This Week's [in]Security - Issue 256 | insecurity | Control Gap

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: FAQs, Skimmers, Payments, Training & events. New breaches, New Ransomware: NVIDIA, Major outages: Follow-ups & Fall-out. Missouri surprise, Broward, Log4j. Privacy: browsing, facial recognition, boarder patrol, medical tests, AirTags. Laws & Regs - Canada: Financial surveillance, The Emergencies Act. US: Cyber-social contract, US data and consumer privacy, Board liability, Turbotax mass-arbitration. World: Crypto, UK misuse, EncroChat & NSO lawsuits. Standards: NIST, Federal ZeroTrust. Defense: Passwordless, GitHub SecDB, NY-SOC, Chips. Vulnerabilities, Other Vulnerabilities: NPM JS libraries, Cisco, SCADA, WordPress, Samsung, Horde, Zabbix, Zenly, Bugged. Crypto-research: HPKE & Post-quantum. Cybercrime: Trends: Trojan evolution, Docusign, MFA-bypass, Nation States and mercenaries: NSA backdoor, Firewall Botnet. Crime & Enforcement. Other Risks: AI bias, Open Source, Reset-failed, Untrained. Health, Safety & Environment. War: Russia vs Ukraine - hot war, sanctions, banking, investment & partnerships, products, ships, planes, and spacecraft, big tech, disinformation, alerts, actions, APTs & mercenaries. Innovation and more.

Update: 2022-03-03 This week we have a special edition covering the war in the Ukraine, international response, and other related risks https://controlgap.com/blog/this-weeks-insecurity-issue-256-Ukraine

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:

  • Countdown to PCI DSS v4.0 https://blog.pcisecuritystandards.org/countdown-to-pci-dss-v4.0
  • PCI SSC and the National Cybersecurity Alliance issue bulletin to highlight ransomware threat https://www.helpnetsecurity.com/2022/02/14/threat-ransomware-bulletin/, https://www.digitaltransactions.net/ransomware-attacks-prompt-a-warning-from-the-national-cybersecurity-alliance-and-pci-ssc, and http://www.greensheet.com/newswire.php?article_id=55062

• New and updated FAQ’s

  • Frequently Asked Questions (FAQs) for Validation Processes for Merchant-Managed P2PE Solutions https://www.pcisecuritystandards.org/documents/PCI-P2PE-FAQs-for-MMS-Feb2022.pdf
  • PTS POI Technical Frequently Asked Questions https://www.pcisecuritystandards.org/documents/PTS_POI_Technical_FAQs_v6_February_2022.pdf

• Payment skimmers/malware/fraud:

  • Police bust phishing group that used 40 sites to steal credit cards https://www.bleepingcomputer.com/news/security/police-bust-phishing-group-that-used-40-sites-to-steal-credit-cards/

• Other payment related:

  • Consumers Say Friction Is a Leading Cause of Late Bill Payments, Especially Online https://www.digitaltransactions.net/consumers-say-friction-is-a-leading-cause-of-late-bill-payments-especially-online/
  • How the Visa BIN Attributes Sharing Service can enhance your payments operations https://community.developer.visa.com/t5/Blogs/How-the-Visa-BIN-Attributes-Sharing-Service-can-enhance-your/ba-p/19739

• Educational events, webinars, courses, etc:

  • PCI SSC 2022 Call for Speakers Now Open https://www.cvent.com/c/abstracts/cb284b4c-98cf-4c16-8a30-53e1249cf57c
  • NIST virtual workshop March 8 on Standards and Performance Metrics for On-Road Autonomous Vehicles https://www.nist.gov/news-events/events/2022/03/standards-and-performance-metrics-road-autonomous-vehicles
  • Attend the NICE K12 Cybersecurity Education Conference in St. Louis, Missouri on December 5-6, 2022 https://www.k12cybersecurityconference.org/
  • The Art of Non-boring Cybersec Training–Podcast https://threatpost.com/the-art-of-non-boring-cybersec-training-podcast/178594/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Hackers Sell Backdoors Into A $2 Billion Nonprofit, A Californian Hospital, And Michigan Government https://www.databreaches.net/hackers-sell-backdoors-into-a-2-billion-nonprofit-a-californian-hospital-and-michigan-government/
  • Hidden Costs of a Data Breach https://www.darkreading.com/attacks-breaches/hidden-costs-of-a-data-breach
  • NZ technology company hacked, data stolen https://www.databreaches.net/nz-technology-company-hacked-data-stolen/
  • NSW driver's licence data stolen in Accellion breach https://www.databreaches.net/nsw-drivers-licence-data-stolen-in-accellion-breach/
  • Michigan Medicine notifies 269 patients after discovering a snooping employee https://www.databreaches.net/michigan-medicine-notifies-269-patients-after-discovering-a-snooping-employee/
  • US defense contractors hit by stealthy SockDetour Windows backdoor https://www.bleepingcomputer.com/news/security/us-defense-contractors-hit-by-stealthy-sockdetour-windows-backdoor/

• New Ransomware and "Incidents":

  • Security groups: Ransomware cases rising https://bankbeat.biz/security-groups-ransomware-cases-rising/
  • Ransomware Trained on Manufacturing Firms Led Cyberattacks in Industrial Sector https://www.darkreading.com/attacks-breaches/ransomware-trained-on-manufacturing-firms-led-cyberattacks-in-industrial-sector
  • GPU giant Nvidia is investigating a potential cyberattack https://www.bleepingcomputer.com/news/security/gpu-giant-nvidia-is-investigating-a-potential-cyberattack/
  • Researchers Devise Method to Decrypt Hive Ransomware-Encrypted Data https://www.securityweek.com/researchers-devise-method-decrypt-hive-ransomware-encrypted-data
  • Expeditors shuts down global operations after likely ransomware attack https://www.bleepingcomputer.com/news/security/expeditors-shuts-down-global-operations-after-likely-ransomware-attack/
  • Cookware giant Meyer discloses cyberattack that impacted employees https://www.bleepingcomputer.com/news/security/cookware-giant-meyer-discloses-cyberattack-that-impacted-employees/
  • One year later, Minimally Invasive Surgery of Hawaii notifies patients of ransomware incident https://www.databreaches.net/one-year-later-minimally-invasive-surgery-of-hawaii-notifies-patients-of-ransomware-incident/

• Major outages/downs:

  • Internet is back in Tonga after 38 days of outage https://blog.cloudflare.com/internet-is-back-in-tonga-after-38-days-of-outage/

• Follow-ups and fall-out:

  • Report: Missouri Governor's Office Responsible for Teacher Data Leak https://krebsonsecurity.com/2022/02/report-missouri-governors-office-responsible-for-teacher-data-leak/
  • Broward schools took extraordinary steps to hide key details of massive data breach https://www.databreaches.net/broward-schools-took-extraordinary-steps-to-hide-key-details-of-massive-data-breach/
  • Log4j Remediation Took Weeks or More for Over 50% of Organizations https://www.darkreading.com/attacks-breaches/log4j-remediation-took-weeks-or-more-for-more-than-50-of-organizations

Privacy

Articles about privacy related news, risks, and trends.

• The Quiet Way Advertisers Are Tracking Your Browsing https://www.wired.com/story/browser-fingerprinting-tracking-explained
• Facial Recognition at Airports: What You Need to Know https://www.nytimes.com/2022/02/26/travel/facial-recognition-airports-customs.html
• IRS: Selfies Now Optional, Biometric Data to Be Deleted https://krebsonsecurity.com/2022/02/irs-selfies-now-optional-biometric-data-to-be-deleted/
• How CBP Uses Hacking Technology to Search International Travelers' Phones https://epic.org/how-cbp-uses-hacking-technology-to-search-international-travelers-phones/

• Privacy Violating COVID Tests https://www.schneier.com/blog/archives/2022/02/privacy-violating-covid-tests.html

  • Bypassing Apple's AirTag Security https://www.schneier.com/blog/archives/2022/02/bypassing-apples-airtag-security.html
  • New AirTags anti-stalking measures appear in iOS 15.4 beta https://www.theverge.com/2022/2/23/22947063/airtags-anti-stalking-ios-15-4-beta-4-privacy-notice
  • Airtag clones can sidestep Apple anti-stalker tech https://www.theregister.com/2022/02/22/apple_airtags_protections_bypass/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Trudeau Government Moves to Make Expanded Surveillance Powers over Financial Transactions ‘Permanent’ https://www.nationalreview.com/corner/trudeau-government-moves-to-make-expanded-surveillance-powers-over-financial-transactions-permanent/
  • The Law Bytes Podcast, Episode 118: Leah West on the Canadian Government's Invocation of the Emergencies Act https://www.michaelgeist.ca/2022/02/law-bytes-podcast-episode-118/

• US:

  • A New Cybersecurity “Social Contract” https://www.schneier.com/blog/archives/2022/02/a-new-cybersecurity-social-contract.html
  • ACA: House Committee Examines Federal Data Privacy Standards https://epic.org/aca-house-committee-examines-federal-data-privacy-standards/
  • At Least 22 States Have Consumer Privacy Legislation Pending – Will 2022 Be the Year for More State Privacy Laws? https://www.databreaches.net/at-least-22-states-have-consumer-privacy-legislation-pending-will-2022-be-the-year-for-more-state-privacy-laws/
  • Supreme Court Declines to Rule on Warrantless Pole Camera Surveillance https://epic.org/supreme-court-declines-to-rule-on-warrantless-pole-camera-surveillance/
  • EFF Urges FTC to Investigate Stalkerware App Network Subject of TechCrunch Report https://www.eff.org/deeplinks/2022/02/eff-urges-ftc-investigate-stalkerware-app-network-subject-techcrunch-report
  • EPIC & Coalition Endorse Congressional Letter to DHS Opposing Expansion of “E-Carceration” https://epic.org/epic-coalition-endorse-congressional-letter-to-dhs-opposing-expansion-of-e-carceration/
  • Potential Board Liability for Cybersecurity Failures Under Caremark Law https://www.databreaches.net/potential-board-liability-for-cybersecurity-failures-under-caremark-law/
  • TurboTax Maker Intuit Faces Tens of Millions in Fees in a Groundbreaking Legal Battle Over Consumer Fraud https://www.propublica.org/article/turbotax-maker-intuit-faces-tens-of-millions-in-fees-in-a-groundbreaking-legal-battle-over-consumer-fraud#1260897

• World:

  • Can the law keep up with crypto? https://www.theverge.com/22944579/crypto-bitcoin-internet-law-nft-tiktok-dances-tonya-evans-interview
  • UK Computer Misuse Act reformers visit Parliament https://www.theregister.com/2022/02/25/cyberup_parliament_rob_dyke/
  • EncroChat defendants' lawyers make bid to halt trial https://www.theregister.com/2022/02/22/encrochat_lawyers_complain_unfair_trials/
  • NSO Sues Israeli Paper After Explosive Articles on Police https://www.securityweek.com/nso-sues-israeli-paper-after-explosive-articles-police

• Standards News:

  • NIST Request for Information open until April 25 | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management https://www.nist.gov/cyberframework/request-information-about-evaluating-and-improving-cybersecurity-resources
  • NIST proposes model to assess cybersecurity investment strategies in network security https://www.zdnet.com/article/nist-proposes-model-to-assess-cybersecurity-investment-strategies-in-network-security
  • The federal Zero Trust strategy and Microsoft's deployment guidance for all https://www.microsoft.com/security/blog/2022/02/22/the-federal-zero-trust-strategy-and-microsofts-deployment-guidance-for-all/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• The end of passwords https://www.technologyreview.com/2022/02/23/1044953/password-login-cybersecurity/
• Why Passwordless Is at an Impasse https://www.darkreading.com/operations/why-passwordless-is-at-an-impasse
• GitHub Opens Security Database to Community Contributions https://www.darkreading.com/application-security/github-opens-security-database-to-community-contributions
• Microsoft Defender for Cloud can now protect Google Cloud resources https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-cloud-can-now-protect-google-cloud-resources/
• New York Opens Joint Security Operations Center in NYC https://www.darkreading.com/threat-intelligence/new-york-opens-joint-security-operations-center-in-nyc
• Inside the Lab Where Intel Tries to Hack Its Own Chips https://www.wired.com/story/intel-lab-istare-hack-chips

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Vulnerabilities:

  • 25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository https://thehackernews.com/2022/02/25-malicious-javascript-libraries.html
  • New Flaws Discovered in Cisco's Network Operating System for Switches https://thehackernews.com/2022/02/new-flaws-discovered-in-ciscos-network.html
  • NSA Informs Cisco of Vulnerability Exposing Nexus Switches to DoS Attacks https://www.securityweek.com/nsa-informs-cisco-vulnerability-exposing-nexus-switches-dos-attacks
  • GE SCADA Product Vulnerabilities Show Importance of Secure Configurations https://www.securityweek.com/ge-scada-product-vulnerabilities-show-importance-secure-configurations
  • Vulnerability in UpdraftPlus Plugin Exposed Millions of WordPress Site Backups https://www.securityweek.com/vulnerability-updraftplus-plugin-exposed-millions-wordpress-site-backups
  • Samsung shipped '100 million' phones with flawed encryption https://www.theregister.com/2022/02/23/samsung_encryption_phones/
  • 9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software https://thehackernews.com/2022/02/9-year-old-unpatched-email-hacking-bug.html
  • CISA warns of actively exploited vulnerabilities in Zabbix servers https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-vulnerabilities-in-zabbix-servers/
  • Zenly Social-Media App Bugs Allow Account Takeover https://threatpost.com/zenly-bugs-account-takeover/178646/
  • A Good Old Equation Editor Vulnerability Delivering Malware, (Tue, Feb 22nd) https://isc.sans.edu/diary/rss/28368
  • Coinbase Pays $250K for 'Market-Nuking' Security Flaw https://www.securityweek.com/coinbase-pays-250k-market-nuking-security-flaw
  • An Optical Spy Trick Can Turn Any Shiny Object Into a Bug https://www.wired.com/story/little-seal-bug-shiny-objects-spy-listen

• Cryptography and Cryptographic Research:

  • HPKE: Standardizing public-key encryption (finally!) https://blog.cloudflare.com/hybrid-public-key-encryption/
  • Characterizing the qIND-qCPA (in)security of the CBC, CFB, OFB and CTR modes of operation, by Tristan NEMOZ and Zoé AMBLARD and Aurélien DUPIN https://eprint.iacr.org/2022/236
  • Deep dive into a post-quantum key encapsulation algorithm https://blog.cloudflare.com/post-quantum-key-encapsulation/
  • Deep dive into a post-quantum signature scheme https://blog.cloudflare.com/post-quantum-signatures/
  • The post-quantum state: a taxonomy of challenges https://blog.cloudflare.com/post-quantum-taxonomy/
  • The quantum solace and spectre https://blog.cloudflare.com/quantum-solace-and-spectre/
  • WiP: Applicability of ISO Standard Side-Channel Leakage Tests to NIST Post-Quantum Cryptography, by Markku-Juhani O. Saarinen https://eprint.iacr.org/2022/229

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Almost 100,000 new mobile banking Trojan strains detected in 2021 https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021
  • Mobile Malware Attacks Dropped in 2021 but Sophistication Increased https://www.securityweek.com/mobile-malware-attacks-dropped-2021-sophistication-increased
  • More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020 https://www.darkreading.com/attacks-breaches/more-orgs-experienced-a-successful-phishing-attack-in-2021-than-year-before
  • Network hackers focus on selling high-value targets in the U.S. https://www.bleepingcomputer.com/news/security/network-hackers-focus-on-selling-high-value-targets-in-the-us/
  • Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins https://threatpost.com/cyberattackers-docusign-steal-microsoft-outlook-logins/178613/
  • Devious phishing method bypasses MFA using remote access software https://www.bleepingcomputer.com/news/security/devious-phishing-method-bypasses-mfa-using-remote-access-software/
  • Hackers Exploiting Infected Android Devices to Register Disposable Accounts https://thehackernews.com/2022/02/hackers-exploit-bug-in-sms-verification.html
  • Malware infiltrates Microsoft Store via clones of popular games https://www.bleepingcomputer.com/news/security/malware-infiltrates-microsoft-store-via-clones-of-popular-games/
  • Microsoft Exchange servers hacked to deploy Cuba ransomware https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-cuba-ransomware/
  • Vulnerable Microsoft SQL Servers targeted with Cobalt Strike https://www.bleepingcomputer.com/news/security/vulnerable-microsoft-sql-servers-targeted-with-cobalt-strike/
  • Xenomorph Malware Burrows into Google Play Users, No Facehugger Required https://threatpost.com/xenomorph-malware-google-play-facehugger/178563/
  • New Xenomorph Android malware targets customers of 56 banks https://www.bleepingcomputer.com/news/security/new-xenomorph-android-malware-targets-customers-of-56-banks/
  • Threat Advisory: HermeticWiper http://blog.talosintelligence.com/2022/02/threat-advisory-hermeticwiper.html
  • Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices https://thehackernews.com/2022/02/warning-deadbolt-ransomware-targeting.html
  • Entropy ransomware linked to Evil Corp's Dridex malware https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/

• Nation State Actors:

  • Anatomy of suspected top-tier decade-hidden NSA backdoor https://www.theregister.com/2022/02/23/chinese_nsa_linux/
  • NSA-linked Bvp47 Linux backdoor widely undetected for 10 years https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/
  • CISA Warns of New Malware Framework Used by Russian 'Sandworm' Hacking Team https://www.darkreading.com/vulnerabilities-threats/cisa-warns-of-new-malware-framework-employed-by-infamous-sandworm-hacking-team
  • Russia's Sandworm Hackers Have Built a Botnet of Firewalls https://www.wired.com/story/sandworm-cyclops-blink-hacking-tool
  • China's APT10 cyber-spies 'targeted Taiwanese financial firms' https://www.theregister.com/2022/02/23/apt10_operation_cache_panda_taiwan/

• Crime & Arrests, etc.:

  • An Elaborate Employment Con in the Internet Age https://www.schneier.com/blog/archives/2022/02/an-elaborate-employment-con-in-the-internet-age.html
  • FTC: Americans report losing over $5.8 billion to fraud in 2021 https://www.bleepingcomputer.com/news/security/ftc-americans-report-losing-over-58-billion-to-fraud-in-2021/
  • Stealing Bicycles by Swapping QR Codes https://www.schneier.com/blog/archives/2022/02/stealing-bicycles-by-swapping-qr-codes.html
  • The US is unmasking Russian hackers faster than ever https://www.technologyreview.com/2022/02/21/1046087/russian-hackers-ukraine/
  • Miami Street Gangs See No Hope In Dope. They've Switched To Identity Fraud Fueled By Russian Hackers https://www.databreaches.net/miami-street-gangs-see-no-hope-in-dope-theyve-switched-to-identity-fraud-fueled-by-russian-hackers/
  • Sg: Ex-deputy lead of MOH data unit jailed for leaking daily Covid-19 case numbers in 2020 https://www.databreaches.net/sg-ex-deputy-lead-of-moh-data-unit-jailed-for-leaking-daily-covid-19-case-numbers-in-2020/
  • Ontario man purchases $800 worth of gift cards that turn out to be empty https://toronto.ctvnews.ca/ontario-man-purchases-800-worth-of-gift-cards-that-turn-out-to-be-empty-1.5796844
  • Amazon continues its war on fake reviews, suing 2 companies over allegations they employed an army of 'bad actors' https://www.businessinsider.com/amazon-lawsuits-fake-reviews-allegations-appsally-rebatest-2022-2
  • Car thefts linked to fitness facility locker rooms in Kitchener-Waterloo: police https://globalnews.ca/news/8642708/kitchener-waterloo-gym-keys-stolen-vehicles/
  • When the Mob Turned to Plastic Surgeons to Erase Their Fingerprints https://www.mentalfloss.com/article/655337/mob-plastic-surgeons-erase-fingerprints

Other Security / Risk

Articles covering other types of risks.

• Can machine-learning models overcome biased datasets? https://scienmag.com/can-machine-learning-models-overcome-biased-datasets/
• Open Source Code: The Next Major Wave of Cyberattacks https://www.darkreading.com/vulnerabilities-threats/open-source-code-the-next-major-wave-of-cyberattacks
• Microsoft: Resetting Windows devices might not wipe all data https://www.bleepingcomputer.com/news/microsoft/microsoft-resetting-windows-devices-might-not-wipe-all-data/
• Dallas IT worker erased police files by accident, didn't have enough training, report says https://www.databreaches.net/dallas-it-worker-erased-police-files-by-accident-didnt-have-enough-training-report-says/
• Millions of dollars pour into security compliance startups amid pressure on business https://www.theregister.com/2022/02/23/secureframe_security_compliance_investment/
• Startup's planned 5G Blackberry revival is officially dead https://www.theverge.com/2022/2/22/22945425/5g-blackberry-revival-cancelled-onwardmobility
• 3G shutdown - latest: Fear of security system ‘alarmaggedon' as AT&T 5G rollout sees network close https://www.independent.co.uk/news/world/americas/3g-shutdown-att-phones-5g-b2020517.html
• Crypto exchange FTX is launching a gaming unit to drive token adoption https://www.theverge.com/2022/2/21/22944563/ftx-cryptocurrency-exchange-gaming-unit-nft-blockchain
• 50K speeding tickets issued in last quarter of 2021 thanks to Toronto speed cameras https://globalnews.ca/news/8648481/toronto-traffic-speeding-tickets-last-quarter-2021/
• Ontario licence plate renewal fees: Your top questions answered https://toronto.ctvnews.ca/ontario-licence-plate-renewal-fees-your-top-questions-answered-1.5791523

• Health, Safety & Environment:

  • Here's The Impact That Walkable Neighborhoods Can Have on Your Physical Health https://www.sciencealert.com/here-s-the-impact-that-walkable-neighborhoods-can-have-on-your-physical-health
  • Scientists Can Now Turn Stem Cells Into Bone Using Nothing More Than Sound https://www.sciencealert.com/sonic-breakthrough-uses-sound-waves-to-regrow-bone-from-stem-cells
  • Unravelling the mysteries around type-2 diabetes https://scienmag.com/unravelling-the-mysteries-around-type-2-diabetes/
  • Uptake of childhood immunizations increased during Scotland's national lockdown in 2020 https://scienmag.com/uptake-of-childhood-immunizations-increased-during-scotlands-national-lockdown-in-2020/
  • Ontario reports total of 1,106 people in hospital with COVID-19, including 319 in ICU https://toronto.ctvnews.ca/ontario-reports-total-of-1-106-people-in-hospital-with-covid-19-including-319-in-icu-1.5792461
  • All Covid restrictions to end in England - PM https://www.bbc.co.uk/news/uk-60467183
  • Ontario reviewing vaccine mandate for long-term care workers, minister says https://toronto.ctvnews.ca/ontario-reviewing-vaccine-mandate-for-long-term-care-workers-minister-says-1.5794622
  • What Is a Vaccinated Person's Risk of Dying from COVID? https://www.scientificamerican.com/article/what-is-a-vaccinated-persons-risk-of-dying-from-covid/
  • Why we need to ‘learn to live' with COVID-19, according to doctors and immunocompromised patients https://globalnews.ca/news/8646483/learning-to-live-with-covid/
  • These Vaccines May Be Ready to Take On New COVID Variants https://www.scientificamerican.com/article/these-vaccines-may-be-ready-to-take-on-new-covid-variants/
  • We Might Not Need Annual COVID Shots https://www.theatlantic.com/science/archive/2022/02/covid-vaccine-new-variants/622903/
  • Scientists Built a Coronavirus From Scratch, Then Saw It Trying to Hide https://www.sciencealert.com/scientists-made-a-minimalist-sars-cov-2-and-found-something-weird-about-it-spikes
  • U.S. Plans New Safety Rules to Crack Down on Carbon Monoxide Poisoning from Portable Generators https://www.propublica.org/article/u-s-plans-new-safety-rules-to-crack-down-on-carbon-monoxide-poisoning-from-portable-generators#1261896
  • Police warn residents to stay off frozen ice after people rescued from Humber River https://toronto.ctvnews.ca/police-warn-residents-to-stay-off-frozen-ice-after-people-rescued-from-humber-river-1.5790115
  • Methane Emissions from Energy Production Are Massively Undercounted https://www.scientificamerican.com/article/methane-emissions-from-energy-production-are-massively-undercounted/
  • How Hong Kong 'Sees' Invisible Tailpipe Emissions and Pulls Polluters Off the Road https://www.scientificamerican.com/podcast/episode/how-hong-kong-sees-invisible-tailpipe-emissions-and-pulls-polluters-off-the-road/
  • Why LEGO Pieces Have Been Washing Up on English Beaches for 25 Years https://www.mentalfloss.com/article/655519/shipwrecked-lego-pieces-english-beaches

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:

  • Bacteria upcycle carbon waste into valuable chemicals https://scienmag.com/bacteria-upcycle-carbon-waste-into-valuable-chemicals/
  • Ontario puts $250K toward proposed EV battery production lines https://toronto.ctvnews.ca/ontario-puts-250k-toward-proposed-ev-battery-production-lines-1.5792588
  • Scientists build camouflage tech using liquid crystals that work like octopus cells https://www.independent.co.uk/life-style/gadgets-and-tech/active-camouflage-artificial-chromatophores-pennsylvania-b2019513.html

• Other:

  • XKCD Using the power of rounding to go faster https://xkcd.com/2585/
  • 280 million years ago a huge asteroid slammed into the Wyoming/Nebraska border https://www.syfy.com/syfy-wire/bad-astronomy-ancient-asteroid-impact-on-wyomingnebraska-border
  • Lunar Rover Discovers Mysterious (and tiny) Glass Spheres on The Far Side of The Moon https://www.sciencealert.com/the-moon-has-glass-balls
  • Mystery Deepens as China Denies Owning Space Junk Set to Crash Into Moon https://www.sciencealert.com/china-denies-that-the-rocket-that-s-about-to-crash-into-the-moon-is-theirs
  • Webb turns those 18 separate star images into a single unified star. Next comes even better focus. https://www.universetoday.com/154683/webb-turns-those-18-separate-star-images-into-a-single-unified-star-next-comes-even-better-focus/
  • Beautiful Albireo AB https://apod.nasa.gov/apod/ap220224.html
  • Tatooine? An Exoplanet is Definitely Orbiting Two Stars https://www.universetoday.com/154667/an-exoplanet-is-definitely-orbiting-two-stars/