This Week's [in]Security - Issue 295

Welcome to This Week’s [in]Security. PCI related: FAQs. New breaches: What'sApp (500M), Twitter (5M), AirAsia (5M), Sask (SLGA). New Ransomware: OSSTF. Privacy: Repair snooping, Tax sites, iCloud, Redaction? Laws & Regs - Canada, US: FTC, DoJ. World: UK, India. Fines, Enforcements & Lawsuits. Standards. AI. Cryptography. Defense - Decryptors, Domains, Due diligence, Tools & Techniques. Vulnerabilities - Roundup, Chrome, Windows, AWS, Cybercrime - active campaigns, crimes & enforcement. Bad-Actors. Other Risks, Health, Safety, Environment, Economy, FTX/Crypto. Russia v. Ukraine. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Related,
  • Control Gap’s list of all FAQs is up to date with #1562 https://www.controlgap.com/pci-frequently-asked-questions

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• WhatsApp data leak: 500 million user records for sale; is it really a leak? https://www.databreaches.net/whatsapp-data-leak-500-million-user-records-for-sale-is-it-really-a-leak/
• WhatsApp Phone Numbers Of Around 500 Million Users Up For Sale https://www.techworm.net/2022/11/whatsapp-phone-number-million-users-sale.html
• WhatsApp dismisses report of alleged data leak containing phone numbers of nearly 3 million Hongkongers https://www.databreaches.net/whatsapp-dismisses-report-of-alleged-data-leak-containing-phone-numbers-of-nearly-3-million-hongkongers/
• 5.4 million Twitter users' stolen data leaked online — more shared privately https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/
• Ransomware attack on AirAsia allegedly compromises the data of 5 million customers and employees https://sg.news.yahoo.com/ransomware-attack-airasia-allegedly-compromises-023746097.html
• Leaked Algolia API Keys Exposed Data of Millions of Users https://www.securityweek.com/leaked-algolia-api-keys-exposed-data-millions-users
• Apps with over 3 million installs leak 'Admin' search API keys https://www.bleepingcomputer.com/news/security/apps-with-over-3-million-installs-leak-admin-search-api-keys/
• The Smith Family says details of around 80,000 donors may have been exposed in hacking attack https://www.databreaches.net/the-smith-family-says-details-of-around-80000-donors-may-have-been-exposed-in-hacking-attack/
• Year old breach disclosed at Saskatchewan Liquor and Gaming Authority affecting 40K people https://www.cbc.ca/news/canada/saskatchewan/about-40-000-people-affected-by-slga-security-breach-commissioners-report-1.6661531
• Au: Xavier College says stolen student data might be released after hack https://www.databreaches.net/au-xavier-college-says-stolen-student-data-might-be-released-after-hack/
• California County Says Personal Information Compromised in Data Breach https://www.securityweek.com/california-county-says-personal-information-compromised-data-breach
• Personal data of nearly 4,000 people leaked in hack of Radio Free Asia https://www.databreaches.net/personal-data-of-nearly-4000-people-leaked-in-hack-of-radio-free-asia/
• No Need to Hack When It's Leaking, Friday Global Edition https://www.databreaches.net/no-need-to-hack-when-its-leaking-friday-global-edition/
• New Ransomware and "Incidents":
• Ca: OSSTF victim of ransomware attack, notifies members of personal data compromised https://www.databreaches.net/ca-osstf-victim-of-ransomware-attack-notifies-members-of-personal-data-compromised/
• Doctors Center Hospital reports 1.2 million patients affected by ransomware attack https://www.databreaches.net/doctors-center-hospital-reports-1-2-million-patients-affected-by-ransomware-attack/
• City of Westmount target of cyberattack https://globalnews.ca/news/9296036/city-of-westmount-target-of-cyberattack/
• Have-I-Been-Pwned updates:
• Not Acxiom (unverified) - 51,730,831 breached accounts https://haveibeenpwned.com/PwnedWebsites#NotAcxiom

Privacy

Articles about privacy related news, risks, and trends.

• Half of computer repairs result in snooping of sensitive data, study by U of Guelph finds https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/
• Tax filing websites have been sending users' financial information to Facebook https://www.theverge.com/2022/11/22/23471842/facebook-hr-block-taxact-taxslayer-info-sharing
• Apple's Device Analytics Can Identify iCloud Users https://www.schneier.com/blog/archives/2022/11/apples-device-analytics-can-identify-icloud-users.html
• Redacted Documents Are Not as Secure as You Think https://www.wired.com/story/redact-pdf-online-privacy/
• Minding Your Business: A Critical Analysis of the Collection of De-identified Mobility Data and Its Use Under Socially Beneficial and Legitimate Business Exemptions in Canadian Privacy Law https://citizenlab.ca/2022/11/a-critical-analysis-of-the-collection-of-de-identified-mobility-data/
• Where Are We Heading With Data Privacy Regulations? https://www.darkreading.com/endpoint/where-are-we-heading-with-data-privacy-regulations-
• See What We Accomplished Together in EFF's 2021 Annual Report https://www.eff.org/deeplinks/2022/11/see-what-we-accomplished-together-effs-2021-annual-report

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
  • Mobility Data and Canadian Privacy Law Explained https://citizenlab.ca/2022/11/mobility-data-and-canadian-privacy-law-explained/
  • The Law Bytes Podcast, Episode 147: Canada's Battle over Internet Streamers – A Cancon Story of Freedom of Expression, Algorithms and Cultural Policy https://www.michaelgeist.ca/2022/11/law-bytes-podcast-episode-147/
  • Freedom of Expression is Not A Loophole: Responding to the Government's Inaccurate Defence of Mandated Payments for Links in Bill C-18 https://www.michaelgeist.ca/2022/11/freedom-of-expression-is-not-a-loophole-responding-to-the-governments-inaccurate-defence-of-mandated-payments-for-links-in-bill-c-18/
• US:
  • 33 Attorneys General Send Letter to FTC on Commercial Surveillance Rules https://www.securityweek.com/33-attorneys-general-send-letter-ftc-commercial-surveillance-rules
  • EFF Files Comments on the FTC's Commercial Surveillance Rulemaking https://www.eff.org/deeplinks/2022/11/eff-files-comments-ftcs-commercial-surveillance-rulemaking
  • Documents Show DOJ's Multi-Pronged Effort to Undermine Section 230 https://www.eff.org/deeplinks/2022/11/documents-show-dojs-multi-pronged-effort-undermine-section-230
  • VICTORY! Congress Sends the Safe Connections Act to the President's Desk https://www.eff.org/deeplinks/2022/11/victory-congress-sends-safe-connections-act-presidents-desk
• World:
  • Experts Condemn The UK Online Safety Bill As Harmful To Privacy And Encryption https://www.eff.org/deeplinks/2022/11/experts-condemn-uk-online-safety-bill-harmful-privacy-and-encryption
  • India: New Bill Makes Even Government Accountable For Data Breach: Report https://www.ndtv.com/india-news/new-bill-makes-even-government-accountable-for-data-breach-report-3536218
• Standards News:
  • Top Prosecutors in CA, NY and DC Are Speaking Up For End-to-End Encryption https://www.eff.org/deeplinks/2022/11/top-prosecutors-ca-ny-and-dc-are-speaking-end-end-encryption
  • CISA Updates Infrastructure Resilience Planning Framework https://www.securityweek.com/cisa-updates-infrastructure-resilience-planning-framework
  • Digesting CISA's Cross-Sector Cybersecurity Performance Goals https://www.securityweek.com/digesting-cisas-cross-sector-cybersecurity-performance-goals
• Enforcements, Fines, Lawsuits:
  • Meta hit with antitrust breach order in Turkey for combining user data across FB, WhatsApp, Instagram https://techcrunch.com/2022/10/26/facebook-instagram-whatsapp-meta-turkey-antitrust-order/
  • Third Circuit Finds Standing for Victim of Data Breach, Citing ‘Imminent Harm' https://www.databreaches.net/third-circuit-finds-standing-for-victim-of-data-breach-citing-imminent-harm/
  • Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet https://thehackernews.com/2022/11/google-wins-lawsuit-against-russians.html
  • The LinkedIn-HiQ Labs Case and Data Scraping in the US: Some Takeaways https://www.databreaches.net/the-linkedin-hiq-labs-case-and-data-scraping-in-the-us-some-takeaways/
  • Lawsuit Takes Aim at the Way A.I. Is Built https://www.nytimes.com/2022/11/23/technology/copilot-microsoft-ai-lawsuit.html
  • An FTX customer who lost $750,000 during its collapse has filed a lawsuit against the Golden State Warriors, which had FTX as its 'official cryptocurrency platform' https://www.businessinsider.com/ftx-user-lost-750000-files-lawsuit-against-golden-state-warriors-2022-11
  • Celebrities Who Endorsed FTX Are a ‘Juicy Target' for Lawsuits https://www.pymnts.com/cryptocurrency/2022/celebrities-who-endorsed-ftx-are-a-juicy-target-for-lawsuits/
  • IBM sues Micro Focus, claims it copied Big Blue mainframe software https://www.theregister.com/2022/11/22/ibm_sues_micro_focus_for/
  • U.S. Navy Forced to Pay Software Company for Piracy https://gizmodo.com/navy-copyright-gmbh-1849817872

Emerging Technology and Innovations

Covering developments and risks with new technologies including AI, Quantum Computing, Cryptography:

• AI & machine learning:
• Galactica: the AI knowledge base that makes stuff up https://www.aiweirdness.com/galactica/
• Bonus: More casual misuse of Galactica https://www.aiweirdness.com/bonus-more-casual-misuse-of-galactica/
• It is still too early to use artificial intelligence for criminal justice, says Concordia PhD student https://scienmag.com/it-is-still-too-early-to-use-artificial-intelligence-for-criminal-justice-says-concordia-phd-student/
• DtSR Episode 527 - Fun With Machines Learning http://podcast.wh1t3rabbit.net/dtsr-episode-527-fun-with-machines-learning
• Meta researchers create AI that masters Diplomacy, tricking human players https://arstechnica.com/information-technology/2022/11/meta-researchers-create-ai-that-masters-diplomacy-tricking-human-players/
• Cryptography and Cryptographic Research:
• Differential Meet-In-The-Middle Cryptanalysis https://eprint.iacr.org/2022/1640
• The Performance Analysis of Post-Quantum Cryptography for Vehicular Communications https://eprint.iacr.org/2022/1619
• Another Round of Breaking and Making Quantum Money: How to Not Build It from Lattices, and More https://eprint.iacr.org/2022/1620

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:
• Breaking the Zeppelin Ransomware Encryption Scheme https://www.schneier.com/blog/archives/2022/11/breaking-the-zeppelin-ransomware-encryption-scheme.html
• U.S. Authorities Seize Domains Used in 'Pig butchering' Cryptocurrency Scams https://thehackernews.com/2022/11/us-authorities-seize-domains-used-in.html
• Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations https://www.darkreading.com/edge-articles/cyber-due-diligence-in-m-as-uncovers-threats-improves-valuations
• Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks https://www.darkreading.com/remote-workforce/google-blocks-231b-spam-phishing-messages-2-weeks
• Penetration Testing Market Size Is Projected to Reach $5.28B Globally by 2028 https://www.darkreading.com/vulnerabilities-threats/penetration-testing-market-size-is-projected-to-reach-5-28b-globally-by-2028
• Methods, Techniques, Tools, and Products:
• Google Making Cobalt Strike Pentesting Tool Harder to Abuse https://www.securityweek.com/google-making-cobalt-strike-pentesting-tool-harder-abuse
• Google releases 165 YARA rules to detect Cobalt Strike attacks https://www.bleepingcomputer.com/news/security/google-releases-165-yara-rules-to-detect-cobalt-strike-attacks/
• Microsoft supports the DoD's Zero Trust strategy https://www.microsoft.com/en-us/security/blog/2022/11/22/microsoft-supports-the-dods-zero-trust-strategy/
• Expanding the Threat Intelligence capabilities on Report URI https://scotthelme.co.uk/expanding-the-threat-intelligence-capabilities-on-report-uri/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Significant:
• Control Gap Vulnerability Roundup: November 12th to November 18th https://www.controlgap.com/blog/vulnerability-roundup-november-12th-november-18th
• Google pushes emergency Chrome update to fix 8th zero-day in 2022 https://www.bleepingcomputer.com/news/security/google-pushes-emergency-chrome-update-to-fix-8th-zero-day-in-2022/
• Patching:
• Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers https://www.theregister.com/2022/11/21/microsoft_kerberos_fix_windows/
• Other Vulnerabilities:
• AWS fixes 'confused deputy' vulnerability in AppSync https://www.theregister.com/2022/11/22/aws_confused_deputy_vulnerability/
• Cross-Tenant AWS Vulnerability Exposed Account Resources https://www.securityweek.com/cross-tenant-aws-vulnerability-exposed-account-resources
• Researchers Sound The Alarm On Smart Home Hub Security Vulnerabilities https://www.databreaches.net/researchers-sound-the-alarm-on-smart-home-hub-security-vulnerabilities/
• Mali GPU ‘patch gap' leaves Android users vulnerable to attacks https://www.bleepingcomputer.com/news/security/mali-gpu-patch-gap-leaves-android-users-vulnerable-to-attacks/
• Mind the Gap - Android Mali GPU) https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html
• BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks https://www.securityweek.com/bmc-firmware-vulnerabilities-expose-ot-iot-devices-remote-attacks
• US offshore oil and gas installation at 'increasing' risk of cyberattack https://www.theregister.com/2022/11/21/us_oil_gas_cyber_threats/
• Vulnerable SDK components lead to supply chain risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
• Cisco Secure Email Gateway Filters Bypassed Due to Malware Scanner Issue https://www.securityweek.com/cisco-secure-email-gateway-filters-bypassed-due-malware-scanner-issue
• PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability https://www.securityweek.com/poc-code-published-high-severity-macos-sandbox-escape-vulnerability
• Security Researchers Looking at Mastodon as Its Popularity Soars https://www.securityweek.com/security-researchers-looking-mastodon-its-popularity-soars

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• The Dark Web Price Index 2022 https://www.visualcapitalist.com/cp/charted-the-dark-web-price-index-2022/
• Docker Hub repositories hide over 1,650 malicious containers https://www.bleepingcomputer.com/news/security/docker-hub-repositories-hide-over-1-650-malicious-containers/
• Hackers modify popular OpenVPN Android app to include spyware https://www.bleepingcomputer.com/news/security/hackers-modify-popular-openvpn-android-app-to-include-spyware/
• Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries https://thehackernews.com/2022/11/hackers-exploiting-abandoned-boa-web.html
• Hackers breach energy orgs via bugs in discontinued web server https://www.bleepingcomputer.com/news/security/hackers-breach-energy-orgs-via-bugs-in-discontinued-web-server/
• World Cup phishing emails spike in Middle Eastern countries https://www.theregister.com/2022/11/21/world_cup_phishing_emails/
• Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware https://thehackernews.com/2022/11/researchers-warn-of-cyber-criminals.html
• Slippery RansomExx Malware Moves to Rust, Evading VirusTotal https://www.darkreading.com/threat-intelligence/slippery-ransomexx-malware-moves-rust-virustotal
• Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines, (Mon, Nov 21st) https://isc.sans.edu/diary/rss/29266
• Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild https://thehackernews.com/2022/11/google-identifies-34-cracked-versions.html
• Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike https://thehackernews.com/2022/11/nighthawk-likely-to-become-hackers-new.html
• This Android File Manager App Infected Thousands of Devices with SharkBot Malware https://thehackernews.com/2022/11/this-android-file-manager-app-infected.html
• Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat https://www.bleepingcomputer.com/news/security/attackers-bypass-coinbase-and-metamask-2fa-via-teamviewer-fake-support-chat/
• Backdoored Chrome extension installed by 200,000 Roblox players https://www.bleepingcomputer.com/news/security/backdoored-chrome-extension-installed-by-200-000-roblox-players/
• Crime & Arrests, etc.:
• 3-year probe halts national money laundering scheme: ALERT https://globalnews.ca/news/9299623/alberta-money-laundering-project-collector/
• DOJ busy with cryptocurrency-related crimes https://www.databreaches.net/doj-busy-with-cryptocurrency-related-crimes/
• Two Estonians arrested for running $575M crypto Ponzi scheme https://www.bleepingcomputer.com/news/security/two-estonians-arrested-for-running-575m-crypto-ponzi-scheme/
• U.K. Police Arrest 142 in Global Crackdown on 'iSpoof' Phone Spoofing Service https://thehackernews.com/2022/11/uk-police-arrest-142-in-global.html
• Police are sending messages to 70,000 people who may have fallen victim to phone scammers https://www.zdnet.com/article/police-are-sending-messages-to-70000-people-who-may-have-fallen-victim-to-phone-scammers/
• DraftKings gamblers lose $300,000 to credential stuffing attack https://www.theregister.com/2022/11/22/draftkings_credential_stuffing_attack/
• Google Chrome extension used to steal cryptocurrency, passwords https://www.bleepingcomputer.com/news/security/google-chrome-extension-used-to-steal-cryptocurrency-passwords/

Bad-Actors / Nation-States / APTs / Cyber-Mercenaries

News covering Nation-State Actors, APTS, Hacking Groups, Mercenaries, Espionage, and the Notorious:

• ‘Security risks': U.K. restricts Chinese-made cameras in government buildings https://globalnews.ca/news/9302641/uk-restricts-chinese-surveillance-cameras/
• The FCC just banned these Chinese cameras and telecom hardware from reaching the US https://www.theverge.com/2022/11/25/23478132/fcc-china-huawei-zte-hikvision-camera-telecom-authorization-ban
• U.S. bans Huawei, ZTE equipment sales due to ‘unacceptable risk' to national security https://globalnews.ca/news/9306478/huawei-zte-equipment-sales-banned-us/
• UK bans Chinese CCTV cameras on 'sensitive' government sites https://www.theregister.com/2022/11/25/uk_government_china_cctv_ban_/
• US bans Chinese telecoms imports – won't even consider authorizing them https://www.theregister.com/2022/11/27/fcc_china_equipment_authorization_ban/
• China-Based Billbug APT Infiltrates Certificate Authority https://www.darkreading.com/endpoint/china-based-billbug-apt-infiltrates-certificate-authority
• Pro-Russian hacktivists take down EU Parliament site in DDoS attack https://www.bleepingcomputer.com/news/security/pro-russian-hacktivists-take-down-eu-parliament-site-in-ddos-attack/
• Russian Hackers Target Dutch LNG Terminal https://www.databreaches.net/russian-hackers-target-dutch-lng-terminal/
• Swedish brothers face trial on Russia spy charges https://www.bbc.co.uk/news/world-europe-63761403
• Russian cybergangs stole over 50 million passwords this year https://www.bleepingcomputer.com/news/security/russian-cybergangs-stole-over-50-million-passwords-this-year/
• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation https://thehackernews.com/2022/11/meta-takes-down-fake-facebook-and.html
• Donut extortion group also targets victims with ransomware https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/
• Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts https://www.bleepingcomputer.com/news/security/ducktail-hackers-now-use-whatsapp-to-phish-for-facebook-ad-accounts/
• Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns https://thehackernews.com/2022/11/luna-moth-gang-invests-in-call-centers.html
• Vietnam-Based Ducktail Cybercrime Operation Evolving, Expanding https://www.securityweek.com/vietnam-based-ducktail-cybercrime-operation-evolving-expanding
• Data Breach Misattribution, Acxiom & Live Ramp https://www.troyhunt.com/data-breach-misattribution-acxiom-live-ramp/
• WikiLeaks' Website Is Falling Apart https://packetstormsecurity.com/news/view/34063/WikiLeaks-Website-Is-Falling-Apart.html

Other Security / Risk

Articles covering other types of risks.

• General:
• Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn https://www.darkreading.com/edge-articles/major-security-breach-from-business-users-low-code-apps-could-come-in-2023-analysts-warn
• US Offshore Oil and Gas Infrastructure at Significant Risk of Cyberattacks https://www.securityweek.com/us-offshore-oil-and-gas-infrastructure-significant-risk-cyberattacks
• Autonomous Vehicles Join the List of US National Security Threats https://www.wired.com/story/autonomous-vehicles-china-us-national-security/
• Are Deepfakes Really a Security Threat? - Member Recap from (ISC)² Security Congress 2022 https://blog.isc2.org/isc2_blog/2022/11/are-deepfakes-really-a-security-threat.html
• Health:
• Health Canada reviews RSV vaccine candidate as cases spike across country https://globalnews.ca/news/9303850/health-canada-rsv-vaccines-seniors/
• Multivalent mRNA vaccine candidate another step closer to universal flu vaccine https://scienmag.com/multivalent-mrna-vaccine-candidate-another-step-closer-to-universal-flu-vaccine/
• Online tool aims to cut emergency room wait times in Winnipeg https://globalnews.ca/news/9303592/winnipeg-er-wait-times-online-tool/
• These UV Devices Could Keep Indoor Air Free of Viruses https://www.scientificamerican.com/article/these-uv-devices-could-keep-indoor-air-free-of-viruses/
• New surgical robot ‘Daryl' now helping assist Sask. medical operations https://globalnews.ca/news/9305896/surgical-robot-daryl-sask/
• ‘Mass testing' linked to 25% cut in covid-19 related hospital admissions https://scienmag.com/mass-testing-linked-to-25-cut-in-covid-19-related-hospital-admissions/
• China Covid: Record number of cases as virus surges nationwide https://www.bbc.co.uk/news/world-asia-china-63739617
• Return on investment of the COVID-19 vaccination campaign in New York City https://scienmag.com/return-on-investment-of-the-covid-19-vaccination-campaign-in-new-york-city/
• Three New Ebola Vaccines Will Soon Be Tested in Uganda https://www.scientificamerican.com/article/three-new-ebola-vaccines-will-soon-be-tested-in-uganda/
• Alzheimer's Gene Doesn't Guarantee Dementia. Here's What You Can Do to Reduce Risk https://www.sciencealert.com/alzheimers-gene-doesnt-guarantee-dementia-heres-what-you-can-do-to-reduce-risk
• Mysterious Changes Identified in The Brains of People Who Get Migraines https://www.sciencealert.com/mysterious-changes-identified-in-the-brains-of-people-who-get-migraines
• The Cause of Alzheimer's Could Be Coming From Inside Your Mouth https://www.sciencealert.com/the-cause-of-alzheimers-could-be-coming-from-inside-your-mouth
• Is a Diagnostic Test to Blame for Why We Know So Little about Autism in Girls? https://www.scientificamerican.com/article/is-a-diagnostic-test-to-blame-for-why-we-know-so-little-about-autism-in-girls/
• WHO Ranks The Deadliest Pathogens, Including The Mysterious 'Disease X' https://www.sciencealert.com/who-ranks-the-deadliest-pathogens-including-the-mysterious-disease-x
• Duke-NUS scientists reveal first close-up look at bats' immune response to live infection https://scienmag.com/duke-nus-scientists-reveal-first-close-up-look-at-bats-immune-response-to-live-infection/
• Scientists Revived Ancient 'Zombie Viruses' Frozen For Eons in Siberia https://www.sciencealert.com/scientists-revived-ancient-zombie-viruses-frozen-for-eons-in-siberia
• Twins born from embryos frozen 30 years ago https://www.bbc.co.uk/news/world-us-canada-63718914
• An AI Found an Unknown 'Ghost' Ancestor in The Human Genome https://www.sciencealert.com/an-ai-found-an-unknown-ghost-ancestor-in-the-human-genome
• Safety:
• ‘Abhorrent trolls' who encourage self-harm online face criminal prosecution, says minister https://www.theguardian.com/technology/2022/nov/26/abhorrent-trolls-who-encourage-self-harm-online-face-criminal-prosecution-says-minister
• ‘Virtual kidnapping' scam prompts warning from North Vancouver RCMP https://globalnews.ca/news/9301636/virtual-kidnapping-scam-north-vancouver/
• The US Has a Shortage of Bomb-Sniffing Dogs https://www.schneier.com/blog/archives/2022/11/the-us-has-a-shortage-of-bomb-sniffing-dogs.html
• Environment:
• Unabated Carbon Is Shrinking Earth's Upper Atmosphere, Scientists Warn https://www.sciencealert.com/unabated-carbon-is-shrinking-earths-upper-atmosphere-scientists-warn
• 'Cold hearts': New Airbus aircraft to be powered by hydrogen stored at -253°C https://interestingengineering.com/transportation/airbuss-powered-cold-hydrogen-hearts
• Economy:
• Half of variable mortgage holders with fixed payments have hit trigger rate https://globalnews.ca/news/9297311/trigger-rate-mortgages-bank-of-canada/
• The Bank of Canada is discovering that explaining risk to Canadians is actually difficult https://www.cbc.ca/news/business/inflation-interest-rates-column-don-pittis-1.6660112
• The DOJ is reportedly investigating rent-setting software company RealPage https://www.theverge.com/2022/11/26/23479034/doj-investigating-rent-setting-software-company-realpage
• The window is closing on corporate 'greedflation.' It's another sign that inflation is cooling off. https://www.businessinsider.com/recession-outlook-company-profits-inflation-higher-prices-greedflation-2022-11
• The Fed's own economists are sounding the recession alarm — and warning that more interest-rate hikes could tank the US economy https://markets.businessinsider.com/news/currencies/federal-reserve-powell-staff-economists-recession-interest-rates-economy-inflation-2022-11
• China locks down major iPhone making city as Covid cases jump to a record high, sparking concerns that lockdowns could stretch beyond 2023 https://www.businessinsider.com/china-locks-down-apple-iphone-city-covid-pandemic-record-high-2022-11
• More on FTX and the Crypto-crisis:
• Chainalysis Tracks Stolen FTX Funds on Blockchain, Tweets Updates https://www.pymnts.com/cryptocurrency/2022/chainalysis-tracks-stolen-ftx-funds-on-blockchain-tweets-updates/
• Crypto Firm FTX's Ownership of a U.S. Bank Raises Questions https://www.nytimes.com/2022/11/23/business/ftx-cryptocurrency-bank.html
• FTX Says Assets ‘Missing' or ‘Stolen' as Bankruptcy Process Begins https://www.nytimes.com/2022/11/22/business/ftx-bankruptcy-sam-bankman-fried.html
• Conflict of Interest Costs SBF His Lawyers https://www.pymnts.com/cryptocurrency/2022/conflict-of-interest-costs-sbf-his-lawyers/
• FTX Liquidators in Bahamas Move Case From New York to Delaware https://www.pymnts.com/cryptocurrency/2022/ftx-liquidators-in-bahamas-move-case-from-new-york-to-delaware/
• Crypto Contagion Sends Coins and Companies Tumbling https://www.pymnts.com/cryptocurrency/2022/crypto-contagion-sends-coins-companies-tumbling/
• Ether falls as the FTX hacker dumps $74 million worth of the token and swaps it for bitcoin https://www.businessinsider.com/eth-crypto-ftx-hacker-million-tokens-bankman-fried-bitcoin-markets-2022-11
• BoE Exec: Regulate Crypto Before It's Too Late https://www.pymnts.com/cryptocurrency/2022/boe-exec-regulate-crypto-before-its-too-late/
• FTX Collapse Creates ‘Sense of Urgency' Among World's Regulators https://www.pymnts.com/cryptocurrency/2022/ftx-collapse-creates-sense-of-urgency-among-worlds-regulators/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Russian forces were suffering from 'electronic fratricide' within days of attacking Ukraine, a new report says https://www.businessinsider.com/russian-ew-campaign-in-ukraine-undermined-by-electronic-fratricide-2022-11
• Iranian drone advisers who were helping Russia bombard Ukraine were killed in Crimea, Kyiv official says https://www.businessinsider.com/iranian-advising-russia-drones-were-killed-crimea-ukraine-2022-11
• Ukraine braces for cold winter as Russian strikes cripple power capacity https://globalnews.ca/news/9296710/ukraine-winter-russia-energy-strikes/
• Reaction and response:
• Ukraine condemns Russia's ‘energy terror' as new attacks cut power to millions https://globalnews.ca/news/9301241/ukraine-russia-energy-terror/
• Ukraine war: The race to rebuild infrastructure in Kherson https://www.bbc.co.uk/news/world-europe-63746304
• Germany — burned by overrelying on Russian gas — now vows to end dependence on trade with China https://www.businessinsider.com/germany-scholz-reliance-russia-energy-gas-end-dependence-china-trade-2022-11
• Northern Europe has already slashed Russian oil imports by 90%, 2 weeks before the EU ban kicks in https://markets.businessinsider.com/news/commodities/europe-slash-russia-oil-imports-2-weeks-before-ban-2022-11
• India and China are still snapping up Russian oil — but they are demanding huge bargains which is hitting Kremlin's war chest https://markets.businessinsider.com/news/commodities/india-china-still-buying-russian-oil-but-demand-huge-discounts-2022-11
• Sanctions & economic Impact:
• Canada sanctions 22 Belarusian officials over Ukraine war as opposition leader visits https://globalnews.ca/news/9296649/canada-sanctions-belarus-nov-22/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Local:
• The CP Holiday Train returns to the rails for the first time in 3 years https://globalnews.ca/news/9300284/the-cp-holiday-train-returns/
• The Avro Arrow - Supersonic jet once made in Mississauga will soon be on display at city park https://www.insauga.com/supersonic-jet-once-made-in-mississauga-will-soon-be-on-display-at-city-park/
• Lighter:
• ‘No one had seen anything like it’: how video game Pong changed the world https://www.theguardian.com/games/2022/nov/25/history-pong-video-game-atari-nolan-bushnell-al-alcorn
• The Internet Archive just put 565 Palm Pilot apps in your web browser https://www.theverge.com/2022/11/25/23478396/internet-archive-palm-pilot-emulation-games-apps-dope-wars
• The 10 Hardest Wordle Stumpers of 2022 https://www.mentalfloss.com/posts/hardest-wordle-word-puzzles-2022
• Science:
• Emperor's Secret Code Cracked After Five Centuries, Revealing His Fears https://www.sciencealert.com/emperors-secret-code-cracked-after-five-centuries-revealing-his-fears
• This Carnivorous Plant Has a Rain-Powered Trap https://www.scientificamerican.com/article/this-carnivorous-plant-has-a-rain-powered-trap/
• Artemis I has Completed its First Flyby of the Moon https://www.universetoday.com/158739/artemis-i-has-completed-its-first-flyby-of-the-moon/
• The First SLS Launch Caused Damage to the Launch Pad. How bad was it? https://www.universetoday.com/158788/the-first-sls-launch-caused-damage-to-the-launch-pad-how-bad-was-it/
• A Paralympic athlete might become the world's first disabled astronaut https://www.businessinsider.com/british-paralympian-athlete-first-disabled-astronaut-2022-11
• Space Elevators Are Less Sci-Fi Than You Think https://www.scientificamerican.com/article/space-elevators-are-less-sci-fi-than-you-think/
• A Mission to Venus Could Sample its Atmosphere Directly, Searching for Life https://www.universetoday.com/158749/a-mission-to-venus-could-sample-its-atmosphere-directly-searching-for-life/
• What's the Best Mix of Oceans to Land for a Habitable Planet? https://www.universetoday.com/158755/whats-the-best-mix-of-oceans-to-land-for-a-habitable-planet/