This Week's [in]Security - Issue 274

Welcome to This Week’s [in]Security. PCI updates: website, ASV, HSM, Card Production. Skimmers. New breaches: ethical hacker gone bad, AMD, guns, not me. New Ransomware: Unemployment, Kubernetes, Norway, Steel. Follow-ups. Privacy: SuperCookies, Google. Laws & Regs - Canada: C-27, C-18, ArriveCAN. US: Cyber-training, open shares. World: when AI kills, crypto AML. Standards: NIST PNT. Defense - Training & events: FISSEA. Tools & Techniques, HaveIbeenPwned. Vulnerabilities - Advisories, Zerodays, Patching, Other: MITRE, Win2012 EOL, MS-AD-oops, UnRar. Crypto-research. Cybercrime - Trends: the unpatched, APIs, Deepfake hires. Crime & Enforcement: wanted, cheating, Nation States and mercenaries. Other Risks: General: locked out of everything, shadow IT, e-voting, PINs. Ai. Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:
• The PCI SSC Website has had an updated look and was restructured with more resources https://www.pcisecuritystandards.org/
• ASV Program Guide v4.0 https://docs-prv.pcisecuritystandards.org/Programs%20and%20Certification/Approved%20Scanning%20Vendor%20(ASV)/ASV_Program_Guide_v4.0.pdf
• PTS HSM Technical Frequently Asked Questions https://docs-prv.pcisecuritystandards.org/PTS/Frequently%20Asked%20Questions%20(FAQ)/PTS_HSM_Technical_FAQs_v4_July_2022.pdf
• Card Production and Provisioning Logical Security Requirements https://docs-prv.pcisecuritystandards.org/Card%20Production/Standard/PCI_CP_Logical_SR_TPs_v3.0.1_Final.pdf
• Card Production and Provisioning Physical Security Requirements https://docs-prv.pcisecuritystandards.org/Card%20Production/Standard/PCI_CP_Physical_SR_TPs%20v3.0.1_Final.pdf
• Card Production Logical ROC Reporting & AOC Templates https://docs-prv.pcisecuritystandards.org/Card%20Production/Reporting%20Template%20or%20Form/PCI_CP_ROC_v3.0_Reporting_Template_Logical_Final.pdf
• Card Production Physical ROC & AOC templates https://docs-prv.pcisecuritystandards.org/Card%20Production/Reporting%20Template%20or%20Form/PCI_CP_ROC_v3.0_Reporting_Template_SOC_Final.pdf
• FAQs for Card Production v3.0 Security Requirements https://docs-prv.pcisecuritystandards.org/Card%20Production/Frequently%20Asked%20Questions%20(FAQ)/Card_Prod_Security_Rqrmts_FAQ_FAQs_v3_June_2022.pdf
• PCI DSS v4.0: A Perspective from India https://blog.pcisecuritystandards.org/pci-dss-v4-0-a-perspective-from-india
• PCI Security Standards Council Promotes Mark Meissner to Lead Education & Engagement Operations https://www.pcisecuritystandards.org/about_us/press_releases/pci-security-standards-council-promotes-mark-meissner-to-lead-education-engagement-operations/
• Payment skimmers/malware/fraud:
• Bank of the West found debit card-stealing skimmers on ATMs https://www.bleepingcomputer.com/news/security/bank-of-the-west-found-debit-card-stealing-skimmers-on-atms/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Rogue HackerOne employee steals bug reports to sell on the side https://www.bleepingcomputer.com/news/security/rogue-hackerone-employee-steals-bug-reports-to-sell-on-the-side/
• AMD targeted by RansomHouse, attackers claim to have '450Gb' in stolen data https://www.theregister.com/2022/06/28/amd-ransomhouse-data-extortion/
• California state's gun control websites expose personal data https://www.theregister.com/2022/06/30/california_websites_expose_personal_data/
• Gun Database Breach Leaks Details on Thousands of Owners https://www.wired.com/story/california-gun-owner-leak-security-roundup/
• Iranian hackers leak info of over 300,000 Israelis from tourism sites https://www.databreaches.net/iranian-hackers-leak-info-of-over-300000-israelis-from-tourism-sites/
• British Army YouTube and Twitter accounts hacked https://www.bbc.co.uk/news/uk-62030644
• OpenSea phishing threat after rogue insider leaks customer email addresses https://www.theregister.com/2022/06/30/opensea_data_breach_phishing/
• Tencent admits to poisoned QR code attack on QQ chat platform https://www.theregister.com/2022/06/28/tencent_qq_qr_code_attack/
• Alameda Health System's second breach went undetected by investigators of first breach? https://www.databreaches.net/alameda-health-systems-second-breach-went-undetected-by-investigators-of-first-breach/
• Charlotte Radiology experiences data breach involving patient information https://www.databreaches.net/charlotte-radiology-experiences-data-breach-involving-patient-information/
• Patient information compromised in OrthoNebraska data breach https://www.databreaches.net/patient-information-compromised-in-orthonebraska-data-breach/
• Professional Finance Company, Inc. is providing breach notifications to patients of 663 covered entities https://www.databreaches.net/professional-finance-company-inc-is-providing-breach-notifications-to-patients-of-663-covered-entities/
• When the data leak is not from the victim you named, Wednesday edition https://www.databreaches.net/when-the-data-leak-is-not-from-the-victim-you-named-wednesday-edition/
• Medical documents, other personal information found by landscaper on busy Jacksonville road https://www.databreaches.net/medical-documents-other-personal-information-found-by-landscaper-on-busy-jacksonville-road/
• New Ransomware and "Incidents":
• Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter https://www.darkreading.com/attacks-breaches/ransomware-volume-doubles-2021-totals-single-quarter
• Cyberattack shuts down unemployment, labor websites across the US https://www.theregister.com/2022/07/01/gsi-cyberattack-state-unemployment/
• Over 900,000 Kubernetes instances found exposed online https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/
• State unemployment, jobs services down around the country after cyberattack at GSI https://www.databreaches.net/state-unemployment-jobs-services-down-around-the-country-after-cyberattack-at-gsi/
• Norway hit with cyberattack, temporarily suspending service https://www.databreaches.net/norway-hit-with-cyberattack-temporarily-suspending-service/
• Cyberattack Forces Iran Steel Company to Halt Production https://www.securityweek.com/cyberattack-forces-iran-steel-company-halt-production
• Walmart denies being hit by Yanluowang ransomware attack https://www.databreaches.net/walmart-denies-being-hit-by-yanluowang-ransomware-attack/
• Vice Society claims ransomware attack on Med. University of Innsbruck https://www.bleepingcomputer.com/news/security/vice-society-claims-ransomware-attack-on-med-university-of-innsbruck/
• Follow-ups and fall-out:
• Dutch Uni Gets Cyber Ransom Money Back… With Interest https://www.databreaches.net/dutch-uni-gets-cyber-ransom-money-back-with-interest/
• Bookchor - 498,297 breached accounts https://haveibeenpwned.com/PwnedWebsites#Bookchor
• Bourse des Vols - 1,460,130 breached accounts https://haveibeenpwned.com/PwnedWebsites#BourseDesVols
• Expensive week for Carnival Corp: a $1.25 million settlement with states over one breach, then a $5 million settlement with New York for violating state cybersecurity regulation https://www.databreaches.net/expensive-week-for-carnival-corp-a-1-25-million-settlement-with-states-over-one-breach-then-a-5-million-settlement-with-new-york-for-violating-state-cybersecurity-regulations/
• Wegmans hit with $400,000 data-breach penalty https://www.databreaches.net/wegmans-hit-with-400000-data-breach-penalty/
• UPDATE: Michigan Avenue Immediate Care in Chicago submits notification concerning 2021 cyberattack https://www.databreaches.net/update-michigan-avenue-immediate-care-in-chicago-submits-notification-concerning-2021-cyberattack/
• Updating: Breach reports from Eye Care Leaders' clients continue to add up https://www.databreaches.net/updating-breach-reports-from-eye-care-leaders-clients-continue-to-add-up/

Privacy

Articles about privacy related news, risks, and trends.

• ‘Supercookies' Have Privacy Experts Sounding the Alarm https://www.wired.com/story/trustpid-digital-token-supercookie/
• Google sign-up 'fast track to surveillance', consumer groups say https://www.bbc.co.uk/news/technology-61980233
• Google Says It Will Delete Location Data When Users Visit Abortion Clinics https://www.nytimes.com/2022/07/01/technology/google-abortion-location-data.html
• Venezuela tapped 1.5 million phone lines. It's just the start, experts warn. https://www.washingtonpost.com/nation/2022/06/28/telefonica-wiretapping-venezuela-phone/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Canada's New Federal Privacy Bill C-27 – Summary of Significant Impacts and New Proposals https://datexdatastealth.com/blog/canadas-new-federal-privacy-bill-c-27-summary-of-significant-impacts-and-new-proposals
• The Missing Bill C-18 Charter Statement: Why Did the Justice Department Remove the Document Confirming the Online News Act Includes Payments for Internet Linking? https://www.michaelgeist.ca/2022/06/the-missing-bill-c-18-charter-statement-why-did-the-justice-department-remove-the-document-confirming-the-online-news-act-includes-payments-for-internet-linking/
• The Law Bytes Podcast, Episode 132: Ryan Black on the Government's Latest Attempt at Privacy Law Reform https://www.michaelgeist.ca/2022/06/law-bytes-podcast-episode-132/
• Canada extends COVID-19 border measures until Sept. 30, including ArriveCan app https://www.cp24.com/news/canada-extends-covid-19-border-measures-until-sept-30-including-arrivecan-app-1.5968651
• ArriveCAN app may stay as part of larger border modernization - “ArriveCAN is not only keeping travellers safe, but is part of our ongoing efforts to modernize our border.” https://nationalpost.com/news/arrivecan-app-may-stay-as-part-of-larger-border-modernization-mendicinos-comments-suggest
• ArriveCAN criticism https://globalnews.ca/news/8926355/arrivecan-app-border-canda-covid/
• US:
• House Passes ICS Cybersecurity Training Bill https://www.securityweek.com/house-passes-ics-cybersecurity-training-bill
• U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores https://thehackernews.com/2022/06/us-fcc-commissioner-asks-apple-and.html
• GAO: HHS Needs Improved Data Breach Reporting https://www.databreaches.net/gao-hhs-needs-improved-data-breach-reporting/
• First Circuit Court of Appeals Upholds Eight Months of Warrantless 24/7 Video Surveillance https://www.eff.org/deeplinks/2022/06/first-circuit-court-appeals-upholds-eight-months-warrantless-247-video
• Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access https://www.databreaches.net/dangerous-ruling-says-if-someone-goes-onto-your-openly-shared-google-drive-you-can-sue-them-for-unauthorized-access/
• New York denies air permit to Bitcoin mining power plant https://www.theverge.com/2022/6/30/23004518/new-york-denies-air-permit-to-bitcoin-mining-power-plant
• New York passes new limits on concealed gun permits after U.S. Supreme Court ruling https://globalnews.ca/news/8961963/new-york-gun-laws-supreme-court/
• World:
• Who Is Liable when AI Kills? https://www.scientificamerican.com/article/who-is-liable-when-ai-kills/
• FATF: International Crypto AML Framework is Lacking https://www.pymnts.com/aml/2022/fatf-international-crypto-aml-framework-is-lacking/
• EU hammering out cryptocurrency regulations that could set global standard https://globalnews.ca/news/8958297/cryptocurrency-regulations-european-union/
• Italy Data Protection Authority Warns Websites Against Use of Google Analytics https://thehackernews.com/2022/06/italy-data-protection-authority-warns.html
• India extends deadline for compliance with infosec logging rules by 90 days https://www.theregister.com/2022/06/28/india_directions_deadline_logging/
• Queensland moves on data breach notification scheme https://www.databreaches.net/queensland-moves-on-data-breach-notification-scheme/
• Standards News:
• NIST Announces the Release of Draft NIST IR 8323 Revision 1 | Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services open for public comment through August 12 https://content.govdelivery.com/accounts/USNIST/bulletins/31d12e9

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• FISSEA Fall Forum November 15, 2022, 1:00pm-4:00pm ET Theme: Cybersecurity Role-Based Training https://content.govdelivery.com/accounts/USNIST/bulletins/31e262c
• General:
• Canada's electronic spy agency waging ‘long-term' campaign against cyber criminals https://globalnews.ca/news/8952986/canadas-spies-waging-campaign-cyber-criminals/
• Israel plans ‘Cyber-Dome' to defeat digital attacks from Iran and others https://www.theregister.com/2022/06/30/israel_cyber_dome/
• Google blocked dozens of domains used by hack-for-hire groups https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/
• Bulletproof TLS Newsletter #90 Hertzbleed, OpenSSL & GnuTLS fixes, censoring QUIC and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue_90_hertzbleed_shows_how_cpu_frequency_scaling_can_lead_to_side_channel_attacks
• How security leaders can help their teams avoid burnout https://www.microsoft.com/security/blog/2022/06/28/how-security-leaders-can-help-their-teams-avoid-burnout/
• Methods, Techniques, Tools, and Products:
• Center for Cyber Safety and Education Begins Program Updates to Increase Impact https://blog.isc2.org/isc2_blog/2022/06/garfield-farewell.html
• Digital Rights Updates with EFFector 34.4 https://www.eff.org/deeplinks/2022/06/digital-rights-updates-effector-344
• Google Improves Its Password Manager to Boost Security Across All Platforms https://thehackernews.com/2022/07/google-improves-its-password-manager-to.html
• Netsec Goggle Customizes Brave Search Results to Show Only Cybersecurity Websites - article https://www.securityweek.com/netsec-goggle-customizes-brave-search-results-show-only-cybersecurity-websites
• New Firefox privacy feature strips URLs of tracking parameters https://www.bleepingcomputer.com/news/security/new-firefox-privacy-feature-strips-urls-of-tracking-parameters/
• De-anonymizing ransomware domains on the dark web http://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html
• Google Workspace now alerts of critical changes to admin accounts https://www.bleepingcomputer.com/news/security/google-workspace-now-alerts-of-critical-changes-to-admin-accounts/
• Microsoft updates Azure AD with support for temporary passcodes https://www.bleepingcomputer.com/news/microsoft/microsoft-updates-azure-ad-with-support-for-temporary-passcodes/
• How to Use Microsoft Defender on All Your Devices https://www.wired.com/story/how-to-use-microsoft-defender/
• Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity https://www.troyhunt.com/understanding-have-i-been-pwneds-use-of-sha-1-and-k-anonymity/
• libmagic: The Blathering https://blog.trailofbits.com/2022/07/01/libmagic-the-blathering/
• Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree https://thehackernews.com/2022/07/solving-indirect-vulnerability-enigma.html

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA orders agencies to patch Windows LSA bug exploited in the wild https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-windows-lsa-bug-exploited-in-the-wild/
• CISA Alert (AA22-181A): MedusaLocker https://www.databreaches.net/cisa-alert-aa22-181a-medusalocker/
• CISA warns orgs to switch to Exchange Online Modern Auth until October https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-to-switch-to-exchange-online-modern-auth-until-october/
• Zero-day and other recent vulnerability news:
• 18 Zero-Days Exploited So Far in 2022 https://www.darkreading.com/vulnerabilities-threats/18-zero-days-exploited-2022
• Google: Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities https://www.securityweek.com/google-half-2022s-zero-days-are-variants-previous-vulnerabilities
• CVE-2022-28219: Proof-of-Concept Published for Unauthenticated RCE in Zoho ManageEngine ADAudit Plus https://www.tenable.com/blog/cve-2022-28219-proof-of-concept-published-for-unauthenticated-rce-in-zoho-manageengine-adaudit
• Jenkins discloses dozens of zero-day bugs in multiple plugins https://www.bleepingcomputer.com/news/security/jenkins-discloses-dozens-of-zero-day-bugs-in-multiple-plugins/
• OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw https://www.theregister.com/2022/06/27/openssl_304_memory_corruption_bug/
• Patching:
• Microsoft fixes bug that let hackers hijack Azure Linux clusters https://www.bleepingcomputer.com/news/security/microsoft-fixes-bug-that-let-hackers-hijack-azure-linux-clusters/
• Amazon fixes high-severity vulnerability in Android Photos app https://www.bleepingcomputer.com/news/security/amazon-fixes-high-severity-vulnerability-in-android-photos-app/
• Other Vulnerabilities:
• MITRE shares this year's list of most dangerous software bugs https://www.bleepingcomputer.com/news/security/mitre-shares-this-years-list-of-most-dangerous-software-bugs/
• Microsoft: Windows Server 2012 reaches end of support in October 2023 https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-2012-reaches-end-of-support-in-october-2023/
• Microsoft gives its partners power to change AD privileges on customer systems – without permission https://www.theregister.com/2022/07/01/gdap_permissionless_change_window/
• New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers https://thehackernews.com/2022/06/new-unrar-vulnerability-could-let.html
• Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion https://www.databreaches.net/study-reveals-traditional-data-security-tools-have-a-60-failure-rate-against-ransomware-and-extortion/
• Research on new vulnerabilities:
• Hertzbleed explained https://blog.cloudflare.com/hertzbleed-explained/
• How to Find New Attack Primitives in Microsoft Azure https://www.darkreading.com/attacks-breaches/how-to-find-new-attack-primitives-in-microsoft-azure
• Hacking the Crypto-Monetized Web https://www.trendmicro.com/en_us/research/22/f/hacking-the-crypto-monetized-web.html
• Cryptography and Cryptographic Research:
• Differential Cryptanalysis in the Fixed-Key Model https://eprint.iacr.org/2022/837
• Key Structures: Improved Related-Key Boomerang Attack against the Full AES-256 https://eprint.iacr.org/2022/845
• Symmetrical Disguise: Realizing Homomorphic Encryption Services from Symmetric Primitives (extended version) https://eprint.iacr.org/2022/848

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing https://www.darkreading.com/vulnerabilities-threats/cyberattacks-bug-exploits-more-costly-incidents
• Patchable and Preventable Security Issues Lead Causes of Q1 Attacks https://threatpost.com/lead-causes-of-q1-attacks/180096/
• API Security Losses Total Billions, But It's Complicated https://www.darkreading.com/application-security/api-security-losses-billions-complicated
• Atlassian Confluence Exploits Peak at 100K Daily https://www.darkreading.com/attacks-breaches/atlassian-confluence-exploits-peak-100k-daily
• CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks https://www.securityweek.com/cisa-says-pwnkit-linux-vulnerability-exploited-attacks
• Customized malware coded to target OT systems https://www.theregister.com/2022/06/28/customized_malware_coded_to_target/
• Messenger chatbots now used to steal Facebook accounts https://www.bleepingcomputer.com/news/security/messenger-chatbots-now-used-to-steal-facebook-accounts/
• Microsoft Exchange servers worldwide hit by stealthy new backdoor https://arstechnica.com/information-technology/2022/06/microsoft-exchange-servers-worldwide-hit-by-stealthy-new-backdoor/
• A wide range of routers are under attack by new, unusually sophisticated malware https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/
• Android malware ‘Revive' impersonates BBVA bank's 2FA app https://www.bleepingcomputer.com/news/security/android-malware-revive-impersonates-bbva-bank-s-2fa-app/
• ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
• Microsoft finds Raspberry Robin worm in hundreds of Windows networks https://www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/
• Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers https://thehackernews.com/2022/06/microsoft-warns-of-cryptomining-malware.html
• FBI warning: Crooks are using deepfake videos in interviews for remote gigs https://www.theregister.com/2022/06/29/fbi_deepfake_job_applicant_warning/
• FBI: Stolen PII and deepfakes used to apply for remote tech jobs https://www.bleepingcomputer.com/news/security/fbi-stolen-pii-and-deepfakes-used-to-apply-for-remote-tech-jobs/
• Authorized Push Payment Fraud Reaches ‘Epidemic' Levels in UK https://www.pymnts.com/news/security-and-risk/2022/authorized-push-payment-fraud-reaches-epidemic-levels-in-uk/
• Toll fraud malware: How an Android application can drain your wallet https://www.microsoft.com/security/blog/2022/06/30/toll-fraud-malware-how-an-android-application-can-drain-your-wallet/
• Get a text about an unpaid parking ticket? It's a scam, warns City of Vancouver https://globalnews.ca/news/8957115/vancouver-parking-ticket-text-scam/
• Crime & Arrests, etc.:
• FBI offers $100,000 reward for help finding OneCoin ‘Cryptoqueen' https://www.theguardian.com/technology/2022/jul/01/fbi-offers-100000-reward-for-help-finding-onecoin-cryptoqueen-ruja-ignatova
• Crypto sleuths pin $100 million Harmony theft on Lazarus Group https://www.theregister.com/2022/07/01/lazarus-crypto-hack-harmony/
• Ukraine arrests cybercrime gang operating over 400 phishing sites https://www.bleepingcomputer.com/news/security/ukraine-arrests-cybercrime-gang-operating-over-400-phishing-sites/
• US seizes websites used to illegally download and stream music https://www.bleepingcomputer.com/news/security/us-seizes-websites-used-to-illegally-download-and-stream-music/
• Avaya sysadmin indicted for illegally generating, selling VoIP licenses https://www.bleepingcomputer.com/news/security/avaya-sysadmin-indicted-for-illegally-generating-selling-voip-licenses/
• Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks https://thehackernews.com/2022/06/ex-canadian-government-employee-pleads.html
• US, Brazil seize 272 websites used to illegally download music https://www.bleepingcomputer.com/news/security/us-brazil-seize-272-websites-used-to-illegally-download-music/
• EY will pay a record $100 million fine after the SEC found 49 staff cheated on an ethics exam https://www.businessinsider.com/ey-ethics-exam-cheating-record-100m-fine-big-four-2022-6
• Former Uber security chief will have to face wire fraud charges in hack coverup https://www.databreaches.net/former-uber-security-chief-will-have-to-face-wire-fraud-charges-in-hack-coverup/
• Russian accused of cybercrime in gaming indusrty https://thearmoredpatrol.com/2022/06/28/wot-trial-has-been-ended-against-the-creator-of-cybertank-bot-program-mod/
• Police seize $1M, weapons, drugs in Toronto-Montreal operation https://montreal.ctvnews.ca/police-seize-1m-weapons-drugs-in-toronto-montreal-operation-1.5966316
• Warning and prevention tips after charges laid in robbery swarming incidents in Vaughan https://www.yrp.ca/en/Modules/News/index.aspx?page=2&newsId=5265b4b1-be14-4309-9cfb-a5ed95b1593b
• Nation State Actors:
• APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html
• Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia https://www.securityweek.com/chinese-threat-actor-targets-rare-earth-mining-companies-north-america-australia
• China lured graduate jobseekers into digital espionage https://arstechnica.com/information-technology/2022/06/china-lured-graduate-jobseekers-into-digital-espionage/
• North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack https://thehackernews.com/2022/06/north-korean-hackers-suspected-to-be.html
• Russian hacktivists take down Norway govt sites in DDoS attacks https://www.bleepingcomputer.com/news/security/russian-hacktivists-take-down-norway-govt-sites-in-ddos-attacks/
• The hacking industry faces the end of an era https://www.technologyreview.com/2022/06/27/1054884/the-hacking-industry-faces-the-end-of-an-era/
• Other:
• LockBit 3.0 introduces the first ransomware bug bounty program https://www.databreaches.net/lockbit-3-0-introduces-the-first-ransomware-bug-bounty-program/

Other Security / Risk

Articles covering other types of risks.

• General:
• When Security Locks You Out of Everything https://www.schneier.com/blog/archives/2022/06/__trashed-2.html
• What is Shadow IT and why is it so risky? https://thehackernews.com/2022/06/what-is-shadow-it-and-why-is-it-so-risky.html
• Shadow IT Spurs 1 in 3 Cyberattacks https://www.darkreading.com/remote-workforce/shadow-it-spurs-1-in-3-cyberattacks
• Why a “Lift-and-shift” Cloud Migration Strategy Doesn't Support Data Security https://www.imperva.com/blog/why-a-lift-and-shift-cloud-migration-strategy-doesnt-support-data-security/
• Is Your New Car a Threat to National Security? https://www.wired.com/story/china-cars-surveillance-national-security/
• How to Assess an E-voting System https://freedom-to-tinker.com/2022/06/27/how-to-assess-an-e-voting-system/
• How NOT to Assess an E-voting System https://freedom-to-tinker.com/2022/06/28/how-not-to-assess-an-e-voting-system/
• Analyzing the Swiss E-Voting System https://www.schneier.com/blog/archives/2022/07/analyzing-the-swiss-e-voting-system.html
• What the Assessments Say About the Swiss E-voting System https://freedom-to-tinker.com/2022/06/30/what-the-assessments-say-about-the-swiss-e-voting-system/
• How the Swiss Post E-voting system addresses client-side vulnerabilities https://freedom-to-tinker.com/2022/06/29/how-the-swiss-post-e-voting-system-addresses-client-side-vulnerabilities/
• Ontario man in years-long battle with RBC for $8,000 after someone stole his PIN https://toronto.ctvnews.ca/ontario-man-in-years-long-battle-with-rbc-for-8-000-after-someone-stole-his-pin-1.5965148
• Beijing probes security at academic journal database https://www.theregister.com/2022/06/27/beijing_investigates_cnki_security/
• Airbnb's party ban is now permanent https://www.theverge.com/2022/6/28/23186141/airbnb-party-ban-policy-16-person-occupancy-limit-lifted
• Artificial Intelligence and Machine Learning:
• Robots With Flawed AI Make Sexist And Racist Decisions, Experiment Shows https://www.sciencealert.com/robots-with-flawed-ai-make-sexist-racist-and-toxic-decisions-experiment-shows
• We Asked GPT-3 to Write an Academic Paper about Itself.--Then We Tried to Get It Published https://www.scientificamerican.com/article/we-asked-gpt-3-to-write-an-academic-paper-about-itself-then-we-tried-to-get-it-published/
• Disinformation and misinformation
• These red flags can let you know when you're in an online echo chamber https://scienmag.com/these-red-flags-can-let-you-know-when-youre-in-an-online-echo-chamber/
• Over 360 newspapers have closed since just before the start of the pandemic. https://www.nytimes.com/2022/06/29/business/media/local-newspapers-pandemic.html
• Your internet life needs a Feeds Reboot — here's how to do it https://www.theverge.com/23191292/control-social-algorithms-feeds-reboot-how-to
• What Air Pollution in South Korea Can Teach the World about Misinformation https://www.scientificamerican.com/article/what-air-pollution-in-south-korea-can-teach-the-world-about-misinformation/
• Health:
• Zika and dengue may make humans more attractive to mosquitoes https://www.bbc.co.uk/news/health-62000243
• This AI Tool Could Predict the Next Coronavirus Variant https://www.scientificamerican.com/article/this-ai-tool-could-predict-the-next-coronavirus-variant/
• Canada's COVID-19 response stacks up well against other nations: study https://globalnews.ca/news/8949756/canada-covid-19-response-study/
• Canadians urged to get COVID-19 booster shots ahead of potential fall wave https://globalnews.ca/news/8959123/covid-canadians-booster-phac/
• Safety:
• Dangerous driving is on the rise in Ontario, CAA survey suggests https://globalnews.ca/news/8955492/dangerous-driving-on-the-rise-in-ontario-caa-survey/
• Toyota is recalling 2,700 of its flagship electric SUVs because its wheels may come off https://businessinsider.com/toyota-recalls-2700-electric-suv-because-wheels-may-come-off-2022-6
• Child dies after being left in hot car while mother taught at Ontario high school, mayor says https://toronto.ctvnews.ca/child-dies-after-being-left-in-hot-car-while-mother-taught-at-ontario-high-school-mayor-says-1.5965102
• Texas migrant deaths: At least 46 found dead in abandoned truck https://www.bbc.co.uk/news/world-us-canada-61961871
• 'Stay on trails:' Giant hogweed found near Evergreen Brickworks https://toronto.ctvnews.ca/stay-on-trails-giant-hogweed-found-near-evergreen-brickworks-1.5964249
• ‘Too much mayonnaise': Subway worker shot to death after sandwich argument https://globalnews.ca/news/8951284/mayonnaise-shooting-atlanta-subway/
• New method significantly speeds up the search for dangerous asteroids https://www.syfy.com/syfy-wire/bad-astronomy-thor-program-speeds-up-search-for-near-earth-asteroids
• Environment:
• EU nations reach deal to eliminate carbon emissions from new cars by 2035 https://globalnews.ca/news/8955504/eu-climate-deal-reached/
• U.S. Jump-Starts Effort to Curb Residential CO2 Emissions https://www.scientificamerican.com/article/u-s-jump-starts-effort-to-curb-residential-co2-emissions/
• The Pandemic Showed We Totally CAN Limit Global Warming. Here's How https://www.sciencealert.com/we-could-technically-still-limit-warming-to-1-5-c-by-doing-what-we-ve-already-done-before
• The Supreme Court's EPA Ruling Is Going to Be Very, Very Expensive https://www.theatlantic.com/science/archive/2022/06/scotus-epa-ruling-west-virginia/661448/
• New clean fuel regulations will cost Canadian families up to $300 by 2030: analysis https://globalnews.ca/news/8958228/canada-clean-fuel-regulations-impact/
• How much of our plastic 'recycling' is actually recycled? https://www.bbc.co.uk/news/science-environment-62013030
• Pioneering recycling turns mixed waste into premium plastics with no climate impact https://scienmag.com/pioneering-recycling-turns-mixed-waste-into-premium-plastics-with-no-climate-impact/
• Formula 1 develops synthetic sustainable fuel to be introduced in 2026 https://www.bbc.co.uk/sport/formula1/61942876
• Inside a nuclear tomb: The underground store that's humanity's first attempt to dispose of nuclear waste for 100,000 years https://businessinsider.com/finland-nuclear-waste-disposal-worlds-first-underground-site-2022-6
• New flood maps clarify the risk homeowners face https://scienmag.com/new-flood-maps-clarify-the-risk-homeowners-face/
• Video captures moment glacier collapses in Italian alps https://www.bbc.co.uk/news/world-europe-62030708
• The pair of Orcas deterring Great White Sharks – by ripping open their torsos for livers https://scienmag.com/the-pair-of-orcas-deterring-great-white-sharks-by-ripping-open-their-torsos-for-livers/
• Economy:
• Canada outperformed most G10 countries during first two years of pandemic response: study https://www.ctvnews.ca/health/coronavirus/canada-outperformed-most-g10-countries-during-first-two-years-of-pandemic-response-study-1.5964233
• St. John's woman loses home after Phoenix pay fiasco https://www.cbc.ca/news/canada/newfoundland-labrador/phoenix-pay-joanne-osmond-1.6500083
• Nearly 7 in 10 drivers worry they can't afford gas as prices soar, poll finds https://globalnews.ca/news/8950728/canada-gas-prices-ipsos-costs-electric-vehicles/
• 92 million US workers now have the opportunity to work remotely: survey https://www.theverge.com/2022/6/28/23186112/us-flexible-remote-hybrid-work-survey-mckinsey
• Court Orders Liquidation of Three Arrows Crypto Fund https://www.pymnts.com/cryptocurrency/2022/court-orders-liquidation-of-three-arrows-crypto-fund/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Russia's attack on Mariupol theatre a clear war crime, Amnesty says https://www.bbc.co.uk/news/world-europe-61979873
• Russia seizes control of major oil and natural gas project partly owned by foreign firms https://globalnews.ca/news/8961337/russia-seizes-control-foreign-energy-project/
• Russia ditches Snake Island outpost in strategic victory for Ukraine https://globalnews.ca/news/8958265/russia-ditches-snake-island-ukraine-victory/
• Ukraine has lost more troops during the Russian invasion than there are infantry in the British army, defense expert says https://www.businessinsider.com/ukraine-has-lost-more-troops-than-there-are-in-the-british-army-expert-2022-6
• Ukrainian troops being trained in the UK https://www.bbc.co.uk/news/uk-61973635
• Tracking where Russia is taking Ukraine's stolen grain https://www.bbc.com/news/61790625
• Turkey detains Russian-flagged grain ship from Ukraine https://www.bbc.co.uk/news/world-europe-62010113
• Reaction and response:
• Ukrainian and Syrian victims of Russian wartime attacks on hospitals should receive reparations via frozen Russian assets, experts say https://www.businessinsider.com/victims-of-russian-hospital-attacks-should-get-seized-assets-experts-2022-6
• Ukraine war: US to ramp up military presence across Europe https://www.bbc.co.uk/news/world-europe-61983555
• NATO invites Sweden, Finland to join alliance as Russia deemed ‘direct threat' https://globalnews.ca/news/8955699/nato-sweden-finland-alliance-official/
• NATO plans huge upgrade in rapid reaction force https://www.bbc.co.uk/news/world-europe-61954516
• Australia will ban Russian gold imports, give more armored vehicles to Ukraine, PM says https://globalnews.ca/news/8963909/australia-ban-russian-gold-aid-ukraine/
• Germans urged to prepare for possible gas shortage amid Russia's war https://globalnews.ca/news/8962696/germany-prepare-gas-shortage-russia-war-ukraine/
• Sanctions & economic Impact:
• Russia has defaulted on its foreign debt for the first time in more than a century, reports say https://businessinsider.com/russia-foreign-sovereign-bond-defaults-first-in-century-bolshevik-revolution-2022-6
• Russian gas giant Gazprom's shares slumped 30% after it nixed dividends for the first time since 1998 https://www.businessinsider.com/gazprom-shares-slumped-not-paying-dividends-2022-7
• Tactics for masking Russian oil shipments are also being used for Black Sea grain cargoes, report says https://markets.businessinsider.com/news/commodities/russian-oil-shipment-tactics-masking-ukraine-grain-black-sea-cargoes-2022-6
• US authorities stopped a tanker full of Russian oil products on its way to New Orleans, report says https://markets.businessinsider.com/news/commodities/russian-oil-fuel-tanker-new-orleans-us-embargo-ukraine-sanctions-2022-6
• US$30B worth of Russian oligarch assets seized by American task force, officials say https://globalnews.ca/news/8955570/us30b-russian-assets-seized-america/
• Canada targets 74 people and businesses in Russia, Belarus with new sanctions https://globalnews.ca/news/8950316/canada-new-sanctions-russia-belarus-june-27/
• The EU has a Russian gold ban in its sights as it hammers out its next round of sanctions: report https://markets.businessinsider.com/news/commodities/russian-gold-import-ban-eu-g7-ukraine-invasion-currencies-commodities-2022-7
• Russia's war is grinding on in eastern Ukraine, and France's Macron wants Europe to prepare for a 'wartime economy' https://businessinsider.com/macron-wants-wartime-economy-in-europe-amid-russia-ukraine-war-2022-6
• Information, Disinformation, and Propaganda:
• Google Allowed a Sanctioned Russian Ad Company to Harvest User Data for Months https://www.propublica.org/article/google-russia-rutarget-sberbank-sanctions-ukraine#1364281
• Cyber-attacks and the potential for cyber-war:
• Ukraine targeted by almost 800 cyberattacks since the war started https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-almost-800-cyberattacks-since-the-war-started/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• New biobatteries use bacterial interactions to generate power for weeks https://scienmag.com/new-biobatteries-use-bacterial-interactions-to-generate-power-for-weeks/
• One step closer to fire-safe, recyclable lithium-metal batteries https://scienmag.com/one-step-closer-to-fire-safe-recyclable-lithium-metal-batteries/
• Robotic arms connected directly to brain of partially paralyzed man allows him to feed himself https://scienmag.com/robotic-arms-connected-directly-to-brain-of-partially-paralyzed-man-allows-him-to-feed-himself/
• Other:
• Atari is getting a massive historical game collection for its 50th anniversary https://www.theverge.com/2022/6/29/23187963/atari-50-the-anniversary-collection-trailer-release-date
• Bacteria for blastoff: Using microbes to make supercharged new rocket fuel https://scienmag.com/bacteria-for-blastoff-using-microbes-to-make-supercharged-new-rocket-fuel/
• Cygnus Boosts the International Space Station for the First Time. NASA Can Now Potentially Keep the Station Aloft Without Russia's Progress Spacecraft https://www.universetoday.com/156500/cygnus-boosts-the-international-space-station-for-the-first-time-nasa-can-now-potentially-keep-the-station-aloft-without-russias-progress-spacecraft/
• Why asteroids are the next big prize in the space race https://www.bbc.co.uk/news/science-environment-61985813
• The Solar System is Stable for at Least the Next 100,000 Years https://www.universetoday.com/156551/the-solar-system-is-stable-for-at-least-the-next-100000-years/
• A Star has Grown Spiral Arms https://www.universetoday.com/156487/a-star-has-grown-spiral-arms/
• Alien Worlds Very Different to Earth Might Be Habitable For Billions of Years https://www.sciencealert.com/some-exoplanets-unlike-earth-could-be-habitable-for-billions-of-years
• The Largest Star in The Milky Way Is Slowly Dying, And Astronomers Are Watching https://www.sciencealert.com/the-largest-star-in-the-milky-way-is-slowly-dying-and-astronomers-are-watching