This Week's [in]Security - Issue 286

Welcome to This Week’s [in]Security. Credit Card skimming & fraud surge: Magento, Linkedin Smartlinks, Google Tags, smartphone 2fa bypass, fake subscriptions, triangulation. MFA fatigue! Hurricane Fiona. New breaches: American Airlines, PHI exposed via AI, Optus, Oracle, Revolut, Redis. New Ransomware: Lockbit, decryptor. Downs: Malwarebytes v Google, DDoS. Follow-ups: Uber, TAP, LastPass. Privacy: Border Services, Europol, Telegram, PHI apps, Data sharing research. Laws & Regs - Canada: Online News Act, ArriveCAN. US: AI & copyright. World: India & VPNs, gag orders. Standards: NIST HMAC, PQC sigs, & IoT, NSA OT/ICS. Defense - Resources. Tools & Techniques, Cross-Layer Security. Vulnerabilities - Patching fatigue. Significant: Roundup, Old Python, ManageEngine, Sophos, NPM packages, Slack & Teams. Domain Shadowing, Firing InfoSec. Research: AI prompt injection, Reflected screens, Starlink, Cryptography. Escheresque MD5 image. Crime & Enforcement. Nation States and mercenaries. Other Risks - AI, Disinformation, Health. Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Related:
• How to Prepare for New PCI DSS 4.0 Requirements https://datexdatastealth.com/blog/how-to-prepare-for-new-pci-dss-4.0-requirements
• Payment skimmers/malware/fraud:
• Critical Magento vulnerability targeted in new surge of attacks https://www.bleepingcomputer.com/news/security/critical-magento-vulnerability-targeted-in-new-surge-of-attacks/
• Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards https://www.darkreading.com/attacks-breaches/threat-actor-abuses-linkedin-smart-links-feature-harvest-credit-cards
• Hundreds of eCommerce Domains Infected With Google Tag Manager-Based Skimmers https://www.securityweek.com/hundreds-ecommerce-domains-infected-google-tag-manager-based-skimmers
• Credit Card Fraud That Bypasses 2FA https://www.schneier.com/blog/archives/2022/09/credit-card-fraud-that-bypasses-2fa.html
• Multi-million dollar credit card fraud operation uncovered https://www.bleepingcomputer.com/news/security/multi-million-dollar-credit-card-fraud-operation-uncovered/
• Free stuff from the Internet is likely too good to be true, and it could be triangulation fraud https://www.npr.org/2022/09/02/1120798735/free-stuff-from-the-internet-is-likely-too-good-to-be-true-and-it-could-be-a-scam

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• American Airlines discloses data breach of PII and PHI after employee email compromise https://gizmodo.com/american-airlines-data-breach-travel-flights-1849557150
• Artist finds private medical record photos in popular AI training data set https://arstechnica.com/information-technology/2022/09/artist-finds-private-medical-record-photos-in-popular-ai-training-data-set/
• Millions hit in major Optus data hack https://www.news.com.au/technology/online/hacking/up-to-9-million-aussies-affected-in-major-optus-data-breach/news-story/c3e98ef6123f4871739cc1525fddd6ef
• Optus Under $1 Million Extortion Threat in Data Breach https://www.databreaches.net/optus-under-1-million-extortion-threat-in-data-breach/
• Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over their data https://www.theguardian.com/australia-news/2022/sep/24/optus-cyber-attack-company-opposed-changes-to-privacy-laws-to-give-customers-more-rights-over-their-data
• Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers https://www.securityweek.com/australian-telecoms-firm-optus-discloses-breach-impacting-customer-data
• Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data https://www.securityweek.com/oracle-cloud-infrastructure-vulnerability-exposed-sensitive-data
• Over 50,000 Revolut Customers Affected by Data Breach https://www.securityweek.com/over-50000-revolut-customers-affected-data-breach
• Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet https://thehackernews.com/2022/09/over-39000-unauthenticated-redis.html
• Ca: Yukon education department accidentally leaks student data https://www.databreaches.net/ca-yukon-education-department-accidentally-leaks-student-data/
• New Ransomware and "Incidents":
• LockBit ransomware builder leaked online by “angry developer” https://www.databreaches.net/lockbit-ransomware-builder-leaked-online-by-angry-developer/
• Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware https://thehackernews.com/2022/09/europol-and-bitdefender-release-free.html
• Bosnia and Herzegovina investigating alleged ransomware attack on parliament https://www.databreaches.net/bosnia-and-herzegovina-investigating-alleged-ransomware-attack-on-parliament/
• Hackers Paralyze 911 Operations in Suffolk County, NY https://www.darkreading.com/attacks-breaches/hackers-paralyze-911-operations-suffolk-county-ny
• Denver suburb won't cough up millions in ransomware attack that closed city hall https://www.databreaches.net/denver-suburb-wont-cough-up-millions-in-ransomware-attack-that-closed-city-hall/
• Hive ransomware claims attack on New York Racing Association https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-attack-on-new-york-racing-association/
• Microsoft SQL servers hacked in TargetCompany ransomware attacks https://www.bleepingcomputer.com/news/security/microsoft-sql-servers-hacked-in-targetcompany-ransomware-attacks/
• Waterloo police now investigating cyberattack at public school board https://globalnews.ca/news/9145197/waterloo-police-investigate-cyberattack-public-school-board/
• Major outages/downs:
• Malwarebytes blocks Google, YouTube as malware https://www.theregister.com/2022/09/21/malwarebytes_blocks_google_domains/
• Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing https://thehackernews.com/2022/09/record-ddos-attack-with-253-billion.html
• The record-setting DDoSes keep coming, with no end in sight https://arstechnica.com/information-technology/2022/09/the-record-setting-ddoses-keep-coming-with-no-end-in-sight/
• Follow-ups and fall-out:
• Uber Blames LAPSUS$ Hacking Group for Recent Security Breach https://thehackernews.com/2022/09/uber-blames-lapsus-hacking-group-for.html
• TAP Air Portugal - 5,067,990 breached accounts https://haveibeenpwned.com/PwnedWebsites#TAPAirPortugal
• LastPass Found No Code Injection Attempts Following August Data Breach https://www.securityweek.com/lastpass-found-no-code-injection-attempts-following-august-data-breach

Privacy

Articles about privacy related news, risks, and trends.

• Large-Scale Collection of Cell Phone Data at US Borders https://www.schneier.com/blog/archives/2022/09/large-scale-collection-of-cell-phone-data-at-us-borders.html
• Apparently Europol Is Hoarding Personal Data https://packetstormsecurity.com/news/view/33872/Apparently-Europol-Is-Hoarding-Personal-Data.html
• Telegram Has a Serious Doxing Problem https://www.wired.com/story/telegrams-doxing-problem/
• Our current world, health care apps and your personal data http://blog.talosintelligence.com/2022/09/our-current-world-health-care-apps-and.html
• GA: Former Dalton police officer sentenced to five years on probation for computer invasion of privacy and violating oath of office https://www.databreaches.net/ga-former-dalton-police-officer-sentenced-to-five-years-on-probation-for-computer-invasion-of-privacy-and-violating-oath-of-office/
• Hidden camera found in Tim Horton washroom https://toronto.ctvnews.ca/hidden-camera-found-inside-ontario-tim-hortons-bathroom-1.6081469
• Data Protection Law and Multi-Party Computation: Applications to Information Exchange between Law Enforcement Agencies https://eprint.iacr.org/2022/1242
• 'I Don't Care About Cookies' extension sold to Avast https://www.theregister.com/2022/09/21/avast_buys_i_dont_care_about_cookies_addon/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Why the Online News Act is a Bad Solution to a Real Problem, Part Two: Encouraging Clickbait and Low Quality Journalism With No “News Content” Standards https://www.michaelgeist.ca/2022/09/why-the-online-news-act-is-a-bad-solution-to-a-real-problem-part-two/
• Why the Online News Act is a Bad Solution to a Real Problem, Part Three: Unprecedented Government Intervention into a Sector Where Independence is Essential https://www.michaelgeist.ca/2022/09/why-the-online-news-act-is-a-bad-solution-to-a-real-problem-part-three/
• Canada to drop COVID-19 vaccine border policy, ArriveCan to be optional: sources https://www.ctvnews.ca/politics/canada-to-drop-covid-19-vaccine-border-policy-arrivecan-to-be-optional-sources-1.6076355
• US:
• Fearing copyright issues, Getty Images bans AI-generated artwork https://arstechnica.com/information-technology/2022/09/fearing-copyright-issues-getty-images-bans-ai-generated-artwork/
• World:
• VPN Providers Flee India as a New Data Law Takes Hold https://www.wired.com/story/vpn-firms-flee-india-data-collection-law/
• Gag order issued to stop release of information stolen by hackers https://www.databreaches.net/gag-order-issued-to-stop-release-of-information-stolen-by-hackers/
• UK Scrutinizes Amazon, Google, Microsoft Over Competition in Cloud Market https://www.pymnts.com/big-tech/2022/uk-scrutinizes-amazon-google-microsoft-over-competition-in-cloud-market/
• Standards News:
• NIST Proposes the Conversion of FIPS 198-1 (HMAC) to a NIST Special Publication https://content.govdelivery.com/accounts/USNIST/bulletins/32dd30a
• NIST Request for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process open until June 2023 https://csrc.nist.gov/News/2022/request-additional-pqc-digital-signature-schemes
• NIST IoT Cybersecurity Program Releases Two New Documents https://content.govdelivery.com/accounts/USNIST/bulletins/32d4fe4
• NSA shares guidance to help secure OT/ICS critical infrastructure https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-to-help-secure-ot-ics-critical-infrastructure/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• NIST Cybersecurity Career Resources Available Year-Round https://content.govdelivery.com/accounts/USNIST/bulletins/32bbbe7
• General:
• Quantifying ROI in Cybersecurity Spend https://www.securityweek.com/quantifying-roi-cybersecurity-spend
• How to Charge Your Phone in an Emergency https://weather.com/storms/hurricane/video/how-to-charge-your-phone-in-an-emergency
• How to Ditch Facebook Without Losing Your Friends (Or Family, Customers or Communities) https://www.eff.org/deeplinks/2022/09/how-ditch-facebook-without-losing-your-friends-or-family-customers-or-communities
• Methods, Techniques, Tools, and Products:
• A New Linux Tool Aims to Guard Against Supply Chain Attacks https://www.wired.com/story/chainguard-wolfi-linux-distribution/
• Cross-Layer Security: A Holistic View of Internet Security https://freedom-to-tinker.com/2022/09/20/cross-layer-security-a-holistic-view-of-internet-security/
• Microsoft Defender for Endpoint will turn on tamper protection by default https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-will-turn-on-tamper-protection-by-default/
• Windows 10 KB5017380 preview update released with new FIDO2 features https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5017380-preview-update-released-with-new-fido2-features/
• Windows 11 22H2 adds kernel exploit protection to security baseline https://www.bleepingcomputer.com/news/microsoft/windows-11-22h2-adds-kernel-exploit-protection-to-security-baseline/
• Windows 11 now warns when typing your password in Notepad, websites https://www.bleepingcomputer.com/news/microsoft/windows-11-now-warns-when-typing-your-password-in-notepad-websites/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Patching:
• Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs https://www.securityweek.com/vulnerability-management-fatigue-fueled-non-exploitable-bugs
• OtheSignificant:
• Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/
• Control Gap Vulnerability Roundup: September 10th to September 16th https://www.controlgap.com/blog/vulnerability-roundup-september-10th-september-16th
• CISA warns of critical manage engine RCE bug being actively attacked https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-manageengine-rce-bug-used-in-attacks/
• Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released https://thehackernews.com/2022/09/hackers-actively-exploiting-new-sophos.html
• Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware https://www.trendmicro.com/en_us/research/22/i/atlassian-confluence-vulnerability-cve-2022-26134-abused-for-cryptocurrency-mining-other-malware.html
• Malicious NPM Package Caught Mimicking Material Tailwind CSS Package https://thehackernews.com/2022/09/malicious-npm-package-caught-mimicking.html
• NPM packages used by crypto exchanges compromised https://www.bleepingcomputer.com/news/security/npm-packages-used-by-crypto-exchanges-compromised/
• Slack and Teams insecurity https://www.wired.com/story/slack-microsoft-teams-app-security/
• Other Vulnerabilities:
• Domain shadowing (think DNS parasites) becoming more popular among cybercriminals https://www.bleepingcomputer.com/news/security/domain-shadowing-becoming-more-popular-among-cybercriminals/
• Firing Your Entire Cybersecurity Team? Are You Sure? https://thehackernews.com/2022/09/firing-your-entire-cybersecurity-team.html
• Research on new vulnerabilities:
• Prompt Injection/Extraction Attacks against AI Systems https://www.schneier.com/blog/archives/2022/09/prompt-injection-extraction-attacks-against-ai-systems.html
• GPT-3 'prompt injection' attack causes bad bot manners https://www.theregister.com/2022/09/19/in_brief_security/
• Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses https://www.schneier.com/blog/archives/2022/09/leaking-screen-information-on-zoom-calls-through-reflections-in-eyeglasses.html
• Snooping on Starlink https://hackaday.com/2022/09/23/snooping-on-starlink-with-an-rtl-sdr/
• Cryptography and Cryptographic Research:
• This image contains its own MD5 checksum — and it's kind of a big deal https://www.bleepingcomputer.com/news/security/this-image-contains-its-own-md5-checksum-and-its-kind-of-a-big-deal/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• MFA Fatigue: Hackers' new favorite tactic in high-profile breaches https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
• Hackers stealing GitHub accounts using fake CircleCI notifications https://www.bleepingcomputer.com/news/security/hackers-stealing-github-accounts-using-fake-circleci-notifications/
• Malicious OAuth applications abuse cloud email services to spread spam https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/
• Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/
• Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs https://thehackernews.com/2022/09/researchers-uncover-years-long-mobile.html
• Microsoft 365 phishing attacks impersonate U.S. govt agencies https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attacks-impersonate-us-govt-agencies/
• ALPHV/BlackCat ransomware family becoming more dangerous https://www.databreaches.net/alphv-blackcat-ransomware-family-becoming-more-dangerous/
• Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws https://www.theregister.com/2022/09/22/microsoft_android_spyware_endpoint/
• Emotet Botnet Started Distributing Quantum and BlackCat Ransomware https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html
• Crime & Arrests, etc.:
• Ukraine dismantles hacker gang that stole 30 million accounts https://www.bleepingcomputer.com/news/security/ukraine-dismantles-hacker-gang-that-stole-30-million-accounts/
• Hackers steal $162 million from Wintermute crypto market maker https://www.bleepingcomputer.com/news/security/hackers-steal-162-million-from-wintermute-crypto-market-maker/
• Hackers steal South Carolina fire department's paychecks https://www.databreaches.net/hackers-steal-south-carolina-fire-departments-paychecks/
• SIM Swapper Abducted, Beaten, Held for $200k Ransom https://krebsonsecurity.com/2022/09/sim-swapper-abducted-beaten-held-for-200k-ransom/
• Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. https://krebsonsecurity.com/2022/09/accused-russian-rsocks-botmaster-arrested-requests-extradition-to-u-s/
• London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches https://thehackernews.com/2022/09/london-police-arrested-17-year-old.html
• Nation State Actors:
• CISA, FBI Detail Iranian Cyberattacks Targeting Albanian Government https://www.securityweek.com/iranian-hackers-breached-albanian-government-one-year-disruptive-attacks
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
  • Yes, you should monitor your remote workers – but not because you don't trust them https://www.theguardian.com/business/2022/sep/25/monitor-workers-at-home-security-cybercrime
  • Microsoft executives say it's 'wrong' for managers to spy on remote employees' mouse clicks and keystrokes: 'That's measuring heat rather than outcome' https://www.businessinsider.com/microsoft-executives-call-remote-employee-surveillance-spying-wrong-2022-9
  • Iran unrest: What's going on with Iran and the internet? https://www.bbc.co.uk/news/technology-62996100
  • Poland opens a propaganda-heavy canal https://www.economist.com/europe/2022/09/15/poland-opens-a-propaganda-heavy-canal
  • Automatic Cheating Detection in Human Racing https://www.schneier.com/blog/archives/2022/09/automatic-cheating-detection-in-human-racing.html
  • Magnus Carlsen and Hans Niemann: The cheating row that's blowing up the chess world https://www.bbc.co.uk/news/world-63010107
  • Facebook is experimenting with letting users help write speech rules https://www.theverge.com/2022/9/21/23364788/facebook-user-written-moderation-rules-experiment
  • Twitter Logs Out Some Users Due to Security Issue Related to Password Resets https://www.securityweek.com/twitter-logs-out-some-users-due-security-issue-related-password-resets
  • 20-year-old who tracks Elon Musk and Mark Zuckerberg's private jets says Facebook took down his page because it violates their policy https://www.businessinsider.com/facebook-removes-page-man-tracking-elon-musk-mark-zuckerberg-jets-2022-9
  • The Ungodly Surveillance of Anti-Porn ‘Shameware' Apps https://www.wired.com/story/covenant-eyes-anti-porn-accountability-monitoring-apps/
  • Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking https://www.darkreading.com/emerging-tech/alarm-bells-post-quantum-crypto-cracking
  • Disentangling the Facts From the Hype of Quantum Computing IEEE Quantum Week is a chance to celebrate progress and acknowledge the challenges https://spectrum.ieee.org/ieee-quantum-week
  • No Motivation for Post-Quantum Security Without Regulatory Push https://www.darkreading.com/edge-threat-monitor/no-enterprise-push-for-quantum-without-regulatory-push
  • Traditional computers can solve some quantum problems - So wouldn’t that mean they weren’t quantum problems after all? No mention of NP vs BQP either. https://phys.org/news/2022-09-traditional-quantum-problems.html
  • Key element for a scalable quantum computer https://scienmag.com/key-element-for-a-scalable-quantum-computer/
  • Quantum Physics Titans Win Breakthrough Prize https://www.scientificamerican.com/article/quantum-physics-titans-win-breakthrough-prize/
• Artificial Intelligence and Machine Learning:
  • Is AI Art a ‘Toy' or a ‘Weapon'? https://www.theatlantic.com/technology/archive/2022/09/dall-e-ai-art-image-generators/671550/
  • Deepfake audio has a tell and researchers can spot it https://arstechnica.com/information-technology/2022/09/researchers-use-fluid-dynamics-to-spot-deepfake-voices/
  • AI model from OpenAI automatically recognizes speech and translates it to English https://arstechnica.com/information-technology/2022/09/new-ai-model-from-openai-automatically-recognizes-speech-and-translates-to-english/
• Disinformation and misinformation
  • How Gaslighting Manipulates Reality https://www.scientificamerican.com/article/how-gaslighting-manipulates-reality/
  • Pentagon Orders Review of Its Overseas Social Media Campaigns https://www.nytimes.com/2022/09/19/us/politics/pentagon-social-media.html
• Health:
  • ‘Half-stache September': Humboldt bus crash survivor creates unique mental health fundraiser https://globalnews.ca/news/9147165/humboldt-bus-crash-survivor-tyler-smith-moustache-mental-health-fundraiser/
  • Alzheimer's Might Not Actually Be a Brain Disease, Expert Says https://www.sciencealert.com/alzheimers-might-not-actually-be-a-brain-disease-expert-says
  • Cancer-killing virus shows promise in patients https://www.bbc.co.uk/news/health-62833581
  • The Fatal Error of an Ancient, HIV-Like Virus https://www.theatlantic.com/science/archive/2022/09/lentiviruses-lemurs-hiv-treatment-cure/671498/
  • The Frogs Vanished, Then People Got Sick. This Was No Harmless Coincidence. https://www.sciencealert.com/the-frogs-vanished-then-people-got-sick-this-was-no-harmless-coincidence
  • There Are New FDA Safety Warnings About Breast Implants. Here's What We Know https://www.sciencealert.com/there-are-new-fda-safety-warnings-about-breast-implants-heres-what-we-know
  • Canada preparing to drop COVID-19 vaccine mandate at border: Senior government source https://globalnews.ca/news/9143819/canada-covid-19-vaccine-mandate-border/
  • Mosquitoes that can't spread malaria engineered by scientists https://scienmag.com/mosquitoes-that-cant-spread-malaria-engineered-by-scientists/
  • Bivalent COVID-19 booster shot available to all adults in Ontario starting Monday https://toronto.ctvnews.ca/bivalent-covid-19-booster-shot-available-to-all-adults-in-ontario-starting-monday-1.6083543
  • New study reveals breakthrough infections increase immunity to COVID-19 https://scienmag.com/new-study-reveals-breakthrough-infections-increase-immunity-to-covid-19/
  • Ontario's first diverging diamond interchange opens Monday https://toronto.ctvnews.ca/ontario-s-first-diverging-diamond-interchange-opens-monday-1.6083490
• Hurricane Fiona:
  • Hurricane Fiona eyes Bermuda before making its way to Canada https://globalnews.ca/news/9150866/hurricane-fiona-bermuda-canada-track/
  • Fiona makes landfall, leaving path of destruction in eastern Canada https://globalnews.ca/news/9153444/fiona-ns-sept-24-landfall/
  • Storm Fiona: Houses washed into sea as storm batters Canada https://www.bbc.co.uk/news/world-us-canada-63025036
  • Nova Scotia Power says Fiona outages could last days https://www.cbc.ca/news/canada/nova-scotia/hurricane-fiona-briefing-halifax-1.6594663
  • N.S. premier calls extensive damage from Fiona 'heartbreaking,' says restoring power is top priority https://atlantic.ctvnews.ca/n-s-premier-calls-extensive-damage-from-fiona-heartbreaking-says-restoring-power-is-top-priority-1.6083506
• Safety:
  • Tesla ordered to recall more than a million US cars https://www.bbc.co.uk/news/technology-62996103
  • Should Low Earth Orbit be a protected environmental ecosystem? https://www.universetoday.com/157689/should-low-earth-orbit-be-a-protected-environmental-ecosystem/
  • ‘I Have Spent Most of My Life Worrying About Nuclear War' https://www.theatlantic.com/magazine/archive/2022/10/the-commons/671237/
  • Your car should be able to tell if you're too drunk or impaired to drive, NTSB says https://www.theverge.com/2022/9/21/23364959/ntsb-passive-alcohol-detection-prevent-drunk-driving
  • Sinkhole swallows several cars at south Edmonton dealership https://globalnews.ca/news/9142387/sinkhole-cars-south-edmonton-dealership/
• Environment:
  • 'Tax fossil fuel profits for climate damage - UN chief https://www.bbc.co.uk/news/science-environment-62970887
  • This Is How Much Fossil Fuel The World Is Sitting on, And It's a Time Bomb https://www.sciencealert.com/this-is-how-much-fossil-fuel-the-world-is-sitting-on-and-its-a-time-bomb
  • U.S. Fossil-Fuel Reserves Alone Could Put Global Climate Targets Out of Reach https://www.scientificamerican.com/article/u-s-fossil-fuel-reserves-alone-could-put-global-climate-targets-out-of-reach/
  • Why Electric Vehicles Won't Break the Grid https://www.scientificamerican.com/article/why-electric-vehicles-wont-break-the-grid/
  • Rapid land sinking is making many coastal cities worldwide vulnerable to sea level rise, finds international group of scientists https://scienmag.com/rapid-land-sinking-is-making-many-coastal-cities-worldwide-vulnerable-to-sea-level-rise-finds-international-group-of-scientists/
  • The East Coast Will Not Escape Fire https://www.theatlantic.com/science/archive/2022/09/new-jersey-drought-wildfires-pineland/671463/
  • Vultures Prevent Tens of Millions of Metric Tons of Carbon Emissions Each Year https://www.scientificamerican.com/article/vultures-prevent-tens-of-millions-of-metric-tons-of-carbon-emissions-each-year/
  • How California Kept the Lights On during Monster Heat Wave https://www.scientificamerican.com/article/how-california-kept-the-lights-on-during-monster-heat-wave/
  • How a Quebec Lithium Mine May Help Make Electric Cars Affordable https://www.nytimes.com/2022/09/20/business/electric-vehicles-lithium-quebec.html
  • Can AI stop rare eagles flying into wind turbines in Germany? https://www.theguardian.com/environment/2022/sep/20/germany-hopes-ai-can-stop-rare-eagles-flying-into-wind-turbines
• Economy:
  • Is Crypto a Big Scam? https://theintercept.com/2022/09/23/deconstructed-crypto-ben-mckenzie/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Putin is personally giving orders to his generals on the battlefield as dysfunction grows, according to US intel https://www.businessinsider.com/putin-giving-orders-generals-ukraine-battlefield-dysfunction-grows-us-intelligence-2022-9
• Putin's call-up won't make a dent in Ukraine for months and is already sowing panic at home with protests and people racing to get out of the country https://www.businessinsider.com/putin-mobilization-wont-make-a-dent-in-ukraine-for-months-2022-9
• Putin announces partial military mobilization, drafting reservists into immediate action and escalating Ukraine war https://www.businessinsider.com/putin-speech-partial-military-mobilization-draft-reservists-ukraine-war-2022-9
• Ukraine war: Putin not bluffing about nuclear weapons, EU says https://www.bbc.co.uk/news/world-europe-63016675
• Reaction and response:
• Putin Is Cornered https://www.theatlantic.com/ideas/archive/2022/09/zelensky-ukraine-west-military-aid-supplies/671485/
• Russians rush to flee nation after Putin orders partial military mobilization https://globalnews.ca/news/9144923/russia-flights-ukraine-putin-mobilization/
• Traffic intensifying on Russian border, Finland says amid mobilization order https://globalnews.ca/news/9147910/finland-russia-border-putin-mobilization-ukraine/
• Ukraine war: Hundreds arrested as Russian draft protests continue https://www.bbc.co.uk/news/world-europe-63021118
• Ukraine war: Protests in Russia's Dagestan region against new draft https://www.bbc.co.uk/news/world-europe-63028586
• Plane tickets out of Russia are selling out after Putin announces partial military mobilization https://www.businessinsider.com/plane-tickets-out-russia-sell-out-after-putin-declares-mobilization-2022-9
• Why is Russia holding 'votes' in occupied Ukraine? https://www.bbc.co.uk/news/world-europe-62973415
• Undiplomatic words at UN and Russians flee the draft - Ukraine round-up https://www.bbc.co.uk/news/world-europe-62996213
• Ukraine war, energy crisis has Canadians more supportive of oil and gas: poll https://globalnews.ca/news/9145154/ukraine-war-energy-crisis-canada-oil-gas-support-ipsos/
• Sanctions & economic Impact:
• Germany nationalises gas giant amid energy crisis https://www.bbc.co.uk/news/world-europe-62980158
• Russian seaborne crude exports crater to their lowest level in 5 months as Europeans shun Moscow ahead of new sanctions https://markets.businessinsider.com/news/commodities/russian-oil-exports-crude-eu-seaborne-moscow-ukraine-europe-barrels-2022-9
• Russian ruble falls after Putin escalates the war in Ukraine by calling up 300,000 more troops and making nuclear threats https://markets.businessinsider.com/news/currencies/russian-ruble-vladimir-putin-troop-mobilization-nuclear-weapons-ukraine-war-2022-9
• Information, Disinformation, and Propaganda:
• Fact-checking Russian claims of NATO troops in Ukraine https://www.bbc.co.uk/news/62974506
• Cyber-attacks and the potential for cyber-war:
• Pro-Ukraine Hacktivists Claim To Have Hacked Notorious Russian Mercenary Group https://packetstormsecurity.com/news/view/33865/Pro-Ukraine-Hacktivists-Claim-To-Have-Hacked-Notorious-Russian-Mercenary-Group.html
• Russian Sandworm hackers pose as Ukrainian telcos to drop malware https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-pose-as-ukrainian-telcos-to-drop-malware/
• Russia summons Canadian ambassador, says embassy in Ottawa was attacked https://globalnews.ca/news/9140109/russia-embassy-attack-canada-ambassador/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• The First Lady of Engineering: Lost Women of Science Podcast, Season 3, Episode 1 https://www.scientificamerican.com/article/the-first-lady-of-engineering-lost-women-of-science-podcast-season-3-episode-1/
• Off-gridders take energy needs into their own hands https://www.bbc.co.uk/news/business-62351448
• Extending the life of geosynchronous satellites https://www.northropgrumman.com/space/space-logistics-services/
• Other:
• NASA's Asteroid-Crashing DART Mission Is Ready for Impact https://www.scientificamerican.com/article/nasas-asteroid-crashing-dart-mission-is-ready-for-impact/
• NASA's James Webb Space Telescope just snapped the clearest image of Neptune's rings in 33 years https://www.businessinsider.com/james-webb-space-telescope-captures-clearest-image-of-neptunes-rings-2022-9
• Uh oh, There's a Problem With one of Webb's Science Instruments https://www.universetoday.com/157695/jwst-partially-stops-observations-after-suffering-instrument-problem/
• Neptune and Its Rings Glow in Webb Telescope's Portrait https://www.universetoday.com/157709/neptune-and-its-rings-glow-in-webb-telescopes-portrait/
• The depths of Hell: Rocket Lab is sending a mission to Venus https://www.syfy.com/syfy-wire/bad-astronomy-venus-atmsopheric-probe-by-rocket-lab-could-launch-in-2023
• InSight Heard Four Meteoroids Crash Into Mars https://www.universetoday.com/157686/insite-heard-four-meteoroids-crash-into-mars/
• Astronomers find the nearest black hole to Earth, and it has a Sun-like companion star https://www.syfy.com/syfy-wire/bad-astronomy-nearby-black-hole-is-closest-one-yet-found