This Week's [in]Security - Issue 282

Welcome to This Week’s [in]Security. PCI updates: Prioritized Approach. Twitter vs Mudge a whistleblower with cred. Cheap Complexity. New breaches: LastPass's codebase, Novant - Facebook trackers & PHI, Plex, Twilio fallout. New Ransomware. Follow-ups: Facebook/Cambridge, SolarWinds, DDoS payback? Privacy: Facebook, Scanning photos, in-app-browsers. Laws & Regs - Canada: ArriveCAN, US: Block, Oracle, mRNA. World: SEC & China. Defense - Training & events: DevSecOps, Hiring. Tools & Techniques. Vulnerabilities - Advisories: Palo-Alto. Significant: roundup, permanent state of cyber-war(?),Linux kernel, Atlassian, GitLab, IoT certs, RTLS, BlackHat summary, airgaps. PQC readiness. Quantum hype(?). Hyundai’s text book failure. Cybercrime - Trends: MitM/AiTM, PyPI phishing, Residential proxies. Crime & Enforcement. Nation States and mercenaries. Overbilling! Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:
• PCI DSSv4.0 Updates Prioritized Approach Documentation and Tool https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Supporting%20Document/Prioritized-Approach-For-PCI-DSS-v4-0.pdf
• PCI 3DS SDK Technical FAQs https://docs-prv.pcisecuritystandards.org/3DS/Frequently%20Asked%20Questions%20(FAQ)/PCI_SSC_3DS_SDK_v1.x_Technical_FAQs_Aug2022.pdf
• Other payment related:
• Debit Card Fraud Spotlights FinTech Need for New ‘Money In' Approach https://www.pymnts.com/news/security-and-risk/2022/debit-card-fraud-spotlights-fintech-need-for-new-money-in-approach/
• How Crypto Shields Merchants Against Chargeback Fraud https://www.pymnts.com/cryptocurrency/2022/how-crypto-shields-merchants-against-chargeback-fraud/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Hackers Breach LastPass Developer System to Steal Source Code https://thehackernews.com/2022/08/hackers-breach-lastpass-developer.html
• LastPass Hacked: Password Manager With 25 Million Users Confirms Breach of Source Code https://www.forbes.com/sites/daveywinder/2022/08/25/lastpass-hacked-password-manager-with-25-million-users-confirms-breach/
• Novant Health admits leak of 1.3m patients' info to Facebook https://www.theregister.com/2022/08/22/novant_meta_data/
• From the “What Could Possibly Go Wrong Department” after it went wrong, Monday edition https://www.databreaches.net/from-the-what-could-possibly-go-wrong-department-after-it-went-wrong-monday-edition/
• Plex imposes password reset after hackers steal data for >15 million users https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/
• NATO investigates hacker sale of missile firm data https://www.bbc.co.uk/news/technology-62672184
• Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations https://thehackernews.com/2022/08/okta-hackers-behind-twilio-and.html
• Now Oktapus gets access to some DoorDash customer info via phishing attack https://www.theregister.com/2022/08/26/doordash_oktapus_phishing/
• Signal Phone Numbers Exposed in Twilio Hack https://www.schneier.com/blog/archives/2022/08/signal-phone-numbers-exposed-in-twilio-hack.html
• Over 80,000 exploitable Hikvision cameras exposed online https://www.bleepingcomputer.com/news/security/over-80-000-exploitable-hikvision-cameras-exposed-online/
• Textile Company Sferra Discloses Data Breach https://www.securityweek.com/textile-company-sferra-discloses-data-breach
• Hacker accesses injured workers' personal info in cyberattack on North Dakota agency https://www.databreaches.net/hacker-accesses-injured-workers-personal-info-in-cyberattack-on-north-dakota-agency/
• Hive starts dumping patient and employee data from Baton Rouge General Health System https://www.databreaches.net/hive-starts-dumping-patient-and-employee-data-from-baton-rouge-general-health-system/
• How many breaches has Overlake Medical Center & Clinics experienced in the past few years? https://www.databreaches.net/how-many-breaches-has-overlake-medical-center-clinics-experienced-in-the-past-few-years/
• A confusing data dump from Vice Society https://www.databreaches.net/a-confusing-data-dump-from-vice-society/
• Data on California Prisons' Visitors, Staff, Inmates Exposed https://www.securityweek.com/data-california-prisons-visitors-staff-inmates-exposed
• New Ransomware and "Incidents":
• NHS cyberattack causing ‘total chaos' in hospitals could take a year to recover https://www.databreaches.net/nhs-cyberattack-causing-total-chaos-in-hospitals-could-take-a-year-to-recover/
• Greek natural gas operator suffers ransomware-related data breach https://www.bleepingcomputer.com/news/security/greek-natural-gas-operator-suffers-ransomware-related-data-breach/
• Follow-ups and fall-out:
• Facebook agrees to settle Cambridge Analytica data privacy lawsuit https://www.theguardian.com/technology/2022/aug/26/facebook-cambridge-analytica-data-privacy-lawsuit-settlement
• Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack https://www.darkreading.com/edge-articles/3-years-later-solarwinds-ciso-shares-3-lessons-from-the-infamous-attack
• Ca: Conservatives call for release of report on massive Afghan immigration data breach https://www.databreaches.net/ca-conservatives-call-for-release-of-report-on-massive-afghan-immigration-data-breach/
• ParkMobile Can't Escape Data Breach Class Action https://www.databreaches.net/parkmobile-cant-escape-data-breach-class-action/
• LockBit ransomware blames Entrust for DDoS attacks on leak sites https://www.bleepingcomputer.com/news/security/lockbit-ransomware-blames-entrust-for-ddos-attacks-on-leak-sites/

Privacy

Articles about privacy related news, risks, and trends.

• Meta, Marketing, and Online Healthcare: A Deadly Combination (for Data Privacy) https://sourcedefense.com/resources/blog/meta-marketing-and-online-healthcare-a-deadly-combination-for-data-privacy/
• Google's Scans of Private Photos Led to False Accusations of Child Abuse https://www.eff.org/deeplinks/2022/08/googles-scans-private-photos-led-false-accusations-child-abuse
• New Open Source Tool Shows Code Injected Into Websites by In-App Browsers https://www.securityweek.com/new-open-source-tool-shows-code-injected-websites-app-browsers
• The Privacy Flaw Threatening US Democracy https://www.wired.com/story/privacy-mass-surveillance-us-authoritarian/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• U.S. lawmakers, advocates urge Ottawa to scrap ArriveCAN, open Nexus offices https://globalnews.ca/news/9076756/arrivecan-nexus-us-lawmakers-advocacy/
• US:
• Report: DOJ Preps Apple Antitrust Suit https://www.pymnts.com/antitrust/2022/report-department-of-justice-preps-apple-antitrust-suit/
• Victory: Government Finally Releases Secretive Court Rulings Sought By EFF https://www.eff.org/deeplinks/2022/08/victory-government-finally-releases-secretive-court-rulings-sought-eff
• Block sued after ex-staffer siphons customer data https://www.theregister.com/2022/08/24/block_headed_to_court_to/
• Class Action Lawsuit Filed Against Oracle Over Data Collection Practices https://www.securityweek.com/class-action-lawsuit-filed-against-oracle-over-data-collection-practices
• NFT copyright is still a total mess, says report https://www.theverge.com/2022/8/22/23316723/nft-copyright-galaxy-report-crypto-ip-rights-licensing-ownership
• Moderna suing Pfizer over Covid vaccine technology https://www.bbc.co.uk/news/health-62691102
• World:
• The SEC announced an agreement to allow US officials to audit Chinese firms, potentially avoiding the delisting of hundreds of Chinese stocks https://markets.businessinsider.com/news/stocks/china-us-stocks-audit-inspections-delistings-sec-hong-kong-reviews-2022-8

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• NCCoE DevSecOps Workshop September 19th / 10 AM- 3 PM EDT https://content.govdelivery.com/accounts/USNIST/bulletins/3264b01
• NICE Webinar: Overcoming the Entry-Level Job in Cybersecurity Conundrum September 21, 2022 | 2:00-3:00 PM ET https://content.govdelivery.com/accounts/USNIST/bulletins/327a980
• General:
• Capital One Joins Open Source Security Foundation https://www.darkreading.com/application-security/capital-one-joins-open-source-security-foundation
• Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report https://www.darkreading.com/vulnerabilities-threats/penetration-testing-market-worth-2-7b-by-2027-marketsandmarkets-tm-report
• Methods, Techniques, Tools, and Products:
• Announcing the Open Sourcing of Paranoid's Library https://security.googleblog.com/2022/08/announcing-open-sourcing-of-paranoids.html
• Cyber Signals: Defend against the new ransomware landscape https://www.microsoft.com/security/blog/2022/08/22/cyber-signals-defend-against-the-new-ransomware-landscape/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability https://thehackernews.com/2022/08/cisa-warns-of-active-exploitation-of.html
• CISA: Vulnerability in Delta Electronics ICS Software Exploited in Attacks https://www.securityweek.com/cisa-vulnerability-delta-ics-software-exploited-attacks
• Significant:
• 77% of security leaders fear we're in perpetual cyberwar from now on https://www.theregister.com/2022/08/27/in-brief-security/
• Control Gap Vulnerability Roundup: August 13th to August 19th https://www.controlgap.com/blog/vulnerability-roundup-august-13th-august-19th
• "As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html
• Atlassian Bitbucket Server vulnerable to critical RCE vulnerability https://www.bleepingcomputer.com/news/security/atlassian-bitbucket-server-vulnerable-to-critical-rce-vulnerability/
• GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software https://thehackernews.com/2022/08/gitlab-issues-patch-for-critical-flaw.html
• Microsoft finds critical hole in operating system that for once isn't Windows https://www.theregister.com/2022/08/23/microsoft_chromeos_bug/
• If you haven't patched Zimbra holes by now, assume you're toast https://www.theregister.com/2022/08/23/cisa_zimbra_signatures/
• Other Vulnerabilities:
• Expiring Root Certificates Threaten IoT in the Enterprise https://www.darkreading.com/edge-articles/expiring-root-certificates-threaten-iot-in-the-enterprise
• Many Media Industry Vendors Slow to Patch Critical Vulnerabilities: Study https://www.securityweek.com/many-media-industry-vendors-slow-patch-critical-vulnerabilities-study
• Microsoft Shares Details on Critical ChromeOS Vulnerability https://www.securityweek.com/microsoft-shares-details-critical-chromeos-vulnerability
• Warning over Java libraries and deserialization security weaknesses https://www.theregister.com/2022/08/22/java_library_flaws/
• RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html
• Security Firm Discloses CrowdStrike Issue After 'Ridiculous Disclosure Process' https://www.securityweek.com/security-firm-discloses-crowdstrike-issue-after-ridiculous-disclosure-process
• VMware Carbon Black causing BSOD crashes on Windows https://www.bleepingcomputer.com/news/security/vmware-carbon-black-causing-bsod-crashes-on-windows/
• Google Confirms New Attack Can Read All Gmail Messages in Compromised Accounts: Iran Accounts Targeted https://www.forbes.com/sites/daveywinder/2022/08/23/gmail-hacked-google-says-new-attack-can-read-all-email-messages/
• Research on new vulnerabilities:
• Microsoft Security highlights from Black Hat USA 2022 https://www.microsoft.com/security/blog/2022/08/25/microsoft-security-highlights-from-black-hat-usa-2022/
• Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems https://www.securityweek.com/ethernet-leds-can-be-used-exfiltrate-data-air-gapped-systems
• New Air Gap-Jumping Attack Uses Ultrasonic Tones and Smartphone Gyroscope https://www.securityweek.com/new-air-gap-jumping-attack-uses-ultrasonic-tones-and-smartphone-gyroscope
• Magnifier: An Experiment with Interactive Decompilation https://blog.trailofbits.com/2022/08/25/magnifier-an-experiment-with-interactive-decompilation/
• Cryptography and Cryptographic Research:
• CISA: Prepare now for quantum computers, not when hackers use them https://www.bleepingcomputer.com/news/security/cisa-prepare-now-for-quantum-computers-not-when-hackers-use-them/
• Scientist says greedy physicists have overhyped quantum tech https://thenextweb.com/news/oxford-scientist-says-greedy-physicists-overhyped-quantum-computing
• Quantum Cryptography for Risk Managers or Shor, Grover, and the Crypto-Apocalypse https://www.controlgap.com/blog/quantum-cryptography-for-risk-managers
• Researchers demonstrate error correction in a silicon qubit system https://scienmag.com/researchers-demonstrate-error-correction-in-a-silicon-qubit-system/
• Hyundai Uses Example Keys for Encryption System https://www.schneier.com/blog/archives/2022/08/hyundai-uses-example-keys-for-encryption-system.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Firewall Bug Under Active Attack Triggers CISA Warning https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
• Man-in-the-Middle Phishing Attack https://www.schneier.com/blog/archives/2022/08/man-in-the-middle-phishing-attack.html
• PyPI warns of first-ever phishing campaign against its users https://www.theregister.com/2022/08/26/pypi_warns_of_firstever_phishing/
• Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users https://thehackernews.com/2022/08/researchers-warn-of-aitm-attack.html
• 'Sliver' Emerges as Cobalt Strike Alternative for Malicious C2 https://www.darkreading.com/vulnerabilities-threats/-sliver-cobalt-strike-alternative-malicious-c2
• Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account https://www.darkreading.com/cloud/unusual-microsoft-365-phishing-efax-compromised-dynamic-voice-account
• Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html
• FBI warns of residential proxies used in credential stuffing attacks https://www.bleepingcomputer.com/news/security/fbi-warns-of-residential-proxies-used-in-credential-stuffing-attacks/
• Fake Chrome extension 'Internet Download Manager' has 200,000 installs https://www.bleepingcomputer.com/news/security/fake-chrome-extension-internet-download-manager-has-200-000-installs/
• Fake Reservation Links Prey On Weary Travelers https://packetstormsecurity.com/news/view/33756/Fake-Reservation-Links-Prey-On-Weary-Travelers.html
• MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/
• Meet Borat RAT, a New Unique Triple Threat https://thehackernews.com/2022/08/meet-borat-rat-new-unique-triple-threat.html
• New 'Donut Leaks' extortion gang linked to recent ransomware attacks https://www.bleepingcomputer.com/news/security/new-donut-leaks-extortion-gang-linked-to-recent-ransomware-attacks/
• New Golang Ransomware Agenda Customizes Attacks https://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html
• Fake 'Cthulhu World' P2E project used to push info-stealing malware https://www.bleepingcomputer.com/news/security/fake-cthulhu-world-p2e-project-used-to-push-info-stealing-malware/
• Crime & Arrests, etc.:
• More than $100m worth of NFTs stolen since July 2021, data shows https://www.theguardian.com/technology/2022/aug/24/nfts-stolen-non-fungible-tokens-criminals-scam-cryptocurrency
• Thieves target parking lots near Toronto Pearson airport to steal catalytic converters https://toronto.ctvnews.ca/thieves-target-parking-lots-near-toronto-pearson-airport-to-steal-catalytic-converters-1.6042774
• Nation State Actors:
• Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies https://www.securityweek.com/microsoft-details-new-post-compromise-malware-used-russian-cyberspies
• CEO of Israeli Pegasus Spyware Firm to Step Down https://www.securityweek.com/ceo-israeli-pegasus-spyware-firm-step-down

Other Security / Risk

Articles covering other types of risks.

• General:
• Security and Cheap Complexity https://www.schneier.com/blog/archives/2022/08/security-and-cheap-complexity.html
• Mudge Files Whistleblower Complaint against Twitter https://www.schneier.com/blog/archives/2022/08/mudge-files-whistleblower-complaint-against-twitter.html
• Security pros are rallying to defend the Twitter whistleblower https://www.theverge.com/2022/8/23/23318554/cybersecurity-pros-defend-twitter-whistleblower-peiter-mudge-zatko
• Twitter Whistleblower Complaint: The TL;DR Version https://threatpost.com/twitter-whistleblower-tldr-version/180472/
• Twitter's Former Security Chief Accuses Company of ‘Egregious' Practices https://www.nytimes.com/2022/08/23/business/twitter-whistleblower-security.html
• Twitter's Former Security Chief Accuses Company of ‘Egregious' Practices https://www.nytimes.com/2022/08/23/technology/twitter-whistleblower-security.html
• The Twitter Whistleblower Report's Most Damning Allegation https://www.wired.com/story/mudge-twitter-whistleblower-security/
• Twitter executives push back against whistle-blower complaint. https://www.nytimes.com/2022/08/24/technology/twitter-executives-push-back-against-whistle-blower-complaint.html
• Whistleblowing Is Broken https://www.theatlantic.com/technology/archive/2022/08/zatko-twitter-tech-industry-whistleblowers/671227/
• A multidimensional approach to journalism security https://www.microsoft.com/security/blog/2022/08/23/a-multidimensional-approach-to-journalism-security/
• Avis charged a customer $6,000 after claiming she drove a rental car 23,000 miles in 3 days, reports say https://www.businessinsider.com/avis-claim-woman-drove-23000-miles-three-days-charged-6000-2022-8
• Microsoft is putting more ads in Outlook on iOS and Android https://www.theverge.com/2022/8/22/23316102/microsoft-outlook-mobile-ads-ios-android-focused-inbox
• Experts question security of online vote to pick Tory leader https://www.theguardian.com/politics/2022/aug/22/experts-question-security-online-vote-pick-tory-leader
• Disinformation and misinformation
• Google Looks to Vaccination to Combat Misinformation In Searches https://www.nytimes.com/2022/08/24/technology/google-search-misinformation.html
• Spiders Are Caught in a Global Web of Misinformation https://www.nytimes.com/2022/08/25/science/spiders-misinformation-rumors.html
• Health:
• New weapon targets antibiotic resistance https://scienmag.com/new-weapon-targets-antibiotic-resistance/
• Simple rubber band fix improves surgical mask seal to N-95 levels, study shows https://scienmag.com/simple-rubber-band-fix-improves-surgical-mask-seal-to-n-95-levels-study-shows/
• In highly vaccinated Massachusetts, no excess mortality detected this spring https://scienmag.com/in-highly-vaccinated-massachusetts-no-excess-mortality-detected-this-spring/
• Canada to get 12 million doses of Moderna's Omicron-targeted COVID vaccine https://globalnews.ca/news/9076502/moderna-omicron-covid-vaccine-canada-supply/
• Eye Tests May Help Diagnose Alzheimer's Disease https://www.scientificamerican.com/article/eye-tests-may-help-diagnose-alzheimer-rsquo-s-disease/
• More West Nile virus positive mosquitoes found in GTA https://toronto.ctvnews.ca/more-west-nile-virus-positive-mosquitoes-found-in-gta-1.6042194
• What we know about meningococcal disease amid outbreak in Toronto https://www.ctvnews.ca/health/what-we-know-about-meningococcal-disease-amid-outbreak-in-toronto-1.6042828
• No One Knows What's Inside the Smallpox Vaccine https://www.theatlantic.com/science/archive/2022/08/mystery-inside-monkeypox-vaccines/671256/
• Extreme Lookalikes May Share Much Deeper Ties Than We Ever Realized https://www.sciencealert.com/extreme-lookalikes-may-share-much-deeper-ties-than-we-ever-realized
• Safety:
• Train passenger among dozens stranded in 32-mile undersea tunnel for 5 hours describes 'terrifying' journey 'into the abyss' that was 'like a disaster movie' https://www.businessinsider.com/eurotunnel-le-shuttle-train-passengers-trapped-hours-terrifying-undersea-tunnel-2022-8
• Relaxing under summer trees can be dangerous - summer branch drop https://www.advnture.com/news/relaxing-under-trees-can-be-seriously-dangerous-warn-yosemite-park-rangers
• Astronauts Going to Mars Will Receive Many Lifetimes Worth of Radiation https://www.universetoday.com/157285/astronauts-going-to-mars-will-receive-many-lifetimes-worth-of-radiation/
• Environment:
• Efforts to pass global ocean protection treaty fail https://www.bbc.co.uk/news/science-environment-62680423
• California to Ban the Sale of New Gasoline Cars by 2035 https://www.nytimes.com/2022/08/24/climate/california-gas-cars-emissions.html
• Canada and Germany plan to begin hydrogen shipments in 2025 https://globalnews.ca/news/9080110/canada-germany-hydrogen-shipments-2025/
• Cheap New Method Breaks Down 'Forever Chemicals' https://www.scientificamerican.com/article/cheap-new-method-breaks-down-forever-chemicals/
• Google accused of airbrushing carbon emissions in flight search results https://www.theguardian.com/technology/2022/aug/25/google-accused-airbrushing-carbon-emissions-flight-search-results
• DNA profiling solves Australian rabbit plague puzzle https://scienmag.com/dna-profiling-solves-australian-rabbit-plague-puzzle/
• Economy:
• Test to create rare earth element ingots in Saskatchewan successful https://globalnews.ca/news/9087639/rare-earth-element-ingots-test-success-saskatchewan/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Russian missiles strike Ukraine as war nears 6-month mark https://globalnews.ca/news/9076138/russia-ukraine-war-aug-22/
• Russia accuses Ukraine in death of ultra-nationalist's daughter https://globalnews.ca/news/9076164/russia-ukraine-darya-dugina-death/
• Reaction and response:
• Ukraine war: Allies seek more security at Zaporizhzhia nuclear plant https://www.bbc.co.uk/news/world-europe-62626763
• Russia burning gas into atmosphere as it scales back Europe supply https://globalnews.ca/news/9087095/russia-europe-energy-gas-flaring/
• Ukraine calls on foreign countries to ban Russian travelers after six months of Russia's invasion https://www.businessinsider.com/ukraine-wants-foreign-countries-to-ban-russian-travelers-2022-8
• Germany approves energy-saving measures for winter https://www.bbc.co.uk/news/business-62659247
• Russia's war on Ukraine has put Arctic defence back on Canada's agenda. Here's why https://globalnews.ca/news/9086161/canada-arctic-defence-russia-ukraine/
• Sanctions & economic Impact:
• Canada sanctions 62 Russian officials, defence firm as invasion hits grim milestone https://globalnews.ca/news/9078678/canada-russian-sanctions-august-2022/
• Russia halted a natural gas shipment to Asia over payment issues, threatening blackouts in some countries https://markets.businessinsider.com/news/commodities/russia-natural-gas-lng-shipment-asia-japan-sakhalin-us-dollar-2022-8
• Information, Disinformation, and Propaganda:
• Cyber-attacks and the potential for cyber-war:

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• UBC's new 'sailbot' nearly ready for 2,500-km voyage from Victoria to Hawaii https://www.cbc.ca/news/canada/british-columbia/ubc-team-robotic-sailboat-poised-to-set-course-for-hawaii-1.6557653
• Other:
• SpaceX Starlink 'train' of satellites illuminates Northwest skies https://www.bleepingcomputer.com/news/technology/spacex-starlink-train-of-satellites-illuminates-northwest-skies/
• Apollo Remastered: One man's mission to show us the Moon https://www.bbc.co.uk/news/science-environment-62662685
• NASA's Moon-Bound Megarocket Will Send a Spacecraft to an Asteroid, Too https://www.scientificamerican.com/article/nasas-moon-bound-megarocket-will-send-a-spacecraft-to-an-asteroid-too/
• New Horizons Could Still Have More Adventures Ahead https://www.universetoday.com/157298/new-horizons-could-still-have-more-adventures-ahead/
• An extrasolar world covered in water? https://scienmag.com/an-extrasolar-world-covered-in-water/
• NASA's James Webb Space Telescope detects carbon dioxide in a distant world's atmosphere for the first time https://www.businessinsider.com/james-webb-space-telescope-detects-carbon-dioxide-in-distant-world-2022-8
• Astronomers Reveal New Details of How Stars Devour Planets https://www.scientificamerican.com/article/astronomers-reveal-new-details-of-how-stars-devour-planets/
• How the Inside of a Black Hole Is Secretly on the Outside https://www.scientificamerican.com/article/how-the-inside-of-a-black-hole-is-secretly-on-the-outside/
• NASA Recorded The Sound From a Black Hole, and It's Super Eerie https://www.sciencealert.com/nasa-recorded-the-sound-from-a-black-hole-and-its-super-eerie