile-access-products-cve
  • Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs https://thehackernews.com/2021/12/over-300000-mikrotik-devices-found.html
  • Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite, by Marc Fischlin and Olga Sanina https://eprint.iacr.org/2021/1597
  • Factoring Primes to Factor Moduli: Backdooring and Distributed Generation of Semiprimes, by Giuseppe Vitto https://eprint.iacr.org/2021/1610

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • One-Third of Phishing Pages Gone in a Day https://www.darkreading.com/endpoint/one-third-of-phishing-pages-gone-in-a-day
  • Phishing attacks use QR codes to steal banking credentials https://www.bleepingcomputer.com/news/security/phishing-attacks-use-qr-codes-to-steal-banking-credentials/
  • US universities targeted by Office 365 phishing attacks https://www.bleepingcomputer.com/news/security/us-universities-targeted-by-office-365-phishing-attacks/
  • 1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses https://thehackernews.com/2021/12/16-million-wordpress-sites-under.html
  • Malicious npm Code Packages Built for Hijacking Discord Servers https://threatpost.com/malicious-npm-code-packages-discord/176886/
  • Malicious NPM packages are part of a malware "barrage" hitting repositories https://arstechnica.com/information-technology/2021/12/malicious-packages-sneaked-into-npm-repository-stole-discord-tokens/
  • Moobot botnet spreading via Hikvision camera vulnerability https://www.bleepingcomputer.com/news/security/moobot-botnet-spreading-via-hikvision-camera-vulnerability/
  • SolarWinds Hackers Use New Malware in Recent Attacks https://www.securityweek.com/solarwinds-hackers-use-new-malware-attacks-serve-russian-interests

• Nation State Actors:

  • Microsoft seizes sites used by APT15 Chinese state hackers https://www.bleepingcomputer.com/news/microsoft/microsoft-seizes-sites-used-by-apt15-chinese-state-hackers/
  • Russian hacking group uses new stealthy Ceeloader malware https://www.bleepingcomputer.com/news/security/russian-hacking-group-uses-new-stealthy-ceeloader-malware/
  • SolarWinds hackers have a whole bag of new tricks for mass compromise attacks https://arstechnica.com/information-technology/2021/12/solarwinds-hackers-have-a-whole-bag-of-new-tricks-for-mass-compromise-attacks/
  • Why the Private Sector Is Key to Stopping Russian Hacking Group APT29 https://www.darkreading.com/attacks-breaches/why-the-private-sector-is-key-to-stopping-russian-hacking-group-apt29
  • France warns of Nobelium cyberspies attacking French orgs https://www.bleepingcomputer.com/news/security/france-warns-of-nobelium-cyberspies-attacking-french-orgs/
  • New 'Karakurt' hacking group focuses on data theft and extortion https://www.bleepingcomputer.com/news/security/new-karakurt-hacking-group-focuses-on-data-theft-and-extortion/
  • Malicious KMSPico Windows Activator Stealing Users' Cryptocurrency Wallets https://thehackernews.com/2021/12/malicious-kmspico-windows-activator.html

• Crime & Arrests, etc.:

  • Consumers Expect More E-Commerce Fraud During the Holidays, And They Blame Marketplaces https://www.digitaltransactions.net/consumers-expect-more-e-commerce-fraud-during-the-holidays-and-they-blame-marketplaces/
  • Identity Fraud: A Major Growth Area for Criminals https://www.securityweek.com/identity-fraud-major-growth-area-criminals
  • Canada Charges Its "Most Prolific Cybercriminal" https://krebsonsecurity.com/2021/12/canada-charges-its-most-prolific-cybercriminal/
  • Alleged ransomware affiliate arrested for healthcare attacks https://www.bleepingcomputer.com/news/security/alleged-ransomware-affiliate-arrested-for-healthcare-attacks/
  • Russian National Sentenced for Providing Crypting Service for Kelihos Botnet https://www.databreaches.net/russian-national-sentenced-for-providing-crypting-service-for-kelihos-botnet/
  • Florida teen and her mother accused of hacking homecoming queen election refuse plea deal, claiming they have been framed https://www.databreaches.net/florida-teen-and-her-mother-accused-of-hacking-homecoming-queen-election-refuse-plea-deal-claiming-they-have-been-framed/
  • Toronto police just revealed the city's ten most stolen vehicles of the year https://toronto.ctvnews.ca/toronto-police-just-revealed-the-city-s-ten-most-stolen-vehicles-of-the-year-1.5698565

Other Security / Risk

Articles covering other types of risks.

• AWS Is The Internet's Biggest Single Point Of Failure https://packetstormsecurity.com/news/view/32899/AWS-Is-The-Internets-Biggest-Single-Point-Of-Failure.html
• Crucial leap in error mitigation for quantum computers https://scienmag.com/crucial-leap-in-error-mitigation-for-quantum-computers/
• Everyone Is Burned Out. That's Becoming A Security Nightmare https://packetstormsecurity.com/news/view/32894/Everyone-Is-Burned-Out.-Thats-Becoming-A-Security-Nightmare.html
• Are You Guilty of These 8 Network-Security Bad Practices? https://threatpost.com/bad-practices-network-security/176798/
• New Windows 11 Voice Access lets you control the OS with your voice https://www.bleepingcomputer.com/news/microsoft/new-windows-11-voice-access-lets-you-control-the-os-with-your-voice/
• Tor's main site blocked in Russia as censorship widens https://www.bleepingcomputer.com/news/security/tor-s-main-site-blocked-in-russia-as-censorship-widens/
• Why Apps Suddenly Want to Protect Kids https://www.nytimes.com/2021/12/09/technology/apps-child-protection.html
• Cryptominers aren't just a headache - they're a big neon sign that Bad Things are on your network https://www.theregister.com/2021/12/07/sophos_tor2mine_research_cryptominer_warning/
• Thieves Using AirTags to "Follow" Cars https://www.schneier.com/blog/archives/2021/12/thieves-using-airtags-to-follow-cars.html
• DtSR Episode 478 - Beyond Buzzwords: XDR http://podcast.wh1t3rabbit.net/dtsr-episode-478-beyond-buzzwords-xdr
• The vice president should not be using Bluetooth headphones https://www.theverge.com/2021/12/7/22822431/kamala-harris-bluetooth-security-hacking-headphones
• A TikToker wrote a code to flood Kellogg with bogus job applications after the company announced it would permanently replace striking workers https://www.businessinsider.com/tiktoker-wrote-code-spam-kellogg-strike-busting-job-ad-site-2021-12
• Loss of secret data puts navy's handling of storage devices under investigation - again https://www.cbc.ca/news/politics/navy-classified-electronics-lost-1.6277938
• Ontario appoints nine people to task force that will deal with making homes more affordable https://toronto.ctvnews.ca/ontario-appoints-nine-people-to-task-force-that-will-deal-with-making-homes-more-affordable-1.5695551
• What is EV tax credit and why is Canada threatening the U.S. with tariffs? https://globalnews.ca/news/8443831/us-ev-tax-credit-canada-threats-explainer/
• Maker of suicide pod plans to launch in Switzerland https://www.bbc.co.uk/news/technology-59577162

• Health, Safety & Environment:

  • First detailed images of molecule associated with ALS could open door to therapies https://scienmag.com/first-detailed-images-of-molecule-associated-with-als-could-open-door-to-therapies/
  • Scientists identify malfunctioning brain cells as potential target for Alzheimer's treatment https://scienmag.com/scientists-identify-malfunctioning-brain-cells-as-potential-target-for-alzheimers-treatment/
  • This Protein Could Boost Brain Function without Exercise https://www.scientificamerican.com/article/this-protein-could-boost-brain-function-without-exercise/
  • Great News: An mRNA Flu Vaccine Just Delivered Positive Phase 1 Trial Results https://www.sciencealert.com/moderna-announces-positive-phase-1-trial-results-for-mrna-flu-vaccine
  • Giant Study Finds Viagra Is Linked to Almost 70% Lower Risk of Alzheimer's https://www.sciencealert.com/giant-study-finds-viagra-is-linked-to-almost-70-lower-risk-of-alzheimer-s
  • New Zealand plans lifetime cigarette ban for youth. Here's how it will work https://globalnews.ca/news/8436829/new-zealands-cigarette-ban-explainer/
  • University of Waterloo to help conduct $10-million study of e-cigarettes https://globalnews.ca/news/8433604/e-cigarette-study-university-of-waterloo/
  • There's a Cancer Treatment That Gives People 'Night Vision'. Here's How https://www.sciencealert.com/there-s-a-cancer-treatment-that-gives-people-night-vision-here-s-how
  • Space sleeping bag to solve astronauts' squashed eyeball disorder https://www.bbc.co.uk/news/science-environment-59591301
  • Tesla allows drivers to play video games in moving cars, raising safety concerns https://www.theverge.com/2021/12/8/22823127/tesla-car-arcade-games-safety-nhtsa
  • NHTSA Is Looking Into Tesla Video Games That Can be Played While Moving https://www.nytimes.com/2021/12/08/business/tesla-video-games-nhtsa.html
  • Impaired-driver sensor could pave the way for safer vehicles https://scienmag.com/impaired-driver-sensor-could-pave-the-way-for-safer-vehicles/
  • Storm Drains Keep Swallowing People During Floods https://www.propublica.org/article/storm-drains-keep-swallowing-people-during-floods#1191580
  • Another day, another asteroid that won't hit us: Nereus will miss Earth tomorrow https://www.syfy.com/syfy-wire/bad-astronomy-asteroid-nereus-will-pass-earth-safely-on-december-11-2021
  • NASA's Next-Generation Asteroid Impact Monitoring System Just Got Switched On https://www.sciencealert.com/nasa-s-next-gen-asteroid-impact-monitoring-system-was-just-switched-on
  • Asteroid Apophis' 2029 Flyby Will Provide a Bonanza of Asteroid Science https://www.universetoday.com/153498/asteroid-apophis-2029-flyby-will-provide-a-bonanza-of-asteroid-science/
  • Moving CO2 from Air to Oceans May Be Necessary to Slow Warming https://www.scientificamerican.com/article/moving-co2-from-air-to-oceans-may-be-necessary-to-slow-warming/
  • Scientists use sunlight and modified sawdust to reversibly capture carbon dioxide https://scienmag.com/scientists-use-sunlight-and-modified-sawdust-to-reversibly-capture-carbon-dioxide/
  • Sodium-based Material Yields Stable Alternative to Lithium-ion Batteries https://scienmag.com/sodium-based-material-yields-stable-alternative-to-lithium-ion-batteries/
  • The West's Nuclear Mistake https://www.theatlantic.com/ideas/archive/2021/12/germany-california-nuclear-power-climate/620888/
  • General Motors makes moves to source rare earth metals for EV motors in North America https://www.theverge.com/2021/12/9/22825948/gm-ev-motor-rare-earth-metal-magnet-mp-materials

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • COVID-19 mutations make pandemic trajectory unpredictable, experts say https://globalnews.ca/news/8436438/covid-19-mutations-pandemic-trajectory-unpredictable/
  • The Omicron variant appeared to spread between two fully vaccinated people in separate hotel rooms in Hong Kong, early research suggests https://www.businessinsider.com/omicron-research-infected-2-vaccinated-people-separate-hotel-rooms-2021-12
  • U.S. COVID-19 death toll hits 800,000 amid Omicron variant scare https://globalnews.ca/news/8444567/u-s-covid-deaths-omicron-2021/
  • Ontario logs highest daily case count since May with more than 1,200 new infections https://toronto.ctvnews.ca/ontario-logs-highest-daily-case-count-since-may-with-more-than-1-200-new-infections-1.5700159
  • COVID-19 cases in Quebec skyrocket to past 2,000, highest daily total in 11 months https://globalnews.ca/news/8440218/covid-19-cases-in-quebec-skyrocket-2000/

• Guidance, Response, and Recovery:

  • Ontario not likely to wind down vaccine passport system in January if Omicron persists: health minister https://toronto.ctvnews.ca/ontario-not-likely-to-wind-down-vaccine-passport-system-in-january-if-omicron-persists-health-minister-1.5695363
  • Nigeria may ban flights from Canada in retaliation for Omicron measure https://globalnews.ca/news/8444626/nigeria-canada-flight-ban/
  • Job sites for unvaccinated thrive as vaccine mandates exclude employees https://globalnews.ca/news/8434208/unvaccinated-jobs-covid-pandemic/

• Immunity and Vaccinations:

  • Omicron COVID-19 variant a wake-up call for vaccine makers, experts warn https://globalnews.ca/news/8434182/omicron-variant-covid-vaccine-makers/
  • Omicron: Three vaccine doses key for protection against variant https://www.bbc.co.uk/news/health-59615005
  • Omicron: WHO concerned rich countries could hoard vaccines https://www.bbc.co.uk/news/world-59599058
  • A longer-lasting COVID vaccine? UCLA study points the way https://scienmag.com/a-longer-lasting-covid-vaccine-ucla-study-points-the-way/
  • Ontario announces anyone 18 and over can book a booster in January https://toronto.ctvnews.ca/ontario-announces-anyone-18-and-over-can-book-a-booster-in-january-1.5702639
  • A 3D printed vaccine is pain-free and can be self-administered, cutting down on hospital trips https://www.businessinsider.com/3d-printed-vaccine-pain-free-self-administered-could-fight-coronavirus-2021-12
  • What's Really Behind Global Vaccine Hesitancy https://www.theatlantic.com/politics/archive/2021/12/which-countries-have-most-anti-vaxxers/620901/

• Impact:

  • Over half a million fewer surgeries have been performed since start of COVID-19: report https://globalnews.ca/news/8435885/covid-surgery-backlog-report/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Oakville restaurant's liquor licence suspended for not enforcing proof of vaccination https://globalnews.ca/news/8440147/oakville-restaurant-liquor-licence-suspended/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• T.rex gets Christmas jumper at Natural History Museum in London https://www.bbc.co.uk/news/uk-england-leicestershire-59545622
• Dogs Understand an Average of 89 Unique Words And Phrases, New Research Shows https://www.sciencealert.com/dogs-respond-to-an-average-of-89-unique-words-experiment-finds
• Researchers develop tiny camera the size of a grain of salt - and it could turn your phone into one big camera https://www.independent.co.uk/life-style/gadgets-and-tech/camera-grain-salt-tiny-princeton-washington-university-b1973070.html
• A $92,000 flying car can reach speeds of 63mph and can stay airborne for 20 minutes https://www.businessinsider.com/new-flying-car-goes-63-mph-20-minutes-costs-92000-2021-12
• A Total Eclipse of the Sun https://apod.nasa.gov/apod/ap211209.html
• Hubble is Fully Operational Once Again https://www.universetoday.com/153596/hubble-is-fully-operational-once-again/
• Company Tests Iodine Thruster in Space for the First Time https://www.universetoday.com/153629/company-tests-iodine-thruster-in-space-for-the-first-time/
• Scientists Say We Should Rethink Moons as Planets... And Reinstate Pluto https://www.sciencealert.com/fascinating-paper-lays-out-why-we-need-to-rethink-moons-as-planets-and-reinstate-pluto
• Citizen scientists find young-Jupiter-like object missed by previous exoplanet searches https://scienmag.com/citizen-scientists-find-young-jupiter-like-object-missed-by-previous-exoplanet-searches/
• No, a NASA scientist didn't create a Warp Bubble https://bigthink.com/starts-with-a-bang/no-warp-bubble/
• What's a Time Crystal? https://spectrum.ieee.org/qa-creating-time-crystals-using-quantum-computers