This Week's [in]Security - Issue 250 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Card Production. Carders. Training. New breaches, New Ransomware: bankruptcy, jail, DDoS. Major outages, Follow-ups & Fall-out: Lawyers vs Insurance, Accellion, Maryland. Privacy: Apple Private Relay. Laws & Regs - Canada: location data. US: DMCA, Carrier breach rules, DeFi, Facebook anti-trust, Celebrities sued. World: Europol, GDPR & Tech, China & tech. Standards: NIST drafts, Randomness. Defense: Protecting Open Source, Blocking stingray, ICS Security, C-Level, CSSLP. Vulnerabilities, Zerodays. Other Vulnerabilities: WordPress, React & NPM, MacOS, Defender, Patching: CISA must patch list, Adobe, AWS, Cisco. WordPress, L2TP. cryptography, Cybercrime: Trends: Self-inflicted, Multi-OS backdoor, Beware USB sticks. Nation States: Spyware for hire, Russia v Ukraine. Crime & Enforcement: Revil Arrests, Ukrainian arrests, Crypto theft. Other Risks: Great Resignation, QR fakes, Real war? Sowing division. Health, Safety & Environment: Tsunami, Tesla, Sharks, Wild-fires. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Learned; Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• New/Updated Standards:

  • Card Production Summary of Changes v2.0 to v3.0 https://www.pcisecuritystandards.org/documents/PCI%20Card%20Production%20v3.0%20Summary%20of%20Changes%20v2%20to%20v3%20Final.pdf
  • Card Production and Provisioning Logical Security Requirements v3.0 https://www.pcisecuritystandards.org/documents/PCI%20CP_Logical_SR_TPs_v3_Final.pdf
  • Card Production and Provisioning Physical Security Requirements v3.0 https://www.pcisecuritystandards.org/documents/PCI%20CP_Physical_SR_TPs%20v3_Final.pdf
• International credit card fraud gang busted in Hyderabad, Rs 1.11 crore seized https://www.databreaches.net/international-credit-card-fraud-gang-busted-in-hyderabad-rs-1-11-crore-seized/
• Top Illicit Carding Marketplace UniCC Abruptly Shuts Down https://threatpost.com/carding-marketplace-unicc-shuts-down/177688/
• Mastercard Launches Payments Tool For Canadian Businesses https://www.pymnts.com/news/b2b-payments/2022/mastercard-launches-payments-tool-for-canadian-businesses/

• Other educational events, webinars, courses:

  • NIST Event - 3rd Open Security Controls Assessment Language (OSCAL) Workshop - March 1-2 https://www.nist.gov/news-events/events/2022/03/3rd-open-security-controls-assessment-language-oscal-workshop

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • With the 'Great Resignation' Comes the 'Great Exfiltration' https://www.securityweek.com/great-resignation-comes-great-exfiltration
  • No Significant Intrusions Related to Log4j Flaw Yet, CISA Says https://www.darkreading.com/vulnerabilities-threats/no-significant-intrusions-related-to-log4j-flaw-yet-cisa-says
  • The definitions of “recently” and “discovered” leave a lot to be desired https://www.databreaches.net/the-definitions-of-recently-and-discovered-leave-a-lot-to-be-desired/
  • India: Aditya Birla Fashion and Retail - 5,470,063 breached accounts https://haveibeenpwned.com/PwnedWebsites#ABFRL
  • Th: Huge patient data leak from Siriraj Hospital https://www.databreaches.net/th-huge-patient-data-leak-from-siriraj-hospital/
  • Kronos hackers stole personal info of Metro-North workers, MTA says https://www.databreaches.net/kronos-hackers-stole-personal-info-of-metro-north-workers-mta-says/
  • MRIoA Discloses Data Breach Affecting 134,000 People https://www.securityweek.com/mrioa-discloses-data-breach-affecting-134000-people
  • Missouri school district's employee data dumped by ransomware group https://www.databreaches.net/missouri-school-districts-employee-data-dumped-by-ransomware-group/

• New Ransomware and "Incidents":

  • Cyberattack Steers Texas Steel Firm Into Ch. 11 Wind Down https://www.law360.com/construction/articles/1454882/cyberattack-steers-texas-steel-firm-into-ch-11-wind-down
  • A ransomware attack took a New Mexico jail offline, leaving inmates in lockdown https://www.theverge.com/2022/1/11/22878471/ransomware-attack-new-mexico-jail-lockdown-cameras-bernalillo-county
  • Hackers disrupt payroll for thousands of employers — including hospitals https://www.databreaches.net/hackers-disrupt-payroll-for-thousands-of-employers-including-hospitals/
  • Guilford Technical Community College notifies 65,646 affected by ransomware incident in 2020 https://www.databreaches.net/guilford-technical-community-college-notifies-65646-affected-by-ransomware-incident-in-2020/
  • Connecticut company that hosts school websites recovering from ransomware attack https://www.databreaches.net/connecticut-company-that-hosts-school-websites-recovering-from-ransomware-attack/
  • Extortion DDoS attacks grow stronger and more common https://www.bleepingcomputer.com/news/security/extortion-ddos-attacks-grow-stronger-and-more-common/

• Major outages/downs:

  • eNom data center migration mistakenly knocks sites offline https://www.bleepingcomputer.com/news/security/enom-data-center-migration-mistakenly-knocks-sites-offline/

• Follow-ups and fall-out:

  • Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage https://www.darkreading.com/attacks-breaches/changes-to-breach-response-more-lawyers-less-cyber-coverage
  • Accellion reaches $8.1 mln settlement to resolve data breach litigation https://www.databreaches.net/accellion-reaches-8-1-mln-settlement-to-resolve-data-breach-litigation/
  • Maryland Lawmaker: Officials Misled on Ransomware Attack https://www.securityweek.com/maryland-lawmaker-officials-misled-ransomware-attack
  • Breach of the Protection and Accountability Obligations by Nature Society (Singapore) 14 Jan 2022 https://www.databreaches.net/breach-of-the-protection-and-accountability-obligations-by-nature-society-singapore-14-jan-2022/

Privacy

Articles about privacy related news, risks, and trends.

• Apple's Private Relay (basically a VPN) Is Being Blocked by Telcos https://www.schneier.com/blog/archives/2022/01/apples-private-relay-is-being-blocked.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Canada's privacy watchdog probing health officials' use of cellphone location data https://globalnews.ca/news/8503895/watchdog-probing-officials-cell-location-data/

• US:

  • EFF Asks Appeals Court to Rule DMCA Anti-Circumvention Provisions Violate First Amendment https://www.eff.org/press/releases/eff-asks-appeals-court-rule-dmca-anti-circumvention-provisions-violate-first
  • Supreme Court blocks Biden's vaccine-or-testing mandate for 80 million workers, allows vaccine mandate for healthcare workers at federally-funded facilities https://www.businessinsider.com/supreme-court-biden-vaccine-testing-mandate-covid-19-2022-1
  • Want the ‘TLDR' on a site's terms of service? There's a bill for that https://www.theverge.com/2022/1/13/22882110/tldr-act-lori-trahan-lujan-cassidy-facebook-twitter-terms-of-service-agreement
  • FCC Chair Proposes New Policies for Carrier Data Breach Reporting https://www.securityweek.com/fcc-chair-proposes-new-policies-carrier-data-breach-reporting
  • PoolTogether Lawsuit Will Test Whether DeFi Really Is Decentralized https://www.pymnts.com/blockchain/2022/pooltogether-lawsuit-will-test-whether-defi-really-is-decentralized/
  • States Appeal Decision to Throw Out Their Facebook Antitrust Case https://www.nytimes.com/2022/01/14/technology/facebook-antitrust-case.html
  • A Missouri Reporter Is (Still) Getting Blamed For the Security Flaw He Exposed https://www.databreaches.net/a-missouri-reporter-is-still-getting-blamed-for-the-security-flaw-he-exposed/
  • Investors sue Kim Kardashian and Floyd Mayweather Jr over crypto scheme https://www.theguardian.com/technology/2022/jan/13/investors-sue-kim-kardashian-and-floyd-mayweather-jr-over-crypto-scheme-ethereummax

• World:

  • A data ‘black hole': Europol ordered to delete vast store of personal data https://www.theguardian.com/world/2022/jan/10/a-data-black-hole-europol-ordered-to-delete-vast-store-of-personal-data
  • Austrian Regulator Says Google Analytics Contravenes GDPR https://www.securityweek.com/austrian-regulator-says-google-analytics-contravenes-gdpr
  • UK Lawsuit Claims Facebook Exploited Personal Data of 44 Million Users https://www.pymnts.com/legal/2022/uk-lawsuit-claims-facebook-exploited-personal-data-of-44-million-users/
  • China puts Walmart in the naughty corner, citing 19 alleged cybersecurity 'violations' https://www.theregister.com/2022/01/10/walmart_china_security/
  • Polish DPA imposes a fine on Warsaw University of Technology for not complying with its obligation https://www.databreaches.net/polish-dpa-imposes-a-fine-on-warsaw-university-of-technology-for-not-complying-with-its-obligation/

• Standards News:

  • NIST Draft - Engineering Trustworthy Secure Systems: SP 800-160 Volume 1 Revision 1 available for comment through February 25 https://csrc.nist.gov/publications/detail/sp/800-160/vol-1-rev-1/draft
  • NIST Draft - Methodology for Characterizing Network Behavior of Internet of Things Devices : NISTIR 8349 available for comment through February 11 https://csrc.nist.gov/publications/detail/nistir/8349/draft
  • NIST Proposal to Revise Special Publications 800-22 Revision 1a A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications https://content.govdelivery.com/accounts/USNIST/bulletins/305235f
  • NIST Requests Public Comments on SP 800-106, Randomized Hashing for Digital Signatures https://content.govdelivery.com/accounts/USNIST/bulletins/3057d22

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Fighting Back Against Pegasus, Other Advanced Mobile Malware https://www.darkreading.com/edge-articles/fighting-back-against-pegasus-other-advanced-mobile-malware
• Google calls for new government action to protect open-source software projects https://www.theverge.com/2022/1/13/22882176/google-government-action-protect-open-source-software-funding-security
• Android users can now disable 2G to block Stingray attacks https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/
• Cybersecurity for Industrial Control Systems: Part 1 https://www.trendmicro.com/en_us/research/22/a/cybersecurity-industrial-control-systems-ics-part-1.html
• Redefining the CISO-CIO Relationship https://www.darkreading.com/careers-and-people/redefining-the-ciso-cio-relationship
• The Cybersecurity Measures CTOs Are Actually Implementing https://www.darkreading.com/tech-trends/the-cybersecurity-measures-ctos-are-actually-implementing
• EFF Threat Lab's “apkeep” APK Downloader, Now More Capable and Available in More Places https://www.eff.org/deeplinks/2022/01/eff-threat-labs-apkeep-apk-downloader-now-more-capable-and-available-more-places
• Firefox Focus now blocks cross-site tracking on Android devices https://www.bleepingcomputer.com/news/security/firefox-focus-now-blocks-cross-site-tracking-on-android-devices/
• Help Shape The CSSLP Exam https://blog.isc2.org/isc2_blog/2022/01/help-shape-the-csslp-exam.html
• Watering hole attacks explained and how to prevent them https://www.comparitech.com/blog/information-security/watering-hole-attack/
• Research - Using EM Waves to Detect Malware https://www.schneier.com/blog/archives/2022/01/using-em-waves-to-detect-malware.html

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Other Zero-day news:

  • Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/
  • KCodes NetUSB kernel remote code execution flaw impacts millions of devices https://www.zdnet.com/article/kcodes-netusb-kernel-remote-code-execution-flaw-impacts-millions-of-devices
  • Millions of Routers Exposed to RCE by USB Kernel Bug https://threatpost.com/millions-routers-exposed-bug-usb-module-kcodes-netusb/177506/
  • New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking https://thehackernews.com/2022/01/new-unpatched-apple-safari-browser-bug.html

• Other Vulnerabilities:

  • A Teen Took Control of Teslas by Hacking a Third-Party App https://www.vice.com/en/article/akv7z5/how-a-hacker-controlled-dozens-of-teslas-using-a-flaw-in-third-party-app
  • Analyzing an Old Bug and Discovering CVE-2021-30995 https://www.trendmicro.com/en_us/research/22/a/analyzing-an-old-bug-and-discovering-cve-2021-30995-.html
  • Three Plugins with Same Bug Put 84K WordPress Sites at Risk https://threatpost.com/plugins-vulnerability-84k-wordpress-sites/177654/
  • WordPress Bugs Exploded in 2021, Most Exploitable https://threatpost.com/wordpress-bugs-exploded-2021-exploitable/177553/
  • npm dependency is breaking some React apps today — here's the fix https://www.bleepingcomputer.com/news/security/npm-dependency-is-breaking-some-react-apps-today-heres-the-fix/
  • Facebook's Create React App builds are breaking today — how to fix https://www.bleepingcomputer.com/news/security/facebooks-create-react-app-builds-are-breaking-today-how-to-fix/
  • MacOS Bug Could Let Creeps Snoop On You https://threatpost.com/macos-bug-snooping-microsoft/177551/
  • Microsoft Defender weakness lets hackers bypass malware detection https://www.databreaches.net/microsoft-defender-weakness-lets-hackers-bypass-malware-detection/
  • Researchers develop CAPTCHA solver to aid dark web research https://www.bleepingcomputer.com/news/security/researchers-develop-captcha-solver-to-aid-dark-web-research/

• Patching:

  • CISA Adds 15 Recent and Older Vulnerabilities to 'Must-Patch' List https://www.securityweek.com/cisa-adds-15-recent-and-older-vulnerabilities-must-patch-list
  • CISA alerts federal agencies of ancient bugs still being exploited https://www.bleepingcomputer.com/news/security/cisa-alerts-federal-agencies-of-ancient-bugs-still-being-exploited/
  • Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest https://www.securityweek.com/adobe-patches-reader-flaws-earned-hackers-150000-chinese-contest
  • AWS fixes security flaws allowing access to AWS customer data https://www.bleepingcomputer.com/news/security/aws-fixes-security-flaws-allowing-access-to-aws-customer-data/
  • Details Published on AWS Flaws Leading to Data Leaks https://www.securityweek.com/details-published-aws-flaws-leading-data-leaks
  • Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM https://thehackernews.com/2022/01/cisco-releases-patch-for-critical-bug.html
  • WordPress 5.8.3 security update fixes SQL injection, XSS flaws https://www.bleepingcomputer.com/news/security/wordpress-583-security-update-fixes-sql-injection-xss-flaws/
  • Patch Tuesday: Microsoft Calls Attention to 'Wormable' Windows Flaw https://www.securityweek.com/patch-tuesday-microsoft-calls-attention-wormable-windows-flaw
  • Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/
  • Microsoft Patch Tuesday - January 2022 , (Tue, Jan 11th) https://isc.sans.edu/diary/rss/28230
  • Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software https://www.theregister.com/2022/01/12/january_patch_tuesday/
  • Microsoft Yanks Buggy Windows Server Updates https://threatpost.com/microsoft-yanks-buggy-windows-server-updates/177648/
  • Microsoft brings back January 2022 Windows Server updates https://www.bleepingcomputer.com/news/microsoft/microsoft-brings-back-january-2022-windows-server-updates/
  • Windows 10 KB5009543 & KB5009545 updates released https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5009543-and-kb5009545-updates-released/
  • New Windows KB5009543, KB5009566 updates break L2TP VPN connections https://www.bleepingcomputer.com/news/microsoft/new-windows-kb5009543-kb5009566-updates-break-l2tp-vpn-connections/
  • CRYScanner: Finding cryptographic libraries misuse, by Amit Choudhari and Sylvain Guilley and Khaled Karray https://eprint.iacr.org/2022/029
  • Preparation for Post-Quantum era: a survey about blockchain schemes from a post-quantum perspective, by Andrada-Teodora Ciulei and Marian-Codrin Crețu and Emil Simion https://eprint.iacr.org/2022/026
  • RSA, DH, and DSA in the Wild, by Nadia Heninger https://eprint.iacr.org/2022/048
  • Differential Fault Analysis on A.E.S., by P. Dusart, G. Letourneux and O. Vivolo https://eprint.iacr.org/2003/010
  • Boomeyong: Embedding Yoyo within Boomerang and its Applications to Key Recovery Attacks on AES and Pholkos, by Mostafizar Rahman and Dhiman Saha and Goutam Paul https://eprint.iacr.org/2022/025

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • (Self-inflicted Malware) BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks https://thehackernews.com/2022/01/badnews-patchwork-apt-hackers-score-own.html
  • Backdoor for Windows, macOS, and Linux went undetected until now https://arstechnica.com/information-technology/2022/01/backdoor-for-windows-macos-and-linux-went-undetected-until-now/
  • FIN7 Mails Malicious USB Sticks to Drop Ransomware https://threatpost.com/fin7-mailing-malicious-usb-sticks-ransomware/177541/
  • 10 Most Popular Targeted Ports in the Past 3 Weeks, (Sun, Jan 16th) https://isc.sans.edu/diary/rss/28242
  • Linux malware sees 35% growth during 2021 https://www.bleepingcomputer.com/news/security/linux-malware-sees-35-percent-growth-during-2021/
  • Recent GootLoader Campaign Targets Law, Accounting Firms https://www.securityweek.com/recent-gootloader-campaign-targets-law-accounting-firms
  • Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys https://thehackernews.com/2022/01/researchers-decrypted-qakbot-banking.html

• Nation State Actors:

  • U.S. Government Issues Warning Over Commercial Surveillance Tools https://www.securityweek.com/us-government-issues-warning-over-commercial-surveillance-tools
  • Destructive malware targeting Ukrainian organizations https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
  • Ukraine cyber-attack: Russia to blame for hack, says Kyiv https://www.bbc.co.uk/news/world-europe-59992531

• Crime & Arrests, etc.:

  • At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/
  • How Cybercriminals Are Cashing in on the Culture of 'Yes' https://www.darkreading.com/vulnerabilities-threats/how-cybercriminals-are-cashing-in-on-the-culture-of-yes-
  • Ransomware gang behind attacks on 50 companies arrested in Ukraine https://www.databreaches.net/ransomware-gang-behind-attacks-on-50-companies-arrested-in-ukraine/
  • North Korean APTs Stole ~$400M in Crypto in 2021 https://threatpost.com/north-korea-apts-stole-400m-cryptocurrency/177638/
  • New York Resident Sentenced To 24 Months' Imprisonment For Aggravated Identity Theft https://www.databreaches.net/new-york-resident-sentenced-to-24-months-imprisonment-for-aggravated-identity-theft/
  • City of Tenino loses $280,309 to phishing email scam, state Auditor's Office says https://www.databreaches.net/city-of-tenino-loses-280309-to-phishing-email-scam-state-auditors-office-says/
  • Ex-hospital worker arrested in South Georgia Medical Center data breach https://www.databreaches.net/ex-hospital-worker-arrested-in-south-georgia-medical-center-data-breach/
  • U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images https://thehackernews.com/2022/01/uk-hacker-jailed-for-spying-on-children.html
  • ‘Alarming' new scam sees fraudsters come directly to seniors' doors, Vancouver police warn https://globalnews.ca/news/8512534/vancouver-police-new-scam/

Other Security / Risk

Articles covering other types of risks.

• Is the 'Great Resignation' Impacting Cybersecurity? https://www.securityweek.com/great-resignation-impacting-cybersecurity
• Fake QR Codes on Parking Meters https://www.schneier.com/blog/archives/2022/01/fake-qr-codes-on-parking-meters.html
• Russia-Ukraine: US warns of 'false-flag' operation https://www.bbc.co.uk/news/world-europe-59998988
• New Intel chips won't play Blu-ray disks due to SGX deprecation https://www.bleepingcomputer.com/news/security/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation/
• Google might've accidentally approved an ad for a Target gift card scam https://www.theverge.com/2022/1/15/22885562/google-search-target-gift-card-scam
• Moxie Marlinspike has stepped down as CEO of Signal https://www.theverge.com/2022/1/10/22876891/signal-ceo-steps-down-moxie-marlinspike-encryption-cryptocurrency
• The pandemic has blurred the lines between laptop categories https://www.theverge.com/22872486/hp-president-alex-cho-hp-business-consumer-laptops
• How Targeted Advertising on Social Media Drives People to Extremes https://www.scientificamerican.com/article/how-targeted-advertising-on-social-media-drives-people-to-extremes/

• Health, Safety & Environment:

  • Epstein-Barr Virus Found to Trigger Multiple Sclerosis https://www.scientificamerican.com/article/epstein-barr-virus-found-to-trigger-multiple-sclerosis/
  • U.S. man recovering after receiving gene-edited pig heart in world-first transplant https://globalnews.ca/news/8502483/pig-heart-transplant/
  • Fascinating Mouse Study Hints We May One Day Have mRNA Vaccine for Skin Cancer https://www.sciencealert.com/early-results-point-the-way-to-an-mrna-vaccine-could-shield-against-skin-cancer
  • We Finally Know The True Extent of Space Destroying Astronauts' Red Blood Cells https://www.sciencealert.com/space-anemia-is-real-and-scientists-just-worked-out-why
  • Why our blood might always rule out a trip to Mars https://www.bbc.co.uk/news/health-59996331
  • Get away from shore - US and Japan warn on tsunami https://www.bbc.co.uk/news/world-asia-60007119
  • Satellite Captures Dramatic Tsunami-Triggering Volcanic Eruption in South Pacific https://www.sciencealert.com/undersea-volcano-s-eruption-caught-by-satellite-triggered-tsunami-waves-in-south-pacific
  • New rapid tests will detect adulteration of meat products https://scienmag.com/new-rapid-tests-will-detect-adulteration-of-meat-products/
  • California reviews whether Tesla's self-driving tests require oversight https://www.theguardian.com/technology/2022/jan/13/california-reviews-tesla-self-driving-tests-require-oversight
  • Ontario temporarily shortens G road tests to reduce backlog https://globalnews.ca/news/8503055/ontario-shortening-g-road-tests/
  • Ontario drivers, instructors concerned about lack of information on changes to G test https://toronto.ctvnews.ca/ontario-drivers-instructors-concerned-about-lack-of-information-on-changes-to-g-test-1.5740593
  • What Is The 'Lunar Effect,' And What Does It Have to Do With Shark Attacks? https://www.sciencealert.com/sharks-might-really-bite-humans-more-during-certain-phases-of-the-moon
  • Toronto issues reminder to not feed coyotes after food reportedly left in Etobicoke park https://toronto.ctvnews.ca/toronto-issues-reminder-to-not-feed-coyotes-after-food-reportedly-left-in-etobicoke-park-1.5740124
  • 2021 was Earth's 5th-hottest year on record, according to European Union scientists https://www.cbc.ca/news/science/copernicus-hottest-year-1.6309545
  • Fires Doubled Australia's Carbon Emissions--Ecosystems May Never Soak It Back Up https://www.scientificamerican.com/article/fires-doubled-australias-carbon-emissions-ecosystems-may-never-soak-it-back-up/
  • Infamous 'Gates of Hell' Crater, Blazing For Decades, Set to Be Extinguished https://www.sciencealert.com/turkmenistan-s-president-wants-to-close-the-gates-of-hell-which-has-been-burning-for-50-years
  • The controversy of wood pellets as a green energy source https://www.bbc.co.uk/news/business-59546278
  • What obliterated this Northwest Territories forest? A downburst https://globalnews.ca/news/8508753/nwt-downburst-obliterates-forest/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • U.S. shatters global COVID record with 1.35M cases reported in a single day https://globalnews.ca/news/8502956/us-covid-cases-daily-record/
  • Covid: Half of Europe to be infected with Omicron within weeks - WHO https://www.bbc.co.uk/news/world-europe-59948920
  • ‘Difficult to say' whether Omicron will lead to end of COVID-19 pandemic: PHAC https://globalnews.ca/news/8511472/covid-pandemic-omicron-phac-end/
  • 'Deltacron' Hybrid Virus Almost Certainly Doesn't Exist, Scientists Say https://www.sciencealert.com/purported-deltacron-hybrid-virus-almost-certainly-doesn-t-exist-scientists-say
  • Canada in for ‘intense' weeks of Omicron infections, hospitalization surges: data https://globalnews.ca/news/8511154/omicron-canada-covid-modelling/
  • Ontario reports 2,467 people with COVID in hospital, 9,706 new cases https://globalnews.ca/news/8500155/ontario-covid-cases-january-10-coronavirus/
  • Omicron making life difficult for mathematicians trying to track COVID-19 https://globalnews.ca/news/8510296/omicron-covid-19-mathematicians-track/
  • Omicron was in Nova Scotia wastewater before it was identified in South Africa https://nationalpost.com/news/canada/omicron-was-in-nova-scotia-wastewater-before-it-was-identified-in-south-africa
  • Other countries struck by Omicron kept their death tolls low. The US is looking different. https://www.businessinsider.com/omicron-us-trajectory-looking-worse-than-uk-denmark-south-africa-2022-1

• Guidance, Response, and Recovery:

  • Ontario to update data reporting so that possible incidental COVID deaths are identified: top doc https://globalnews.ca/news/8509129/ontario-incidental-covid-deaths/
  • Quebec to impose a tax on people who are unvaccinated from COVID-19 https://globalnews.ca/news/8503151/quebec-to-impose-a-tax-on-people-who-are-unvaccinated-from-covid-19/
  • Trucking vaccine mandate will have negative impact: U of M prof https://globalnews.ca/news/8502920/covid-trucking-vaccine-mandate-impact/
  • TTC terminates more than 350 employees who didn't comply with vaccination policy https://toronto.ctvnews.ca/ttc-terminates-more-than-350-employees-who-didn-t-comply-with-vaccination-policy-1.5734717
  • France approves COVID-19 vaccine pass in face of protests https://globalnews.ca/news/8515658/france-covid-19-vaccine-pass/
  • 3rd Chinese city locks down as COVID-19 cases spike, isolating 20 million people https://globalnews.ca/news/8502573/china-covid-cities-lockdown/
  • Ikea cuts sick pay for unvaccinated staff forced to self-isolate https://www.bbc.co.uk/news/business-59930206

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Canadian study shows low incident of false positive test results from rapid antigen tests https://scienmag.com/canadian-study-shows-low-incident-of-false-positive-test-results-from-rapid-antigen-tests/
  • Omicron Is Forcing Us to Rethink Mild COVID https://www.theatlantic.com/health/archive/2022/01/omicron-mild-covid-pandemic-reset/621207/
  • Covid PCR tests end for asymptomatic cases in England https://www.bbc.co.uk/news/uk-59944057
  • WHO recommends two new drugs to treat patients with COVID-19 https://scienmag.com/who-recommends-two-new-drugs-to-treat-patients-with-covid-19/
  • Approval of Pfizer COVID-19 pills coming in 7-10 days: Health Canada https://globalnews.ca/news/8509869/pfizer-antiviral-drug-health-canada-covid/

• Immunity and Vaccinations:

  • Immunocompromised Ontarians can book 4th COVID-19 shot appointment starting today https://toronto.ctvnews.ca/immunocompromised-ontarians-can-book-4th-covid-19-shot-appointment-starting-today-1.5740051
  • Two to three per cent of people are walking away from appointments at city clinics over brand of vaccine https://toronto.ctvnews.ca/two-to-three-per-cent-of-people-are-walking-away-from-appointments-at-city-clinics-over-brand-of-vaccine-1.5734606
  • Things we learned:
  • 'It makes sense': Head of Ontario COVID-19 science table reacts to newly released hospital data https://toronto.ctvnews.ca/it-makes-sense-head-of-ontario-covid-19-science-table-reacts-to-newly-released-hospital-data-1.5735934
  • Unintended consequences of edicts to wear a mask https://scienmag.com/unintended-consequences-of-edicts-to-wear-a-mask/
  • The Same N95 Mask Can Be Decontaminated at Least 25 Times, New Study Indicates https://www.sciencealert.com/new-research-suggests-you-can-use-and-decontaminate-the-same-n95-respirator-at-least-25-times

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Watch a goldfish drive a car toward a target to earn treats https://www.cbc.ca/news/science/goldfish-driving-1.6309485
• Dogs Have the Potential to Be Bilingual, a Recent Study Finds https://www.mentalfloss.com/article/654394/dogs-have-potential-be-bilingual-recent-study-finds