This Week's [in]Security - Issue 277

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Compensating Controls vs Customized Approach. Skimmers, Scammers & Magecart. Payments: Cash. New breaches: Entrust, Twitter users, Okta, Alibaba. New Ransomware, Major outages: Rogers fallout. Follow-ups & Fall-out: $1.2B Didi fine, $350M T-Mobile fine, Zuckerberg. Privacy: tracking war, DHS. Laws & Regs - Canada: Copyright. US: Ransom bans, Anti-trust. Standards: NIST wearables, DevSecOps, HIPPA. Defense - Training & events: Cybersecurity Framework. Tools & Techniques: macro blocking, adversarial patches, microcode decryptor. Vulnerabilities: Roundup! GPS, Confluence, Cisco, supply chains. Patching. Other: ICS, Spectre, IoT, Other: Air-gap. Crypto-research. Cybercrime - Trends: Residential Proxies, WordPress, "Pig Butchering", Phished-in. Crime & Enforcement. Nation States and mercenaries. Other Risks - General: Google oops, Space-canucks. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

• PCI Updates:
• PCI DSS v4.0: Compensating Controls vs Customized Approach https://blog.pcisecuritystandards.org/pci-dss-v4-0-compensating-controls-vs-customized-approach
• Payment skimmers/malware/fraud:
• Hackers steal 50,000 credit cards from 300 U.S. restaurants https://www.bleepingcomputer.com/news/security/hackers-steal-50-000-credit-cards-from-300-us-restaurants/
• Scammers are trying a new credit card scheme. Here's how the call went https://toronto.ctvnews.ca/scammers-are-trying-a-new-credit-card-scheme-here-s-how-the-call-went-1.5992582
• Other payment related:
• Rogers outage shows need to keep cash in a digital world, experts say https://globalnews.ca/news/9000432/rogers-outage-keeping-cash/
• Visa Changes Chargeback Dispute Program https://www.pymnts.com/visa/2022/visa-changes-chargeback-dispute-program/

Breaches / Ransomware / Leaks

• New Breaches:
• Digital security giant Entrust breached by ransomware gang https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
• Security Giant Entrust Breached – Hackers Stole Data From Internal Systems https://www.databreaches.net/security-giant-entrust-breached-hackers-stole-data-from-internal-systems/
• Hacker selling Twitter account data of 5.4 million users for $30k https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/
• Okta Exposes Passwords in Clear Text for Possible Theft https://www.darkreading.com/application-security/okta-exposes-passwords-clear-text-theft
• Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography https://www.trendmicro.com/en_us/research/22/g/alibaba-oss-buckets-compromised-to-distribute-malicious-shell-sc.html
• Neopets data breach exposes personal data of 69 million members https://www.bleepingcomputer.com/news/security/neopets-data-breach-exposes-personal-data-of-69-million-members/
• Walmart-Controlled Flight Booking Service Suffers Data Leak https://packetstormsecurity.com/news/view/33644/Walmart-Controllled-Flight-Booking-Service-Suffers-Data-Leak.html
• Anonymous mental health app Feelyou accidentally exposed 70,000 personal emails https://www.databreaches.net/anonymous-mental-health-app-feelyou-accidentally-exposed-70000-personal-emails/
• RI: City of Newport advising past, current employees of potential data loss https://www.databreaches.net/ri-city-of-newport-advising-past-current-employees-of-potential-data-loss/
• New Ransomware and "Incidents":
• Ransomware attacks cost the US $159.4bn in downtime alone in 2021 https://www.comparitech.com/blog/information-security/us-ransomware-attacks-cost/
• New Luna ransomware encrypts Windows, Linux, and ESXi systems https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/
• Albanian government websites go dark after cyberattack https://www.theregister.com/2022/07/18/albania_down/
• CRCSD Employee: District still dealing with effects from “Security Breach” https://www.databreaches.net/crcsd-employee-district-still-dealing-with-effects-from-security-breach/
• The small Canadian town of St. Mary’s is being extorted by a global ransomware gang https://www.theverge.com/2022/7/22/23274372/st-marys-canada-lockbit-ransomware-cyber-incident
• Major outages/downs:
• Rogers says it couldn't have revived emergency services any faster during outage https://globalnews.ca/news/9010767/rogers-outage-could-not-revive-services-faster/
• Rogers CEO outlines new protocols, steps to avoid future network outages https://globalnews.ca/news/9012281/rogers-ceo-network-outage-steps/
• Rogers replaces chief technology officer in wake of nationwide outage https://globalnews.ca/news/9006061/rogers-chief-technology-officer/
• Follow-ups and fall-out:
• Financial data breaches accounted for 153.6 million leaked records from January 2018 to June 2022 https://www.comparitech.com/blog/vpn-privacy/financial-data-breaches/
• China fines Didi $1.2bn over ‘egregious' data security violations https://www.databreaches.net/china-fines-didi-1-2bn-over-egregious-data-security-violations/
• T-Mobile agrees to pay $350 million in data breach affecting 77 million users https://www.databreaches.net/t-mobile-agrees-to-pay-350-million-in-data-breach-affecting-77-million-users/
• Zuckerberg to Testify Over Cambridge Analytica Data Breach https://www.databreaches.net/zuckerberg-to-testify-over-cambridge-analytica-data-breach/
• Croatia's data protection regulator fines telecom €285,000 for insufficient security that facilitated data breach https://www.databreaches.net/croatias-data-protection-regulator-fines-telecom-e285000-for-insufficient-security-that-facilitated-data-breach/
• Recent decisions by the Data Protection Commissioner of Singapore https://www.databreaches.net/recent-decisions-by-the-data-protection-commissioner-of-singapore/
• 37,800 people sent privacy breach notifications linked to Newfoundland and Labrador cyberattack https://www.databreaches.net/37800-people-sent-privacy-breach-notifications-linked-to-newfoundland-and-labrador-cyberattack/
• PPCGeeks - 492,518 breached accounts https://haveibeenpwned.com/PwnedWebsites#PPCGeeks

Privacy

• Facebook Is Now Encrypting Links to Prevent URL Stripping https://www.schneier.com/blog/archives/2022/07/facebook-is-now-encrypting-links-to-prevent-url-stripping.html
• The DHS Bought a ‘Shocking Amount' of Phone-Tracking Data https://www.wired.com/story/dhs-surveillance-phone-tracking-data/

Laws, Regulations, Platforms, Standards, and Public Policy

• Canada:
• Supreme Court of Canada on Copyright: “Copyright Law Does Not Exist Solely for the Benefit of Authors” https://www.michaelgeist.ca/2022/07/supreme-court-of-canada-on-copyright-copyright-law-does-not-exist-solely-for-the-benefit-of-authors/
• US:
• Americans Deserve More Than The Current American Data Privacy Protection Act https://www.eff.org/deeplinks/2022/07/americans-deserve-more-current-american-data-privacy-protection-act
• Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms https://www.databreaches.net/florida-follows-north-carolina-in-prohibiting-state-agencies-from-paying-ransoms/
• Internal documents show Facebook and Google discussing platform strategies https://www.theverge.com/2022/7/19/23270400/facebook-google-amazon-apple-antitrust-house-judiciary-investigation-report
• Amazon sues 10,000 Facebook Group admins for offering fake reviews https://www.theregister.com/2022/07/20/amazon_facebook_reviews/
• A company called Meta is suing Meta for naming itself Meta https://www.theverge.com/2022/7/19/23270164/meta-augmented-reality-facebook-lawsuit
• California Gov. Newsom signs gun law modeled after Texas' abortion ban: 'We're using Texas' perverse abortion law to actually save lives' https://www.businessinsider.com/gavin-newsom-signs-gun-law-modeled-after-texas-abortion-ban-2022-7
• Standards News:
• NIST Publishes Security Guidance for First Responder Mobile and Wearable Devices | NIST IR 8235 https://csrc.nist.gov/publications/detail/nistir/8235/final
• NCCoE Releases Draft Project Description for DevSecOps available for comment through August 22 https://nccoe.nist.gov/
• Implementing the HIPAA Security Rule: NIST Releases Draft NIST SP 800-66, Rev. 2 for Public Comment through September 21 https://csrc.nist.gov/publications/detail/sp/800-66/rev-2/draft
• Information and Communications Technology (ICT) Risk Management in the Enterprise: Two Draft Special Publications available for comment through September 6 https://csrc.nist.gov/publications/detail/sp/800-221/draft
• Protecting Controlled Unclassified Information: Pre-Draft Call for Comments on the CUI Series SP 800-171, SP 800-171A, SP 800-172, and SP 800-172A available for comment through September 16 https://csrc.nist.gov/publications/detail/sp/800-171/rev-3/draft
• Comment Period Extended for NIST SP 1800-34, Validating the Integrity of Computing Devices https://www.nccoe.nist.gov/supply-chain-assurance

Defense / Techniques / Solutions

• Educational events, webinars, courses, etc:
• Journey to the NIST Cybersecurity Framework (CSF) 2.0 First Workshop on August 17th 10:00 am–4:30 pm EDT https://www.nist.gov/news-events/events/2022/08/journey-nist-cybersecurity-framework-csf-20-workshop-1
• A Primer on Client-side Security – PCI QSA Webinar https://info.sourcedefense.com/webinar/a-primer-on-client-side-security-pci-qsa-webinar-am
• General:
• (ISC)² Pledges 1 Million Certified in Cybersecurity https://blog.isc2.org/isc2_blog/2022/07/isc2-1-million-certified-in-cybersecurity.html
• Methods, Techniques, Tools, and Products:
• Can Encryption Key Intercepts Solve The Ransomware Epidemic? https://www.securityweek.com/can-encryption-key-intercepts-solve-ransomware-epidemic
• Microsoft resumes default blocking of Office macros after updating docs https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-default-blocking-of-office-macros-after-updating-docs/
• Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks (2) https://freedom-to-tinker.com/2022/07/19/toward-trustworthy-machine-learning-an-example-in-defending-against-adversarial-patch-attacks-2/
• DNS-over-HTTP/3 in Android https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
• Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says https://www.theregister.com/2022/07/20/intel-cpu-microcode/
• Do Mac computers need antivirus protection? https://www.comparitech.com/blog/information-security/if-you-have-a-mac-do-you-need-antivirus-protection/
• Enforcing Password History in Your Windows AD to Curb Password Reuse https://www.bleepingcomputer.com/news/security/enforcing-password-history-in-your-windows-ad-to-curb-password-reuse/

Bugs / Design Flaws / Vulnerabilities / Research

• Advisories:
• Control Gap Vulnerability Roundup: July 8th to 15th https://www.controlgap.com/blog/vulnerability-roundup-july-8th-15th
• Critical Vulnerabilities in GPS Trackers https://www.schneier.com/blog/archives/2022/07/critical-vulnerabilities-in-gps-trackers.html
• Atlassian: Confluence hardcoded password was leaked, patch now! https://www.bleepingcomputer.com/news/security/atlassian-confluence-hardcoded-password-was-leaked-patch-now/
• Cisco fixes bug that lets attackers execute commands as root https://www.bleepingcomputer.com/news/security/cisco-fixes-bug-that-lets-attackers-execute-commands-as-root/
• Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers https://thehackernews.com/2022/07/cisco-releases-patches-for-critical.html
• Software Supply Chain Concerns Reach C-Suite https://www.darkreading.com/application-security/software-supply-chain-concerns-reach-c-suite
• Patching:
• Juniper Networks Patches Over 200 Third-Party Component Vulnerabilities https://www.securityweek.com/juniper-networks-patches-over-200-third-party-component-vulnerabilities
• SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products https://thehackernews.com/2022/07/sonicwall-issues-patch-for-critical-bug.html
• Microsoft's latest security patch troubles Windows 11 users https://www.theregister.com/2022/07/18/windows_11_patch_problems/
• Other Vulnerabilities:
• Hundreds of ICS Vulnerabilities Disclosed in First Half of 2022 https://www.securityweek.com/hundreds-ics-vulnerabilities-disclosed-first-half-2022
• New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks https://thehackernews.com/2022/07/new-study-finds-most-enterprise-vendors.html
• The New Weak Link in SaaS Security: Devices https://thehackernews.com/2022/07/the-new-weak-link-in-saas-security.html
• At the edge, nobody can hear your IoT devices scream … https://www.theregister.com/2022/07/22/at_the_edge_nobody_can/
• Code Execution and Other Vulnerabilities Patched in Drupal https://www.securityweek.com/code-execution-and-other-vulnerabilities-patched-drupal
• WordPress Page Builder Plug-in Under Attack, Can't Be Patched https://www.darkreading.com/application-security/wordpress-page-builder-addons-under-attack-cant-be-patched
• Netwrix Auditor Vulnerability Can Facilitate Attacks on Enterprises https://www.securityweek.com/netwrix-auditor-vulnerability-can-facilitate-attacks-enterprises
• Research on new vulnerabilities:
• New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html
• Cryptography and Cryptographic Research:
• DiSSECT: Distinguisher of Standard & Simulated Elliptic Curves via Traits https://eprint.iacr.org/2022/943
• Searchable Encryption with randomized ciphertext and randomized keyword search https://eprint.iacr.org/2022/945
• Molecular Encryption - ‘Pulling back the curtain' to reveal a molecular key to The Wizard of Oz https://scienmag.com/pulling-back-the-curtain-to-reveal-a-molecular-key-to-the-wizard-of-oz/

Hacking / Malware / Cybercrime / Exploitation

• Trends, Alerts, and Events (other than major breaches):
• A Deep Dive Into the Residential Proxy Service ‘911' https://krebsonsecurity.com/2022/07/a-deep-dive-into-the-residential-proxy-service-911/
• Exploit seller used Chrome exploit and 2 other 0-days to infect journalists https://arstechnica.com/information-technology/2022/07/exploit-seller-used-chrome-exploit-and-2-other-0-days-to-infect-journalists/
• Cyber-attacks on Port of Los Angeles have doubled since pandemic https://www.bbc.co.uk/news/business-62260272
• Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability https://thehackernews.com/2022/07/experts-notice-sudden-surge-in.html
• Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
• Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms https://thehackernews.com/2022/07/hackers-use-evilnum-malware-to-target.html
• New ‘Lightning Framework' Linux malware installs rootkits, backdoors https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/
• New CloudMensis malware backdoors Macs to steal victims' data https://www.bleepingcomputer.com/news/security/new-cloudmensis-malware-backdoors-macs-to-steal-victims-data/
• Malicious Android apps with 300K installs found on Google Play https://www.bleepingcomputer.com/news/security/malicious-android-apps-with-300k-installs-found-on-google-play/
• Servers running Digium Phones VoiP software are getting backdoored https://arstechnica.com/information-technology/2022/07/servers-running-digium-phones-voip-software-are-getting-backdoored/
• Massive Losses Define Epidemic of ‘Pig Butchering' https://krebsonsecurity.com/2022/07/massive-losses-define-epidemic-of-pig-butchering/
• LinkedIn remains the most impersonated brand in phishing attacks https://www.bleepingcomputer.com/news/security/linkedin-remains-the-most-impersonated-brand-in-phishing-attacks/
• FBI warns of fake cryptocurrency apps used to defraud investors https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-cryptocurrency-apps-used-to-defraud-investors/
• Ontario woman warns about computer virus banking scam after losing $60,000 https://toronto.ctvnews.ca/ontario-woman-warns-about-computer-virus-banking-scam-after-losing-60-000-1.5994245
• Crime & Arrests, etc.:
• FBI recovers $500,000 healthcare orgs paid to Maui ransomware https://www.bleepingcomputer.com/news/security/fbi-recovers-500-000-healthcare-orgs-paid-to-maui-ransomware/
• Romanian hacker faces US trial over virus-for-hire service https://www.theverge.com/2022/7/20/23271583/romanian-hacker-extradited-banking-malware-gozi-virus-paunescu
• Nation State Actors:
• Exploitation of Recent Chrome Zero-Day Linked to Israeli Spyware Company https://www.securityweek.com/exploitation-recent-chrome-zero-day-linked-israeli-spyware-company
• US Disrupts North Korean Hackers That Targeted Hospitals https://www.securityweek.com/us-disrupts-north-korean-hackers-targeted-hospitals
• NSO Group's Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders https://www.schneier.com/blog/archives/2022/07/nso-groups-pegasus-spyware-used-against-thailand-pro-democracy-activists-and-leaders.html
• Belgium Says Chinese APTs Targeted Interior, Defense Ministries https://www.securityweek.com/belgium-says-chinese-apts-targeted-interior-defense-ministries

Other Security / Risk

• General:
• Bill for US telcos to bin Chinese kit blows out by $3 billion https://www.theregister.com/2022/07/18/scrp_shortfall/
• Google blocks site of largest computing society for being ‘harmful' https://www.bleepingcomputer.com/news/security/google-blocks-site-of-largest-computing-society-for-being-harmful-/
• Magical thinking about Ballot-Marking-Device contingency plans https://freedom-to-tinker.com/2022/07/21/magical-thinking-about-ballot-marking-device-contingency-plans/
• The Unsolved Mystery Attack on Internet Cables in Paris https://www.wired.com/story/france-paris-internet-cable-cuts-attack/
• RCAF to ‘protect Canadian interests in space' with new division https://globalnews.ca/news/9009389/rcaf-new-space-division/
• Fire continues to burn on P.E.I.-N.S. ferry, crossings cancelled for rest of weekend https://globalnews.ca/news/9010795/pei-ns-ferry-fire-crossings-cancelled/
• Health:
• Food Expiration Dates Aren't Based on Science. Here's What You Can Do Instead https://www.sciencealert.com/food-expiration-dates-aren-t-based-on-science-here-s-what-you-can-do-instead
• New York records 1st polio case in over a decade https://globalnews.ca/news/9006762/new-york-state-polio-case-confirmed/
• WHO declares monkeypox a global health emergency https://globalnews.ca/news/9010837/who-monkeypox-global-health-emergency/
• Canada confirms 681 monkeypox cases as WHO declares global health emergency https://globalnews.ca/news/9011383/canada-monkeypox-who-global-health-emergency/
• COVID Virus May Tunnel through Nanotubes from Nose to Brain https://www.scientificamerican.com/article/covid-virus-may-tunnel-through-nanotubes-from-nose-to-brain/
• Is COVID-19 testing needed at airports? Experts are divided https://globalnews.ca/news/9002936/covid-random-testing-airports-expert-reaction/
• New key protection against COVID-19 found in saliva! https://scienmag.com/new-key-protection-against-covid-19-found-in-saliva/
• Alzheimer's breakthrough: Genetic link to gut disorders confirmed https://scienmag.com/alzheimers-breakthrough-genetic-link-to-gut-disorders-confirmed/
• UTMB study shows vaccine rapidly protects against lethal Lassa fever https://scienmag.com/utmb-study-shows-vaccine-rapidly-protects-against-lethal-lassa-fever/
• Man's leg amputated after infection with flesh-eating bacteria in ocean https://www.accuweather.com/en/weather-news/mans-leg-amputated-after-infection-with-flesh-eating-bacteria-in-ocean/1221047
• Stanford-Developed Millirobot Swims in Your Body and Delivers Medicine to Places That Need It https://scitechdaily.com/stanford-developed-millirobot-swims-in-your-body-and-delivers-medicine-to-places-that-need-it/
• Safety:
• Legalization of marijuana linked to increased traffic crashes, fatalities: Study https://scienmag.com/legalization-of-marijuana-linked-to-increased-traffic-crashes-fatalities-study/
• 3 hikers who went missing in northern Ontario located with help of ‘what3words' app https://globalnews.ca/news/9006869/missing-hikers-located-ontario-what3words/
• 28-year-old woman charged after carjacking on Gardiner Expressway: Toronto police https://globalnews.ca/news/8998710/gardiner-expressway-carjacking-toronto/
• Chess robot breaks seven-year-old boy's finger during Moscow Open https://www.bbc.co.uk/news/world-europe-62286017
• 12 youths charged in string of ‘swarming-style' robberies across Vaughan https://globalnews.ca/news/9003063/youths-arrested-swarming-style-robberies-vaughan/
• Victims pepper-sprayed during daytime ‘swarming robbery' near Canada's Wonderland: police https://globalnews.ca/news/9009412/victims-pepper-sprayed-vaughan-swarming-robbery/
• Environment:
• How Hot is Too Hot for the Human Body? https://www.scientificamerican.com/article/how-hot-is-too-hot-for-the-human-body1/
• Google Cloud data center in London suffers 'cooling-related failure' as UK hits record-high temperatures https://www.businessinsider.com/google-cloud-data-center-london-outage-hottest-day-record-uk-2022-7
• England Can't Take the Heat https://www.theatlantic.com/international/archive/2022/07/uk-europe-heatwave-temperature-record/670571/
• Photos: The U.K. Reaches Its Highest Temperature Ever https://www.theatlantic.com/photo/2022/07/photos-uk-heatwave/670566/
• Most of Ontario under heat warning with climatologist saying 'warmest part of summer has yet to come' https://toronto.ctvnews.ca/most-of-ontario-under-heat-warning-with-climatologist-saying-warmest-part-of-summer-has-yet-to-come-1.5992433
• Nuclear power station shut downs will leave Ontario relying on gas to generate electricity https://globalnews.ca/news/8949102/nuclear-power-pickering-gas-environment-electricity-ontario-ford/
• Canadian lakes getting warmer and shallower amid climate change: study https://globalnews.ca/news/9001153/canadian-lakes-climate-change/
• ‘Your gas guzzler kills': Environmental group says it deflated tires on Kitchener SUVs https://globalnews.ca/news/8997655/environmental-group-deflates-tires-suvs-kitchener/
• Massive waves clear two-storey condo in Hawaii as huge swell rolls in https://globalnews.ca/news/8998350/massive-waves-hawaii-two-storey-condo/
• Economy:
• The Everything-Is-Weird Economy https://www.theatlantic.com/newsletters/archive/2022/07/us-economy-inflation-recession-employment/670543/
• Bank of Canada interest rate hike is a ‘hammer to housing' market: BMO economist https://globalnews.ca/news/8998329/bank-of-canada-interest-rate-housing-market/
• Eurozone raises interest rates for first time in 11 years https://www.bbc.co.uk/news/business-62240730
• Where have all the workers gone? Don't blame COVID, economists say https://www.cbc.ca/news/canada/ottawa/ottawa-workers-covid-retirements-1.6529325
• ‘Bunch of Idiots': Crypto Pays Steep Price for Due Diligence Delinquency https://www.pymnts.com/cryptocurrency/2022/bunch-of-idiots-crypto-pays-steep-price-for-due-diligence-delinquency/
• Towing fees in Mississauga to spike by hundreds of dollars https://toronto.ctvnews.ca/towing-fees-in-mississauga-to-spike-by-hundreds-of-dollars-1.5993842

Russia v. Ukraine

• The war:
• Russia has only gained 'maybe 6 to 10 miles' of territory since war pivoted to eastern Ukraine, top US general says https://www.businessinsider.com/russia-territory-eastern-ukraine-war-few-miles-us-general-says-2022-7
• Russia appears to have shot down one of its own jets in Ukraine just a few weeks after it was delivered https://www.businessinsider.com/russia-appears-to-shoot-down-own-new-su34m-in-ukraine-2022-7
• Ukraine war: Kyiv's forces moving towards occupied Kherson - Zelensky https://www.bbc.co.uk/news/world-europe-62283196
• Ukraine and Russia sign deal to allow grain exports from blockaded Black Sea ports amid growing fears of global food catastrophe https://www.businessinsider.com/ukraine-russia-reach-deal-allow-grain-exports-avoid-food-catastrophe-2022-7
• Ukraine war: Explosions rock Ukrainian port hours after grain deal https://www.bbc.co.uk/news/world-europe-62276392
• Reaction and response:
• Russia replaces provocative head of its space agency, signs deal with NASA to share resources https://www.cbc.ca/news/world/russia-replaces-head-russia-space-agency-who-threatened-leave-iss-1.6521694
• Sanctions & economic Impact:
• Information, Disinformation, and Propaganda:
• Russia's independent TV Rain channel back on air from abroad https://www.bbc.co.uk/news/world-europe-62216940
• Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html
• Pro-Russia authorities will ban Google in occupied regions of Ukraine https://www.theverge.com/2022/7/22/23274134/google-banned-occupied-ukraine-russia-war-donetsk-luhansk
• Russia fines Google $365 million over YouTube videos containing ‘prohibited' content https://www.theverge.com/2022/7/18/23268978/google-russia-fine-360-million-youtube-videos-prohibited-content-ukraine-war
• Cyber-attacks and the potential for cyber-war:
• Google catches Turla hackers deploying Android malware in Ukraine https://www.bleepingcomputer.com/news/security/google-catches-turla-hackers-deploying-android-malware-in-ukraine/
• Russia Creates Malware False-Flag App https://www.schneier.com/blog/archives/2022/07/russia-creates-malware-false-flag-app.html

Off-Topic / Science & Tech / Lighter Side

• Innovations & Inventions:
• How Florence Nightingale Changed Data Visualization Forever https://www.scientificamerican.com/article/how-florence-nightingale-changed-data-visualization-forever/
• Aerospace electrified by new technology https://www.bbc.co.uk/news/business-62120130
• CAE to convert fleet to electric planes, and school future pilots in green aircraft https://globalnews.ca/news/9000790/cae-to-convert-fleet-to-electric-planes-and-school-future-pilots-in-green-aircraft/
• Boom Supersonic has unveiled the latest design for its ultra-fast airliner that will be able to fly from New York to London in 3.5 hours — see the new Overture https://www.businessinsider.com/photos-boom-supersonic-updated-ultra-fast-aircraft-overture-2022-7
• Quatum Innovation.
• Computer Science Proof Unveils Unexpected Form of Entanglement https://www.quantamagazine.org/computer-science-proof-lifts-limits-on-quantum-entanglement-20220718/
• Other:
• A McDonald's and a Dairy Queen in Missouri are trading insults on their restaurant signs, and now other local businesses are joining in on the beef https://www.businessinsider.com/missouri-mcdonalds-dairy-queen-start-sign-war-insults-local-businesses-2022-7
• Dogs Might Actually 'See' Through Smells, Brain Scans Suggest https://www.sciencealert.com/dogs-smell-is-tightly-linked-to-the-visual-parts-of-their-brain
• How is Canada like Mars? Lost Hammer Spring shows us https://www.syfy.com/syfy-wire/bad-astronomy-lost-hammer-spring-in-canada-is-similar-to-mars
• Two Spacecraft Could Work Together to Capture an Asteroid and Bring it Close to Earth for Mining https://www.universetoday.com/156729/two-spacecraft-could-work-together-to-capture-an-asteroid-and-bring-it-close-to-earth-for-mining/
• ‘Black hole police' discover a dormant black hole outside of the Milky Way galaxy https://scienmag.com/black-hole-police-discover-a-dormant-black-hole-outside-of-the-milky-way-galaxy/