This Week's [in]Security - Issue 287

Welcome to This Week’s [in]Security. PCI SAQ updates, PA-DSS retirement, Debit, Virtual cards! New breaches: CBSA, Fast Company, CIA. Ransomware, Outages, & Follow-ups. Privacy. Laws & Regs - Canada: C-11, Quebec. US: Incident reporting, CA, NY, Patent Trolls, World: Australia, DORA, Standards: TLP2.0. Events, Defensive tools & techniques. Vulnerabilities - Zerodays, Patching, Significant: App security and geography, Roundup, Exchange, WhatsApp, Sophos, BitBucket, IoT, supply chain, Research: Trojan Source Analysis. Exploitation time, Cryptography. Cybercrime - Trends: BEC, MFA fatigue, Open Source, Jobs, Domains, Hyperjacking. Crime & Enforcement, Nation States and mercenaries. Other Risks - AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation: DART. 6-qubits, and more. 

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• New/Updated Standards:
• Updated 3.2.1 SAQ Instructions and Guidelines https://docs-prv.pcisecuritystandards.org/SAQ%20(Assessment)/Instructions%20%26%20Guidance/SAQ-InstrGuidelines-v3-2-1-r1.pdf
• Assessors: Prepare for the Closure of PA-DSS https://blog.pcisecuritystandards.org/assessors-prepare-for-the-closure-of-pa-dss
• Other payment related:
• In a Payments Industry First, Usage of Debit Cards Tops That of Credit Cards https://www.digitaltransactions.net/in-a-payments-industry-first-usage-of-debit-cards-tops-that-of-credit-cards/
• Get Set for a Virtual Card Tsunami, Juniper Research Says https://www.digitaltransactions.net/get-set-for-a-virtual-card-tsunami-juniper-research-says/
• Elavon Launches a Platform for Contactless Payments in Mass Transit https://www.digitaltransactions.net/elavon-launches-a-platform-for-contactless-payments-in-mass-transit/
• These Ontario cities have hidden $100 Canadian Tire bills. This is how to find them https://toronto.ctvnews.ca/these-ontario-cities-have-hidden-100-canadian-tire-bills-this-is-how-to-find-them-1.6086648
• What Is The Role Of A CISO In Compliance? https://datexdatastealth.com/blog/what-is-the-role-of-a-ciso-in-compliance
• Health worker photographed patient credit cards and went shopping with them, cops say https://www.databreaches.net/health-worker-photographed-patient-credit-cards-and-went-shopping-with-them-cops-say/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Swachh City Platform Suffers Data Breach Leaking 16 Million User Records https://www.databreaches.net/swachh-city-platform-suffers-data-breach-leaking-16-million-user-records/
• Data Breach at Canadian Border Agency Contractor Involved up to 1.38 Million Licence Plates https://www.databreaches.net/data-breach-at-canadian-border-agency-contractor-involved-up-to-1-38-million-licence-plates/
• Fast Company CMS Hack Raises Security Questions https://www.darkreading.com/attacks-breaches/fast-company-cms-hack-raises-security-questions
• Hacked Fast Company sends 'obscene and racist' alerts via Apple News https://www.theregister.com/2022/09/28/fast_company_hack_apple_news/
• Hacker shares how they allegedly breached Fast Company's site https://www.bleepingcomputer.com/news/security/hacker-shares-how-they-allegedly-breached-fast-company-s-site/
• Security Vulnerabilities in Covert CIA Websites https://www.schneier.com/blog/archives/2022/09/security-vulnerabilities-in-covert-cia-websites.html
• The FBI says it caught an ex-NSA employee trying to sell top-secret intelligence documents https://www.theverge.com/2022/9/30/23380233/nsa-employee-fbi-selling-secrets-espionage-act-jareh-dalke
• Mexico confirms hack of military records, president's health information https://www.databreaches.net/mexico-confirms-hack-of-military-records-presidents-health-information/
• Eight Shangri-La hotels in Asia hit by data breach, potentially exposing guest information https://www.databreaches.net/eight-shangri-la-hotels-in-asia-hit-by-data-breach-potentially-exposing-guest-information/
• Auth0 Finds No Breach Following Source Code Compromise https://www.securityweek.com/auth0-finds-no-breach-following-source-code-compromise
• Auth0 warns that some source code repos may have been stolen https://www.bleepingcomputer.com/news/security/auth0-warns-that-some-source-code-repos-may-have-been-stolen/
• Waterloo school board says some student info accessed by hackers during July cyberattack https://globalnews.ca/news/9165571/waterloo-school-board-student-info-accessed-hackers-july-cyberattack/
• New Ransomware and "Incidents":
• Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months - New Survey https://www.darkreading.com/attacks-breaches/ransomware-attacks-continue-increasing-20-of-all-reported-attacks-occurred-in-the-last-12-months---new-survey
• 46% of All Ransomware Attacks Happen in the United States, NordLocker Says https://www.digitaltransactions.net/46-of-all-ransomware-attacks-happen-in-the-united-states-nordlocker-says/
• Leaked LockBit 3.0 builder used by ‘Bl00dy' ransomware gang in attacks https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/
• Internet outage in Tucson area was due to cyber attack, Cox says https://www.databreaches.net/internet-outage-in-tucson-area-was-due-to-cyber-attack-cox-says/
• Electricity Company of Ghana systems hacked with ransomware – Sources https://www.databreaches.net/electricity-company-of-ghana-systems-hacked-with-ransomware-sources/
• Malaysian Telecom RedOne hit by DESORDEN https://www.databreaches.net/malaysian-telecom-redone-hit-by-desorden/
• Major outages/downs:
• MI5 Website Briefly Hit By Denial Of Service Attack https://packetstormsecurity.com/news/view/33895/MI5-Website-Briefly-Hit-By-Denial-Of-Service-Attack.html
• Food delivery drone lands on power lines resulting in power outage for thousands https://www.theverge.com/2022/9/30/23380044/food-delivery-drone-knocks-out-power-australia-wing
• Follow-ups and fall-out:
• Breached American Airlines Email Accounts Abused for Phishing https://www.securityweek.com/breached-american-airlines-email-accounts-abused-phishing
• Optus: How a massive data breach has exposed Australia https://www.bbc.co.uk/news/world-australia-63056838
• Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach https://www.databreaches.net/optus-tells-former-virgin-mobile-and-gomo-customers-they-could-also-be-part-of-data-breach/
• Lessons From the GitHub Cybersecurity Breach https://www.darkreading.com/dr-tech/lessons-from-the-github-cybersecurity-breach-protecting-the-most-sensitive-data
• Robinhood data breach class action settlement https://www.databreaches.net/robinhood-data-breach-class-action-settlement/
• Samsung Sued Over Recent Data Breaches https://www.securityweek.com/samsung-sued-over-recent-data-breaches
• New changes allow Optus data leak victims to change licence numbers https://www.databreaches.net/new-changes-allow-optus-data-leak-victims-to-change-licence-numbers/

Privacy

Articles about privacy related news, risks, and trends.

• Google's Perilous Plan for a Cloud Center in Saudi Arabia is an Irresponsible Threat to Human Rights https://www.eff.org/deeplinks/2022/09/googles-perilous-plan-cloud-center-saudi-arabia-irresponsible-threat-human-rights
• Brave is about to solve one of the most frustrating problems with browsing the web - privacy cookies https://www.techradar.com/news/brave-is-about-to-solve-one-of-the-most-frustrating-problems-with-browsing-the-web
• The unread Stasi Files https://scienmag.com/the-unread-stasi-files/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Bill C-11 Goes Off The Rails Amid Charges of Witness Intimidation and Bullying by Government MPs https://www.michaelgeist.ca/2022/09/bill-c-11-goes-off-the-rails-amid-charges-of-witness-intimidation-and-bullying-by-government-mps/
• Federal whistleblowers fear reprisal for reporting public service wrongdoings: report https://globalnews.ca/news/9169354/federal-whistleblowers-fear-reprisal-report/
• How Well Do You Know Québec's Law 25 (formerly Bill 64)? https://datexdatastealth.com/blog/how-well-do-you-know-qu%C3%A9becs-law-25-formerly-bill-64
• Canada's merger laws let companies ‘extinguish competitive threats,' new report says https://globalnews.ca/news/9169363/merger-laws-canada-competition/
• New bill allows Canadian jurors to disclose trial info to mental health providers https://globalnews.ca/news/9163001/new-bill-canadian-jurors-mental-health-providers/
• US:
• CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act https://www.databreaches.net/cisa-requests-public-comment-on-implementing-regulations-for-the-cyber-incident-reporting-for-critical-infrastructure-act/
• Calif. Privacy Law Marks Sea Change for Retailers' eCommerce Strategies https://www.pymnts.com/news/retail/2022/calif-privacy-law-marks-sea-change-for-retailers-ecommerce-strategies/
• Veto of California Crypto Law Cold Comfort for State's FinTech Sector https://www.pymnts.com/cryptocurrency/2022/california-crypto-law-veto-cold-comfort-states-fintech-sector/
• Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation https://blog.qualys.com/vulnerabilities-threat-research/2022/09/27/prepare-your-organization-for-compliance-with-the-nydfs-cybersecurity-regulation
• Is This the Beginning of the End of the Internet? https://www.theatlantic.com/ideas/archive/2022/09/netchoice-paxton-first-amendment-social-media-content-moderation/671574/
• Victory! Court Unseals Records Showing Patent Troll's Shakedown Efforts https://www.eff.org/deeplinks/2022/09/victory-court-unseals-records-showing-patent-trolls-shakedown-efforts
• Eight states sue crypto lender Nexo over security sales and misleading marketing https://www.theverge.com/2022/9/26/23373916/nexo-lawsuit-securities-regulation-new-york-attorney-general
• What legal protections do revenge porn victims have at work in the US? https://www.theguardian.com/law/2022/sep/29/legal-protections-revenge-porn-victims-work-erick-adame
• World:
• Australia to overhaul privacy laws after massive data breach https://www.theverge.com/2022/9/26/23372868/australian-hack-disclosure-privacy-laws-optus-data-breach
• The Countdown to DORA (Digital Operational Resilience Act) https://www.darkreading.com/risk/the-countdown-to-dora
• Ban Government Use of Face Recognition In the UK https://www.eff.org/deeplinks/2022/09/ban-government-use-face-recognition-uk
• Third fine imposed by Polish SA on the Surveyor General of Poland for failure to notify the personal data breach https://www.databreaches.net/third-fine-imposed-by-polish-sa-on-the-surveyor-general-of-poland-for-failure-to-notify-the-personal-data-breach/
• Standards News:
• CISA Issues Guidance on Transitioning to TLP (Traffic Light Protocol) 2.0 for sharing information https://www.securityweek.com/cisa-issues-guidance-transitioning-tlp-20

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• NIST/NICE Preparing for Careers in Cybersecurity and Privacy with Internships October 19, 2022 | 2:00-2:45 PM ET https://content.govdelivery.com/accounts/USNIST/bulletins/32e2cba
• NIST/NICE Security Clearance Effective Practices and Solutions to Support Federal Cybersecurity Work October 25, 2022 | 1:30-3:00 PM EDT https://content.govdelivery.com/accounts/USNIST/bulletins/32f0abc
• General:
• When Will Cybersecurity Get Its Bloomberg Terminal? https://www.darkreading.com/dr-tech/when-will-cybersecurity-get-its-bloomberg-terminal-
• Google to test disabling Chrome Manifest V2 extensions in June 2023 https://www.bleepingcomputer.com/news/security/google-to-test-disabling-chrome-manifest-v2-extensions-in-june-2023/
• Microsoft to kill off old access rules in Exchange Online https://www.theregister.com/2022/09/28/microsoft_exchange_online_cars/
• MITRE's FiGHT Focuses on 5G Networks https://www.darkreading.com/dr-tech/mitre-rolls-out-fight-to-protect-5g-networks
• Weekly Update 315 https://www.troyhunt.com/weekly-update-315/
• Announcing This Year's (ISC)2 Global Achievement Award Recipients - Part 2 https://blog.isc2.org/isc2_blog/2022/09/announcing-this-years-isc2-global-achievement-award-recipients-part-2.html
• Methods, Techniques, Tools, and Products:
• In 2023, Google can notify you if personal info pops up in search https://www.theverge.com/2022/9/28/23377208/google-results-about-you-notifications-personal-info
• Brave browser to start blocking annoying cookie consent banners https://www.bleepingcomputer.com/news/security/brave-browser-to-start-blocking-annoying-cookie-consent-banners/
• Cloudflare launches eSIM to secure mobile devices https://techcrunch.com/2022/09/26/cloudflare-launches-an-esim-to-secure-mobile-devices/
• Announcing Turnstile, a user-friendly, privacy-preserving alternative to CAPTCHA https://blog.cloudflare.com/turnstile-private-captcha-alternative/
• Click Here! (safely): Automagical Browser Isolation for potentially unsafe links in email https://blog.cloudflare.com/safe-email-links/
• Microsoft announces passwordless auth, SSO for Azure Virtual Desktop https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-passwordless-auth-sso-for-azure-virtual-desktop/
• An expert guide to securing APIs https://www.theregister.com/2022/09/26/an_experts_guide_to_securing/
• Google will help you find better results without tagging ‘Reddit' onto every search https://www.theverge.com/2022/9/28/23377358/google-search-reddit-discussions-forums-results

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day and other recent vulnerability news:
• Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet https://www.darkreading.com/application-security/microsoft-confirms-exchange-zero-days-no-patch
• Microsoft Says Fix For Two Exchange Zero Days On Accelerated Timeline https://packetstormsecurity.com/news/view/33902/Microsoft-Says-Fix-For-Two-Exchange-Zero-Days-On-Accelerated-Timeline.html
• Microsoft confirms new Exchange zero-days are used in attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/
• Patching:
• Matrix chat encryption sunk by five now-patched holes https://www.theregister.com/2022/09/28/matrix_encryption_flaws/
• Serious vulnerabilities in Matrix’s end-to-end encryption have been patched https://arstechnica.com/information-technology/2022/09/matrix-patches-vulnerabilities-that-completely-subvert-e2ee-guarantees/
• Other Significant:
• Differences in App Security/Privacy Based on Country https://www.schneier.com/blog/archives/2022/09/differences-in-app-security-privacy-based-on-country.html
• Control Gap Vulnerability Roundup: September 17th to September 23rd https://www.controlgap.com/blog/vulnerability-roundup-september-17th-september-23rd
• Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
• Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely https://thehackernews.com/2022/09/critical-whatsapp-bugs-could-have-let.html
• Sophos fixes critical firewall hole exploited by miscreants https://www.theregister.com/2022/09/28/sophos_firewall_code_injection/
• CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability https://thehackernews.com/2022/10/cisa-warns-of-hackers-exploiting.html
• New Report on IoT Security https://www.schneier.com/blog/archives/2022/09/new-report-on-iot-security.html
• With the Software Supply Chain, You Can't Secure What You Don't Measure https://www.darkreading.com/vulnerabilities-threats/with-the-software-supply-chain-you-can-t-secure-what-you-don-t-measure
• Leaking Passwords through the Spellchecker https://www.schneier.com/blog/archives/2022/09/leaking-passwords-through-the-spellchecker.html
• Other Vulnerabilities:
• L2 Network Security Control Bypass Flaws Impact Multiple Cisco Products https://www.securityweek.com/l2-network-security-control-bypass-flaws-impact-multiple-cisco-products
• XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data https://www.darkreading.com/attacks-breaches/xss-flaw-prevalent-media-imaging-tool-exposes-trove-patient-data
• Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks https://www.bleepingcomputer.com/news/security/ethernet-vlan-stacking-flaws-let-hackers-launch-dos-mitm-attacks/
• A Note on Reimplementing the Castryck-Decru Attack and Lessons Learned for SageMath https://eprint.iacr.org/2022/1283
• EFF Urges FTC to Address Security and Privacy Problems in Daycare and Early Education Apps https://www.eff.org/press/releases/eff-urges-ftc-address-security-and-privacy-problems-daycare-and-early-education-apps
• Research on new vulnerabilities:
• Talking Trojan: Analyzing an Industry-Wide Disclosure https://www.lightbluetouchpaper.org/2022/09/28/talking-trojan/
• Report Shows How Long It Takes Ethical Hackers to Execute Attacks https://www.securityweek.com/report-shows-how-long-it-takes-ethical-hackers-execute-attacks
• Cryptography and Cryptographic Research:
• Breaking RSA Generically is Equivalent to Factoring, with Preprocessing https://eprint.iacr.org/2022/1261
• Typing High-Speed Cryptography against Spectre v1 https://eprint.iacr.org/2022/1270

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• 3 Reasons Why BEC Scams Work in Real Estate https://www.darkreading.com/edge-articles/3-reasons-why-bec-scams-work-in-real-estate-and-how-to-fight-back
• High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks https://www.securityweek.com/high-profile-hacks-show-effectiveness-mfa-fatigue-attacks
• Microsoft: Lazarus hackers are weaponizing open-source software https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-are-weaponizing-open-source-software/
• New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons https://thehackernews.com/2022/09/new-malware-campaign-targeting-job.html
• Fake CISO Profiles on LinkedIn Target Fortune 500s https://krebsonsecurity.com/2022/09/fake-ciso-profiles-on-linkedin-target-fortune-500s/
• Lazarus hackers drop macOS malware via Crypto.com job offers https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-macos-malware-via-cryptocom-job-offers/
• The web's cruising at 13 million new and nefarious domain names a month https://www.theregister.com/2022/09/28/akamai_malicious_domains/
• Mystery Hackers Are ‘Hyperjacking' Targets for Insidious Spying https://www.wired.com/story/hyperjacking-vmware-mandiant/
• Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors https://www.securityweek.com/hackers-possibly-china-using-new-method-deploy-persistent-esxi-backdoors
• Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware https://thehackernews.com/2022/09/cyber-criminals-using-quantum-builder.html
• Hackers now sharing cracked Brute Ratel post-exploitation kit online https://www.bleepingcomputer.com/news/security/hackers-now-sharing-cracked-brute-ratel-post-exploitation-kit-online/
• Never-before-seen malware has infected hundreds of Linux and Windows devices https://arstechnica.com/information-technology/2022/09/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices/
• Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems https://thehackernews.com/2022/09/researchers-warn-of-new-go-based.html
• Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html
• Hackers Are Making DDoS Attacks Sneakier And Harder To Protect Against https://packetstormsecurity.com/news/view/33891/Hackers-Are-Making-DDoS-Attacks-Sneakier-And-Harder-To-Protect-Against.html
• Cryptominers hijack $53 worth of system resources to earn $1 https://www.bleepingcomputer.com/news/security/cryptominers-hijack-53-worth-of-system-resources-to-earn-1/
• How Underground Groups Use Stolen Identities and Deepfakes https://www.trendmicro.com/en_us/research/22/i/how-underground-groups-use-stolen-identities-and-deepfakes.html
• Container Supply Chain Attacks Cash In on Cryptojacking https://www.darkreading.com/attacks-breaches/container-supply-chain-attacks-cashing-in-on-cryptojacking
• IRS warns Americans of massive rise in SMS phishing attacks https://www.bleepingcomputer.com/news/security/irs-warns-americans-of-massive-rise-in-sms-phishing-attacks/
• Crime & Arrests, etc.:
• Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence https://www.databreaches.net/dismantling-a-prolific-cybercriminal-empire-revil-arrests-and-reemergence/
• British teenager, 18, denies creating computer virus that crashed hundreds of institutions when he was just 14 https://www.databreaches.net/british-teenager-18-denies-creating-computer-virus-that-crashed-hundreds-of-institutions-when-he-was-just-14/
• Germany arrests hacker for stealing €4 million via phishing attacks https://www.bleepingcomputer.com/news/security/germany-arrests-hacker-for-stealing-4-million-via-phishing-attacks/
• Mississauga man charged with $70,000 worth of thefts from 144 LCBO stores https://toronto.citynews.ca/2022/09/30/ontario-lcbo-thefts-man-arrested-mississauga/
• Ukraine Arrests Cybercrime Group for Selling Data of 30 Million Accounts https://thehackernews.com/2022/09/ukraine-arrests-cybercrime-group-for.html
• Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network https://www.databreaches.net/honolulu-man-pleads-guilty-to-sabotaging-former-employers-computer-network/
• Nation State Actors:
• Suspected Chinese hackers tampered with widely used customer chat program -researchers https://www.reuters.com/technology/exclusive-suspected-chinese-hackers-tampered-with-widely-used-canadian-chat-2022-09-30/
• Microsoft Warns Of North Korean Crew Posing As LinkedIn Recruiters https://packetstormsecurity.com/news/view/33897/Microsoft-Warns-Of-North-Korean-Crew-Posing-As-LinkedIn-Recruiters.html
• Lazarus hackers abuse Dell driver bug using new FudModule rootkit https://www.bleepingcomputer.com/news/security/lazarus-hackers-abuse-dell-driver-bug-using-new-fudmodule-rootkit/
• Cyber Attacks Against Middle East Governments Hide Malware in Windows Logo https://thehackernews.com/2022/09/cyber-attacks-against-middle-east.html
• Cold War Bugging of Soviet Facilities https://www.schneier.com/blog/archives/2022/09/cold-war-bugging-of-soviet-facilities.html
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
• Bulletproof TLS Newsletter #93 – news from the world of TLS the impact of Peter Eckersley and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue_93_in_memory_of_peter_eckersley
• More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise
• Canadians will continue to get spam calls for the foreseeable future https://mobilesyrup.com/2022/09/26/canadians-will-continue-to-get-spam-calls-for-the-foreseeable-future/
• Ever suspected bankers could just use WhatsApp comms? $1.8b says you're right https://www.theregister.com/2022/09/28/shadow_it_hedge_funds_wall_street/
• You probably don’t need to worry about public WiFi anymore https://www.washingtonpost.com/technology/2022/09/26/public-wifi-privacy/
• Magnus Carlsen and Hans Niemann: Chess champion accuses opponent of cheating https://www.bbc.co.uk/news/world-63043023
• After chess, cheating rows rock poker and fishing https://www.bbc.co.uk/news/world-us-canada-63108879
• USB kills off SuperSpeed branding as it tries to simplify its ubiquitous connector https://www.theverge.com/2022/9/30/23378231/usb-rebranding-2022-logos-gbps-wattage-charging-transfer-speeds-simplification-usb4-superspeed
• Edward Snowden granted Russian citizenship https://www.bbc.co.uk/news/world-europe-63036991
• Artificial Intelligence and Machine Learning:
• AI experts pan Tesla's humanoid robot reveal: ‘next level cringeworthy' https://globalnews.ca/news/9169403/tesla-robot-humanoid-optimus-elon-musk/
• Disinformation and misinformation
• Meta busts first Chinese campaign prodding US midterms https://www.theregister.com/2022/09/27/meta_chinese_campaign/
• Meta dismantles massive Russian network spoofing Western news sites https://www.bleepingcomputer.com/news/security/meta-dismantles-massive-russian-network-spoofing-western-news-sites/
• Health:
• Tiny Robots Have Successfully Cleared Pneumonia From The Lungs of Mice https://www.sciencealert.com/tiny-robots-have-successfully-cleared-pneumonia-from-the-lungs-of-mice
• ‘Poisonous': how WhatsApp is exposing UK school children to bullying and harmful content https://www.theguardian.com/technology/2022/oct/01/poisonous-how-whatsapp-is-exposing-uk-school-children-to-bullying-and-harmful-content
• New drug has potential to turn COVID-19 virus against itself https://scienmag.com/new-drug-has-potential-to-turn-covid-19-virus-against-itself/
• New zika vaccine shows promise in animal models https://scienmag.com/new-zika-vaccine-shows-promise-in-animal-models/
• Another monkey virus could be poised for spillover to humans https://scienmag.com/another-monkey-virus-could-be-poised-for-spillover-to-humans/
• Canada has dropped COVID-19 travel restrictions, mask mandates https://globalnews.ca/news/9169335/canada-covid-19-travel-restriction/
• What is Ebola and why is Uganda's outbreak so serious? https://www.bbc.co.uk/news/world-africa-63080543
• New COVID-Like Virus in Russian Bats Shows Resistance to Vaccine Antibodies https://www.sciencealert.com/new-covid-like-virus-in-russian-bats-shows-resistance-to-vaccine-antibodies
• The Government Is Racing to Put Your Toilet Under Surveillance--For a Good Reason https://www.scientificamerican.com/article/the-government-is-watching-your-poop-to-catch-the-next-pandemic/
• Thousands without power in Atlantic Canada one week after Fiona blew across region https://globalnews.ca/news/9169710/fiona-power-outages-one-week/
• Photos: The Aftermath of Hurricane Fiona in Eastern Canada https://www.theatlantic.com/photo/2022/09/photos-hurricane-fiona-canada/671557/
• N.S. premier blasts telecom companies in wake of Fiona, calls on Ottawa to step in with regulation https://www.cbc.ca/news/canada/nova-scotia/premier-tim-houston-telecommunications-hurricane-fiona-1.6598450
• Hydro One sending 30 power line workers to help storm ravaged Nova Scotia https://globalnews.ca/news/9158868/hydro-one-line-workers-nova-scotia-fiona/
• In The Middle of a Powerful Hurricane, Tampa Bay Is Dry. Here's The Science. https://www.sciencealert.com/in-the-middle-of-a-powerful-hurricane-tampa-bay-is-dry-heres-the-science
• Safety:
• Hurricane Ian flooded some Florida hospitals — climate change puts even more at risk https://www.theverge.com/2022/9/30/23378754/hurricane-ian-hospital-flood-climate-change
• Over 1,700 environment activists killed in decade - report https://www.bbc.co.uk/news/science-environment-63064471
• Passengers on a plane that collided with another jet at Heathrow Airport were initially told there was only a 'technical issue' https://www.businessinsider.com/jet-collision-passengers-were-first-told-it-was-technical-issue-2022-10
• Deorbiting satellites after missions https://www.engadget.com/satellite-de-orbit-five-years-fcc-092538937.html
• Environment:
• Bitcoin's Climate Impact Is Bigger Than Beef Farming – And It's Only Getting Worse https://www.sciencealert.com/bitcoins-climate-impact-is-bigger-than-beef-farming-and-its-only-getting-worse
• Harvard researchers detect the first definitive proof of elusive sea level fingerprints https://scienmag.com/harvard-researchers-detect-the-first-definitive-proof-of-elusive-sea-level-fingerprints/
• Under water: Is the real estate industry waking up to ‘climate risk'? https://globalnews.ca/news/9161858/real-estate-industry-climate-risk/
• ‘Shocking' erosion of sand dunes in Prince Edward Island National Park due to Fiona https://globalnews.ca/news/9159321/pei-sand-dunes-erosion-fiona/
• Renewable energy company cuts down Canada forest https://www.bbc.co.uk/news/science-environment-63089348
• Economy:
• Iron Mountain CEO Says He's Been "Praying for Inflation" Because It's an Excuse to Jack Up Prices https://theintercept.com/2022/09/28/inflation-prices-investors-iron-mountain/
• The pivot to remote work accounted for 60% of the US home-price surge, study says https://www.businessinsider.com/remote-work-raised-housing-prices-real-estate-market-federal-reserve-2022-9
• Working From an Office Costs Employees Almost Twice as Much as Working From Home https://www.mentalfloss.com/posts/employees-save-money-working-from-home
• Some sectors in Canada are seeing a wave of retirements. Burnout might be why https://globalnews.ca/news/9167282/retirement-burnout-employment-2022/
• Teachers, Nurses, and Child-Care Workers Have Had Enough https://www.theatlantic.com/ideas/archive/2022/09/teachers-nurses-child-care-job-burnout-crisis/671563/
• Gas prices in Metro Vancouver hit new record high at $2.399 a litre https://globalnews.ca/news/9164573/gas-prices-in-metro-vancouver-hit-new-record-high-at-2-399-a-litre/
• NFT Sales Have Lost Nearly All Their Allure https://packetstormsecurity.com/news/view/33883/NFT-Sales-Have-Lost-Nearly-All-Their-Allure.html

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine war: Russia completes land-grab as Kyiv's territory annexed https://www.bbc.co.uk/news/world-europe-63095436
• Putin is facing a major humiliation as Ukrainian forces enter a key city in territory Russia has just annexed https://www.businessinsider.com/putin-will-look-stupid-if-a-key-city-in-annexed-donetsk-falls-defense-expert-2022-9
• Putin's Newest Annexation Is Dire for Russia Too https://www.theatlantic.com/ideas/archive/2022/09/russia-annex-ukraine-putin/671607/
• Ukraine war: Russian troops forced out of eastern town Lyman https://www.bbc.co.uk/news/world-europe-63102220
• Ukrainian prisoners describe ‘torture facilities' used by Russian interrogators https://globalnews.ca/news/9161654/ukrainian-prisoners-describe-torture-facilities-used-by-russian-interrogators/
• The CIA warned Germany weeks ago about a possible attack on the Nord Stream natural-gas pipelines, report says https://www.businessinsider.com/cia-warned-germany-attacks-nord-stream-pipelines-leak-sabotage-report-2022-9
• The Nord Stream pipelines were likely attacked with remotely detonated explosives, says UK defense source: report https://www.businessinsider.com/nord-stream-pipelines-attacked-remote-explosives-uk-intelligence-2022-9
• The Race to Find the Nord Stream Saboteurs https://www.wired.com/story/nord-stream-pipeline-sabotage-explosion-russia-gas/
• Unidentified drones were spotted near offshore installations days before Nord Stream attack, according to letter from Norwegian energy security agency https://www.businessinsider.com/nord-stream-pipeline-attack-unidentified-drones-norway-offshore-energy-russia-2022-9
• Hundreds of pounds of TNT were used to damage the Nord Stream pipelines, Sweden and Denmark tell the UN https://www.businessinsider.com/nord-stream-gas-leak-caused-hundreds-pounds-explosives-un-russia-2022-10
• Leaking natural-gas from the damaged Nord Stream pipelines is erupting like geysers in the Baltic Sea, Danish military video shows https://www.businessinsider.com/video-nord-stream-pipeline-leak-natural-gas-geysers-baltic-sea-2022-9
• Nord Stream: Ukraine accuses Russia of pipeline terror attack https://www.bbc.co.uk/news/world-europe-63044747
• Reaction and response:
• NATO threatens to retaliate against suspected Nord Stream sabotage, ratcheting up tension with Russia https://www.businessinsider.com/fourth-leak-found-nord-stream-pipeline-after-acts-sabotage-nato-2022-9
• Russia's Nuclear Threats Are All Putin Has Left https://www.theatlantic.com/newsletters/archive/2022/09/russias-nuclear-threats/671571/
• Ukraine applying for NATO membership in wake of Russian annexation https://globalnews.ca/news/9167531/ukraine-nato-russia-annexation/
• Japan says Russia 'blindfolded and restrained' its consul in Vladivostok https://www.bbc.co.uk/news/world-asia-63043773
• Russia's FSB detains, expels Japanese consul for alleged espionage https://globalnews.ca/news/9156396/russia-fsb-japanese-consul-espionage/
• Canadians urged to leave Russia as dual citizens prone to Putin's draft, Ottawa warns https://globalnews.ca/news/9164507/russia-ukraine-draft-canada/
• Russia readies to annex parts of Ukraine after ‘sham' referendums. What happens next? https://globalnews.ca/news/9157035/ukraine-referendum-russia-explainer/
• Putin Didn't Think He Would Fool Anyone https://www.theatlantic.com/ideas/archive/2022/09/putin-russia-referendum-election-results-domestic-propaganda/671595/
• Ukraine war: Zaporizhzhia nuclear plant chief detained by Russians - Kyiv https://www.bbc.co.uk/news/world-europe-63100673
• Russian IT workers head overseas to avoid military mobilization despite assurances https://globalnews.ca/news/9161960/russian-it-workers-military-mobilisation/
• Russians are paying up to $27,000 to escape the country on private jets after Putin's partial mobilization, report says https://www.businessinsider.com/russians-paying-27000-to-escape-country-on-private-jets-report-2022-9
• The number of Russians fleeing the country to evade Putin's draft is bigger than the original invasion force, UK intel says https://www.businessinsider.com/number-of-russians-fleeing-draft-bigger-1st-invasion-force-uk-2022-9
• U.S. and Russia Duel Over Leadership of U.N. Tech Group https://www.nytimes.com/2022/09/28/technology/us-russia-technology-united-nations.html
• Russia demands answers after Apple kicks VK apps from App Store https://www.bleepingcomputer.com/news/apple/russia-demands-answers-after-apple-kicks-vk-apps-from-app-store/
• Sanctions & economic Impact:
• Canada slaps new sanctions on Russia after Putin annexes Ukrainian regions https://globalnews.ca/news/9167560/canada-sanctions-russia-ukraine-annexation/
• Information, Disinformation, and Propaganda:
• Russian campaign spent $100,000 on anti-Ukraine propaganda, Meta says https://www.theverge.com/2022/9/27/23374819/meta-russian-influence-ukraine-war-campaign-propaganda
• Ukraine-Russia war: US army doctor and wife charged with Russia spying https://www.bbc.co.uk/news/world-us-canada-63079868
• Cyber-attacks and the potential for cyber-war:
• Ukraine warns Russia plans “massive cyberattacks” on its power grids https://arstechnica.com/information-technology/2022/09/ukraine-warns-russia-plans-massive-cyberattacks-on-its-power-grids/
• Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows https://www.securityweek.com/cyber-warfare-rife-ukraine-impact-stays-shadows

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• Alberta student who fled Ukraine wins award for landmine-detecting drone https://globalnews.ca/news/9166526/alberta-student-war-ukraine-award-landmine-detecting-drone/
• An all-electric passenger plane completed its first test flight https://www.theverge.com/2022/9/28/23377053/all-electric-passenger-plane-prototype-first-flight-washington
• Princeton scientists identify key setback in achieving nuclear fusion in Tokamak magnetic containment https://interestingengineering.com/science/princeton-scientists-overcome-key-setback-in-achieving-nuclear-fusion
• World's largest flow battery energy storage station connected to grid https://scienmag.com/worlds-largest-flow-battery-energy-storage-station-connected-to-grid/
• Innovation to combat space debris – Chinese scientists introduce drag sail https://www.universetoday.com/157834/innovation-to-combat-space-debris-chinese-scientists-introduce-drag-sail/
• NASA's DART Spacecraft Successfully Smacks a Space Rock--Now What? https://www.scientificamerican.com/article/nasas-dart-spacecraft-successfully-smacks-a-space-rock-now-what1/
• This is the Last Thing DART saw as it Smashed Into its Asteroid Target https://www.universetoday.com/157794/this-is-the-last-thing-dart-saw-as-it-smashed-into-its-asteroid-target/
• Watch a Nicely Stabilized Video of DART Flying Past Didymos and Slamming Into Dimorphos https://www.universetoday.com/157809/watch-a-nicely-stabilized-video-of-dart-flying-past-didymos-and-slamming-into-dimorphos/
• DART Impact Seen by Hubble and Webb https://www.universetoday.com/157848/dart-impact-seen-by-hubble-and-webb/
• MIT engineers build a battery-free, wireless underwater camera https://scienmag.com/mit-engineers-build-a-battery-free-wireless-underwater-camera/
• NASA and SpaceX Will Study Low-Cost Plan to Give Hubble a Boost https://www.universetoday.com/157844/nasa-spacex-hubble-reboost/
• AI Researcher discovers that Stable Diffusion can compress images better than JPEG but caveats … https://arstechnica.com/information-technology/2022/09/better-than-jpeg-researcher-discovers-that-stable-diffusion-can-compress-images/
• If you still miss Google Reader, Substack has a new web-based RSS client https://www.theverge.com/2022/9/26/23372911/substack-reader-web-desktop-rss-client-google-reader
• Quatum Innovation.
• There's a New Quantum Computing Record: Control of a 6-Qubit Processor in Silicon https://www.sciencealert.com/theres-a-new-quantum-computing-record-control-of-a-6-qubit-processor-in-silicon
• Other:
• Finding the ship that sent out a warning to The Titanic https://scienmag.com/finding-the-ship-that-sent-out-a-warning-to-the-titanic/
• We Might Have Underestimated The Size of The Asteroid Behind Earth's Largest Crater https://www.sciencealert.com/we-might-have-underestimated-the-size-of-the-asteroid-behind-earths-largest-crater
• Scientists say we should prioritize a human mission to Venus before Mars https://interestingengineering.com/science/prioritize-human-mission-venus-before-mars
• NASA's Dragonfly Helicopter Will be Exploring This Region of Titan https://www.universetoday.com/157847/nasas-dragonfly-helicopter-will-be-exploring-this-region-of-titan/
• TESS Finds a Super-Earth and two Mini-Neptunes in a Single System https://www.universetoday.com/157775/tess-finds-a-super-earth-and-two-mini-neptunes-in-a-single-system/
• Two “Super Mercury” Exoplanets Found in a Single System https://www.universetoday.com/157872/two-super-mercury-exoplanets-found-in-a-single-system/