This Week’s [in]Security – Issue 138 | insecurity | Control Gap

Welcome to This Week’s [in]Security. This week: Evolving PCI. Online skimming/Magecart. A 1B record breach and an 11 breach week. Target sues over breach. Privacy regulations in conflict? Healthcare grab. Password ruling. More pressure for crypto-backdoors. New defensive tools. Five years to patch. VNC, RDP, and IoT - oh my. Replying to phone scammers. Busting scammers. 100K fake e-comm sites. Design error. Not so-smart homes. Lots of ransomware. Bluetooth scanners as burglary tool. Spammy banks. Internet islands. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

News and announcements relating to Payment Security, Payments, PCI, and Card Brands.

• Evolving PCI Standards and Validation https://blog.pcisecuritystandards.org/evolving-pci-standards-and-validation
• PCI Security Standards Council Highlights New Contactless Standard at Asia-Pacific Community Meeting https://www.pcisecuritystandards.org/aboutus/pressreleases/pr_11212019
• ISA in Practice Case Study: TIVIT https://blog.pcisecuritystandards.org/isa-in-practice-case-study-tivit
• Taking Advantage of EMV 3DS (3 Domain Secure) for online payments https://www.bankinfosecurity.com/interviews/taking-advantage-emv-3ds-i-4514
• Visa warns of fuel dispenser skimmers https://usa.visa.com/dam/VCOM/global/support-legal/documents/visa-security-alert-attacks-targeting-fuel-dispenser-merchant-pos.pdf
• Visa warns of new JavaScript "Pipka" Skimmer on ecommerce sites https://usa.visa.com/dam/VCOM/global/support-legal/documents/pfd-identifies-new-javascript-skimmer.pdf
• The Threat of Online Skimming to Payment Security https://blog.pcisecuritystandards.org/the-threat-of-online-skimming-to-payment-security
• The Future Of E-Commerce https://www.forbes.com/sites/kimberlywhitler/2019/11/16/the-future-of-ecommerce-and-how-the-experience-will-change/
• In The eCommerce Age, Consumers Want To Control Authentication https://www.pymnts.com/today-in-data/2019/ecommerce-age-consumers-want-to-control-authentication/
• (As described this doesn't seem that new) Scammers try a new way to steal online shoppers’ payment-card data https://arstechnica.com/information-technology/2019/11/scammers-try-a-new-way-to-steal-online-shoppers-payment-card-data/
• Elavon Spends $300M For Sage Pay https://www.pymnts.com/news/partnerships-acquisitions/2019/elavon-spends-300m-for-sage-pay/
• Grocery shopping goes high tech with smart carts, apps https://globalnews.ca/news/6180433/grocery-store-apps-smart-carts/

Breaches / Leaks

Covering breaches, leaks, data exposures, and their fallout.

• 4TB and 1.2B records exposed in single db of unknown origin contains PII linking phone numbers, email addresses, and social media accounts appears to be a collection of data from PDL, OXY, and others. https://www.wired.com/story/billion-records-exposed-online/
• Update: the Data on 1.2 Billion Users Found in Exposed Elasticsearch Server https://www.securityweek.com/data-12-billion-users-found-exposed-elasticsearch-server
• Macy’s Suffers Data Breach by Magecart Cybercriminals https://threatpost.com/macys-data-breach-linked-to-magecart/150393/ and https://www.zdnet.com/article/macys-suffers-online-magecart-card-skimming-attack/
• OnePlus Suffers New Data Breach Impacting Its Online Store Customers https://thehackernews.com/2019/11/oneplus-store-data-breach.html
• Password data for ~2.2 million users of currency and gaming sites dumped online https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
• T-Mobile discloses security breach impacting "small number" 1M+ of prepaid customers https://www.zdnet.com/article/t-mobile-discloses-security-breach-impacting-prepaid-customers/ and https://www.pymnts.com/news/security-and-risk/2019/t-mobile-data-breach-puts-personal-data-of-1m-customers-at-risk/
• Landlord finds millions of confidential files left by defunct IT firm https://www.cbc.ca/news/canada/ottawa/it-company-leaves-10-million-digital-files-cautionary-tale-1.5365619
• Cyberattack against Manitoba First Nations child welfare agency under investigation https://www.cbc.ca/news/canada/manitoba/cyber-attack-cfs-southern-network-care-agency-1.5371508
• 2 Health Data Breaches Affect Total of 220,000 https://www.inforisktoday.com/2-health-data-breaches-affect-total-220000-a-13440
• Database belong to Gekko Group/AccorHotels exposed data on 140K clients https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/
• PayMyTab data leak exposes personal information from undecured AWS S3 bucket belonging to mobile diners https://www.zdnet.com/article/paymytab-data-leak-exposes-personal-information-belonging-to-mobile-diners/
• Data breach may affect more than 500 Fairfax County police employees https://www.washingtonpost.com/local/public-safety/data-breach-may-impact-more-than-500-fairfax-county-police-employees-official-says/2019/11/16/51a5291c-07da-11ea-818c-fcc65139e8c2_stor
• Recent credential breaches added to the Have I Been Pwned's database:
• EpicBot - 816,662 breached accounts https://haveibeenpwned.com/PwnedWebsites#EpicBot
• GateHub - 1,408,078 breached accounts https://haveibeenpwned.com/PwnedWebsites#GateHub
• GPS Underground - 669,584 breached accounts https://haveibeenpwned.com/PwnedWebsites#GPSUnderground
• Target Sues Insurer Over 2013 Data Breach Costs https://www.bankinfosecurity.com/target-sues-insurer-over-2013-data-breach-costs-a-13435

Privacy

Articles about privacy related news, risks, and trends.

• ‘Wildly Different’ Privacy Regulations Causing Compliancy Chaos https://threatpost.com/wildly-different-privacy-regulations-causing-compliancy-chaos/150322/
• Privacy Commissioners Launch "Global Privacy Assembly" https://epic.org/2019/11/privacy-commissioners-launch-g.html
• Google Healthcare Project Targeted by Congress Committee https://www.securityweek.com/google-healthcare-project-targeted-congress-committee
• Analysis: Instagram's Major Problem With Minors' Data https://www.bankinfosecurity.com/interviews/analysis-instagrams-major-problem-minors-data-i-4513
• Why The Google Fitbit Deal Matters https://www.forbes.com/sites/kateoflahertyuk/2019/11/17/heres-why-the-google-fitbit-deal-mattersand-what-you-should-do/
• Privacy implications of Data Enrichment, People Data Labs and Another 622M Email Addresses https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses
• Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much https://www.theregister.co.uk/2019/11/21/ublockoriginfirefoxunblockabletracker/
• Uber will record the audio of people's journeys in taxis https://www.independent.co.uk/life-style/gadgets-and-tech/news/uber-recording-audio-brazil-mexico-app-a9211841.html
• Pennsylvania Supreme Court Rules Police Can’t Force You to Tell Them Your Password https://www.eff.org/deeplinks/2019/11/victory-pennsylvania-supreme-court-rules-police-cant-force-you-tell-them-your
• EPIC Advises New York Senate on Privacy Legislation https://epic.org/2019/11/epic-advises-new-york-senate-o.html
• Senators Demand Information from Amazon on Ring and Surveillance https://epic.org/2019/11/senators-demand-information-fr.html

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• Interpol: Strong encryption helps online predators. Build backdoors https://www.theregister.co.uk/2019/11/18/interpolsaysencryptionhelpssickospreyon_kids/
• FBI drafted Interpol resolution calling for ban on end-to-end encryption https://arstechnica.com/tech-policy/2019/11/think-of-the-children-fbi-sought-interpol-statement-against-end-to-end-crypto/
• The Council of Europe Shouldn’t Throw Out Our Privacy Rights Just to Speed Up Police Access https://www.eff.org/deeplinks/2019/11/council-europe-shouldnt-throw-out-our-privacy-rights-just-speed-police-access
• Senate Democrats Set Out Comprehensive Data Protection Framework https://epic.org/2019/11/senate-democrats-set-out-compr.html
• Pew Research: 'Americans strongly favor more government regulation of consumer data' https://epic.org/2019/11/pew-research-americans-strongl.html
• In wake of troubling breach, Desjardins pushes government for digital ID procedures https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-digital-identification-guy-cormier-1.5368620
• Australia releases draft IoT cybersecurity code of practice https://www.zdnet.com/article/australia-releases-draft-iot-cybersecurity-code-of-practice/
• Australia: Porn, public transport and other dubious justifications for using facial recognition software https://www.theguardian.com/technology/2019/nov/17/porn-public-transport-and-other-dubious-justifications-for-using-facial-recognition-software
• Russia bans sale of gadgets without Russian-made software https://www.bbc.co.uk/news/world-europe-50507849
• The FAA wants to completely change how it certifies planes after it vouched for the Boeing 737 Max before it crashed https://www.businessinsider.com/boeing-737-max-faa-plane-certification-stephen-dickson-wsj-2019-11
• What Happens When You Remove a Police-Installed GPS Tracker https://arstechnica.com/tech-policy/2019/11/man-charged-with-theft-for-removing-police-gps-tracker-from-his-car/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• 4 Automated Password Policy Enforcers for NIST Password Guidelines https://www.bankinfosecurity.com/blogs/enzoic-blog-3-6-x2-p-2803
• Summary of 2019 APWG eCrime conference: “Identifying Unintended Harms of Cybersecurity Countermeasures”and “Mapping the Underground: Supervised Discovery of Cybercrime Supply Chains” top papers. https://www.lightbluetouchpaper.org/2019/11/21/apwg-ecrime-2019/
• Is lightweight cryptography needed? The Debate Over How to Encrypt the Internet of Things https://www.wired.com/story/lightweight-encryption-internet-of-things/
• Security of North American Energy Grid Tested in GridEx Exercise https://www.securityweek.com/security-north-american-energy-grid-tested-gridex-exercise
• NIST Identity Management & Access Control in Multiclouds Conference & Workshop, January 23-24, 2020 https://www.nist.gov/news-events/events/2020/01/identity-management-access-control-multiclouds-workshop-and-conference
• Bug bounties: Mozilla just doubled its payouts as it tries to attract software vulnerability hunters https://www.zdnet.com/article/bug-bounties-mozilla-just-doubled-its-payouts-as-it-tries-to-attract-software-vulnerability-hunters/
• Ransomware: This free tool decrypts 85 variants of the horror-tinged Jigsaw malware https://www.zdnet.com/article/ransomware-this-free-tool-decrypts-85-variants-of-the-horror-tinged-jigsaw-malware/
• Twitter No Longer Wants a Phone Number for 2FA https://www.bankinfosecurity.com/twitter-no-longer-wants-phone-number-for-2fa-a-13436
• DuckDuckGo Will Automatically Encrypt More Sites You Visit https://www.wired.com/story/duckduckgo-smarter-encryption/
• Microsoft Moves Toward DNS Over HTTPS https://www.bankinfosecurity.com/microsoft-moves-toward-dns-over-https-a-13421
• Cybersecurity and Infrastructure Security Agency (CISA) this week announced the release of an open source post-election auditing tool https://www.securityweek.com/cisa-announces-open-source-post-election-auditing-tool
• Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner https://blog.cloudflare.com/introducing-flan-scan/
• This App Knows If Your iPhone Has Been Hacked—Do You? https://www.forbes.com/sites/daveywinder/2019/11/17/this-app-knows-if-your-iphone-has-been-hackeddo-you/
• Welcoming the Norwegian Government to HIBP https://www.troyhunt.com/welcoming-the-norwegian-government-to-hibp/
• Rethinking Information Security https://www.datex.ca/blog/rethinking-information-security
• New Satellites Will Tell Us Exactly how Quickly the Oceans are Rising https://www.universetoday.com/144139/new-satellites-will-tell-us-exactly-how-quickly-the-oceans-are-rising/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery https://www.securityweek.com/vulnerability-abb-plant-historian-disclosed-5-years-after-discovery
• Undocumented Access Feature Exposes Siemens PLCs to Attacks https://www.securityweek.com/undocumented-access-feature-exposes-siemens-plcs-attacks
• Trouble is coming - IoT in 2020: The awkward teenage years https://www.arnnet.com.au/article/668741/iot-2020-awkward-teenage-years/
• IoT Security Woes Plague Healthcare Industry https://threatpost.com/iot-security-healthcare-industry/150157/
• Update: More Alerts About Medical Device Security Flaws https://www.bankinfosecurity.com/update-more-alerts-about-medical-device-security-flaws-a-13410
• IoT Security: 20 Years Behind Enterprise Computing https://www.bankinfosecurity.com/interviews/iot-security-20-years-behind-enterprise-computing-i-4516
• WhatsApp Remote Code Execution Triggered by Videos https://threatpost.com/whatsapp-remote-code-execution-videos/150360/
• Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected https://www.forbes.com/sites/daveywinder/2019/11/19/google-confirms-android-camera-security-threat-hundreds-of-millions-of-users-affected/
• Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin https://www.bleepingcomputer.com/news/security/millions-of-sites-exposed-by-flaw-in-jetpack-wordpress-plugin/
• Popular Apps on Google Play Store Remain Unpatched https://threatpost.com/popular-apps-on-google-play-store-remain-unpatched/150502/
• RDP loves company: Kaspersky finds 37 security holes in VNC remote desktop software https://www.theregister.co.uk/2019/11/23/kasperskyvncbugs/
• Comment on last weeks news of security vulnerabilities in Android firmware https://www.schneier.com/blog/archives/2019/11/securityvulner20.html
• NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks https://www.bleepingcomputer.com/news/security/nsa-publishes-advisory-addressing-encrypted-traffic-inspection-risks/
• Schneier on NSA security advisory warning of the dangers of TLS inspection https://www.schneier.com/blog/archives/2019/11/thensawarns_o.html
• Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities https://www.darkreading.com/attacks-breaches/leaks-of-nsa-cia-tools-have-leveled-nation-state-cybercriminal-capabilities/d/d-id/1336438

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• Tell them nothing …. 'You already have my name': Video shows VicPD officer answering scam call https://vancouverisland.ctvnews.ca/you-already-have-my-name-video-shows-vicpd-officer-answering-scam-call-1.4689134
• 32 arrested at Indian call centre that targeted Canadians https://www.ctvnews.ca/world/32-arrested-at-indian-call-centre-that-targeted-canadians-1.4690651
• Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers https://threatpost.com/holiday-shoppers-malicious-sites-posing-retailers/150326/
• Over 100,000 Fake Domains With Valid TLS Certificates Target Major Retailers https://www.securityweek.com/over-100000-fake-domains-valid-tls-certificates-target-major-retailers
• Why Were the Russians So Set Against This Hacker Being Extradited? https://krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/
• The Evidence That Links Russia’s Most Brazen Hacking Efforts https://www.wired.com/story/sandworm-russia-cyberattack-links/
• Ransomware Attack Hits Louisiana State Servers https://www.securityweek.com/ransomware-attack-hits-louisiana-state-servers
• Ransomware Bites 400 Veterinary Hospitals https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/
• Office 365 Admins Targeted in Ongoing Phishing Scam https://threatpost.com/office-365-admins-phishing/150352/
• Fake ‘Windows Update’ Installs Cyborg Ransomware https://threatpost.com/windows-update-cyborg-ransomware/150407/
• Travelers warned not to use public charging stations over 'juice jacking' scam https://www.independent.co.uk/life-style/gadgets-and-tech/juice-jacking-scam-charging-outlet-hack-public-district-attorney-warning-a9207761.html
• Iran’s APT33 Hackers Are Targeting Industrial Control Systems https://www.wired.com/story/iran-apt33-industrial-control-systems/
• Waterloo Brewing bilked of $2.1 million in cyberattack https://globalnews.ca/news/6198880/waterloo-brewing-cyberattack/
• Official Monero website is hacked to deliver currency-stealing malware https://arstechnica.com/information-technology/2019/11/official-monero-website-is-hacked-to-deliver-currency-stealing-malware/
• Clop Ransomware Tries to Disable Windows Defender, Malwarebytes https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/
• 110 Nursing Homes Cut Off from Health Records in Ransomware Attack https://krebsonsecurity.com/2019/11/110-nursing-homes-cut-off-from-health-records-in-ransomware-attack/
• Ransomware Attackers Leak Stolen Data to Pressure Ransom https://www.bankinfosecurity.com/ransomware-attackers-leak-stolen-data-a-13438
• France's Rouen University Hospital-Charles hit by ransomware affecting 6K computers https://www.forbes.com/sites/daveywinder/2019/11/20/infection-hits-french-hospital-like-its-2017-as-ransomware-cripples-6000-computers/ and https://www.theregister.co.uk/2019/11/21/frenchhospitalrouen_ransomware/
• Large rise in smaler DDoS attacks over past year https://www.itproportal.com/news/ddos-attacks-saw-a-huge-rise-over-past-year/
• Hijacking of Disney+ accounts appears to be a case of 'credential stuffing' (reuse of previously breached passwords) https://www.wired.com/story/disney-plus-hacks-credential-stuffing/
• A crime of opportunity: Why some shoppers steal at self-checkout https://www.cbc.ca/news/business/self-checkout-shoplifting-retail-theft-1.5361316
• McLeod VS. Cidel: Bank wires fraudsters over $800K of retiree's savings, despite red flags https://www.cbc.ca/news/canada/calgary/wire-fraud-email-condo-sale-1.5358363
• Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones https://www.wired.com/story/bluetooth-scanner-car-thefts/
• First Cypriot to Be Extradited to US, on Hacking Charges https://www.securityweek.com/first-cypriot-be-extradited-us-hacking-charges
• DDoS-for-Hire Boss Gets 13 Months Jail Time https://krebsonsecurity.com/2019/11/ddos-for-hire-boss-gets-13-months-jail-time/
• Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison https://thehackernews.com/2019/11/lisov-neverquest-russian-hacker.html

Other Security / Risk

Articles covering other types of risks.

• More reasons to move away from SMS based 2FA https://isc.sans.edu/diary.html?storyid=25526
• Canada warned of fallout on Five Eyes relationship if Huawei allowed on 5G https://www.cbc.ca/news/politics/canada-warned-of-fallout-on-five-eyes-relationship-if-huawei-allowed-on-5g-1.5370992
• Citizen- or Third-Party Developed Applications Security need to be better managed https://www.linkedin.com/pulse/citizen-third-party-developed-applications-security-peter-t-davis
• Some Cyber Roles are Overstaffed While Others Are Understaffed https://blog.isc2.org/isc2_blog/2019/11/some-cyber-roles-are-overstaffed-while-others-are-understaffed.html
• When Bank Communication is Indistinguishable from Phishing Attacks https://www.troyhunt.com/when-bank-communication-is-indistinguishable-from-phishing-attacks/
• Smart homes may not live up to the hype https://staceyoniot.com/the-chickens-are-coming-home-to-roost-in-the-smart-home/
• Designer error and User Interfaces: How the Dumb Design of a WWII Plane Led to the Macintosh https://www.wired.com/story/how-dumb-design-wwii-plane-led-macintosh/
• A Researcher Explains Why Those Beautiful Infographic Maps Can Be So Misleading https://www.sciencealert.com/reading-maps-is-tricky-business-and-that-s-not-necessarily-your-fault
• Are Pricey New Drugs Better Than Old Ones? https://www.scientificamerican.com/article/are-pricey-new-drugs-better-than-old-ones/
• Samoa declares state of emergency after measles deaths https://www.cnn.com/2019/11/18/health/samoa-measles-emergency-intl-scli/index.html
• Children fish WW2 ammo from pond with magnet https://www.bbc.co.uk/news/world-europe-50457976
• We've Found a Serious New Health Risk to Human Spaceflight https://www.sciencealert.com/we-ve-found-a-serious-new-health-risk-to-spaceflight-that-could-make-a-mars-trip-risky
• Airbus CCO Christian Scherer: Boeing's 737 Max grounding benefits no one https://www.cnbc.com/2019/11/17/airbus-cco-christian-scherer-boeings-737-max-grounding-benefits-no-one.html
• GPS Manipulation in Shanghai https://www.schneier.com/blog/archives/2019/11/gps_manipulatio.html
• Grid reliability under climate change may require more power generation capacity https://scienmag.com/grid-reliability-under-climate-change-may-require-more-power-generation-capacity/
• Nitrous oxide, a greenhouse gas, is on the rise https://scienmag.com/nitrous-oxide-a-greenhouse-gas-is-on-the-rise/
• Venice floods: Further warnings of high tides https://www.bbc.co.uk/news/av/world-europe-50452688/venice-floods-further-warnings-of-high-tides
• Earth May Have Just Seen Its 8th Strongest Tropical Cyclone on Record https://blogs.scientificamerican.com/eye-of-the-storm/earth-may-have-just-seen-its-8th-strongest-tropical-cyclone-on-record/
• Climate change reassessment prompts call for a ‘more sober’ discourse https://scienmag.com/climate-change-reassessment-prompts-call-for-a-more-sober-discourse/
• We’d Better Be Ready To Rethink The Meaning Of Work, Because Things Are ChangingFast https://www.forbes.com/sites/enriquedans/2019/11/17/wed-better-be-ready-to-rethink-the-meaning-of-work-because-things-are-changingfast/
• Three Small US Banks Collapse Over Past Month https://www.pymnts.com/bank-regulation/2019/three-small-us-banks-collapse-over-past-month/
• Huawei Warns Trump And Google: You’re Running Out Of Time https://www.forbes.com/sites/zakdoffman/2019/11/16/huawei-warns-trump-and-google-youre-running-out-of-time/
• Iran Has Shut Off the Internet https://www.schneier.com/blog/archives/2019/11/iranhasshut_o.html and https://www.wired.com/story/iran-internet-shutoff/
• Why Iran’s Internet Shutdown Is A Stark Warning For Russians https://www.forbes.com/sites/zakdoffman/2019/11/18/why-irans-internet-shutdown-is-a-stark-warning-for-russia/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Energy startup backed by Bill Gates achieves solar breakthrough with improved solar oven able to replace industrial high temperature ovens https://www.cnn.com/2019/11/19/business/heliogen-solar-energy-bill-gates/index.html
• Does Nuclear Power Slow Or Speed Climate Change? https://www.forbes.com/sites/amorylovins/2019/11/18/does-nuclear-power-slow-or-speed-climate-change/
• Researchers create swarms of tiny robots to attack and remove blood clots https://scienmag.com/researchers-create-swarms-of-tiny-robots-to-attack-and-remove-blood-clots/
• Top 10 Emerging Technologies of 2019 https://www.scientificamerican.com/article/top-10-emerging-technologies-of-2019/
• Brain Scans Confirm There's No Difference Between Boy And Girl Brains Doing Math https://www.sciencealert.com/there-s-no-difference-between-boys-and-girls-brains-when-it-comes-to-maths
• Dog years get new math https://www.sciencealert.com/what-s-the-real-human-equivalent-of-your-dog-s-age-here-s-a-new-formula-to-figure-it-out
• Shark proof wetsuit material could help save lives https://scienmag.com/shark-proof-wetsuit-material-could-help-save-lives/
• Over 140 New Nazca Lines Have Been Discovered, And We Finally Have Clues to Their Use https://www.sciencealert.com/over-140-mysterious-geoglyphs-discovered-within-the-ancient-nazca-lines
• Two of Neptune’s Moons Dance Around Each Other as they Orbit https://www.universetoday.com/144029/two-of-neptunes-moons-dance-around-each-other-as-they-orbit/
• That Rogue Interstellar Comet Was Imaged Almost a Year Before Its Actual Discovery https://www.sciencealert.com/interstellar-comet-2i-borisov-was-imaged-almost-a-year-before-its-actual-discovery