This Week's [in]Security - Issue 292

Welcome to This Week’s [in]Security. P2PE & PIN updates. New breaches: DropBox, Amazon, AstraZeneca, MediBank, Continental. New Ransomware: Costs, Trains, Telescopes. Major outages: Sobeys, WestJet. Follow-ups. Privacy: Surveillance risk, TikTok, CCTV. Laws & Regs - Canada: Online News. US: web scraping, World: Ransomware, India. Standards: Defense - Resources. MFA fatigue & phishing-resistance, IoT labeling, supply chain. Tools & Techniques. Scanning the UK, M&A, hacking tool. Vulnerabilities - Advisories: ICS. Zeroday: trends. Patching: Cisco, Chrome, Azure Cosmos, Apple. Significant: Roundup, Splunk. GitHub, Also: OpenSSL, SmartLock picking. Research. Cybercrime - Active campaigns, mal-news, PyPI, Crimes & enforcement. Nation states and mercenaries. Other Risks - cables, Twitter. AI: Open-Source laundering, Deepfakes, Turing. Disinformation: Amplification. Health, Safety, Environment, Tech layoffs. Russia v. Ukraine. Innovations and some Remembrance Day links.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates & News:
• Appendix A: P2PE Assessor Addendum https://docs-prv.pcisecuritystandards.org/Programs%20and%20Certification/Point%20to%20Point%20Encryption%20Assessors/P2PE_Appendix_A_Assesor_Addendum_v3.1.docx
• Appendix B: P2PE Assessor Company - Application https://docs-prv.pcisecuritystandards.org/Programs%20and%20Certification/Point%20to%20Point%20Encryption%20Assessors/P2PE_Appendix_B_Company_v3.1.docx
• Appendix C: P2PE Assessor Employee - Application https://docs-prv.pcisecuritystandards.org/Programs%20and%20Certification/Point%20to%20Point%20Encryption%20Assessors/P2PE_Appendix_C_Employee_3.1.docx
• PIN ROC Reporting Template https://docs-prv.pcisecuritystandards.org/PIN/Reporting%20Template%20or%20Form/PCI_PIN_v3.1_ROC_Reporting_Template_Form.pdf
• Other payment related:
• Stopping Unwanted Payments: Visa's Stop Payment Service https://community.developer.visa.com/t5/Blogs/Stopping-Unwanted-Payments-Visa-s-Stop-Payment-Service/ba-p/21141

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Dropbox discloses breach after hacker stole 130 GitHub repositories https://www.bleepingcomputer.com/news/security/dropbox-discloses-breach-after-hacker-stole-130-github-repositories/
• Hackers Stole Source Code, Personal Data From Dropbox Following Phishing Attack https://www.securityweek.com/hackers-stole-source-code-personal-data-dropbox-following-phishing-attack
• Amazon accidentally exposed an internal server packed with Prime Video viewing habits https://www.databreaches.net/amazon-accidentally-exposed-an-internal-server-packed-with-prime-video-viewing-habits/
• AstraZeneca password lapse exposed patient data https://techcrunch.com/2022/11/03/astrazeneca-passwords-exposed-patient-data/
• ABC News: Medibank refuses to pay ransom for hacked data as affected customer number doubles https://www.abc.net.au/news/2022-11-07/medibank-refuses-to-pay-ransom-data-hack-cyber-attack/101622914
• Victorians’ data at risk after cyber attack on tech company PNORS Technology Group https://7news.com.au/news/cyber-attack/victorians-data-at-risk-after-cyber-attack-on-tech-company-pnors-technology-group-c-8772485
• Healthcare provider to incarcerated people discloses breach by data security incident by claims processor https://www.databreaches.net/healthcare-provider-to-incarcerated-people-discloses-breach-by-data-security-incident-by-claims-processor/
• Ransomware Group Threatens to Leak Data Stolen From Car Parts Giant Continental https://www.securityweek.com/ransomware-group-threatens-leak-data-stolen-car-parts-giant-continental
• Serious breach of cellphone users' data https://www.databreaches.net/serious-breach-of-cellphone-users-data/
• Royal Mail customer data leak shutters online Click and Drop https://www.theregister.com/2022/11/03/royal_mail_customer_data_leak/
• Vodafone Italy discloses data breach after reseller hacked https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/
• New Ransomware and "Incidents":
• Ransomware cost US banks $1.2 billion last year https://www.databreaches.net/ransomware-cost-us-banks-1-2-billion-last-year/
• Cyberattack Disrupts Trains in Denmark https://www.databreaches.net/cyberattack-disrupts-trains-in-denmark/
• The White House's global ransomware summit couldn't come at a better time https://www.theregister.com/2022/10/31/white_house_ransomware_summit/
• Copper Giant Aurubis Shuts Down Systems Due to Cyberattack https://www.securityweek.com/copper-giant-aurubis-shuts-down-systems-due-cyberattack
• Malaysian online stock brokerage firm victim of cyberattack https://www.databreaches.net/malaysian-online-stock-brokerage-firm-victim-of-cyberattack/
• ALMA Observatory shuts down operations due to a cyberattack https://www.bleepingcomputer.com/news/security/alma-observatory-shuts-down-operations-due-to-a-cyberattack/
• LockBit repeats ‘PR stunt' as Thales ransomware investigation claims no breach https://www.databreaches.net/lockbit-repeats-pr-stunt-as-thales-ransomware-investigation-claims-no-breach/
• Major outages/downs:
• Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces cybersecurity incident https://www.cbc.ca/news/canada/nova-scotia/sobeys-safeway-maple-leaf-foods-cybersecurity-incident-1.6642937
• WestJet impacted by multi-day outage https://calgary.ctvnews.ca/westjet-passengers-still-facing-delays-cancellations-after-system-wide-outage-resolved-1.6141604
• Follow-ups and fall-out:
• Chegg sued by FTC after suffering four data breaches within 3 years https://www.bleepingcomputer.com/news/security/chegg-sued-by-ftc-after-suffering-four-data-breaches-within-3-years/
• Aveanna Healthcare To Pay $425,000 Following Phishing Attacks in 2019 That Impacted Thousands of Massachusetts Residents https://www.databreaches.net/aveanna-healthcare-to-pay-425000-following-phishing-attacks-in-2019-that-impacted-thousands-of-massachusetts-residents/
• SolarWinds reaches $26m settlement with shareholders, expects SEC action https://www.databreaches.net/solarwinds-reaches-26m-settlement-with-shareholders-expects-sec-action/
• Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup https://www.theregister.com/2022/11/02/mondelez_zurich_notpetya_settlement/
• Lolzteam - 398,011 breached accounts http://haveibeenpwned.com/PwnedWebsites#Lolzteam

Privacy

Articles about privacy related news, risks, and trends.

• Surveillance 'Existential' Danger of Tech: Signal Boss https://www.securityweek.com/surveillance-existential-danger-tech-signal-boss
• TikTok Admits Staff in China Can Access Europeans' Data https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/
• Security Cameras Make Us Feel Safe, but Are They Worth the Invasion? https://www.nytimes.com/2022/11/02/technology/personaltech/security-cameras-surveillance-privacy.html
• The NYPD has joined Amazon's Ring Neighbors surveillance network https://www.theverge.com/2022/11/3/23438762/amazon-ring-neighbors-nypd-partnership-launch
• Science Fiction Got Surveillance All Wrong https://www.theatlantic.com/books/archive/2022/11/books-briefing-george-orwell-namwali-serpell/671983/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Why Bill C-18's Mandated Payment for Links is a Threat to Freedom of Expression in Canada https://www.michaelgeist.ca/2022/11/why-bill-c-18s-mandated-payment-for-links-is-a-threat-to-freedom-of-expression-in-canada/
• US:
• LinkedIn Scores Partial Win in Long-Running Data Scraping Feud https://www.databreaches.net/linkedin-scores-partial-win-in-long-running-data-scraping-feud/
• World:
• International summit agrees crack down on crypto to combat ransomware https://www.theregister.com/2022/11/03/ransomware_summit_cryptocurrency/
• Indian government creates body with power to order social media content takedowns https://www.theregister.com/2022/10/30/asia_in_brief/
• Standards News:
• Draft Project Description for Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector open through December 19 https://content.govdelivery.com/accounts/USNIST/bulletins/32f9de2
• Summary and Analysis of Responses to CUI Series Pre-Draft Call for Comments https://content.govdelivery.com/accounts/USNIST/bulletins/335496b

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:
• CISA Urges Organizations to Implement Phishing-Resistant MFA https://www.securityweek.com/cisa-urges-organizations-implement-phishing-resistant-mfa
• Multi-factor auth fatigue is real – and it's why you may be in the headlines next https://www.theregister.com/2022/11/03/mfa_fatigue_enterprise_threat/
• Our Principles for IoT Security Labeling https://security.googleblog.com/2022/11/our-principles-for-iot-security-labeling.html
• NSA on Supply Chain Security https://www.schneier.com/blog/archives/2022/11/nsa-on-supply-chain-security.html
• Reducing the risk of cloud attack https://www.theregister.com/2022/11/04/reducing_the_risk_of_cloud/
• How to Narrow the Talent Gap in Cybersecurity https://www.darkreading.com/careers-and-people/how-to-narrow-the-talent-gap-in-cybersecurity
• Collegiate students fired up to protect virtual solar facility from cyberattack https://scienmag.com/collegiate-students-fired-up-to-protect-virtual-solar-facility-from-cyberattack/
• The door is open for anyone to become a cyber defender https://www.microsoft.com/en-us/security/blog/2022/10/31/the-door-is-open-for-anyone-to-become-a-cyber-defender/
• Stopping C2 communications in human-operated ransomware through network protection https://www.microsoft.com/en-us/security/blog/2022/11/03/stopping-c2-communications-in-human-operated-ransomware-through-network-protection/
• OpenSea is trying to prevent scammers from flipping stolen NFTs https://www.theverge.com/2022/11/2/23436943/opensea-stolen-nft-scams-resale-block
• Weekly Update 320 https://www.troyhunt.com/weekly-update-320/
• Methods, Techniques, Tools, and Products:
• British govt is scanning all Internet devices hosted in UK https://www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/
• Microsoft Security tips for mitigating risk in mergers and acquisitions https://www.microsoft.com/en-us/security/blog/2022/11/02/microsoft-security-tips-for-mitigating-risk-in-mergers-and-acquisitions/
• LinkedIn Adds Verified Emails, Profile Creation Dates https://krebsonsecurity.com/2022/11/linkedin-adds-verified-emails-profile-creation-dates/
• The Flipper Zero is a Swiss Army knife of antennas https://www.theverge.com/23433594/flipper-zero-hacking-gadget-wireless-pentesting-open-source-antenna

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software https://thehackernews.com/2022/11/cisa-warns-of-critical-vulnerabilities.html
• Zero-day and other recent vulnerability news:
• Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities https://thehackernews.com/2022/11/microsoft-warns-of-uptick-in-hackers.html
• Last Years Open Source - Tomorrow's Vulnerabilities https://thehackernews.com/2022/11/last-years-open-source-tomorrows.html
• Patching:
• Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products https://www.securityweek.com/cisco-patches-high-severity-bugs-email-identity-web-security-products
• Google fixes seventh Chrome zero-day exploited in attacks this year https://www.bleepingcomputer.com/news/security/google-fixes-seventh-chrome-zero-day-exploited-in-attacks-this-year/
• Microsoft Patches Azure Cosmos DB Flaw Leading to Remote Code Execution https://www.securityweek.com/microsoft-patches-azure-cosmos-db-flaw-leading-remote-code-execution
• Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware https://www.theregister.com/2022/11/01/microsoft_motw_malware_flaw/
• Apple Only Commits to Patching Latest OS Version https://www.schneier.com/blog/archives/2022/10/apple-only-commits-to-patching-latest-os-version.html
• OtheSignificant:
• Control Gap Vulnerability Roundup: October 22nd to October 28th https://www.controlgap.com/blog/vulnerability-roundup-october-22nd-october-28th
• Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product https://www.securityweek.com/splunk-patches-9-high-severity-vulnerabilities-enterprise-product
• GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories https://thehackernews.com/2022/10/github-repojacking-bug-couldve-allowed.html
• Other Vulnerabilities:
• OpenSSL dodges a security bullet https://www.zdnet.com/article/openssl-dodges-a-security-bullet
• Checkmk Vulnerabilities Can Be Chained for Remote Code Execution https://www.securityweek.com/checkmk-vulnerabilities-can-be-chained-remote-code-execution
• Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices https://thehackernews.com/2022/10/samsung-galaxy-store-bug-couldve-let.html
• Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html
• Level responds to lock picker opening its $330 Apple Store lock in seconds https://www.techradar.com/news/the-apple-stores-dollar330-level-lock-plus-smart-lock-isnt-as-secure-as-youd-think
• IPv4 Address Representations, (Sun, Nov 6th) https://isc.sans.edu/diary/rss/29224
• Research on new vulnerabilities:
• A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html
• Article: Factors Associated with Information Breach in Healthcare Facilities: A Systematic Literature Review https://www.databreaches.net/article-factors-associated-with-information-breach-in-healthcare-facilities-a-systematic-literature-review/
• Gregor Samsa: Exploiting Java's XML Signature Verification https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Hundreds of U.S. news sites push malware in supply-chain attack https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/
• Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer https://thehackernews.com/2022/11/researchers-uncover-29-malicious-pypi.html
• Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT https://thehackernews.com/2022/11/hackers-using-rogue-versions-of-keepass.html
• Malicious Android apps with 1M+ installs found on Google Play https://www.bleepingcomputer.com/news/security/malicious-android-apps-with-1m-plus-installs-found-on-google-play/
• New clipboard hijacker replaces crypto wallet addresses with lookalikes https://www.bleepingcomputer.com/news/security/new-clipboard-hijacker-replaces-crypto-wallet-addresses-with-lookalikes/
• Google ad for GIMP.org served info-stealing malware via lookalike site https://www.bleepingcomputer.com/news/security/google-ad-for-gimporg-served-info-stealing-malware-via-lookalike-site/
• Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App https://thehackernews.com/2022/11/experts-warn-of-sandstrike-android.html
• Crime & Arrests, etc.:
• $28 million stolen from cryptocurrency platform Deribit https://www.databreaches.net/28-million-stolen-from-cryptocurrency-platform-deribit/
• French-speaking voleurs stole $30m in 15-country bank, telecoms cyber-heist spree https://www.theregister.com/2022/11/04/french_opera1er_group_ib/
• Hackers selling access to 576 corporate networks for $4 million https://www.databreaches.net/hackers-selling-access-to-576-corporate-networks-for-4-million/
• One-Third of Cybercrime Losses Stem From Compromised Business Email https://www.pymnts.com/news/b2b-payments/2022/one-third-of-cybercrime-losses-stem-from-compromised-business-email/
• Cybercriminals Responsible For Computer Intrusions Nationwide Indicted For RICO Conspiracy That Netted Millions https://www.databreaches.net/cybercriminals-responsible-for-computer-intrusions-nationwide-indicted-for-rico-conspiracy-that-netted-millions/
• Young Finnish man detained in absentia over data breach at Vastaamo https://www.databreaches.net/young-finnish-man-detained-in-absentia-over-data-breach-at-vastaamo/
• An ex-Apple employee faces as long as 20 years in jail after admitting to defrauding the tech giant of over $17 million https://www.businessinsider.com/apple-employee-defrauded-company-17-million-2022-11
• Hacker Charged With Extorting Online Psychotherapy Service https://krebsonsecurity.com/2022/11/hacker-charged-with-extorting-online-psychotherapy-service/
• Accused ‘Raccoon' Malware Developer Fled Ukraine After Russian Invasion https://krebsonsecurity.com/2022/10/accused-raccoon-malware-developer-fled-ukraine-after-russian-invasion/
• Former Apple worker pleads guilty to $17m mail and wire fraud charges https://www.theregister.com/2022/11/02/apple_buyer_wire_money_fraud/
• Russian Hacker Behind Massive Data Breach Released From U.S. Prison https://www.databreaches.net/russian-hacker-behind-massive-data-breach-released-from-u-s-prison/
• Nation State Actors:
• New Crimson Kingsnake gang impersonates law firms in BEC attacks https://www.bleepingcomputer.com/news/security/new-crimson-kingsnake-gang-impersonates-law-firms-in-bec-attacks/
• Double-check demand payment emails from law firms: Convincing fakes surface https://www.theregister.com/2022/11/04/crimson_kingsnake_bec_scam/
• Black Basta ransomware gang linked to the FIN7 hacking group https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-the-fin7-hacking-group/
• Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware https://thehackernews.com/2022/11/chinese-hackers-using-new-stealthy.html
• Iran's Digital Surveillance Tools Leaked https://www.schneier.com/blog/archives/2022/11/irans-digital-surveillance-tools-leaked.html
• Researchers Detail New Malware Campaign Targeting Indian Government Employees https://thehackernews.com/2022/11/researchers-detail-new-malware-campaign.html

Other Security / Risk

Articles covering other types of risks.

• General:
• Kioxia warns of potential cost of US chip policy over China https://www.theregister.com/2022/11/01/kioxia_china_us_policy/
• The most vulnerable place on the Internet https://arstechnica.com/information-technology/2022/11/the-most-vulnerable-place-on-the-internet/
• Twitter's verification chaos is now a cybersecurity problem https://www.databreaches.net/twitters-verification-chaos-is-now-a-cybersecurity-problem/
• As Twitter brings on $8 fee, phishing emails target verified accounts https://www.bleepingcomputer.com/news/security/as-twitter-brings-on-8-fee-phishing-emails-target-verified-accounts/
• 'Twitter as we know it is dead': Why Elon Musk's plans risk more scams and misinformation https://www.businessinsider.com/elon-musks-twitter-plans-risk-more-scams-and-misinformation-experts-2022-11
• Billions being spent in metaverse land grab https://www.bbc.co.uk/news/technology-63488059
• Emerging technology, Artificial Intelligence and Machine Learning:
• Machine-learning systems are problematic. That's why tech bosses call them ‘AI' | John Naughton https://www.theguardian.com/commentisfree/2022/nov/05/machine-learning-systems-are-problematic-thats-why-tech-bosses-call-them-ai
• Microsoft sued for open-source piracy through GitHub Copilot https://www.bleepingcomputer.com/news/security/microsoft-sued-for-open-source-piracy-through-github-copilot/
• Deepfakes - Significant or Hyped Threat? https://www.securityweek.com/deepfakes-significant-or-hyped-threat
• The new Turing test: Are you human? https://www.zdnet.com/article/the-new-turing-test-are-you-human/
• Algorithms quietly run the city of DC—and maybe your hometown https://arstechnica.com/information-technology/2022/11/algorithms-quietly-run-the-city-of-dc-and-maybe-your-hometown/
• Google plans giant AI language model supporting world's 1,000 most spoken languages https://www.theverge.com/2022/11/2/23434360/google-1000-languages-initiative-ai-llm-research-project
• Disinformation and misinformation
• An Introduction to My Project: Algorithmic Amplification and Society https://freedom-to-tinker.com/2022/11/03/an-introduction-to-my-project-algorithmic-amplification-and-society/
• What is Listenbourg? The fake European country meant to fool Americans https://globalnews.ca/news/9253575/what-is-listenbourg-fake-european-country/
• Health:
• Lab-grown blood given to people in world-first clinical trial https://www.bbc.co.uk/news/health-63513330
• This Single Blood Test Can Detect Multiple Kinds of Cancer Early https://www.sciencealert.com/this-single-blood-test-can-detect-multiple-kinds-of-cancer-early
• Study finds people who need wearable health devices the most use them the least https://scienmag.com/study-finds-people-who-need-wearable-health-devices-the-most-use-them-the-least/
• RSV Is Surging: What We Know about This Common and Surprisingly Dangerous Virus https://www.scientificamerican.com/article/rsv-is-surging-what-we-know-about-this-common-and-surprisingly-dangerous-virus/
• Atlantic Canada experts divided on backyard feeders as bird flu continues to spread https://globalnews.ca/news/9255141/atlantic-canada-bird-feeders-flu/
• Safety:
• What to Do if You're Trapped in a Surging Crowd https://www.scientificamerican.com/article/what-to-do-if-youre-trapped-in-a-surging-crowd/
• A rule of physics dictates when a crowd crush turns deadly, like in Seoul, South Korea, where 154 died https://www.businessinsider.com/seoul-halloween-crush-physics-explains-crowd-surge-kill-2022-10
• FBI identifies 'source of threat' to New Jersey synagogue https://www.bbc.co.uk/news/world-us-canada-63508402
• Multiple Tornadoes hit southern US states https://www.bbc.co.uk/news/world-us-canada-63530394
• The Nukes Never Went Away https://www.theatlantic.com/ideas/archive/2022/11/putin-russia-nuclear-weapons-war-threat/671986/
• NASA Asteroid Threat Practice Drill Shows We're Not Ready https://www.scientificamerican.com/article/nasa-asteroid-threat-practice-drill-shows-were-not-ready/
• Three New Potentially Hazardous Asteroids Discovered, Including a big one That Measures 1.5 km Across https://www.universetoday.com/158484/three-new-potentially-hazardous-asteroids-discovered-including-a-big-one-that-measures-1-5-km-across/
• Environment:
• The World Isn't Adapting to Climate Change Quickly Enough, U.N. Says https://www.scientificamerican.com/article/the-world-isnt-adapting-to-climate-change-quickly-enough-u-n-says/
• Why it's so hard to decide whether nuclear power is a good idea for the climate https://www.cbc.ca/news/business/nuclear-revival-column-don-pittis-1.6615356
• Toronto breaks 63-year temperature record https://toronto.ctvnews.ca/toronto-breaks-63-year-temperature-record-1.6140720
• This simple material could scrub carbon dioxide from power plant smokestacks https://scienmag.com/this-simple-material-could-scrub-carbon-dioxide-from-power-plant-smokestacks/
• Economy:
• Elon Musk announces Twitter mass layoffs to begin Friday https://www.theguardian.com/technology/2022/nov/03/elon-musk-twitter-mass-layoffs-begin
• Twitter layoffs were so chaotic one employee was kicked off the company systems in the middle of a meeting, report says: 'A master class in how not to do it' https://www.businessinsider.com/twitter-employee-kicked-off-company-systems-in-middle-of-meeting-2022-11
• Meta's reportedly planning to lay off ‘thousands' of workers this week https://www.theverge.com/2022/11/6/23443699/meta-reportedly-planning-lay-off-thousands-workers-this-week
• A memo from Stripe's cofounders announcing sweeping job cuts is a lesson for companies everywhere on how to conduct layoffs https://www.businessinsider.com/stripe-layoff-memo-collison-twitter-fintech-2022-11

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine war: Power blackouts announced across country following Russian shelling https://globalnews.ca/news/9255179/russia-shelling-power-blackouts-ukraine/
• Ukraine war: Zelensky accuses Iran of lying over Russia support https://www.bbc.co.uk/news/world-europe-63528183
• Russia has failed to destroy a single HIMARS launcher to date, but Ukraine still needs more artillery: report https://www.businessinsider.com/politico-russia-hasnt-destoryed-a-single-himars-launcher-to-date-2022-11
• Ukrainian suicide drone boats packed with bombs are threatening Russia's once feared Black Sea fleet, and it may not be able to stop them https://www.businessinsider.com/ukraines-drone-boats-mean-nowheres-safe-russia-black-sea-fleet-2022-11
• North Korea is secretly supplying Russia with artillery, White House says https://globalnews.ca/news/9244770/white-house-nkorea-shipping-artillery-russia/
• Reaction and response:
• Russia rejoins Ukraine grain deal after suspending participation https://globalnews.ca/news/9244167/russia-ukraine-grain-deal-nov-2/
• US to pay to refurbish Soviet-era T-72 tanks for Ukraine: 'Most technically advanced tanks on the battlefield' https://www.businessinsider.com/us-refurbish-45-soviet-era-t-72-tanks-ukraine-2022-11

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
  • Chip Design Shifts As Fundamental Laws Run Out Of Steam https://semiengineering.com/chip-design-shifts-as-fundamental-laws-run-out-of-steam/
  • Huge Stratolaunch plane takes 1st flight carrying hypersonic prototype https://www.space.com/stratolaunch-hypersonic-prototype-first-captive-flight
  • NASA Is Studying a Private Mission to Boost Hubble's Orbit. Is It Worth the Risk? https://www.scientificamerican.com/article/nasa-is-studying-a-private-mission-to-boost-hubbles-orbit-is-it-worth-the-risk/
  • NASA's new Glider Could Turn any Airport Into a Spaceport https://www.universetoday.com/158471/nasas-new-glider-could-turn-any-airport-into-a-spaceport/
  • Researchers Make Rocket Fuel Using Actual Regolith From the Moon https://www.universetoday.com/158492/researchers-make-rocket-fuel-using-actual-regolith-from-the-moon/ 
• A few Remembrance Day related articles for November 11:
  • Why We Wear Poppies On Remembrance Day https://www.iwm.org.uk/history/why-we-wear-poppies-on-remembrance-day 
  • This year's Remembrance Day poppies are biodegradable for the 1st time https://www.cbc.ca/news/canada/windsor/royal-canadian-legion-biodegradable-poppies-remembrance-day-1.6638143
  • Some WWI battles were fought underground - the Lochnagar Mine & crater is the largest example http://www.greatwar.co.uk/somme/memorial-lochnagar-crater.htm
  • A list of Remembrance Day films from the NFB https://www.nfb.ca/channels/remembrance-day/
  • 7 Powerful Movies to Watch on Remembrance Day https://www.msn.com/en-ca/entertainment/movies/8-powerful-movies-to-watch-on-remembrance-day/ss-AA13HjhN