19 min read

This Week's [in]Security - Issue 265

Picture of CG Blogger CG Blogger : May 1, 2022 10:26:00 AM

[in]security NIST TLS FAFSA SAQ V4.0 Coca-Cola

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: SAQV4. Skimmers. Payments: New breaches: More GitHub, Coca-Cola. New Ransomware: trends, costs, BlackCat, Black Basta. Major outages: Record DDoS, fiber cable attacks. Follow-ups & Fall-out: 300K dbs, Smile, Aimware, fines, Blackbaud. Privacy: doxxing & right to be forgotten, warrantless searches, FAFSA (student aid) & Facebook. Laws & Regs - Canada: copyright, online harms, border rules. US: Fake EDRs, Patents, FOSTA, Drones. World: Open Internet, EU/India tech pact, EFF to the EU. Standards: security.txt, NIST OT & 5G. Defense - APIs, Google Docs. Tools: OpenSSF & malware packages. Vulnerabilities, Advisories: CISA. Zerodays: on the rise. Patching: Azure PostgreSQL. Other: CVE-like scores for Cloud, NPM, Nimbuspwn, NAS, Netatalk. Vulnerability research: Bug bounties, VirusTotal as vector. Crypto-research: PQC & agility. Cybercrime: Trends: Smishing, Malicious Tor, Onyx wiper, Bumblebee, Magniber. Crime & Enforcement: Child ID theft, Interpol. Sandworm, NFT theft, Nation States and mercenaries. China vs Russia, Journalists. Other. Playstore. Other Risks: General: Cloud, Bulletproof TLS, AI weirdness, Free speech, decoupling China. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

PCI Updates:
- PCI Security Standards Council Bulletin: SAQs for PCI DSS v4.0 are Now Available https://www.pcisecuritystandards.org/pdfs/SAQs_for_PCI_DSS_v4.0_Bulletin.pdf
- PCI DSS v4.0 is Now Available: Resources and Engagement Events https://blog.pcisecuritystandards.org/pci-dss-v4-0-is-now-available-resources-and-engagement-events
Payment skimmers/malware/fraud:
- NB65 Hackers Reportedly Stole Credit Card Data of QIWI Clients https://www.databreaches.net/nb65-hackers-reportedly-stole-credit-card-data-of-qiwi-clients/
Other payment related:
- Mastercard And Microsoft Team on an Enhanced Verification Solution for E-Commerce https://www.digitaltransactions.net/mastercard-and-microsoft-team-on-an-enhanced-verification-solution-for-e-commerce/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

New Breaches:
- Attacker Breach ‘Dozens' of GitHub Repos Using Stolen OAuth Tokens https://threatpost.com/github-repos-stolen-oauth-tokens/179427/
- Coca-Cola investigates hackers' claims of breach and data theft https://www.databreaches.net/coca-cola-investigates-hackers-claims-of-breach-and-data-theft/
- Mailpac customers affected by Aeropost data breach https://www.databreaches.net/mailpac-customers-affected-by-aeropost-data-breach/
- Data Breach Disrupts UK Army Recruitment https://www.databreaches.net/data-breach-disrupts-uk-army-recruitment/
- Illuminate Education Breach Notice https://www.databreaches.net/illuminate-education-breach-notice/
- Over 20,000 people's data potentially compromised in phishing scam targeting Valley View Hospital (Colorado) https://www.databreaches.net/over-20000-peoples-data-potentially-compromised-in-phishing-scam-targeting-valley-view-hospital/
New Ransomware and "Incidents":
- Cyber Conflict Overshadowed a Major Government Ransomware Alert https://www.darkreading.com/attacks-breaches/cyber-conflict-overshadowed-a-major-government-ransomware-alert-here-s-the-attention-it-deserves and https://www.cisa.gov/uscert/sites/default/files/publications/AA22-040A_2021_Trends_Show_Increased_Globalized_Threat_of_Ransomware_508.pdf
- Ransom payment is roughly 15% of the total cost of ransomware attacks https://www.bleepingcomputer.com/news/security/ransom-payment-is-roughly-15-percent-of-the-total-cost-of-ransomware-attacks/
- FBI: BlackCat ransomware scratched 60-plus orgs https://www.databreaches.net/fbi-blackcat-ransomware-scratched-60-plus-orgs/
- New Black Basta ransomware springs into action with a dozen breaches https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/
- American Dental Association hit by cyberattack, operations disrupted https://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-cyberattack-operations-disrupted/
- Online library Onleihe app faces issues after cyberattack on provider https://www.bleepingcomputer.com/news/security/online-library-onleihe-app-faces-issues-after-cyberattack-on-provider/
- Purported Elgin County data posted online by ransomware group: cyber threat expert https://globalnews.ca/news/8788980/elgin-county-data-ransomeware-crime/
- Scott County, Iowa discloses data security incident https://www.databreaches.net/scott-county-iowa-discloses-data-security-incident/
Major outages/downs:
- Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second https://thehackernews.com/2022/04/cloudflare-thwarts-record-ddos-attack.html
- One of the most powerful DDoSes ever targets cryptocurrency platform https://arstechnica.com/information-technology/2022/04/one-of-the-most-powerful-ddoses-ever-targets-cryptocurrency-platform/
- Internet Outages in French Cities After Cable 'Attacks': Operator https://www.securityweek.com/internet-outages-french-cities-after-cable-attacks-operator
Follow-ups and fall-out:
- Over 300,000 Internet-Exposed Databases Identified in 2021 https://www.securityweek.com/over-300000-internet-exposed-databases-identified-2021-study
- Breach Update Shows 2.6M Individuals Affected By Smile Brands Data Theft https://packetstormsecurity.com/news/view/33375/Breach-Update-Shows-2.6M-Individuals-Affected-By-Smile-Brands-Data-Theft.html
- Aimware - 305,470 breached accounts https://haveibeenpwned.com/PwnedWebsites#Aimware
- Health data leak: 1.5 million euro fine against Dedalus Biologie https://www.databreaches.net/health-data-leak-1-5-million-euro-fine-against-dedalus-biologie/
- Devil-Torrents.pl - 63,451 breached accounts https://haveibeenpwned.com/PwnedWebsites#DevilTorrents
- Court Rejects Demand for “Corrective” Notice in Blackbaud Data Breach MDL https://www.databreaches.net/court-rejects-demand-for-corrective-notice-in-blackbaud-data-breach-mdl/

Privacy

Articles about privacy related news, risks, and trends.

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results https://krebsonsecurity.com/2022/04/you-can-now-ask-google-to-remove-your-phone-number-email-or-address-from-search-results/
Google fights doxxing with updated personal info removal policy https://www.bleepingcomputer.com/news/google/google-fights-doxxing-with-updated-personal-info-removal-policy/
How to Remove Your Personal Info From Google's Search Results https://www.wired.com/story/remove-personal-info-from-google-search-results
'Right to be Forgotten': Israel Firm Promises to Purge Digital Footprint https://www.securityweek.com/right-be-forgotten-israel-firm-promises-purge-digital-footprint
FBI Conducted 3.4 Million Warrantless Searches of Americans' Data https://www.wired.com/story/fbi-warrantless-searches-americans-2021-security-roundup
Go read this exposé on how FAFSA got caught sending personal info to Facebook https://www.theverge.com/2022/4/29/23048305/fafsa-facebook-department-of-education-us-student-financial-aid-meta-tracking-pixel

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Canada:
- The Canadian Government Makes its Choice: Implementation of Copyright Term Extension Without Mitigating Against the Harms https://www.michaelgeist.ca/2022/04/the-canadian-government-makes-its-choice-implementation-of-copyright-term-extension-without-mitigating-against-the-harms/
- The Law Bytes Podcast, Episode 126: Why Canada's Online Harms Consultation Was a Transparency and Policy Failure https://www.michaelgeist.ca/2022/04/law-bytes-podcast-episode-126/
- What is the Logic Behind The Logic's Demand for Internet Platform Payments? https://www.michaelgeist.ca/2022/04/what-is-the-logic-behind-the-logics-demand-for-internet-platform-payments/
- Canada's updated border restrictions: What you need to know https://www.ctvnews.ca/canada/canada-s-updated-border-restrictions-what-you-need-to-know-1.5874746
US:
- Fighting Fake EDRs With ‘Credit Ratings' for Police https://www.databreaches.net/fighting-fake-edrs-with-credit-ratings-for-police/
- Our Fight To Prevent Patent Suits From Being Shrouded in Secrecy https://www.eff.org/deeplinks/2022/04/our-fight-prevent-patent-suits-being-shrouded-secrecy
- Plaintiffs Press Appeals Court to Rule That FOSTA Violates the First Amendment https://www.eff.org/deeplinks/2022/04/plaintiffs-press-appeals-court-rule-fosta-violates-first-amendment
- The White House Wants More Powers To Crack Down On Rogue Drones https://packetstormsecurity.com/news/view/33370/The-White-House-Wants-More-Powers-To-Crack-Down-On-Rogue-Drones.html
- Victory! Maryland Legislature Says Police Must Now Be Trained To Recognize Stalkerware https://www.eff.org/deeplinks/2022/04/victory-maryland-police-must-now-be-trained-recognize-stalkerware
- Hollywood's Fight Against VPNs Turns Ugly https://www.wired.com/story/hollywood-piracy-vpn-lawsuits
- Ray-Bans Maker Sues JPMorgan, Claiming Bank Could Have Stopped $272M Fraud https://www.pymnts.com/legal/2022/ray-bans-maker-sues-jpmorgan-claiming-bank-could-have-stopped-272m-fraud/
- EFF Statement on the Declaration for the Future of the Internet https://www.eff.org/deeplinks/2022/04/eff-statement-declaration-future-internet
- EPIC Applauds FTC's CafePress Settlement, Urges Further Action on Data Protection https://epic.org/epic-applauds-ftcs-cafepress-settlement-urges-further-action-on-data-protection/
World:
- U.S. and More Than 55 Other Countries Pledge to Keep an Open Internet https://www.nytimes.com/2022/04/28/technology/open-internet.html
- India inks tech pact with EU – only the US has the same deal https://www.theregister.com/2022/04/26/india_eu_trade_and_technology_council/
- EFF to European Court: No Intermediary Liability for Social Media Users https://www.eff.org/deeplinks/2022/04/eff-european-court-no-intermediary-liability-social-media-users
Standards News:
- IETF Publishes informational (optional) RFC 9116 for 'security.txt' files that assist with responsible disclosure of vulnerabilities https://www.securityweek.com/ietf-publishes-rfc-9116-securitytxt-file
- Guide to Operational Technology (OT) Security: NIST Requests Comments on Draft SP 800-82r3 open for comment through July 1 https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft
- NCCoE preliminary draft publication, (SP) 1800-33 Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics, is open for public comment until June 27 https://csrc.nist.gov/publications/detail/sp/1800-33/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

General:
- API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot https://www.imperva.com/blog/api-security-is-necessary-to-stop-threats-that-wafs-and-bot-protection-cannot/
- Google Docs expands warnings about dodgy files and links https://www.theverge.com/2022/4/29/23048113/google-docs-slides-sheets-warning-banner-scams-phishing-links-web
- The Ins and Outs of Secure Infrastructure as Code https://www.darkreading.com/dr-tech/the-ins-and-outs-of-secure-infrastructure-as-code
Methods, Techniques, Tools, and Products:
- New OpenSSF Project Hunts for Malicious Packages in Open Source Repositories https://www.securityweek.com/new-openssf-project-hunts-malicious-packages-open-source-repositories
- Open source 'Package Analysis' tool finds malicious npm, PyPI packages https://www.bleepingcomputer.com/news/security/open-source-package-analysis-tool-finds-malicious-npm-pypi-packages/
- The Package Analysis Project: Scalable detection of malicious open source packages https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html
- Microsoft Edge's 'Secure Network' sounds a lot like a built-in VPN https://www.theregister.com/2022/04/29/edge_vpn/
- Using Passive DNS sources for Reconnaissance and Enumeration, (Fri, Apr 29th) https://isc.sans.edu/diary/rss/28596

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Advisories:
- CISA adds 7 vulnerabilities to list of bugs exploited in attacks https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/
- U.S Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities https://thehackernews.com/2022/04/us-cybersecurity-agency-lists-2021s-top.html
Zero-day news:
- Zero-Day Vulnerabilities Are on the Rise https://www.schneier.com/blog/archives/2022/04/zero-day-vulnerabilities-are-on-the-rise.html
Patching:
- Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL https://www.darkreading.com/cloud/microsoft-patches-pair-of-dangerous-vulnerabilities-in-azure-postgresql
Other Vulnerabilities:
- Firms Push for CVE-Like Cloud Bug System https://threatpost.com/cve-cloud-bug-system/179394/
- NPM flaw let attackers add anyone as maintainer to malicious packages https://www.bleepingcomputer.com/news/security/npm-flaw-let-attackers-add-anyone-as-maintainer-to-malicious-packages/
- Microsoft Warns of 'Nimbuspwn' Security Flaws Haunting Linux https://www.securityweek.com/microsoft-warns-nimbuspwn-security-flaws-haunting-linux
- Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack https://www.darkreading.com/vulnerabilities-threats/critical-vulnerabilities-qnap-synology-nas-rce
- Synology warns of critical Netatalk bugs in multiple products https://www.bleepingcomputer.com/news/security/synology-warns-of-critical-netatalk-bugs-in-multiple-products/
Research on new vulnerabilities:
- Google gives 50% bonus to Android 13 Beta bug bounty hunters https://www.bleepingcomputer.com/news/security/google-gives-50-percent-bonus-to-android-13-beta-bug-bounty-hunters/
- Homeland Security bug bounty program uncovers 122 holes in its systems https://www.theregister.com/2022/04/25/dhs_bug_bounty/
- Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal https://thehackernews.com/2022/04/researchers-report-critical-rce.html
Cryptography and Cryptographic Research:
- (PQC and agility) Take a Diversified Approach to Encryption https://www.darkreading.com/vulnerabilities-threats/take-a-diversified-approach-to-encryption

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Trends, Alerts, and Events (other than major breaches):
- SMS Phishing Attacks are on the Rise https://www.schneier.com/blog/archives/2022/04/sms-phishing-attacks-are-on-the-rise.html
- Malicious Relays And The Health Of The Tor Network https://packetstormsecurity.com/news/view/33386/Malicious-Relays-And-The-Health-Of-The-Tor-Network.html
- CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021 https://www.darkreading.com/vulnerabilities-threats/cisa-log4shell-most-exploited-vulnerability-2021
- Beware: Onyx ransomware destroys files instead of encrypting them https://www.bleepingcomputer.com/news/security/beware-onyx-ransomware-destroys-files-instead-of-encrypting-them/
- Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild https://thehackernews.com/2022/04/cybercriminals-using-new-malware-loader.html
- Fake Windows 10 updates infect you with Magniber ransomware https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
Crime & Arrests, etc.:
- Child Identity Theft Becomes a $918M Problem https://www.pymnts.com/news/security-and-risk/2022/child-identity-theft-becomes-a-918m-problem/
- Interpol: We can't arrest our way out of cybercrime https://www.theregister.com/2022/04/29/interpol_cybercrime_partnerships/
- Feds offer big rewards for info on suspected Russian Sandworm intel officers https://www.theregister.com/2022/04/27/feds_10m_reward_sandworm/
- Crooks steal NFTs worth '$3m' in Bored Ape Yacht Club heist https://www.theregister.com/2022/04/26/nft_theft_bored_ape_yacht_club/
Nation State Actors:
- Bronze President spies on Russian targets as Ukraine invasion continues https://www.zdnet.com/article/bronze-president-pivots-to-russian-european-targets-amidst-ukraine-invasion
- Chinese state-backed hackers now target Russian state officers https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/
- Nation-state Hackers Target Journalists with Goldbackdoor Malware https://threatpost.com/hackers-target-journalists-goldbackdoor/179389/
- Other:
- 1.2 Million Bad Apps Blocked From Reaching Google Play in 2021 https://www.securityweek.com/12-million-bad-apps-blocked-reaching-google-play-2021
- Iran says it thwarted largescale cyberattack on country's infrastructure https://www.databreaches.net/iran-says-it-thwarted-largescale-cyberattack-on-countrys-infrastructure/

Other Security / Risk

Articles covering other types of risks.

General:
- Global Cloud Ecosystem Index 2022 https://www.technologyreview.com/2022/04/25/1051115/global-cloud-ecosystem-index-2022/
- Security Turbulence in the Cloud: Survey Says… https://threatpost.com/security-turbulence-in-the-cloud-survey-says/179437/
- Bulletproof TLS Newsletter #88 Two zeros bypass Java’s ECDSA signature check, DoQ, DTLS 1.3, domain locking, random oracles, badkeys https://www.feistyduck.com/bulletproof-tls-newsletter/issue_88_two_zeros_bypass_javas_ecdsa_signature_check
- How to get AI to confuse a shark with a clam https://www.aiweirdness.com/how-to-get-ai-to-confuse-a-shark-with-a-clam/
- Brainstorming on Zoom Hampers Creativity https://www.scientificamerican.com/article/brainstorming-on-zoom-hampers-creativity/
- Those dedicated to limiting harmful posts worry about Twitter under Musk. https://www.nytimes.com/live/2022/04/27/technology/twitter-elon-musk-news/musk-misinformation-twitter
- What Should Twitter Forbid? Be Specific. https://www.theatlantic.com/newsletters/archive/2022/04/elon-musk-twitter-deal-content-moderation/629697/
- Apple's DIY repair parts are only slightly cheaper than its repair prices https://www.theverge.com/2022/4/27/23044490/apple-diy-repair-self-service-replacement-part-price-apple-store
- USA's plan to decouple its tech with China lacks a strategy – report https://www.theregister.com/2022/04/26/usas_plan_to_decouple_its/
- CISA Taps Veteran CISO Bob Lord for Technical Adviser Role https://www.darkreading.com/operations/cisa-taps-seasoned-ciso-bob-lord-for-technical-adviser-role
- The US left $7 billion worth of military equipment in Afghanistan after its botched withdrawal, report says https://www.businessinsider.com/us-left-7-billion-military-equipment-in-afghanistan-report-2022-4
- Australia election: Why is there compulsory voting? https://www.bbc.co.uk/news/world-australia-61186402
- How old are we getting? Statistics Canada to say in new census data https://globalnews.ca/news/8790034/census-statistics-canada-age-gender-dwelling-data/
Health:
- An Illinois couple found half-eaten, 'very well-preserved' McDonald's fries from the 1950s inside a bathroom wall while renovating their home https://www.businessinsider.com/illinois-couple-finds-preserved-mcdonalds-fries-from-1950s-in-wall-2022-5
- There's at Least One Major Reason Why People Show Up to Work Sick, Study Finds https://www.sciencealert.com/study-highlights-a-major-reason-why-people-continue-to-work-when-they-re-ill
- A Tick Bite Made Them Allergic to Meat https://www.theatlantic.com/science/archive/2022/04/alpha-gal-syndrome-tick-meat-allergy/629649/
- H5N1 strain considered the worst avian flu to hit Saskatchewan since 2015 https://globalnews.ca/news/8789177/h5n1-avian-flu-influenza-saskatchewan/
- U.S. reports first human bird flu case in Colorado prison inmate https://globalnews.ca/news/8797681/bird-flu-us-human-infection-colorado/
- Which Animal Viruses Could Infect People? Computers Are Racing to Find Out. https://www.nytimes.com/2022/04/27/science/pandemic-viruses-machine-learning.html
- Bill Gates is pushing for a new global task force to watch out for future pandemics, claiming the World Health Organization has 'less than 10 full-time people' monitoring outbreaks https://www.businessinsider.com/bill-gates-task-force-monitor-future-pandemic-outbreaks-2022-5
- New eye-scanning app can screen people for Alzheimer's, ADHD: researchers https://globalnews.ca/news/8801277/new-eye-scanning-app-alzheimers-adhd/
- Unlocking a cure for carbon monoxide poisoning https://scienmag.com/unlocking-a-cure-for-carbon-monoxide-poisoning/
- How to Tell whether a Cancer Is Caused by Plain Bad Luck https://www.scientificamerican.com/article/how-to-tell-whether-a-cancer-is-caused-by-plain-bad-luck/
- U.S. FDA issues plan to ban menthol cigarettes, flavoured cigars https://globalnews.ca/news/8793775/u-s-fda-plan-to-ban-menthol-cigarettes/
- Canada removes ban on blood donations from gay men https://www.bbc.co.uk/news/world-us-canada-61265645
- More than half of the U.S. has had COVID-19, antibody study indicates https://globalnews.ca/news/8787773/covid-19-united-states-infections-antibody-data/
- Nearly one-third of the Canadian population has had COVID-19, antibody data shows https://globalnews.ca/news/8788962/covid-infection-canada-population-antibody-study/
- Genetic links revealed between severe COVID-19 and other diseases https://scienmag.com/genetic-links-revealed-between-severe-covid-19-and-other-diseases/
- New modelling shows that ‘shielding' strategies instead of lockdowns would have led to tens of thousands more deaths https://scienmag.com/new-modelling-shows-that-shielding-strategies-instead-of-lockdowns-would-have-led-to-tens-of-thousands-more-deaths/
- Nearly 1,000 CAF members denied exemptions from COVID-19 vaccine mandate https://globalnews.ca/news/8793602/canadian-armed-forces-1000-members-denied-covid-vaccine-exemption/
- Here's Why Hibernation in Space May Not Be Possible For Humans After All https://www.sciencealert.com/a-common-sci-fi-solution-for-long-distance-space-travel-could-be-pointless-for-humans
Safety:
- Kansas tornado inflicts heavy damage and leaves thousands without power https://www.bbc.co.uk/news/world-us-canada-61281692
- Serious violence peaked after COVID-19 restrictions eased – report https://scienmag.com/serious-violence-peaked-after-covid-19-restrictions-eased-report/
- Toronto police issue warning after finding cannabis products resembling candy https://toronto.ctvnews.ca/toronto-police-issue-warning-after-finding-cannabis-products-resembling-candy-1.5880385
- Go read this report about the virtual doctors at an NFT clinic who can't legally give medical advice https://www.theverge.com/2022/4/26/23042736/go-read-this-nft-clinic-medical-advice-metadocs-metaverse
- Swatting incident prompts heavy police presence on George Street in Peterborough https://globalnews.ca/news/8784366/swatting-incident-police-presence-george-street-peterborough/
- Video shows students fly through the air when car hits bus at 110 mph https://www.washingtonpost.com/nation/2022/04/28/school-bus-crash-albuquerque-video/
- YouTuber deliberately crashed his own plane for views, US aviation agency says https://www.theguardian.com/technology/2022/apr/26/youtuber-deliberately-crashed-plane-for-views-faa
- Dutch boy, 4, takes mother's car for a joyride https://www.bbc.co.uk/news/world-europe-61294584
- A Double Solar Flare Just Triggered Radio Blackouts Over Asia And Australia https://www.sciencealert.com/a-double-solar-flare-just-disrupted-radio-communications-over-asia-and-australia
- ‘Canada's most wanted' arrested hours after new Bolo Program campaign starts https://globalnews.ca/news/8790267/canadas-most-wanted-abilaziz-mohamed-arrested/
Environment:
- ‘Vampire devices' cost UK households £147 a year https://www.bbc.co.uk/news/technology-61235367
- Our world is spiraling out of control… we must be a bit smarter to get through this https://www.horsesforsources.com/spiraling_043022/
- Burp-catching mask for gassy cows, designed to reduce methane emissions and slow down climate change, wins prestigious Prince Charles prize https://www.businessinsider.com/uk-burp-catching-mask-for-cows-slow-down-climate-change-2022-4
- Engineers Create an Enzyme That Breaks Down Plastic Waste in Hours, Not Decades https://www.sciencealert.com/engineers-create-an-enzyme-that-breaks-down-plastic-waste-in-hours-not-decades
- Reforming coral reefs using 3D printing https://scienmag.com/reforming-coral-reefs-using-3d-printing/
- Canada needs Indigenous-led fire stewardship, new research finds https://scienmag.com/canada-needs-indigenous-led-fire-stewardship-new-research-finds/
- Antarctica Lost an Ice Shelf, but Gained an Island https://www.universetoday.com/155666/antarctica-lost-an-ice-shelf-but-gained-an-island/
- Economy:
- Return-to-office is driving Gen Z to quit https://www.businessinsider.com/return-to-office-great-resignation-gen-z-thinking-about-quitting-2022-4
- An Old-Fashioned Economic Tool Can Tame Pricing Algorithms https://www.scientificamerican.com/article/an-old-fashioned-economic-tool-can-tame-pricing-algorithms/
- The Wikimedia Foundation has stopped accepting cryptocurrency donations https://www.theverge.com/2022/5/1/23052309/wikimedia-foundation-stops-cryptocurrency-donations-wikipedia

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

The war:
- Photos: Two Months of War in Ukraine https://www.theatlantic.com/photo/2022/04/photos-two-months-war-ukraine/629690/
- Large explosions rock Kyiv after UN chief meets with Ukraine's Zelenskyy https://globalnews.ca/news/8794181/explosions-kyiv-ukraine-guterres-zelenskyy/
- Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft https://www.securityweek.com/russia-coordinating-cyberattacks-military-strikes-ukraine-microsoft
- Russia fired missiles into Kyiv while the head of the UN visited the city for a meeting with Zelenskyy https://www.businessinsider.com/russia-missile-strikes-kyiv-united-nations-chief-meets-zelenskyy-city-2022-4
- Russia says it struck Western weapons supplied to Ukraine as Pelosi visits Kyiv https://globalnews.ca/news/8801050/russia-ukraine-war-nancy-pelosi-kyiv-visit/
- Russian missile strike damages Odesa airport, Ukraine military says https://globalnews.ca/news/8799991/ukraine-odesa-airport-russian-strike/
- Russian war wreaks more devastation on Mariupol, satellite photos show https://globalnews.ca/news/8799901/satellite-photos-devastation-ukraine-russia-mariupol/
- Russia's war in Donbas picks up speed, Ukraine says https://globalnews.ca/news/8793190/russia-ukraine-donbas-war-picks-up-speed/
- Transnistria and Ukraine conflict: Is war spreading? https://www.bbc.co.uk/news/world-europe-61233095
- Ukraine war: Evacuation of Mariupol civilians under way https://www.bbc.co.uk/news/world-europe-61294744
- A mass grave containing 900 bodies has been discovered in an area near Kyiv, Zelenskyy alleges https://www.businessinsider.com/mass-grave-with-900-bodies-discovered-kyiv-area-zelenskyy-said-2022-4
- War in Ukraine: Ukrainians deported to Russia beaten and mistreated https://www.bbc.co.uk/news/world-europe-61248436
- Ukraine tells Russia to ‘stop the illegal theft of grain' as war continues https://globalnews.ca/news/8793966/ukraine-russia-illegal-grain-theft-war/
- Ukraine is decapitating Russian tanks due to a 'jack-in-the-box' design flaw, reports say https://www.businessinsider.com/ukraine-decapitating-russian-tanks-due-to-design-flaw-2022-4
- Ukrainians say they have no regrets after intentionally flooding their village to stop Russian tanks from reaching Kyiv https://www.businessinsider.com/ukrainians-intentionally-flooded-village-stop-russian-tanks-attack-kyiv-report-2022-4
- Russia reported a large fire at an oil depot in the same area that its officials claimed was earlier attacked by Ukrainian helicopters https://www.businessinsider.com/russia-reports-oil-depot-fire-after-claiming-ukraine-launched-strikes-2022-4
Reaction and response:
- Danger of Third World War ‘serious, real,' Russia says amid NATO support for Ukraine https://globalnews.ca/news/8787007/russia-ukraine-nato-proxy-nuclear-war-accusation/
- Ukraine war: Russia accuses UK of provoking attacks on its territory https://www.bbc.co.uk/news/uk-61235301
- Biden proposes $33bn to help Ukraine in war https://www.bbc.co.uk/news/world-us-canada-61260511
- Allies must ‘eliminate' Russia from world stage at UN Security Council: ex-NATO leader https://globalnews.ca/news/8798062/russia-united-nations-security-council-removal/
- Canada, U.S. to continue ‘maximum pressure' on Russia over Ukraine war: Joly https://globalnews.ca/news/8789449/canada-u-s-maximum-pressure-russia-ukraine-war/
- The Russia-Ukraine war has spurred a crackdown on 'golden passports.' Here's what they are and why the EU is trying to ban them. https://www.businessinsider.com/what-is-golden-passport-visa-russian-oligarch-dual-citizenship-2022-4
- NATO chief says Finland and Sweden would be quickly welcomed 'with open arms' if they want to join alliance https://www.businessinsider.com/nato-finland-sweden-quickly-welcomed-join-military-alliance-ukraine-war-2022-4
- Amidst Invasion of Ukraine, Platforms Continue to Erase Critical War Crimes Documentation https://www.eff.org/deeplinks/2022/04/amidst-invasion-ukraine-platforms-continue-erase-critical-war-crimes-documentation
- DJI is halting all shipments to Russia and Ukraine to slow weaponization of drones https://www.theverge.com/23045059/dji-halt-drone-shipments-russia-ukraine-war
- Russian Firm Seeks $1.2M Against Apple for ‘Moral Damage' https://www.pymnts.com/apple/2022/russian-firm-seeks-1-2m-against-apple-for-moral-damage/
- 6 Russian oligarchs have died in alleged suicides since start of 2022 https://globalnews.ca/news/8790242/russian-oligarchs-suicides-ukraine/
- Europe Cancels Joint Moon Missions with Russia https://www.scientificamerican.com/article/europe-cancels-joint-moon-missions-with-russia/
- Russia will pull out of the International Space Station over economic sanctions: report https://www.businessinsider.com/russia-exit-international-space-station-economic-sanctions-ukraine-conflict-2022-4
Sanctions & economic Impact:
- Ukraine war to cause biggest price shock in 50 years - World Bank https://www.bbc.co.uk/news/business-61235528
- Russia cutting off gas to Poland, Bulgaria is ‘blackmail,' EU chief says https://globalnews.ca/news/8790065/russia-cutting-off-gas-poland-bulgaria-eu-response/
- Russia's biggest state-run oil producer failed to sell 37 millions of barrels of crude as companies self-sanction amid war in Ukraine https://www.businessinsider.com/russias-largest-oil-maker-failed-sell-millions-crude-barrels-oil-2022-4
- Ukraine war: Poland says it will manage without Russian gas https://www.bbc.co.uk/news/business-61237519
- German energy firm Uniper ready to meet Russian pay demand https://www.bbc.co.uk/news/business-61257846
- Russia cuts interest rate again as ruble rebounds but warns economy will crash amid sanctions and soaring inflation https://markets.businessinsider.com/news/currencies/russia-central-bank-interest-rate-cut-ruble-economic-crash-sanctions-2022-4
- Russia declines Germany's ruble payment for gas after cutting off supplies to Poland and Bulgaria, report says https://markets.businessinsider.com/news/commodities/russia-natural-gas-germany-ruble-payment-poland-bulgaria-cut-off-2022-4
- Russia estimates its oil output could fall as much as 17% this year, signaling worst crash since the 1990s, report says https://markets.businessinsider.com/news/commodities/russian-oil-output-crash-17-percent-ukraine-war-sanctions-2022-4
- A ban on Russian crude is the EU's easiest choice from a bunch of hard sanctions options, an influential energy markets historian says https://markets.businessinsider.com/news/commodities/russia-crude-oil-eu-ban-germany-reliance-ukraine-war-expert-2022-4
- As Europe scrambles to ditch Russian oil, the US is shaping up to fill that gap, thanks to its ‘super suitable' cheaper crude, Vortexa says https://markets.businessinsider.com/news/commodities/europe-oil-russia-ban-can-use-super-suitable-us-vortexa-2022-4
- Canada sanctions more than 200 loyal to Russia in Ukraine's east https://globalnews.ca/news/8790210/canada-russia-ukraine-donbas-sanctions/
- China and Russia are working on homegrown alternatives to the SWIFT payment system. Here's what they would mean for the US dollar. https://www.businessinsider.com/china-russia-alternative-swift-payment-cips-spfs-yuan-ruble-dollar-2022-4
- The Kremlin orders a Russian-occupied city in Ukraine to start using rubles, state media says https://markets.businessinsider.com/news/currencies/russia-forces-kherson-to-use-rubles-under-occupation-2022-4
- As Screws Tighten on Russia, a Warning About Civilian Harm of Sanctions https://theintercept.com/2022/04/28/russia-sanctions-civilian-harm-reform/
- Russian oligarchs anticipated sanctions months before the war started and moved money through the informal payment system known as Hawala, an expert says https://www.businessinsider.com/russian-oligarchs-sanctions-movement-money-hawala-ukraine-war-2022-4
- Information, Disinformation, and Propaganda:
- A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers https://www.securityweek.com/chilling-russian-cyber-aim-ukraine-digital-dossiers
- Russian hackers compromise embassy emails to target governments https://www.bleepingcomputer.com/news/security/russian-hackers-compromise-embassy-emails-to-target-governments/
Cyber-attacks and the potential for cyber-war:
- Microsoft Issues Report of Russian Cyberattacks against Ukraine https://www.schneier.com/blog/archives/2022/04/microsoft-issues-report-of-russian-cyberattacks-against-ukraine.html
- Russian hacktivists launch DDoS attacks on Romanian govt sites https://www.bleepingcomputer.com/news/security/russian-hacktivists-launch-ddos-attacks-on-romanian-govt-sites/
- A YouTuber is promoting DDoS attacks on Russia — how safe & legal is this? https://www.bleepingcomputer.com/news/security/a-youtuber-is-promoting-ddos-attacks-on-russia-how-legal-is-this/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

Innovations & Inventions:
- Lost Women of Science Podcast, Season 2, Episode 5: La Jolla https://www.scientificamerican.com/article/lost-women-of-science-podcast-season-2-episode-5-la-jolla/
- This Two-Inch Diamond Disc Could Hold A Staggering Billion Blu-Ray's Worth Of Data https://packetstormsecurity.com/news/view/33381/This-Two-Inch-Diamond-Disc-Could-Hold-A-Staggering-Billion-Blu-Rays-Worth-Of-Data.html
- Discovery of the one-way superconductor, thought to be impossible https://scienmag.com/discovery-of-the-one-way-superconductor-thought-to-be-impossible/
- Researchers design simpler magnets for twisty facilities that could lead to steady-state fusion operation https://scienmag.com/researchers-design-simpler-magnets-for-twisty-facilities-that-could-lead-to-steady-state-fusion-operation/
- A ‘beyond-quantum' equivalence principle for superposition and entanglement https://scienmag.com/a-beyond-quantum-equivalence-principle-for-superposition-and-entanglement/
- China announces plans for a new asteroid-deflecting mission https://www.theverge.com/2022/4/25/23041839/china-asteroid-space-planetary-defense
Other:
- Dogs' Personalities Aren't Determined by Their Breed https://www.scientificamerican.com/article/dogs-personalities-arent-determined-by-their-breed/
- Darwin Was Wrong: Your Facial Expressions Do Not Reveal Your Emotions https://www.scientificamerican.com/article/darwin-was-wrong-your-facial-expressions-do-not-reveal-your-emotions/
- Did you know about Sherlock Holmes' hidden study in Toronto? https://toronto.ctvnews.ca/did-you-know-about-sherlock-holmes-hidden-study-in-toronto-1.5874971
- A 2,000-foot glass-bottomed bridge said to be the longest in the world just opened in Vietnam — take a look at the pedestrian walkway, suspended high above a valley https://www.businessinsider.com/photos-see-2000-foot-glass-bridge-worlds-longest-vietnam-2022-5
- NASA will fly to an asteroid we once thought could strike Earth https://www.cbc.ca/radio/quirks/asteroid-fly-by-earth-1.6435560
- Ingenuity Makes a Trip to See The Debris Left by Perseverance's Landing on Mars https://www.sciencealert.com/ingenuity-makes-a-trip-to-see-perseverance-s-martian-landing-site
- Astronomer's Mind-Blowing Animation Shows The True Scale of Our Solar System https://www.sciencealert.com/astrophysicists-mind-blowing-animation-shows-the-true-scale-of-our-solar-system
- A baby binary star may be forming three different planetary systems around it https://www.syfy.com/syfy-wire/bad-astronomy-binary-star-svs-13-is-in-the-process-of-forming-planets
- In Some Places, Black Holes are Tearing Apart Thousands of Stars at a Time https://www.universetoday.com/155613/in-some-places-black-holes-are-tearing-apart-thousands-of-stars-at-a-time/
- There's One Way Time Travel Could Be Possible, According to This Physicist https://www.sciencealert.com/there-s-one-way-time-travel-could-be-possible-according-to-this-physicist

This Week's [in]Security - Issue 200

CG Blogger : Jan 31, 2021 10:07:00 PM

Welcome to This Week’s [in]Security. SIGS. FAQ. New breaches: 220M, GOAT Breach? UScellular. EU. Mensa. New Ransomware. SkipTheDishes. Remote...

This Week’s [in]Security – Issue 101

CG Blogger : Mar 4, 2019 10:07:00 PM

Welcome to This Week’s [in]Security. This week: detailed alert on trending e-commerce attack methods, PCI glossary for small business, PCI seeks...

[in]security NIST TLS FPE SPoC

This Week’s [in]Security – Issue 104

CG Blogger : Mar 25, 2019 10:07:00 PM

Welcome to This Week’s [in]Security. This week: NIST FPE update may render some deployed solutions weak, NIST formalizes TDES sunset, Magecart...

[in]security NIST TLS FPE

This Week's [in]Security - Issue 265

This Week's [in]Security - Issue 200

This Week’s [in]Security – Issue 101

This Week’s [in]Security – Issue 104

Services

About Us

Knowledge Base

Contact