This Week's [in]Security - Issue 267

Welcome to This Week’s [in]Security. PCI SSF related errata, SSF & NIST. virtual cards on android. New breaches: US Law enforcement, VPNs, Yik Yak. New Ransomware: Conti & REvil, Oregon, AGRO, pay and pay again. Follow-ups: Capital One, Colonial Pipeline, HIBP updates. Privacy: web-key-loggers, ICE. Laws & Regs - Canada: C-11. US: breach reporting, warrants, cybercrime bill. World: crypto-wars, suing cybercriminals. Defense - Cybergames, software recalls, critical open source, MFA adoption, partnerships. Vulnerabilities - Advisories: F5 Big-IP. Patching: Intel, Firewalls, multiple Windows, printers, Other: NPM hijack, supply chains, Log4ever, medical devices. Vulnerability research: Word & PDF scripts, Intel & AMD, SQL WAF bypass. Crypto-research. Cybercrime - Active: NPM, WordPress, Linux, SMS, Exchanage, Discord; Crime & Enforcement: wanted, disgruntled. Nation States and mercenaries. Other Risks, Health, Safety, Environment, Economy. AI. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Related:
• (Errata, relates to PCI Secure Software) On the revision of NIST 800-22 Test Suites, by Katarzyna Anna Kowalska and Davide Fogliano and Jose Garcia Coello https://eprint.iacr.org/2022/540
• Other payment related:
• Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones https://thehackernews.com/2022/05/blog-post.html

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• DEA Investigating Breach of Law Enforcement Data Portal https://krebsonsecurity.com/2022/05/dea-investigating-breach-of-law-enforcement-data-portal/
• Personal details of 21M SuperVPN, GeckoVPN users leaked on Telegram https://www.databreaches.net/personal-details-of-21m-supervpn-geckovpn-users-leaked-on-telegram/
• Za: Over 3.6m records exposed in Dis-Chem cyber attack https://www.databreaches.net/za-over-3-6m-records-exposed-in-dis-chem-cyber-attack/
• Anonymous Social Media App Yik Yak Exposed Users' Precise Locations https://www.databreaches.net/anonymous-social-media-app-yik-yak-exposed-users-precise-locations/
• Cameron County Elections Office Reports Online Security Breach https://www.databreaches.net/cameron-county-elections-office-reports-online-security-breach/
• NZ: Data breach on AA Traveller website https://www.databreaches.net/nz-data-breach-on-aa-traveller-website/
• Law Firm Cyber Breach May Impact 23K, Including Financial Institution Client's Customers https://www.databreaches.net/law-firm-cyber-breach-may-impact-23k-including-financial-institution-clients-customers/
• No need to hack when it's leaking, Saturday edition: Cincinnati inadvertently posted employees' personal data online https://www.databreaches.net/no-need-to-hack-when-its-leaking-saturday-edition-cincinnati-inadvertently-posted-employees-personal-data-online/
• Parker-Hannifin discloses breach affecting employee health plan data https://www.databreaches.net/parker-hannifin-discloses-breach-affecting-employee-health-plan-data/
• Boca Raton Attorney Allegedly Leaked Clients' Confidential Files https://www.databreaches.net/boca-raton-attorney-allegedly-leaked-clients-confidential-files/
• Ontario Cannabis Store confirms data leak, Ontario Provincial Police opens investigation https://www.databreaches.net/ontario-cannabis-store-confirms-data-leak-ontario-provincial-police-opens-investigation/
• Quantum Imaging & Therapeutic Associates notification following 2021 data security incident https://www.databreaches.net/quantum-imaging-therapeutic-associates-notification-following-2021-data-security-incident/
• Refuah Health Center “recently discovered” a breach that was listed on the dark web in June, 2021? https://www.databreaches.net/refuah-health-center-recently-discovered-a-breach-that-was-listed-on-the-dark-web-in-june-2021/
• Nl: Citizens' data stolen from Eindhoven police cadet's car https://www.databreaches.net/nl-citizens-data-stolen-from-eindhoven-police-cadets-car/
• France sees boom in personal data breaches in 2021 https://www.databreaches.net/france-sees-boom-in-personal-data-breaches-in-2021/
• New Ransomware and "Incidents":
• 5 Years That Altered the Ransomware Landscape https://www.darkreading.com/endpoint/five-years-that-changed-the-ransomware-landscape
• Conti Ransomware Attack Spurs State of Emergency in Costa Rica https://threatpost.com/conti-ransomware-attack-emergency-costa-rica/179560/
• Fresh ransomware samples indicate REvil is back https://www.theregister.com/2022/05/11/revil-returns-secureworks-samples/
• Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html
• Cyber attack prompts security response by Oregon secretary of state https://www.databreaches.net/cyber-attack-prompts-security-response-by-oregon-secretary-of-state/
• Hackers Hit Web Hosting Provider Linked to Oregon Elections https://www.securityweek.com/hackers-hit-web-hosting-provider-linked-oregon-elections
• Ransomware plows through farm machinery giant AGCO https://www.theregister.com/2022/05/09/farm_machinery_giant_agco_hit/
• Most organizations hit by ransomware would pay up if hit again https://www.theregister.com/2022/05/13/organizations_pay_ransomware/
• Follow-ups and fall-out:
• Capital One to settle 2019 data breach class action lawsuit for $190 million https://www.databreaches.net/capital-one-to-settle-2019-data-breach-class-action-lawsuit-for-190-million/
• U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack https://thehackernews.com/2022/05/us-proposes-1-million-fine-on-colonial.html
• Hundreds of patient data breaches are left unpunished, reveals The BMJ https://www.databreaches.net/hundreds-of-patient-data-breaches-are-left-unpunished-reveals-the-bmj/
• Mint gets data breach claims dismissed https://www.databreaches.net/mint-gets-data-breach-claims-dismissed/
• BlackBerry Fans - 174,168 breached accounts https://haveibeenpwned.com/PwnedWebsites#BlackBerryFans
• OGUsers (2021 breach) - 348,302 breached accounts https://haveibeenpwned.com/PwnedWebsites#OGUsers2021
• Paragon Cheats - 188,089 breached accounts https://haveibeenpwned.com/PwnedWebsites#ParagonCheats

Privacy

Articles about privacy related news, risks, and trends.

• Thousands of Top Websites See What You Type—Before You Hit Submit https://www.wired.com/story/leaky-forms-keyloggers-meta-tiktok-pixel-study
• ICE Is a Domestic Surveillance Agency https://www.schneier.com/blog/archives/2022/05/ice-is-a-domestic-surveillance-agency.html
• Thomson Reuters to Review Human Rights Impact of its Data Collection for ICE https://www.eff.org/deeplinks/2022/05/thomson-reuters-review-human-rights-impact-its-data-collection-ice
• How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• The Government's Gaslighting of the Online Streaming Act (Or Why Bill C-11 Regulates User Generated Content) https://www.michaelgeist.ca/2022/05/the-governments-gaslighting-of-the-online-streaming-act-or-why-bill-c-11-regulates-user-generated-content/
• Keeping the Bill C-11 Implementation Secret, Regulating User Content, and Citing Non-Existent Benefits: Some Reflections on the House of Commons Online Streaming Act Debate https://www.michaelgeist.ca/2022/05/keeping-the-bill-c-11-implementation-secret-regulating-user-content-and-citing-non-existent-benefits-some-reflections-on-the-house-of-commons-online-streaming-act-debate/
• Google warns Canada's online news bill could force subsidies on biased outlets https://globalnews.ca/news/8835266/canada-bill-c-18-google-online-news/
• Canada's top court says voluntary extreme intoxication a defence in violent crimes https://globalnews.ca/news/8832723/supreme-court-canada-extreme-intoxication/
• US:
• The Era of Responsible Cybersecurity Finally Arrives - SEC on cybersecurity & disclosure https://www.tenable.com/blog/the-era-of-responsible-cybersecurity-finally-arrives
• The Messy Progress on Data Privacy https://www.nytimes.com/2022/05/12/technology/federal-data-privacy-law.html
• Geofence Warrants and Reverse Keyword Warrants are So Invasive, Even Big Tech Wants to Ban Them https://www.eff.org/deeplinks/2022/05/geofence-warrants-and-reverse-keyword-warrants-are-so-invasive-even-big-tech-wants
• Office for Civil Rights (OCR): Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief https://www.databreaches.net/ocr-current-fines-too-low-to-spur-compliance-agency-also-seeks-funding-boost-injunctive-relief/
• EFF to Court: Fair Use is a Right Congress Cannot Cast Aside https://www.eff.org/deeplinks/2022/05/eff-court-fair-use-right-congress-cannot-cast-aside
• Biden signs cybercrime tracking bill into law https://www.theregister.com/2022/05/09/biden_signs_cybercrime_tracking_bill/
• Court lets Texas restrictions on social platform content moderation take effect https://www.theverge.com/2022/5/11/23067002/texas-netchoice-paxton-hb20-social-media-law-fifth-circuit-appeals-court-grant-stay-ruling
• In a Blow to Free Speech, Texas' Social Media Law Allowed to Proceed Pending Appeal https://www.eff.org/deeplinks/2022/05/blow-free-speech-texas-unconstitutional-social-media-law-allowed-proceed-pending
• Maryland Governor Signs Bills to Strengthen Cybersecurity https://www.securityweek.com/maryland-governor-signs-bills-strengthen-cybersecurity
• California Law Enforcement Now Needs Approval for Military-Grade Surveillance Equipment. We'll Be Watching. https://www.eff.org/deeplinks/2022/05/california-law-enforcement-now-needs-approval-military-grade-surveillance
• A court just blew up internet law because it thinks YouTube isn't a website https://www.theverge.com/2022/5/13/23068423/fifth-circuit-texas-social-media-law-ruling-first-amendment-section-230
• Florida condo collapse: Victims reach nearly US$1 billion settlement, reports say https://globalnews.ca/news/8827962/florida-condo-collapse-victims-settlement/
• World:
• UK Announces Data Reform Bill https://www.databreaches.net/uk-announces-data-reform-bill/
• Europe proposes tackling child abuse by killing privacy, strong encryption https://www.theregister.com/2022/05/12/eu_encryption_csam/
• The EU Commission's New Proposal Would Undermine Encryption And Scan Our Messages https://www.eff.org/deeplinks/2022/05/eu-commissions-new-proposal-would-undermine-encryption-and-scan-our-messages
• How to Fight Foreign Hackers With Civil Litigation https://www.databreaches.net/how-to-fight-foreign-hackers-with-civil-litigation/
• Russia Pushes Law to Force Taxi Apps to Share Data With Spy Agency https://www.securityweek.com/russia-pushes-law-force-taxi-apps-share-data-spy-agency
• Standards News:
• Initial draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B, is now available for public comment until July 12 https://csrc.nist.gov/publications/detail/sp/800-140b/rev-1/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• US Cyber Games Season II begins https://www.uscybergames.com/
• General:
• Software patching must work like car safety recalls, says US cyber boss https://www.theregister.com/2022/05/13/us_cyber_director_patching/
• Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects https://thehackernews.com/2022/05/google-created-open-source-maintenance.html
• Linux, OpenSSF Champion Plan to Improve Open Source Security https://www.darkreading.com/application-security/linux-openssf-champion-10-point-plan-to-improve-open-source-security
• The Hidden Race to Protect the US Bioeconomy From Hacker Threats https://www.wired.com/story/biotech-security-threats
• Yahoo Japan strives for universal passwordless authentication https://www.theregister.com/2022/05/11/yahoo_japan_goes_passwordless/
• Threat Source newsletter (May 12, 2022) — Mandatory MFA adoption is great, but is it too late? http://blog.talosintelligence.com/2022/05/threat-source-newsletter-may-12-2022.html
• Taking on the Next Generation of Phishing Scams https://security.googleblog.com/2022/05/taking-on-next-generation-of-phishing.html
• You Can't Eliminate Cyberattacks, So Focus on Reducing the Blast Radius https://threatpost.com/cyberattacks-blast-radius/179612/
• Methods, Techniques, Tools, and Products:
• Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders https://www.microsoft.com/security/blog/2022/05/11/center-for-threat-informed-defense-microsoft-and-industry-partners-streamline-mitre-attck-matrix-evaluation-for-defenders/
• Google Will Use Mobile Devices to Thwart Phishing Attacks https://www.darkreading.com/dr-tech/google-will-use-mobile-devices-to-thwart-phishing-attacks
• Android 13 Tries to Make Privacy and Security a No-Brainer https://www.wired.com/story/android-13-privacy-security-update
• I/O 2022: Android 13 security and privacy (and more!) https://security.googleblog.com/2022/05/io-2022-android-13-security-and-privacy.html
• Microsoft Flexes Security Vendor Muscles With Managed Services https://www.securityweek.com/microsoft-flexes-security-vendor-muscles-managed-services
• Microsoft security experts outline next steps after compromise recovery https://www.microsoft.com/security/blog/2022/05/10/microsoft-security-experts-outline-next-steps-after-compromise-recovery/
• NVIDIA has open-sourced its Linux GPU kernel drivers https://www.bleepingcomputer.com/news/linux/nvidia-has-open-sourced-its-linux-gpu-kernel-drivers/
• UK govt releases free tool to check for email cybersecurity risks https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA tells federal agencies to fix actively exploited F5 BIG-IP bug https://www.bleepingcomputer.com/news/security/cisa-tells-federal-agencies-to-fix-actively-exploited-f5-big-ip-bug/
• Zero-day news:
• From 0-Day to Mirai: 7 days of BIG-IP Exploits, (Fri, May 13th) https://isc.sans.edu/diary/rss/28644
• Patching:
• If you've got Intel inside, you probably need to get these security patches inside, too https://www.theregister.com/2022/05/12/intel_product_bugs/
• SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices https://thehackernews.com/2022/05/sonicwall-releases-patches-for-new.html
• Zyxel silently fixes critical RCE vulnerability in firewall products https://www.bleepingcomputer.com/news/security/zyxel-silently-fixes-critical-rce-vulnerability-in-firewall-products/
• Microsoft Patch Tuesday, May 2022 Edition https://krebsonsecurity.com/2022/05/microsoft-patch-tuesday-may-2022-edition/
• Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates https://thehackernews.com/2022/05/microsoft-releases-fix-for-new-zero-day.html
• Microsoft closes Windows LSA hole under active attack https://www.theregister.com/2022/05/11/microsoft_patch_tuesday/
• Microsoft fixes new PetitPotam Windows NTLM Relay attack vector https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-petitpotam-windows-ntlm-relay-attack-vector/
• Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory https://thehackernews.com/2022/05/microsoft-mitigates-rce-vulnerability.html
• Microsoft fixes Windows Direct3D issue behind app crashes https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-direct3d-issue-behind-app-crashes/
• HP fixes bug letting attackers overwrite firmware in over 200 models https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attackers-overwrite-firmware-in-over-200-models/
• Hundreds of Thousands of Konica Printers Vulnerable to Hacking via Physical Access https://www.securityweek.com/konica-minolta-printers-vulnerable-hacking-physical-access
• Other Vulnerabilities:
• Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point https://www.theregister.com/2022/05/10/security_npm_email/
• Five Eyes turn spotlight on MSPs: Potential weak links in IT supply-chain security https://www.theregister.com/2022/05/11/five_eyes_msp/
• Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning https://www.darkreading.com/cloud/log4shell-exploit-data-lake-ai-poisoning
• Our Medical Devices' Open Source Problem – What Are the Risks? https://www.bleepingcomputer.com/news/security/our-medical-devices-open-source-problem-what-are-the-risks/
• Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access http://blog.talosintelligence.com/2022/05/blog-post-.html
• Adobe Warns of 'Critical' Security Flaws in Enterprise Products https://www.securityweek.com/adobe-warns-critical-security-flaws-enterprise-products
• Hackers Can Make Siemens Building Automation Controllers 'Unavailable for Days' https://www.securityweek.com/hackers-can-make-siemens-building-automation-controllers-unavailable-days
• Research on new vulnerabilities:
• Researchers find 134 flaws in the way Word, PDFs, handle scripts https://www.theregister.com/2022/05/13/cooperative_mutation_flaw_finder/
• Intel Memory Bug Poses Risk for Hundreds of Products https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/
• AMD Gave Google Cloud Rare Access to Its Tech to Hunt Chip Flaws https://www.wired.com/story/google-cloud-amd-confidential-computing-security-audit
• Release of Technical Report into the AMD Security Processor https://googleprojectzero.blogspot.com/2022/05/release-of-technical-report-into-amd.html
• Transforming SQL Queries Bypasses WAF Security https://www.darkreading.com/cloud/transforming-sql-queries-bypasses-waf-security
• Cryptography and Cryptographic Research:
• The NSA Swears It Has ‘No Backdoors' in Next-Gen Encryption https://www.wired.com/story/nsa-backdoor-encryption-security-roundup
• FC1: A Powerful, Non-Deterministic, Symmetric Key Cipher, by Michele Fabbrini https://eprint.iacr.org/2022/567
• On Seedless PRNGs and Premature Next, by Sandro Coretti and Yevgeniy Dodis and Harish Karthikeyan and Noah Stephens-Davidowitz and Stefano Tessaro https://eprint.iacr.org/2022/558

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Critical F5 BIG-IP vulnerability targeted by destructive attacks https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-targeted-by-destructive-attacks/
• Malicious NPM Packages Target German Companies in Supply Chain Attack https://thehackernews.com/2022/05/malicious-npm-packages-target-german.html
• Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites https://thehackernews.com/2022/05/thousands-of-wordpress-sites-hacked-to.html
• Windows Print Spooler Vulnerabilities Increasingly Exploited in Attacks https://www.securityweek.com/windows-print-spooler-vulnerabilities-increasingly-exploited-attacks
• Hired 'Hackers' Try, and Fail, to Invade Brazil Vote System https://www.securityweek.com/hired-hackers-try-and-fail-invade-brazil-vote-system
• Novel Phishing Trick Uses Weird Links to Bypass Spam Filters https://threatpost.com/novel-phishing-trick-uses-weird-links-to-bypass-spam-filters/179587/
• BPFdoor: Stealthy Linux malware bypasses firewalls for remote access https://www.bleepingcomputer.com/news/security/bpfdoor-stealthy-linux-malware-bypasses-firewalls-for-remote-access/
• Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families https://thehackernews.com/2022/05/experts-detail-saintstealer-and-prynt.html
• FluBot Android malware targets Finland in new SMS campaigns https://www.bleepingcomputer.com/news/security/flubot-android-malware-targets-finland-in-new-sms-campaigns/
• Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers https://thehackernews.com/2022/05/hackers-deploy-iceapple-exploitation.html
• Historic Hotel Stay, Complementary Emotet Exposure included https://www.bleepingcomputer.com/news/security/historic-hotel-stay-complementary-emotet-exposure-included/
• Malware Builder Leverages Discord Webhooks https://threatpost.com/malware-discord-webhooks/179605/
• Octopus Backdoor is Back with a New Embedded Obfuscated Bat File, (Mon, May 9th) https://isc.sans.edu/diary/rss/28628
• Ursnif Malware Banks on News Events for Phishing Attacks https://blog.qualys.com/vulnerabilities-threat-research/2022/05/08/ursnif-malware-banks-on-news-events-for-phishing-attacks
• Crime & Arrests, etc.:
• U.S. Offers $15 Million Bounty for Leaders of Conti Ransomware Gang https://www.securityweek.com/us-offers-15-million-bounty-leaders-conti-ransomware-gang
• Crypto thief threatened to cut man's fingers 'one by one,' stole £34K https://www.bleepingcomputer.com/news/security/crypto-thief-threatened-to-cut-mans-fingers-one-by-one-stole-34k/
• Cybercriminal Charged with Unauthorized Computer Intrusion, Securities Fraud, Wire Fraud and Other Crimes https://www.databreaches.net/cybercriminal-charged-with-unauthorized-computer-intrusion-securities-fraud-wire-fraud-and-other-crimes/
• Cybercriminal Sentenced To Federal Prison For Decrypting The Credentials Of Thousands Of Computers Across The World And Selling Them On A Dark Web Website https://www.databreaches.net/cybercriminal-sentenced-to-federal-prison-for-decrypting-the-credentials-of-thousands-of-computers-across-the-world-and-selling-them-on-a-dark-web-website/
• Angry IT admin wipes employer's databases, gets 7 years in prison https://www.bleepingcomputer.com/news/security/angry-it-admin-wipes-employer-s-databases-gets-7-years-in-prison/
• Nation State Actors:
• About the Citizen Lab's CatalanGate Report https://deibert.citizenlab.ca/2022/05/about-the-citizen-labs-catalangate-report/
• Spain's Spy Chief Sacked Over Phone Hacking Scandal https://www.securityweek.com/spains-spy-chief-sacked-over-phone-hacking-scandal
• F.B.I. Told Israel It Wanted Pegasus Hacking Tool for Investigations https://www.nytimes.com/2022/05/12/us/politics/fbi-pegasus-spyware-israel.html
• To predict the targets of Chinese malware, look at the target of Chinese laws https://www.theregister.com/2022/05/13/team_t5_china_regulation_malware_link/
• Iranian Cyberspy Group Launching Ransomware Attacks Against US https://www.securityweek.com/iranian-cyberspy-group-launching-ransomware-attacks-against-us
• Iran-linked Cobalt Mirage extracts money, info from US orgs – report https://www.theregister.com/2022/05/13/cobalt-mirage-ransomware/
• Iran-Linked OilRig APT Caught Using New Backdoor https://www.securityweek.com/iran-linked-oilrig-apt-caught-using-new-backdoor
• APT gang 'Sidewinder' goes on two-year attack spree across Asia https://www.theregister.com/2022/05/12/sidewinder_apt_attack_spree/
• Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia https://thehackernews.com/2022/05/bitter-apt-hackers-add-bangladesh-to.html
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
• 'Peacetime in cyberspace is a chaotic environment' says senior US advisor https://www.theregister.com/2022/05/13/cyberspace_is_first_theatre_of_war/
• It's time to kick China off social media, says tech governance expert https://www.theregister.com/2022/05/12/ban_china_from_social_media/
• On standardized time - ‘The Clocks are Telling Lies:' https://www.universetoday.com/155802/the-clocks-are-telling-lies-a-new-book-from-universe-today-writer-scott-alan-johnston/
• Health:
• Audiologists warn loud music on earbuds causing hearing damage https://toronto.ctvnews.ca/audiologists-warn-loud-music-on-earbuds-causing-hearing-damage-1.5902798
• Potentially dangerous synthetic cooling agents are used at high levels in E-cigarettes and refillable vaping liquids https://scienmag.com/potentially-dangerous-synthetic-cooling-agents-are-used-at-high-levels-in-e-cigarettes-and-refillable-vaping-liquids/
• How “calming” our spinal cords could provide relief from muscle spasms https://scienmag.com/how-calming-our-spinal-cords-could-provide-relief-from-muscle-spasms/
• Parasite Infecting Up to 50% of People 'Really Likes The Retina', Scientists Say https://www.sciencealert.com/parasite-infecting-one-in-three-people-really-likes-the-retina-scientists-say
• 7 probable cases of severe acute hepatitis in children reported at Toronto's SickKids Hospital https://globalnews.ca/news/8822636/sickkids-hospital-toronto-severe-acute-hepatitis-reported/
• Is It COVID, or Is It Allergies? https://www.scientificamerican.com/article/is-it-covid-or-is-it-allergies/
• United States passes one million Covid deaths https://www.bbc.co.uk/news/world-us-canada-61301910
• Over 40,000 have died from COVID-19 in Canada, but hospitalizations are falling again https://globalnews.ca/news/8834765/covid-canada-40k-deaths-6th-wave/
• Unique binding of Delta variant may explain high transmissibility https://scienmag.com/unique-binding-of-delta-variant-may-explain-high-transmissibility/
• Ontario reports lowest number of COVID-19 ICU admissions this year, seven deaths https://toronto.ctvnews.ca/ontario-reports-lowest-number-of-covid-19-icu-admissions-this-year-seven-deaths-1.5904034
• U.S. schools bring back mask mandates amid rising COVID-19 cases https://globalnews.ca/news/8828664/u-s-schools-covid-mask-mandates-return/
• Robotic surgery is safer and improves patient recovery time https://scienmag.com/robotic-surgery-is-safer-and-improves-patient-recovery-time/
• Safety:
• Emergency alert system in B.C. to be in place for extreme heat in June: minister https://globalnews.ca/news/8834643/alert-ready-extreme-heat-june/
• RCMP claims that emergency alerts cause public panic are unfounded: N.S. inquiry https://globalnews.ca/news/8830533/rcmp-claims-emergency-alerts-panic-unfounded-inquiry/
• Environment:
• There's an Unfortunate Causal Link Between Cleaner Air And Atlantic Hurricanes https://www.sciencealert.com/in-a-cruel-twist-study-finds-cleaner-air-leads-to-more-atlantic-hurricanes
• Scientists Have Figured Out What's Killing The World's Biggest Fish https://www.sciencealert.com/scientists-have-figured-out-what-s-killing-the-world-s-biggest-fish
• The Tonga Eruption Reached Space! https://www.universetoday.com/155844/the-tonga-eruption-reached-space/
• Economy:
• Worry and fear as US faces baby formula shortage https://www.bbc.co.uk/news/world-us-canada-61445314
• Baby formula shortage leaves shelves empty at some Toronto stores https://toronto.ctvnews.ca/baby-formula-shortage-leaves-shelves-empty-at-some-toronto-stores-1.5901765
• Crypto crash: Stablecoin collapse sends tokens tumbling https://www.bbc.co.uk/news/technology-61425209
• The Crypto Crash Is Just the Start https://www.theatlantic.com/newsletters/archive/2022/05/worrying-signs-economy-inflation-crypto/629848/
• AI:
• The Baltimore Orioles Effect https://www.aiweirdness.com/baltimore-orioles-effect/
• Bonus: Questionable blog facts https://www.aiweirdness.com/more-questionable-blog-facts/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine war: Russia's invasion not going to plan, Nato says https://www.bbc.co.uk/news/world-europe-61457622
• Russian troops pull back from Kharkiv after weeks of bombardment, Ukraine says https://globalnews.ca/news/8835255/russian-troops-kharkiv-ukraine-new-war-phase/
• Fleeing Russian soldiers left behind key military documents that indicate Putin had plans to seize all of Ukraine, officials said https://www.businessinsider.com/abandoned-documents-show-putin-hoped-to-seize-all-ukraine-official-2022-5
• Security footage shows Russian troops shooting 2 Ukrainian civilians in the back, the BBC reports https://www.businessinsider.com/russian-troops-security-video-shooting-ukrainian-civilians-bbc-report-2022-5
• Starstreak, the fastest surface-to-air missile ever made, is bringing down Russian helicopters in Ukraine https://www.businessinsider.com/british-starstreak-missile-is-shooting-down-russian-helicopters-in-ukraine-2022-5
• Ukrainian forces destroy parts of Russian armored column crossing river https://globalnews.ca/news/8833333/ukraine-russia-armored-column-donbas/
• Ukraine begins first war crimes trial of Russian soldier https://www.bbc.co.uk/news/world-europe-61441907
• Ukraine conflict: Russian chemical attack claim fact-checked https://www.bbc.co.uk/news/61439398
• Reaction and response:
• Canada wants G7 nations to have a quick-reaction cybersecurity team after Ukraine attack https://globalnews.ca/news/8834047/canada-g7-cybersecurity-ukraine/
• Finland announces plan to apply for NATO membership: ‘Historic day' https://globalnews.ca/news/8836480/finland-nato-membership-application/
• NATO welcoming Finland, Sweden would be a big deal. Here's why https://globalnews.ca/news/8829710/nato-finland-sweden-impact-explained/
• NATO will grant Sweden, Finland membership quickly after they apply: sources https://globalnews.ca/news/8828655/nato-sweden-finland-membership-ukraine/
• Russia said Finland joining NATO is 'definitely' a threat and warned it would retaliate as the country moves ever closer to membership https://www.businessinsider.com/russia-threatened-finland-as-it-moves-closer-to-nato-membership-2022-5
• Ukraine war: Sweden and Finland confirm Nato plans in historic shift https://www.bbc.co.uk/news/world-europe-61456726
• Sanctions & economic Impact:
• Russia is resorting to putting computer chips from dishwashers and refrigerators in tanks due to US sanctions, official says https://www.businessinsider.com/us-says-russia-using-chips-from-dishwashers-in-tanks-sanctions-2022-5
• Gas shortages expected in Europe as Russia imposes sanctions, Ukraine halts flow https://globalnews.ca/news/8829588/russia-ukraine-europe-gas-supply/
• Ukraine has officially shut some Russian gas flow to Europe, marking the most direct impact to European energy markets so far in the war https://markets.businessinsider.com/news/commodities/ukraine-natural-gas-russian-pipe-flow-transit-route-europe-2022-5
• Ukraine crisis: Can Africa replace Russian gas supplies to Europe? https://www.bbc.co.uk/news/world-africa-61334470
• The EU is drafting a plan to pay for Russian gas without violating sanctions, insiders say https://www.businessinsider.com/european-union-drafting-plan-pay-russian-gas-without-violating-sanctions-2022-5
• Google Chrome updates failing on Android devices in Russia https://www.bleepingcomputer.com/news/security/google-chrome-updates-failing-on-android-devices-in-russia/
• Information, Disinformation, and Propaganda:
• The spy war within the war https://www.bbc.co.uk/news/world-61311026
• Hackers display “blood is on your hands" on Russian TV, take down RuTube https://www.bleepingcomputer.com/news/security/hackers-display-blood-is-on-your-hands-on-russian-tv-take-down-rutube/
• How a French satellite operator helps keep Russia's TV propaganda online https://arstechnica.com/information-technology/2022/05/how-a-french-satellite-operator-helps-keep-russias-tv-propaganda-online/
• Cyber-attacks and the potential for cyber-war:
• Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss https://www.theregister.com/2022/05/12/jeff_moss_ukraine_cyber_governance/
• US, Europe formally blame Russia for data wiper attacks against Ukraine, Viasat https://www.theregister.com/2022/05/10/us_eu_russia/
• The Case for War Crimes Charges Against Russia's Sandworm Hackers https://www.wired.com/story/cyber-war-crimes-sandworm-russia-ukraine

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• Algae-powered computing: Scientists create reliable and renewable biological photovoltaic cell https://scienmag.com/algae-powered-computing-scientists-create-reliable-and-renewable-biological-photovoltaic-cell/
• Scientists show how to store liquid fuels in polymeric gels to prevent explosions and fires https://scienmag.com/scientists-show-how-to-store-liquid-fuels-in-polymeric-gels-to-prevent-explosions-and-fires/
• Scientists grow plants in soil from moon: ‘It took our breath away' https://globalnews.ca/news/8829900/earth-plants-seeds-grown-in-moon-soil/
• Other:
• Octopuses Tragically Destroy Themselves After Mating. We May Finally Know Why https://www.sciencealert.com/scientists-close-in-on-why-octopuses-tragically-destroy-themselves-after-mating
• The biggest comet ever seen shows off its hair for Hubble https://www.syfy.com/syfy-wire/bad-astronomy-hubble-image-of-un271-biggest-comet-ever-seen
• A Recently Discovered Double Binary System is Unstable. Stars Could Collide, Leading to a Supernova https://www.universetoday.com/155912/a-recently-discovered-double-binary-system-is-unstable-stars-could-collide-leading-to-a-supernova/
• Astronomers Finally Catch a Nova Detonating on a White Dwarf as it's Happening https://www.universetoday.com/155881/astronomers-finally-catch-a-nova-detonating-on-a-white-dwarf-as-its-happening/
• Incredible images as astronomers see material swirling around the Milky Way's supermassive black hole for the very first time! https://www.syfy.com/syfy-wire/bad-astronomy-first-image-sgr-a-black-hole-center-of-milky-way