This Week's [in]Security - Issue 275

Welcome to This Week’s [in]Security. PCI and payments: Payments: Liability shift. New in breaches: China 1B PII, Airports, Marriott, 2022 so far. New in Ransomware: AstraLocker, Hive, Hospitals, Major outages: Canada Rogers Internet & phones. Follow-ups & Fall-out. Privacy: Police spyware & surveillance, ICE. Laws & Regs - Canada: ArriveCan, CBSA, employee misconduct. US: TikTok, Facebook, archive.org. World: abuse images, data transfers, cyber-insurance. Standards: Post-quantum cryptography (PQC), PSD3 APIs. Defense - Training & events: Linkedin. Tools & Techniques, Securing Usernames, Apple Lockdown mode, Vulnerabilities - Advisories: IP Theft, Zerodays, Fixes and ZD, Chrome. Patching: OpenSSL, Cisco & Fortinet, NTLM Relay. Other: Warshipping, IDEs, macro non-blocking, Routers, Drones. Crypto-research. Cybercrime - Trends: NPM libraries, Follina. Web3, Twitter spam. Crime & Enforcement: WireCard, $620M crypto heist. Nation States and mercenaries. Other Risks - General: 5g, EVs, COBOL, Acronyms, AI Bias, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

• Other payment related:
• Liability Shift Claims Solicited And Other Digital Transactions News briefs from 7/5/2022 https://www.digitaltransactions.net/liability-shift-claims-solicited-and-other-digital-transactions-news-briefs-from-7-5-2022/

Breaches / Ransomware / Leaks

• New Breaches:
• How data on a billion people may have leaked from a Chinese police dashboard https://www.theregister.com/2022/07/10/stolen_shanghai_police_data/
• Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake' https://www.darkreading.com/application-security/cloud-misconfig-exposes-3tb-sensitive-airport-data-amazon-s3-bucket
• Mangatoon data breach exposes data from 23 million accounts https://www.bleepingcomputer.com/news/security/mangatoon-data-breach-exposes-data-from-23-million-accounts/
• The Marriott hotel chain has been hit by another data breach https://www.theverge.com/2022/7/6/23196805/marriott-hotels-maryland-data-breach-credit-cards
• Jp: Information of 111,191 patients and 715 employees at Kokikai Yasue Hospital leaked https://www.databreaches.net/jp-information-of-111191-patients-and-715-employees-at-kokikai-yasue-hospital-leaked/
• UK: Thousands of students have data leaked on dark web by Vice Society https://www.databreaches.net/uk-thousands-of-students-have-data-leaked-on-dark-web-by-vice-society/
• VCU Health identifies and addresses a 16-year privacy breach https://www.databreaches.net/vcu-health-identifies-and-addresses-a-16-year-privacy-breach/
• The Worst Hacks and Breaches of 2022 So Far https://www.wired.com/story/worst-hacks-breaches-2022/
• New Ransomware and "Incidents":
• AstraLocker ransomware shuts down and releases decryptors https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/
• Hive ransomware gang rapidly evolves with complex encryption, Rust code https://www.theregister.com/2022/07/06/hive-ransomware-rust-microsoft/
• North Korea is targeting hospitals with ransomware, U.S. agencies warn https://www.databreaches.net/north-korea-is-targeting-hospitals-with-ransomware-u-s-agencies-warn/
• Quantum ransomware attack affects 657 healthcare orgs https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-affects-657-healthcare-orgs/
• A community health provider in Vermont and an addiction rehab organization in Pennsylvania fall prey to BlackByte https://www.databreaches.net/a-community-health-provider-in-vermont-and-an-addiction-rehab-organization-in-pennsylvania-fall-prey-to-blackbyte/
• Ca: College of the Desert victimized once again by ransomware; most online services currently down https://www.databreaches.net/ca-college-of-the-desert-victimized-once-again-by-ransomware-most-online-services-currently-down/
• IT services giant SHI hit by "professional malware attack" https://www.bleepingcomputer.com/news/security/it-services-giant-shi-hit-by-professional-malware-attack/
• SiegedSec continues #OpJane efforts https://www.databreaches.net/siegedsec-continues-opjane-efforts/
• Major outages/downs:
• Rogers Communications suffered a major outage Friday morning, across Canada mobile phones, internet, home phones, and TV were down. The outage affected emergency services, 911, police, hospitals, courts, border services, debit and credit transactions, retailers, and more:
• 911 services, Interac, eTransfer and more affected in B.C. due to Rogers outage https://globalnews.ca/news/8976311/rogers-outage-friday-bc-service-911-issues/
• A list of services in the Toronto area impacted by the mass Rogers outage https://globalnews.ca/news/8976009/rogers-outage-toronto-area-services-affected/
• Massive Rogers outage continues, snarling numerous services across Canada https://www.cbc.ca/news/business/rogers-outage-cell-mobile-wifi-1.6514373
• Massive Rogers outage disrupts mobile service, payments in Canada https://www.bleepingcomputer.com/news/technology/massive-rogers-outage-disrupts-mobile-service-payments-in-canada/
• Rogers users report mass outage impacting phones, internet, Interac https://globalnews.ca/news/8975789/rogers-outage-today-phone-internet-interac/
• People flock to cafés scouring for internet during massive Rogers outage https://toronto.ctvnews.ca/people-flock-to-caf%C3%A9s-scouring-for-internet-during-massive-rogers-outage-1.5979904
• Rogers says service is back for most customers after outage https://toronto.ctvnews.ca/rogers-says-service-is-back-for-most-customers-after-outage-1.5980914
• Cloudflare’s view of the Rogers Communications outage in Canada https://blog.cloudflare.com/cloudflares-view-of-the-rogers-communications-outage-in-canada/
• Canada's internet outage caused by 'maintenance' https://www.bbc.co.uk/news/world-us-canada-62110358
• Peel police warn public of scam centered on Rogers outage compensation https://globalnews.ca/news/8979434/rogers-outage-compensation-sms-scam-peel-region/
• Rogers CEO apologizes, says ‘maintenance upgrade' behind major outage https://globalnews.ca/news/8978590/rogers-communications-network-outage-explanation-ceo/
• Rogers warns customers about scam text messages offering 'credits' following nationwide outage https://www.cp24.com/mobile/news/rogers-warns-customers-about-scam-text-messages-offering-credits-following-nationwide-outage-1.5981773
• Rogers outage shows need for Plan B when wireless, internet services fail, analysts say https://www.cbc.ca/news/business/rogers-outage-no-plan-b-1.6515664
• Follow-ups and fall-out:
• Hungarian authority fines data controller EUR 7,500 data breach and rules free online services not suitable for high-risk processing https://www.databreaches.net/hungarian-authority-fines-data-controller-eur-7500-data-breach-and-rules-free-online-services-not-suitable-for-high-risk-processing/
• Capital Economics - 263,829 breached accounts https://haveibeenpwned.com/PwnedWebsites#CapialEconomics
• Claire's data breach $350K class action settlement https://www.databreaches.net/claires-data-breach-350k-class-action-settlement/

Privacy

• The Guardian: ‘Asleep at the wheel’: Canada police’s spyware admission raises alarm. https://www.theguardian.com/world/2022/jul/07/canada-police-spyware-admission-surveillance-experts
• San Francisco Coalition Fights SFPD's Proposal to Co-Opt Private Surveillance Cameras https://www.eff.org/deeplinks/2022/07/san-francisco-coalition-fights-sfpds-proposal-co-opt-private-surveillance-cameras
• Ubiquitous Surveillance by ICE https://www.schneier.com/blog/archives/2022/07/ubiquitous-surveillance-by-ice.html

Laws, Regulations, Platforms, Standards, and Public Policy

• Canada:
• Canada will keep ArriveCan for its data on COVID-19-positive travellers: sources https://www.ctvnews.ca/politics/feds-intend-to-keep-arrivecan-for-its-data-on-covid-19-positive-travellers-sources-1.5977612
• The Law Bytes Podcast, Episode 133: Michael Nesbitt on How the Senate Pushed Back Against a Government Bill on Searching Digital Devices at the Border https://www.michaelgeist.ca/2022/07/law-bytes-podcast-episode-133/
• The Freedom of Expression Wake Up Call: Why the CRTC's Radio-Canada Ruling Eviscerates the Defence of Bill C-11 https://www.michaelgeist.ca/2022/07/the-freedom-of-expression-wake-up-call-why-the-crtcs-radio-canada-ruling-eviscerates-the-defence-of-bill-c-11/
• Ca: How the Ontario ourt bolstered an insurer's exclusion for privacy breach in a case of employee misconduct https://www.databreaches.net/ca-how-the-court-bolstered-an-insurers-exclusion-for-privacy-breach/
• US:
• Lawmakers Ask F.T.C. Chair to Investigate TikTok's Data Practices https://www.nytimes.com/2022/07/05/business/lawmakers-tiktok-national-security.html
• Families sue TikTok after girls died while trying ‘blackout challenge' https://www.theguardian.com/technology/2022/jul/05/tiktok-girls-dead-blackout-challenge
• An Air Force vet who worked at Facebook is suing the company saying it accessed deleted user data and shared it with law enforcement https://www.businessinsider.com/ex-facebook-staffer-airforce-vet-accessed-deleted-user-data-lawsuit-2022-7
• Internet Archive Seeks Summary Judgment in Federal Lawsuit Filed By Publishing Companies https://www.eff.org/press/releases/internet-archive-seeks-summary-judgment-federal-lawsuit-filed-publishing-companies
• World:
• UK could force messaging apps to adopt new technology to tackle abuse images https://www.theguardian.com/technology/2022/jul/06/uk-could-force-messaging-apps-to-scan-for-child-sexual-abuse-images
• EFF Statement on EU Parliament's Adoption of Digital Services Act and Digital Markets Act https://www.eff.org/press/releases/eff-statement-eu-parliaments-formal-approval-digital-services-act-and-digital-markets
• Irish Privacy Regulator Closer to Blocking Meta Data Transfers https://www.pymnts.com/meta/2022/irish-privacy-regulator-closer-to-blocking-meta-data-transfers/
• Graff paid £6m ransom fee to Conti, now sues Travelers for refusing to reimburse https://www.databreaches.net/graff-paid-6m-ransom-fee-to-conti-now-sues-travelers-for-refusing-to-reimburse/
• Decision on sale of UK's biggest chip maker to Chinese-owned firm delayed https://www.theguardian.com/business/2022/jul/06/decision-on-sale-of-uk-biggest-chip-maker-newport-wafer-fab-chinese-owned-firm-delayed-security-legislation
• Standards News:
• NIST Announces First Four Quantum-Resistant Cryptographic Algorithms: CRYSTALS-Kyber, FALCON, SPHINCS+, public-key algorithms yet to be decided https://www.schneier.com/blog/archives/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms.html
• NIST Selects Four Post-Quantum Cryptographic Algorithms for Standardization After the Third Round of the PQC Process https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
• NIST's pleasant post-quantum surprise https://blog.cloudflare.com/nist-post-quantum-surprise/
• Actual quantum computers don't exist yet. The cryptography to defeat them may already be here https://www.theregister.com/2022/07/05/nist_quantum_resistant_algorithms/
• PSD3 Set to Mandate API Standardization https://www.pymnts.com/api/2022/psd3-set-to-mandate-api-standardization/

Defense / Techniques / Solutions

• Educational events, webinars, courses, etc:
• Optimizing Your LinkedIn Profile for Your Cybersecurity Career July 20, 2022 | 2:00-3:00 PM ET https://content.govdelivery.com/accounts/USNIST/bulletins/31f428a
• General:
• Methods, Techniques, Tools, and Products:
• End-to-end encryption's central role in modern self-defense https://arstechnica.com/information-technology/2022/07/end-to-end-encryptions-central-role-in-modern-self-defense/
• How to protect against username enumeration on log in, registration, and password reset forms https://www.controlgap.com/blog/how-to-protect-against-username-enumeration-from-forms
• Germany unveils plan to tackle cyberattacks on satellites https://www.theregister.com/2022/07/05/bsi_satellite_baseline/
• Apple’s Lockdown Mode https://www.schneier.com/blog/archives/2022/07/apples-lockdown-mode.html
• Microsoft Azure now has confidential VMs with ephemeral storage https://www.bleepingcomputer.com/news/microsoft/microsoft-azure-now-has-confidential-vms-with-ephemeral-storage/
• Alibaba affiliate Ant Group open sources its privacy software and a 'Secure Processing Unit' https://www.theregister.com/2022/07/05/ant_group_open_source/
• Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html
• The End of False Positives for Web and API Security Scanning? https://thehackernews.com/2022/07/the-end-of-false-positives-for-web-and.html
• SANS Institute spells out security in multiple languages https://www.theregister.com/2022/07/07/sans_institute_spells_out_security/
• Welcoming the Polish Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-polish-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

• Advisories:
• FBI and MI5: ‘The Chinese government is set on stealing your technology' https://www.theverge.com/2022/7/7/23198045/fbi-mi5-chinese-government-spying-warning
• Zero-day and other recent vulnerability news:
• Google: Half Of Zero-Day Exploits Linked To Poor Software Fixes https://packetstormsecurity.com/news/view/33605/Google-Half-Of-Zero-Day-Exploits-Linked-To-Poor-Software-Fixes.html
• Google updates Chrome to squash actively exploited WebRTC Zero Day https://www.theregister.com/2022/07/05/chrome_webrtc_zero_day/
• Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html
• Patching:
• OpenSSL Patches Remote Code Execution Vulnerability https://www.securityweek.com/openssl-patches-remote-code-execution-vulnerability
• Cisco and Fortinet Release Security Patches for Multiple Products https://thehackernews.com/2022/07/cisco-and-fortinet-release-security.html
• Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-fixes-shadowcoerce-windows-ntlm-relay-bug/
• Django fixes SQL Injection vulnerability in new releases https://www.bleepingcomputer.com/news/security/django-fixes-sql-injection-vulnerability-in-new-releases/
• Microsoft fixes bug crashing Office apps when opening cloud documents https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-crashing-office-apps-when-opening-cloud-documents/
• Other Vulnerabilities:
• I Built a Cheap 'Warshipping' Device in Just 3 Hours — and So Can You https://www.darkreading.com/edge-articles/i-built-a-cheap-warshipping-device-in-just-three-hours-and-so-can-you
• Online programming IDEs can be used to launch remote cyberattacks https://www.bleepingcomputer.com/news/security/online-programming-ides-can-be-used-to-launch-remote-cyberattacks/
• Microsoft rolls back default macro blocks in Office without telling anyone https://www.theregister.com/2022/07/08/office_macro_block_rollback/
• 10 Vulnerabilities Found in Widely Used Robustel Industrial Routers https://www.securityweek.com/10-vulnerabilities-found-widely-used-robustel-industrial-routers
• Hack Allows Drone Takeover Via ExpressLRS Protocol https://packetstormsecurity.com/news/view/33615/Hack-Allows-Drone-Takeover-Via-ExpressLRS-Protocol.html
• Security advisory accidentally exposes vulnerable systems https://www.bleepingcomputer.com/news/security/security-advisory-accidentally-exposes-vulnerable-systems/
• Pentester says he broke into datacenter via hidden route running behind toilets https://www.databreaches.net/pentester-says-he-broke-into-datacenter-via-hidden-route-running-behind-toilets/
• Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover https://www.darkreading.com/application-security/cryptocurrency-api-vulnerability-opens-wallets-to-account-takeovers
• Cryptography and Cryptographic Research:
• Security Analysis of RSA-BSSA https://eprint.iacr.org/2022/895
• Post-Quantum Insecurity from LWE https://eprint.iacr.org/2022/869
• Towards Leakage-Resistant Post-Quantum CCA-Secure Public Key Encryption https://eprint.iacr.org/2022/873
• Deep Learning based Cryptanalysis of Lightweight Block Ciphers, Revisited https://eprint.iacr.org/2022/886

Hacking / Malware / Cybercrime / Exploitation

• Trends, Alerts, and Events (other than major breaches):
• Typo-squatting NPM software supply chain attack uncovered https://www.theregister.com/2022/07/06/npm_supply_chain_attack/
• Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign https://thehackernews.com/2022/07/over-1200-npm-packages-found-involved.html
• Hackers Exploiting Follina Bug to Deploy Rozena Backdoor https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html
• U.S. Healthcare Orgs Targeted with Maui Ransomware https://threatpost.com/healthcare-maui-ransomware/180154/
• Web3 projects have lost more than $2 billion to hacks this year https://www.theverge.com/2022/7/7/23199148/web3-lost-2-billion-hacks-flash-loan-certik-cryptocurrency
• Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html
• New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update https://www.securityweek.com/new-havanacrypt-ransomware-distributed-fake-google-software-update
• Ransomware gangs, APT groups ditch Cobalt Strike for Brute Ratel https://www.bleepingcomputer.com/news/security/ransomware-gangs-apt-groups-ditch-cobalt-strike-for-brute-ratel/
• Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets https://thehackernews.com/2022/07/researchers-detail-techniques-lockbit.html
• Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.html
• Twitter Says it Removes 1 Million Spam Accounts a Day https://www.securityweek.com/twitter-says-it-removes-1-million-spam-accounts-day
• An ISP Scam Targeted Low-Income People Seeking Government Aid https://www.wired.com/story/fake-isp-scam-targeted-low-income-victims/
• British Army to Investigate Crypto Scam Hack on its Twitter, Social Media—Possessed NFT Appears https://www.databreaches.net/british-army-to-investigate-crypto-scam-hack-on-its-twitter-social-media-possessed-nft-appears/
• Crime & Arrests, etc.:
• Report Alleges Wirecard Forged Client Data to Obtain €900M SoftBank Investment https://www.pymnts.com/news/security-and-risk/2022/report-alleges-wirecard-forged-client-data-to-obtain-e900m-softbank-investment/
• Hackers pulled off a $620 million crypto heist by tricking an engineer into applying for a fake job and opening an offer letter containing spyware, report says https://www.businessinsider.com/axie-infinity-crypto-hack-fake-job-offer-letter-spyware-phishing-2022-7
• Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH https://thehackernews.com/2022/07/ukrainian-authorities-arrested-phishing.html
• Kingston police make arrest in ‘grandparent scam' https://globalnews.ca/news/8975799/kingston-police-arrest-grandparent-scam/
• Nation State Actors:
• Near-undetectable malware linked to Russia's Cozy Bear https://www.theregister.com/2022/07/06/brc4_state_sponsored_apt29/
• Chinese hackers targeting Russian government, telecoms: report https://www.databreaches.net/chinese-hackers-targeting-russian-government-telecoms-report/
• Predatory Sparrow: Who are the hackers who say they started a fire in Iran? https://www.bbc.co.uk/news/technology-62072480
• Bitter APT Hackers Continue to Target Bangladesh Military Entities https://thehackernews.com/2022/07/bitter-apt-hackers-continue-to-target.html
• Other:
• Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign https://thehackernews.com/2022/07/experts-uncover-350-browser-extension.html

Other Security / Risk

• General:
• Private 5G Network Security Expectations Part 2 https://www.trendmicro.com/en_us/research/22/g/private-5g-network-security-part-2.html
• How to Keep EVs From Taking Down the Electrical Grid https://www.darkreading.com/attacks-breaches/how-to-keep-evs-from-taking-down-the-electrical-grid
• Why Developers Hate Changing Language Versions https://thehackernews.com/2022/07/why-developers-hate-changing-language.html
• The Latin of Software Code Is Thriving https://www.nytimes.com/2022/07/06/technology/cobol-jobs.html
• What Do All of Those Cloud Cybersecurity Acronyms Mean? https://www.darkreading.com/edge-ask-the-experts/what-do-all-those-cloud-cybersecurity-acronyms-mean-
• Artifical Intelligence and Machine Learning:
• Bias in Artificial Intelligence: Can AI be Trusted? https://www.securityweek.com/bias-artificial-intelligence-can-ai-be-trusted
• Disinformation and misinformation
• Facts Alone Are No Longer Convincing. Research Suggests You Should Include Personal Experience https://www.sciencealert.com/facts-are-no-longer-convincing-research-suggests-you-should-say-this-instead
• Fake news — what makes it so fascinating to the brain? https://scienmag.com/fake-news-what-makes-it-so-fascinating-to-the-brain/
• Disinformation Has Become Another Untouchable Problem in Washington https://www.nytimes.com/2022/07/06/business/disinformation-board-dc.html
• Health:
• The WHO Is About to Decide if Monkeypox Has Become a 'Global Public Health Emergency' https://www.sciencealert.com/the-who-is-about-to-decide-if-monkeypox-has-become-a-global-public-health-emergency
• The Omicron BA.5 subvariant is now the dominant COVID-19 strain in the US, and it's driving a wave of summertime infections https://www.businessinsider.com/omicron-ba5-subvariant-becomes-dominant-strain-in-the-us-2022-7
• You can now get COVID again within 4 weeks due to the new Omicron BA.5 variant, health expert says https://www.businessinsider.com/covid-variant-omicron-ba5-reinfection-contagious-health-experts-2022-7
• 17M Canadians got Omicron in 5 months, new federal report says https://globalnews.ca/news/8971767/canada-omicron-covid-19-federal-report/
• COVID-19 hospitalizations up sharply in Ontario, positivity rate at highest level since early May https://toronto.ctvnews.ca/covid-19-hospitalizations-up-sharply-in-ontario-positivity-rate-at-highest-level-since-early-may-1.5978858
• COVID-19: How protective are 3 vaccine doses at this point? https://www.cbc.ca/news/thenational/covid-19-how-protective-are-3-vaccine-doses-at-this-point-1.6510524
• Study shows increase in COVID-19 vaccine acceptance around the world https://scienmag.com/study-shows-increase-in-covid-19-vaccine-acceptance-around-the-world/
• Safety:
• Two new fatal Tesla crashes are being examined by US investigators https://www.theverge.com/2022/7/7/23198997/tesla-fatal-crashes-california-florida-autopilot-nhtsa
• The TikTok ‘blackout challenge' has now allegedly killed seven kids https://www.theverge.com/2022/7/7/23199058/tiktok-lawsuits-blackout-challenge-children-death
• Woman lit on fire aboard Toronto transit bus dies of injuries: police https://globalnews.ca/news/8969610/kipling-ttc-bus-woman-fire-dies-injuries/
• Woman taken to hospital after another apparent random attack at Toronto transit station https://toronto.ctvnews.ca/woman-taken-to-hospital-after-another-apparent-random-attack-at-toronto-transit-station-1.5978195
• Man who helped save driver from burning car on Ontario highway said rescue happened in 'the nick of time' https://toronto.ctvnews.ca/man-who-helped-save-driver-from-burning-car-on-ontario-highway-said-rescue-happened-in-the-nick-of-time-1.5977824
• Intense video shows worker dangling from crane at Toronto construction site https://toronto.ctvnews.ca/intense-video-shows-worker-dangling-from-crane-at-toronto-construction-site-1.5976503
• Formula One driver survives horrific crash thanks to halo cockpit requirement https://www.theverge.com/2022/7/4/23194215/formula-one-zhou-guanyu-halo-crash-survive
• Driver of $460,000 Lamborghini busted going nearly triple speed limit https://toronto.ctvnews.ca/driver-of-460-000-lamborghini-busted-going-nearly-triple-speed-limit-1.5974957
• Astronomers Just Detected an Asteroid That's Passing Extremely Close to Earth Today https://www.sciencealert.com/astronomers-just-detected-an-asteroid-that-s-passing-extremely-close-to-earth-today
• Environment:
• The World Is Turning Back to Coal https://www.theatlantic.com/science/archive/2022/07/us-carbon-emissions-russian-invasion/661493/
• Dead solar panels are about to become a lot more valuable https://www.theverge.com/2022/7/8/23200153/solar-panel-value-recycling-renewable-energy
• How nuclear war would affect earth today https://scienmag.com/how-nuclear-war-would-affect-earth-today/
• Economy:
• Bank of Canada will hike interest rate by 0.75% this week, economists predict https://globalnews.ca/news/8979531/bank-of-canada-interest-rate-hike-july-2022/
• Average New Car Payment Hits Record $45,844, Driven by Supply Chain Snarls https://www.pymnts.com/economy/2022/average-new-car-payment-hits-record-45844-driven-by-supply-chain-snarls/
• Crypto Lender Vauld Suspends Withdrawals as Customers Yanked $200M https://www.pymnts.com/cryptocurrency/2022/crypto-lender-vauld-suspends-withdrawals-as-customers-yanked-200m/
• Cryptocurrency broker Voyager Digital files for bankruptcy protection https://www.theguardian.com/technology/2022/jul/06/cryptocurrency-broker-voyager-digital-files-for-bankruptcy-protection

Russia v. Ukraine

• The war:
• Ukraine-Russia war: Civilians flee frontline city as Russians advance https://www.bbc.co.uk/news/world-europe-62061695
• Ukraine war: 21,000 alleged war crimes being investigated, prosecutor says https://www.bbc.co.uk/news/world-europe-62073669
• Global in Ukraine: Russian commander gave order to ‘shoot the civilians,' captured soldier says https://globalnews.ca/news/8961032/russian-commander-gave-order-shoot-civilians/
• Ukraine reports heavy Russian missile strikes in east and south https://www.bbc.co.uk/news/world-europe-62106446
• Russian army taking pause in Ukraine to regroup for renewed assault, analysts predict https://globalnews.ca/news/8972817/russia-ukraine-pause-renewed-assault/
• Reaction and response:
• Aircraft leasing company with 34 jets being held hostage by Putin sinks to $1.6 billion loss https://www.businessinsider.com/company-with-jets-held-hostage-putin-sinks-16-billion-loss-2022-7
• Let's Use Chicago Rules to Beat Russia https://www.theatlantic.com/ideas/archive/2022/07/madrid-nato-summit-2022-russia-ukraine/661494/
• Sanctions & economic Impact:
• Russia orders block on Caspian oil pipeline that could pull 1 million barrels a day from Europe's supply https://markets.businessinsider.com/news/commodities/russia-suspends-caspian-oil-pipeline-eu-supply-risk-energy-2022-7
• Entire industries in Germany could collapse due to Russian natural-gas supply cuts: union head https://www.businessinsider.com/germany-faces-entire-industries-collapse-russia-natural-gas-supply-cuts-2022-7
• Information, Disinformation, and Propaganda:
• Cyber-attacks and the potential for cyber-war:
• TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine https://thehackernews.com/2022/07/trickbot-malware-shifted-its-focus-on.html

Off-Topic / Science & Tech / Lighter Side

• Innovations & Inventions:
• Animals Have Been Cloned From Freeze-Dried Skin Cells in a Scientific First https://www.sciencealert.com/scientists-have-cloned-mice-from-freeze-dried-skin-cells
• Meta open sources early-stage AI translation tool that works across 200 languages https://www.theverge.com/2022/7/6/23194241/meta-facebook-ai-universal-translation-project-no-language-left-behind-open-source-model
• Other:
• Admit It, Squirrels Are Just Tree Rats https://www.theatlantic.com/science/archive/2022/07/squirrel-vs-rat-rodent-differences/661526/
• LHC Scientists Find Three Exotic Particles — and Start Hunting for More https://www.universetoday.com/156579/lhc-scientists-find-three-exotic-particles-and-start-hunting-for-more/
• SpaceX Shares an Image of the Super Heavy Booster Bristling With 33 Newly Installed Raptor Engines https://www.universetoday.com/156583/spacex-shares-an-image-of-the-super-heavy-booster-bristling-with-33-newly-installed-raptor-engines/
• Faster-Than-Light Travel Could Work Within Einstein's Physics, Astrophysicist Shows https://www.sciencealert.com/faster-than-light-travel-could-work-within-einstein-s-physics-astrophysicist-shows