This Week's [in]Security - Issue 269

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Brazil. Skimmers. Payments: New breaches: Nuclear documents, Brexit, GM, Colleges, Toronto. Follow-ups & Fall-out: MGM Resorts, GitHub, NPM. Privacy: DuckDuck, Facial tech, data safety. Laws & Regs - Canada: C-11. US: Disclosure, Twitter, Content moderation, Zuckerberg, Trolls. World: Clearview AI, Privacy Shield, Borderless data, Platform liability. Defense - Tools & Techniques, Vulnerabilities, Advisories: CISA. Zerodays, Patching: Vmware, Zoom. Other: AWS key theft or research? Containers, Forging Australian digital IDs, Phishing infosec. Vulnerability research: Controlling touchscreens remotely, Pre-hijacking accounts, manipulating ML. Crypto-research: RSA, AES. Cybercrime: Trends: Crime & Enforcement: Nation States and mercenaries. Other. Other Risks: General: Health, Safety, Environment, Disinformation, Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:
  • PCI DSS v4.0: A Regional Perspective from Brazil https://blog.pcisecuritystandards.org/pci-dss-v4-0-a-regional-perspective-from-brazil
    
    
• Payment skimmers/malware/fraud:
  
  • Beneath the surface: Uncovering the shift in web skimming https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/

• Other payment related:
  
  • Mastercard's Cyber Front and other Digital Transactions News briefs from 5/24/22 https://www.digitaltransactions.net/e-commerce-platforms-wane-business-payments-must-catch-up-mastercards-cyber-front/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
  
  • Iran nuclear files Mossad seized in 2018 included stolen IAEA records – WSJ https://www.databreaches.net/iran-nuclear-files-mossad-seized-in-2018-included-stolen-iaea-records-wsj/
  • Ex-spymaster and fellow Brexiteers' emails leaked by suspected Russian op
    https://www.theregister.com/2022/05/26/brexit_emails_leaked/
  • General Motors credential stuffing attack exposes car owners info https://www.bleepingcomputer.com/news/security/general-motors-credential-stuffing-attack-exposes-car-owners-info/
  • Breach Exposed Data of Half-Million Chicago Students, Staff https://www.securityweek.com/breach-exposed-data-half-million-chicago-students-staff
  • US college VPN credentials for sale on Russian crime forums, FBI says https://arstechnica.com/information-technology/2022/05/us-college-vpn-credentials-for-sale-on-russian-crime-forums-fbi-says/
  • Another Texas state agency data breach — this time, it's the Department of Transportation https://www.databreaches.net/another-texas-state-agency-data-breach-this-time-its-the-department-of-transportation/
  • Ca: Data breach at Toronto health network possibly exposed patient information, OHIP numbers https://www.databreaches.net/ca-data-breach-at-toronto-health-network-possibly-exposed-patient-information-ohip-numbers/
  • Calgary charity hit by data breach says it responded appropriately despite client concerns https://globalnews.ca/news/8872996/calgary-charity-data-breach/
  • Amart Furniture - 108,940 breached accounts https://haveibeenpwned.com/PwnedWebsites#AmartFurniture
  • Fanpass - 112,251 breached accounts https://haveibeenpwned.com/PwnedWebsites#Fanpass
  • Hacker Steals Database of Hundreds of Verizon Employees https://www.databreaches.net/hacker-steals-database-of-hundreds-of-verizon-employees/
  • Potential privacy breach after documents stolen from abandoned Auckland police station https://www.databreaches.net/potential-privacy-breach-after-documents-stolen-from-abandoned-auckland-police-station/
    
    
• New Ransomware and "Incidents":
   
  • Ransomware grounds some flights at Indian budget airline SpiceJet https://www.theregister.com/2022/05/26/ransomware_attack_grounds_spicejet/
  • Clop ransomware gang is back, hits 21 victims in a single month
    https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-is-back-hits-21-victims-in-a-single-month/
  • BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state
    https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/
  • IL: Cyberattack costs City of Quincy $650,000 https://www.databreaches.net/il-cyberattack-costs-city-of-quincy-650000/
    
    
• Follow-ups and fall-out:
  • MGM Resorts (2022 Update) - 24,842,001 breached accounts https://haveibeenpwned.com/PwnedWebsites#MGM2022Update
  • Millions of people's info stolen from MGM Resorts dumped on Telegram for free
    https://www.theregister.com/2022/05/25/mgm_customers_data_dumped_again/
  • GitHub saved plaintext passwords of npm users in log files, post mortem reveals https://www.theregister.com/2022/05/27/github_publishes_a_post_mortem/
  • Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach
    https://thehackernews.com/2022/05/nearly-100000-npm-users-credentials.html
  • Preen.Me - 236,105 breached accounts https://haveibeenpwned.com/PwnedWebsites#PreenMe
  • SirHurt - 90,655 breached accounts https://haveibeenpwned.com/PwnedWebsites#SirHurt
  • Wendy's - 52,485 breached accounts https://haveibeenpwned.com/PwnedWebsites#Wendys
  • Data breach class actions: Southern District of New York dismisses action against health care providers for lack of standing https://www.databreaches.net/data-breach-class-actions-southern-district-of-new-york-dismisses-action-against-health-care-providers-for-lack-of-standing/

Privacy

Articles about privacy related news, risks, and trends.

• DuckDuckGo browser allows Microsoft trackers due to search agreement https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/
• It's about time facial recognition tech firms took a look in the mirror | John Naughton https://www.theguardian.com/commentisfree/2022/may/28/clearview-ai-facial-recognition-database-fine-information-commissioners-office-ico
• Redefining “privacy” and “personal security” in a changing infosec world https://arstechnica.com/information-technology/2022/05/redefining-privacy-and-personal-security-in-a-changing-infosec-world/
• Where in the world is your child's data safe? 50 countries ranked on their child data protection legislation https://www.comparitech.com/blog/information-security/child-data-privacy-by-country/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
  • The Unrecognizable Bill C-11: The Online Streaming Act Comes to the Heritage Committee https://www.michaelgeist.ca/2022/05/the-unrecognizable-bill-c-11-the-online-streaming-act-comes-to-the-heritage-committee/
  • Why the Government's New Telecom Policy Directive Means More of the Same for Canada's Communications Competition Woes https://www.michaelgeist.ca/2022/05/telecomdirective/
    
    
• US:
  • GOP Bill Would Ban App Stores From Supporting Apps That Accept Digital Yuan https://www.pymnts.com/cbdc/2022/gop-bill-would-ban-app-stores-from-supporting-apps-that-accept-digital-yuan/
  • FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement” https://www.databreaches.net/ftc-blog-the-ftc-act-creates-a-de-facto-breach-disclosure-requirement/
  • FTC fines Twitter $150M for using 2FA info for targeted advertising https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/
  • EFF to Court: California Law Does Not Bar Content Moderation on Social Media https://www.eff.org/deeplinks/2022/05/eff-court-california-law-does-not-bar-content-moderation-social-media
  • Massachusetts' Highest Court Upholds Cell Tower Dump Warrant https://www.eff.org/deeplinks/2022/05/massachusetts-highest-court-upholds-cell-tower-dump-warrant
  • New Connecticut Privacy Law Makes Path to Compliance More Complex https://www.darkreading.com/edge/new-connecticut-privacy-law-adds-to-the-complex-compliance-maze
  • Zuckerberg sued by DC attorney general over Cambridge Analytica data scandal https://www.theguardian.com/technology/2022/may/23/mark-zuckerberg-sued-dc-attorney-general-cambridge-analytica-data-scandal
  • Patent Troll Uses Ridiculous "People Finder" Patent to Sue Small Dating Companies https://www.eff.org/deeplinks/2022/05/patent-troll-uses-ridiculous-people-finder-patent-sue-small-dating-companies
    
    
• World:
  • Clearview AI ordered to delete facial recognition data belonging to UK residents https://www.theverge.com/2022/5/23/23137603/clearview-ai-ordered-delete-data-uk-residents-ico-fine
  • Facial Recognition Firm Clearview AI Fined $9.4 Million by UK Regulator https://www.securityweek.com/facial-recognition-firm-clearview-ai-fined-94-million-uk-regulator
  • Campaigners warn of legal challenge against Privacy Shield enhancements https://www.theregister.com/2022/05/26/privacy_shield_schrems_warning/
  • The Era of Borderless Data Is Ending https://www.nytimes.com/2022/05/23/technology/data-privacy-laws.html
  • Platform Liability Trends Around the Globe: Taxonomy and Tools of Intermediary Liability https://www.eff.org/deeplinks/2022/05/platform-liability-trends-around-globe-taxonomy-and-tools-intermediary-liability
  • Volkswagen to pay out £193m in 'dieselgate' settlement https://www.bbc.co.uk/news/business-61581251

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:
  • Microsoft to force better security defaults for all Azure AD tenants https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-better-security-defaults-for-all-azure-ad-tenants/
  • Taking the Danger Out of IT/OT Convergence https://www.darkreading.com/dr-tech/taking-the-danger-out-of-it-ot-convergence
  • Over $1.1 Million Awarded at Pwn2Own Vancouver 2022 for 25 Zero-Day Vulnerabilities https://www.securityweek.com/over-11-million-awarded-pwn2own-vancouver-2022-25-zero-day-vulnerabilities
  • Celebrating 15 Years of Pwn2Own https://www.trendmicro.com/en_us/research/22/e/pwn2own-video.html
    
    
• Methods, Techniques, Tools, and Products:
  • DBIR Makes a Case for Passwordless https://www.darkreading.com/tech-trends/dbir-case-for-passwordles
  • Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp) https://www.microsoft.com/security/blog/2022/05/25/detecting-and-preventing-privilege-escalation-attacks-leveraging-kerberos-relaying-krbrelayup/
  • How To Find NPM Dependencies Vulnerable To Account Hijacking https://packetstormsecurity.com/news/view/33480/How-To-Find-NPM-Dependencies-Vulnerable-To-Account-Hijacking.html
  • Retrofitting Temporal Memory Safety on C++ https://security.googleblog.com/2022/05/retrofitting-temporal-memory-safety-on-c.html
  • SIM-based Authentication Aims to Transform Device Binding Security to End Phishing https://thehackernews.com/2022/05/sim-based-authentication-aims-to.html
  • Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection https://www.darkreading.com/attacks-breaches/kingston-digital-releases-touch-screen-hardware-encrypted-external-ssd-for-data-protection
  • Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
    https://thehackernews.com/2022/05/lumos-system-can-find-hidden-cameras.html

Bugs/Design Flaws/Vulnerabilities/Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
  • CISA adds 41 vulnerabilities to list of bugs used in cyberattacks https://www.bleepingcomputer.com/news/security/cisa-adds-41-vulnerabilities-to-list-of-bugs-used-in-cyberattacks/
  • Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched https://thehackernews.com/2022/05/tails-os-users-advised-not-to-use-tor.html
    
• Zero-day and other recent vulnerability news:
  • Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-thunderbird-zero-days-exploited-at-pwn2own/
  • Exploitation of VMware Vulnerability Imminent Following Release of PoC https://www.securityweek.com/exploitation-vmware-vulnerability-imminent-following-release-poc
    
    
• Patching:
  • Researchers to release exploit for new VMware auth bypass, patch now https://www.bleepingcomputer.com/news/security/researchers-to-release-exploit-for-new-vmware-auth-bypass-patch-now/
  • Zoom Patches ‘Zero-Click' RCE Bug https://threatpost.com/zoom-patches-zero-click-rce-bug/179727/
    
    
• Other Vulnerabilities:
  • Hacker says hijacking libraries, stealing AWS keys was ethical research https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/
  • Popular Python and PHP libraries hijacked to steal AWS keys https://www.bleepingcomputer.com/news/security/popular-python-and-php-libraries-hijacked-to-steal-aws-keys/
  • How Secrets Lurking in Source Code Lead to Major Breaches https://thehackernews.com/2022/05/how-secrets-lurking-in-source-code-lead.html
  • The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters https://www.trendmicro.com/en_us/research/22/e/the-fault-in-our-kubelets-analyzing-the-security-of-publicly-exposed-kubernetes-clusters.html
  • Yes, Containers Are Terrific, But Watch the Security Risks https://thehackernews.com/2022/05/yes-containers-are-terrific-but-watch.html
  • ‘Tough to Forge' Digital Driver's Licenses Are—Yep—Easy to Forge https://www.wired.com/story/digital-drivers-license-forgery-identity-theft
  • Digital driver's license used by 4M Australians is a snap to forge https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/
  • Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html
  • Forging Australian Driver's Licenses https://www.schneier.com/blog/archives/2022/05/forging-australian-drivers.html
  • Critical Vulnerabilities Found in Open Automation Software Platform https://www.securityweek.com/critical-vulnerabilities-found-open-automation-software-platform
  • Talos names eight deadly sins in widely used industrial software https://www.theregister.com/2022/05/27/talos-aos-vulnerabilities/
  • QCT Servers Affected by 'Pantsdown' BMC Vulnerability https://www.securityweek.com/qct-servers-affected-pantsdown-bmc-vulnerability
  • Zyxel warns of flaws impacting firewalls, APs, and controllers https://www.bleepingcomputer.com/news/security/zyxel-warns-of-flaws-impacting-firewalls-aps-and-controllers/
  • Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices https://thehackernews.com/2022/05/microsoft-finds-critical-bugs-in-pre.html
  • Third-Party Scripts on Websites Present a 'Broad & Open' Attack Vector https://www.darkreading.com/application-security/third-party-scripts-websites-broad-open-attack-vector
  • Fake Windows exploits target infosec community with Cobalt Strike https://www.databreaches.net/fake-windows-exploits-target-infosec-community-with-cobalt-strike/
  • Why do hackers keep coming back to attack you? Because they can
    https://www.theregister.com/2022/05/24/why_do_hackers_keep_coming/
  • Windows 11 KB5014019 breaks Trend Micro ransomware protection https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/
  • In record year for vulnerabilities, Microsoft actually had fewer https://www.theregister.com/2022/05/25/microsoft_vulnerabilities_2021/
    
    
• Research on new vulnerabilities:
  • Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html
  • About half of popular websites tested found vulnerable to account pre-hijacking https://www.theregister.com/2022/05/25/web_pre_hijacking/
  • Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them https://thehackernews.com/2022/05/learn-how-hackers-can-hijack-your.html
  • Manipulating Machine-Learning Systems through the Order of the Training Data https://www.schneier.com/blog/archives/2022/05/manipulating-machine-learning-systems-through-the-order-of-the-training-data.html
    
    
• Cryptography and Cryptographic Research:
  • Further Cryptanalysis of a Type of RSA Variants https://eprint.iacr.org/2022/611
  • Synthesizing Quantum Circuits of AES with Lower T-depth and Less Qubits https://eprint.iacr.org/2022/620
  • Cryptanalysis of Reduced Round SPEEDY https://eprint.iacr.org/2022/612
  • Quantum Implementation and Analysis of DEFAULT https://eprint.iacr.org/2022/647
  • Recovering Rainbow's Secret Key with a First-Order Fault Attack https://eprint.iacr.org/2022/632

Hacking/Malware/Cybercrime/Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
  • It's 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017 https://www.theregister.com/2022/05/24/hp-pdf-phishing-malware/
  • Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report https://www.darkreading.com/attacks-breaches/vishing-attacks-reach-all-time-high-according-to-latest-agari-and-phishlabs-report
  • Experts Warn of Rise in ChromeLoader Malware Hijacking Users' Browsers https://thehackernews.com/2022/05/experts-warn-of-rise-in-chromeloader.html
  • Fronton IOT Botnet Packs Disinformation Punch https://threatpost.com/fronton-botnet-disinformation/179721/
  • BPFDoor malware uses Solaris vulnerability to get root privileges https://www.bleepingcomputer.com/news/security/bpfdoor-malware-uses-solaris-vulnerability-to-get-root-privileges/
  • EnemyBot malware adds exploits for critical bugs in VMware, F5 BIG-IP https://www.bleepingcomputer.com/news/security/enemybot-malware-adds-exploits-for-critical-bugs-in-vmware-f5-big-ip/
  • Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities https://thehackernews.com/2022/05/hackers-increasingly-using-browser.html
  • Malware-Infested Smart Card Reader https://www.schneier.com/blog/archives/2022/05/malware-infested-smart-card-reader.html
  • New ‘Cheers' Linux ransomware targets VMware ESXi servers https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/
  • New Windows Subsystem for Linux malware steals browser auth cookies https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/
  • Ransomware encrypts files, demands three good deeds to restore data https://www.theregister.com/2022/05/26/promoting_goodwill_via_malware_extortion/
  • CLOP Ransomware Activity Spiked in April https://www.darkreading.com/threat-intelligence/clop-ransomware-activity-spiked-in-april
  • Conti Ransomware Operation Shut Down After Splitting into Smaller Groups https://thehackernews.com/2022/05/conti-ransomware-gang-shut-down-after.html
  • Cybergang Claims REvil is Back, Executes DDoS Attacks https://threatpost.com/cybergang-claims-revil-is-back-executes-ddos-attacks/179734/
  • Industrial Spy data extortion market gets into the ransomware game https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/
  • Link Found Connecting Chaos, Onyx and Yashma Ransomware https://threatpost.com/chaos-onyx-and-yashma-ransomware/179730/
  • IBM Dives Into TrickBot Gang's Malware Crypting Operation https://www.securityweek.com/ibm-dives-trickbot-gangs-malware-crypting-operation
    
    
• Crime & Arrests, etc.:
  • Why It's Hard to Sanction Ransomware Groups https://www.propublica.org/article/ransomware-russia-ukraine-sanctions-ofac-conti#1335645
  • Criminals using deed fraud, identity theft to steal homes https://www.databreaches.net/criminals-using-deed-fraud-identity-theft-to-steal-homes/
  • Scammers Used Twitter's Crypto Community to Steal Information https://www.pymnts.com/news/security-and-risk/2022/scammers-used-twitters-crypto-community-to-steal-information/
  • Battered victim pics used in new ID verification dating scam https://www.bleepingcomputer.com/news/security/battered-victim-pics-used-in-new-id-verification-dating-scam/
  • New Yorker imprisoned for role in carding group behind $568M damages https://www.bleepingcomputer.com/news/security/new-yorker-imprisoned-for-role-in-carding-group-behind-568m-damages/
  • New Toronto investigative unit will probe organized crime, starting with carjackings https://toronto.ctvnews.ca/new-toronto-investigative-unit-will-probe-organized-crime-starting-with-carjackings-1.5917902
  • Video shows police using helicopter to track down carjacking suspects https://toronto.ctvnews.ca/video-shows-police-using-helicopter-to-track-down-carjacking-suspects-1.5921828
  • Bayonne Police Sergeant Charged With Unauthorized Use of Law Enforcement Database https://www.databreaches.net/bayonne-police-sergeant-charged-with-unauthorized-use-of-law-enforcement-database/
    
    
• Nation State Actors:
  • Brexit Leak Site Linked to Russian Hackers https://www.darkreading.com/vulnerabilities-threats/brexit-leak-site-linked-russian-hackers
  • The Mystery of China's Sudden Warnings About US Hackers https://www.wired.com/story/china-us-hacking-accusations

Other Security/Risks

Articles covering other types of risks.

• General:
  • Cyber Insurers Raise Rates Amid a Surge in Costly Hacks https://www.wsj.com/articles/cyber-insurers-raise-rates-amid-a-surge-in-costly-hacks-11652866200
  • KPMG Canada exposes employees to tracking https://www.vaughantoday.ca/kpmg-canada-exposes-its-employees-to-tracking/
  • Health:
  • Fake Meds Sold Online Put Millions at Risk. This Is How Big The Problem Is https://www.sciencealert.com/fake-meds-sold-online-put-millions-of-lives-at-risk-this-is-how-big-the-problem-is
  • Physical distancing recommended amid monkeypox spread in Canada, Njoo says https://globalnews.ca/news/8872680/canada-monkeypox-update-vaccinations-may-26/
  • The maker of Jif peanut butter has recalled dozens of products over possible salmonella contamination — see the full list https://www.businessinsider.com/which-jif-peanut-butter-is-being-recalled-list-2022-5
  • The sci-fi technology tackling malarial mosquitos https://www.bbc.co.uk/news/business-61505102
  • This Tick Can Make You Allergic to Meat, and It's Spreading https://www.scientificamerican.com/article/this-tick-can-make-you-allergic-to-meat-and-it-rsquo-s-spreading/
  • First Patient Injected With Experimental Cancer-Killing Virus in New Clinical Trial https://www.sciencealert.com/first-patient-injected-with-experimental-cancer-killing-virus-in-new-clinical-trial
  • Feel Sick After Exercise? A Scientist Explains Why, And How to Prevent It https://www.sciencealert.com/feeling-sick-after-exercise-science-explains-why
    
    
• Safety:
  • Passenger's smartphone catches fire as plane prepares to take off https://www.businessinsider.com/wizzair-passengers-phone-went-on-fire-just-before-take-off-2022-5
  • When Amazon drones crashed, the company told the FAA to go fly a kite https://www.businessinsider.com/amazon-prime-air-faa-regulators-investigation-drone-crashes-2022-5
  • Inside the Government Fiasco That Nearly Closed the U.S. Air System https://www.propublica.org/article/fcc-faa-5g-planes-trump-biden#1339519
  • Thousands in southern Ontario still without power several days after deadly storm https://globalnews.ca/news/8871080/thousands-without-power-days-after-deadly-storm/
  • Several Toronto schools in lockdown amid reports of man with a rifle, suspect injured https://globalnews.ca/news/8872212/east-toronto-schools-lockdown/
  • Student caught with firearms outside Texas high school day after deadly shooting https://globalnews.ca/news/8870179/texas-high-school-student-caught-assault-style-weapons/
  • Texas school shooting is among deadliest in U.S. history. Here are some of the others https://globalnews.ca/news/8867381/texas-school-shooting-history-us/
  • Two people shot and 7 cops injured at Toronto beach on Sunday night https://toronto.ctvnews.ca/two-people-shot-and-7-cops-injured-at-toronto-beach-on-sunday-night-1.5915138
  • Winnipeg police seize 3D-printed handgun in drug raid https://globalnews.ca/news/8868857/winnipeg-police-3d-printed-handgun-drug-raid/
  • The Field of Firearms Forensics Is Flawed https://www.scientificamerican.com/article/the-field-of-firearms-forensics-is-flawed/
  • Live WW1 hand grenade found by child on beach https://www.bbc.co.uk/news/uk-northern-ireland-61620129
  • North Korea launches series of missiles, including ICBM, soon after Biden departs Asia https://globalnews.ca/news/8867491/north-korea-missile-tests-biden-asia/
  • Beijing needs the ability to 'destroy' Starlink, say Chinese researchers https://www.theregister.com/2022/05/25/beijing_starlink_takedown/
    
    
• Environment:
  • Environment Canada confirms EF2 tornado was part of deadly Ontario storm https://toronto.ctvnews.ca/environment-canada-confirms-ef2-tornado-was-part-of-deadly-ontario-storm-1.5917033
  • Forecasters predict a very active hurricane season https://www.bbc.co.uk/news/science-environment-61571996
  • NOAA Predicts Abnormally Strong Atlantic Hurricane Season: The 7th Year in a Row https://www.sciencealert.com/noaa-is-predicting-another-above-average-hurricane-season-in-2022
  • Underwater rescue: Spanish divers free whale trapped in illegal fishing net https://www.cbc.ca/news/world/whale-rescue-spain-1.6464091
  • Carbon capture takes sponge-like form with new cost-effective method https://scienmag.com/carbon-capture-takes-sponge-like-form-with-new-cost-effective-method/
  • How the US plans to plug 1 million toxic 'orphan' oil wells https://www.businessinsider.com/how-the-us-plans-plug-million-toxic-orphan-oil-wells-2022-5
  • Kelp Is Weirdly Great at Sucking Carbon Out of the Sky https://www.theatlantic.com/science/archive/2022/05/kelp-running-tide-carbon-removal/638421/
  • Everything You Know about Shark Conservation Is Wrong https://www.scientificamerican.com/article/everything-you-know-about-shark-conservation-is-wrong/
  • British coral predicted to be resilient to climate change https://scienmag.com/british-coral-predicted-to-be-resilient-to-climate-change/
  • Are EV batteries recyclable? Your questions answered https://www.cbc.ca/news/science/ask-electric-vehicle-battery-faq-1.6468646
    
    
• Disinformation and misinformation
  • How to Fix Twitter—And All of Social Media https://www.theatlantic.com/technology/archive/2022/05/how-to-fix-twitter-social-media/629951/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
  • Ukraine says it destroyed a Russian mortar carrier after a pro-Kremlin journalist accidentally exposed its location https://www.businessinsider.com/russia-news-exposed-mortar-carrier-ukraine-says-journalist-denied-2022-5
  • Ukraine war: Bodies of dead Russian soldiers abandoned near Kyiv https://www.bbc.co.uk/news/world-europe-61571855
  • US believes Russia has so far lost nearly 1,000 tanks in Putin's war with Ukraine, defense official says https://www.businessinsider.com/us-estimates-russia-tank-losses-in-ukraine-2022-5
  • Before and after photos show how Russia's assault turned Mariupol from an industrial port city into rubble https://www.businessinsider.com/ukraine-port-city-mariupol-before-after-russia-invasion-photos-2022-5
  • Unearthing the evidence of Russia's war crimes in east Ukraine https://globalnews.ca/news/8864629/ukraine-evidence-russian-war-crimes/
  • Ukraine war: Russian soldier Vadim Shishimarin jailed for life over war crime https://www.bbc.co.uk/news/world-europe-61549569
  • Russia ready to open corridor for ships leaving Ukraine with food – with conditions https://globalnews.ca/news/8868010/russia-ukraine-war-shipping-food-corridor
  • The War Won't End Until Putin Loses https://www.theatlantic.com/ideas/archive/2022/05/why-ukraine-must-defeat-putin-russia/629940/
    
• Reaction and response:
  • Lithuania crowdfunds $5.4 million to buy Ukraine a feared Bayraktar combat drone https://www.businessinsider.com/bayraktar-lithuania-crowfunds-54m-to-buy-feared-drone-for-ukraine-2022-5
  • Coup against Putin would be triggered if one of his top officials refuses to carry out a nuclear strike, Bellingcat expert says https://www.businessinsider.com/coup-against-putin-begins-if-officials-refuse-nuclear-strike-expert-2022-5
  • Russian diplomat to UN in Switzerland resigns over Ukraine war https://globalnews.ca/news/8863624/russia-un-diplomat-quits-ukraine-war/
  • Ukrainian refugees set to land in Canada on 1st of 3 chartered flights https://globalnews.ca/news/8863141/ukraine-refugees-canada-manitoba/
  • Russian plane grounded indefinitely at Toronto Pearson racking up huge parking bill https://toronto.ctvnews.ca/russian-plane-grounded-indefinitely-at-toronto-pearson-racking-up-huge-parking-bill-1.5919680
  • How the war in Ukraine threatens decades of scientific research https://www.cbc.ca/news/canada/edmonton/russia-war-ukraine-academic-scientific-research-1.6461894
  • The crew of a $300 million yacht linked to a Russian oligarch is 'refusing to sail' with US officials trying to seize it, report says https://www.businessinsider.com/russian-oligarch-yacht-crew-refused-to-sail-with-us-officials-2022-5
  • US wins legal dispute to seize a Russian gold tycoon's $300 million superyacht in Fiji, report says https://www.businessinsider.com/us-wins-legal-dispute-seize-russian-oligarch-yacht-fiji-sanctions-2022-5
    
• Sanctions & economic Impact:
  • US closes loophole for Russian debt payments https://www.bbc.co.uk/news/business-61569560
  • How can Ukraine export its harvest to the world? https://www.bbc.co.uk/news/world-europe-61583492
  • Ukraine war: World Bank boss warns over global recession https://www.bbc.co.uk/news/business-61575387
  • A deeper drop in Russian oil supply is likely to trigger a global recession and a full-blown energy crisis, Bank of America warns https://markets.businessinsider.com/news/commodities/russian-oil-supply-fall-global-recession-energy-crisis-prices-bofa-2022-5
  • Russian stocks are 'essentially worthless' after the Ukraine invasion based on pricing in a key derivatives market, MSCI says https://markets.businessinsider.com/news/stocks/russian-stocks-essentially-worthless-after-ukraine-invasion-derivatives-market-msci-2022-5
  • Russia's economy is 'imploding' as exports to the sanctioned country plummet, economists say https://www.businessinsider.com/russian-economy-imploding-exports-under-pressure-ukraine-war-sanctions-2022-5
  • Starbucks is exiting Russia, following McDonald's lead https://www.businessinsider.com/starbucks-is-leaving-russia-after-mcdonalds-2022-5
    
• Information, Disinformation, and Propaganda:
  • Open Source Intelligence May Be Changing Old-School War https://www.wired.com/story/open-source-intelligence-war-russia-ukraine
    
• Cyber-attacks and the potential for cyber-war:
  • Hackers target Russian govt with fake Windows updates pushing RATs https://www.bleepingcomputer.com/news/security/hackers-target-russian-govt-with-fake-windows-updates-pushing-rats/

Off-Topic/Science & Tech/Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
  • Nuclear Fusion Can Unleash Even More Power Than We Realized, Scientists Say https://www.sciencealert.com/discovery-of-new-physics-could-one-day-squeeze-a-lot-more-power-from-fusion
  • Will this fruit-picking robot transform agriculture? https://www.theguardian.com/us-news/2022/may/28/robot-agriculture-farming-artificial-intelligence
  • Tangle-free magnetic USB cables are here https://www.theverge.com/23138894/usb-cable-tangle-free-magnetic-self-winding
  • Boeing's Starliner spacecraft returns to Earth, wrapping up critical test mission https://www.theverge.com/2022/5/25/23138395/boeing-cst-100-starliner-nasa-undocking-landing-oft-2
  • NASA is Building a Mission That Will Refuel and Repair Satellites in Orbit https://www.universetoday.com/155863/nasa-is-building-a-mission-that-will-refuel-and-repair-satellites-in-orbit/
  • All these images were generated by Google's latest text-to-image AI https://www.theverge.com/2022/5/24/23139297/google-imagen-text-to-image-ai-system-examples-paper
    
• Other:
  • Researchers home in on Thera volcano eruption date https://phys.org/news/2022-05-home-thera-volcano-eruption-date.html
  • JWST is now fully focused https://www.syfy.com/syfy-wire/bad-astronomy-james-webb-space-telescope-is-now-completely-focused
  • A new Quantum Technique Could Enable Telescopes the Size of Planet Earth https://www.universetoday.com/155841/a-new-quantum-technique-could-enable-telescopes-the-size-of-planet-earth/
  • Planets of binary stars as possible homes for alien life https://scienmag.com/planets-of-binary-stars-as-possible-homes-for-alien-life/
  • Voyager 1 Doesn't Know Where it is, Generating Random-Looking Telemetry Data https://www.universetoday.com/156065/voyager-1-doesnt-know-where-it-is-generating-random-looking-telemetry-data/
  • A weird four-star system may lead the way to catastrophic supernovae https://www.syfy.com/syfy-wire/bad-astronomy-quaternary-star-hd-74438-shows-astronomers-how-stars-can-explode
  • Gaia is an Even More Powerful Planet Hunter Than we Thought https://www.universetoday.com/156073/gaia-is-an-even-more-powerful-planet-hunter-than-we-thought/