This Week’s [in]Security – Issue 141

Welcome to This Week’s [in]Security. This week: Major PCI announcements P2PEv3, CPoC reaction, SPoC update, DSS 4.0 questions, alignment. Updated web site. Holiday fraud warnings. Payment trends. Desjardins breach widens. More GDPR fines. Ransom/breach-ware is now a thing. Leaky buckets. Law enforcement and DNA-genealogy. Advertisers want to be exempt from privacy. CCPA, IoT laws, FUD and back-doors, more border risks, anti-trust. Credential protection, muting robocalls, cloud firewalls, awareness video, fraud analytics. Shadow IT. Power plants. More Intel hardware flaws. Hardware password manager FAIL. Creepy IoT-  don't ring, don't blink. Telcos and scammers. Bye, bye Windows 7. Lots of ransomware. Smart-meter scams.  AI's black-box problem. 737 Max fatality projections. Fluoride. Electric plane. New carbon capture. Breaking down plastic.  And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

News and announcements relating to Payment Security, Payments, PCI, and Card Brands.

• We've been renovating our web site https://controlgap.com/. You can find our blogs and news feeds at https://controlgap.com/blog#blogs and https://controlgap.com/blog?tag=insecurity

• PCI release P2PE v3 - major update, much more modular more types of component providers (approved 3rd parties), fully backward compatible with v2 and partially forward compatible from v2, mandatory in 18 months:

  • Summary of changes https://www.pcisecuritystandards.org/documents/P2PEv3.0SummaryOfChanges.pdf
  • Program Guide https://www.pcisecuritystandards.org/documents/P2PEProgramGuide_v3.0.pdf
  • Glosary https://www.pcisecuritystandards.org/documents/P2PEv3.0Glossary.pdf
  • PIM template https://www.pcisecuritystandards.org/documents/P2PEv3.0PIM_Template.docx
  • Standard https://www.pcisecuritystandards.org/documents/P2PEv3.0Standard.pdf
  • Reporting templates (6), attestatations (5) https://www.pcisecuritystandards.org/document_library?category=p2pe
  • P2PE v3.0: What Vendors and Assessors Need to Know https://blog.pcisecuritystandards.org/p2pe-v3-0-what-vendors-and-assessors-need-to-know
  • P2PE v3.0: What Merchants Need to Know https://blog.pcisecuritystandards.org/p2pe-v3-0-what-merchants-need-to-know
• Updated SPoC Technical FAQ's https://www.pcisecuritystandards.org/documents/SPoCTechnicalFAQs_v1.4.pdf
• 5 Questions About PCI DSS v4.0 https://blog.pcisecuritystandards.org/5-questions-about-pci-dss-v4-0
• Increasing Standards Alignment and Consistency https://blog.pcisecuritystandards.org/increasing-standards-alignment-and-consistency
• Articles on last weeks PCI Contactless Payments on COTs announcments https://www.verdict.co.uk/electronic-payments-international/news/pci-council-contactless-payments-standard/, https://www.pymnts.com/safety-and-security/2019/pci-issues-new-requirements-for-tap-and-go-payments/, https://www.nfcw.com/2019/12/05/365189/pci-publishes-cpoc-standard-for-accepting-contactless-payments-on-off-the-shelf-nfc-devices/, https://www.mobilepaymentstoday.com/news/pci-ssc-publishes-new-standards-to-grow-use-of-contactless-payments/, https://www.finextra.com/pressarticle/80864/pci-publishes-new-standard-for-contactless-mobile-payments
• How Do Payment Habits Differ Around The World? https://www.forbes.com/sites/quora/2019/12/09/how-do-payment-habits-differ-around-the-world/
• Visa alert: Cybercrime groups targeting fuel dispenser merchants http://click.broadcasts.visa.com/xfm/?30761/0/20d5b44197dbd6ee2200d4b119765dda/lonew
• Attackers Steal Credit Cards in Rooster Teeth Data Breach https://www.bleepingcomputer.com/news/security/attackers-steal-credit-cards-in-rooster-teeth-data-breach/
• New Paths For Payments And Commerce In The 2020s And Beyond https://www.pymnts.com/today-in-data/2019/new-paths-for-payments-and-commerce-in-2020s/
• Mastercard Starts Pilots in Australia to Test Its Vision for a Consumer-Controlled ID Model https://www.digitaltransactions.net/mastercard-starts-a-pilot-in-australia-to-test-its-vision-for-a-consumer-controlled-id-model/
• Canadian Credit Unions Introduce Interac Debit On Google Pay https://www.pymnts.com/credit-unions/2019/canadian-credit-unions-introduce-interac-debit-on-google-pay/
• Canadians Embrace Contactless Payments, but They’re Still Wary of Using Mobile Devices https://www.digitaltransactions.net/canadians-embrace-contactless-payments-but-theyre-still-wary-of-using-mobile-devices/
• Be Alert this Holiday Season: Payment Security Tips for Businesses https://blog.pcisecuritystandards.org/be-alert-this-holiday-season-payment-security-tips-for-businesses
• Joker's Stash Celebrates Turkey Day With Stolen Card Data https://www.databreachtoday.com/jokers-stash-celebrates-turkey-day-stolen-card-data-a-13486
• FIN8 Targets Card Data at Fuel Pumps https://threatpost.com/fin8-targets-card-data-fuel-pumps/151105/
• Dridex Operators Continue to Target Financial Services, DHS Warns https://www.securityweek.com/dridex-operators-continue-target-financial-services-dhs-warns
• "Potential scope of Desjardins data breach widens to include another 2 million credit card holders. https://www.cbc.ca/news/canada/montreal/potential-scope-of-desjardins-data-breach-widens-to-include-another-2-million-credit-card-holders-1.5391021"
• Is cashless underserving the underbanked? https://www.mobilepaymentstoday.com/blogs/is-cashless-underserving-the-underbanked/

Breaches / Leaks

Covering breaches, leaks, data exposures, and their fallout.

• ICO Puts Business Leaders on Notice, Threatens Marriott with £99 Million GDPR Fine https://www.cbronline.com/news/marriott-fined-gdr
• GDPR Violation: German Privacy Regulator Fines 1&1 Telecom $11M https://www.bankinfosecurity.com/gdpr-breach-german-privacy-regulator-fines-11-telecom-a-13482
• Ransomware: Cybercriminals are adding a new twist to their demands - pay up or we leak your data https://www.zdnet.com/article/ransomware-cybercriminals-are-adding-a-new-twist-to-their-demands/
• Data Leak Week: Billions of Sensitive Files Exposed Online in Insecure Buckets https://www.darkreading.com/cloud/data-leak-week-billions-of-sensitive-files-exposed-online/d/d-id/1336574
• Thousands of iPR Software Users Exposed on Amazon S3 Bucket https://www.securityweek.com/thousands-ipr-software-users-exposed-amazon-s3-bucket
• 15 Million Iranian Bank Accounts Were Breached https://www.wired.com/story/security-roundup-15-million-iranian-bank-accounts-breached/
• Birth Certificate Data Laid Bare on the Web in Multiple States https://threatpost.com/birth-certificate-data-multiple-states/150948/
• 2.7 billion email addresses exposed online, more than 1 billion of them include passwords https://www.comparitech.com/blog/information-security/2-7-billion-email-addresses-exposed-online/
• Stolen Hard Drives Had Payroll Data For 29,000 Facebook Workers https://www.mercurynews.com/stolen-hard-drives-had-payroll-data-for-29000-facebook-workers and https://www.theregister.co.uk/2019/12/13/facebookdataloss/
• Shaw customers informed of data breach six months after incident https://calgarysun.com/news/local-news/shaw-informs-customers-of-data-breach-six-months-after-incident/
• GE, Dunkin’, Forever 21 Caught Up in Broad Internal Document Leak https://threatpost.com/ge-dunkin-forever21-internal-doc-leak/150920/
• (This sadly is a rare occurrence) Alectra confirms no data breach as originally reported by the City of Hamilton https://globalnews.ca/news/6295568/alectra-confirms-no-data-breach-hamilton/
• Banner Health Breach Lawsuit Settled https://www.bankinfosecurity.com/banner-health-breach-lawsuit-settled-a-13480
• FTC Sanctions Defunct Cambridge Analytica: So What? https://www.bankinfosecurity.com/blogs/ftc-sanctions-defunct-cambridge-analytica-so-what-p-2830 and https://epic.org/2019/12/ftc-announces-non-penalty-in-c.html

Privacy

Articles about privacy related news, risks, and trends.

• Scrutiny of Google's Access to Patient Data Intensifies https://www.bankinfosecurity.com/scrutiny-googles-access-to-patient-data-intensifies-a-13495
• Genetic Genealogy Company GEDmatch Acquired by Company With Ties to FBI & Law Enforcement—Why You Should Be Worried https://www.eff.org/deeplinks/2019/12/genetic-genealogy-company-gedmatch-acquired-company-ties-fbi-law-enforcement-why
• (This is concerning no matter who's doing it) The Trump Campaign Is Deploying Phone Location-Tracking Technology https://theintercept.com/2019/12/11/the-donald-trump-campaign-is-deploying-phone-location-tracking-technology/
• Extracting Data from Smartphones https://www.schneier.com/blog/archives/2019/12/extracting_data.html
• Advertisers want exemption from web privacy rules that, you know, enforce privacy https://www.theregister.co.uk/2019/12/09/adgroupsprivacy_rules/
• Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance https://www.eff.org/wp/behind-the-one-way-mirror
• FBI warns hackers can use smart home devices to 'do a virtual drive-by of your digital life' https://www.dailymail.co.uk/sciencetech/article-7777565/FBI-warns-hackers-use-smart-home-devices-virtual-drive-digital-life.html

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• The Week in Tech: Countdown to the California Consumer Privacy Act https://www.nytimes.com/2019/12/13/technology/california-consumer-privacy-act-ccpa.html
• Personal Data Protection Bill Makes Headway In India https://www.pymnts.com/news/regulation/2019/personal-data-protection-bill-makes-headway-in-india/
• FUD: Scaring People into Supporting Backdoors https://www.schneier.com/blog/archives/2019/12/scaringpeople\.html
• California and Oregon’s new IoT laws: How will they impact you? https://www.comparitech.com/blog/information-security/california-oregons-iot-laws/
• Reforming Communications Decency Act CDA 230 https://www.schneier.com/blog/archives/2019/12/reformingcda2.html
• Attention travellers: Despite recent ruling, U.S. border agents can still easily search your phone https://www.cbc.ca/news/world/cellphone-border-searches-customs-border-1.5387612
• Is your Organization Suffering From Third-Party "Compliance Drift"? https://www.bankinfosecurity.com/blogs/enzoic-blog-6-6-x2-p-2806
• Canadians travelling to or through U.S. should pay close attention to their withering rights https://www.cbc.ca/news/opinion/opinion-border-crossing-rights-1.5382547
• EFF Report Shows FBI Is Failing to Address First Amendment Harms Caused By National Security Letters https://www.eff.org/deeplinks/2019/12/eff-report-shows-fbi-failing-address-first-amendment-harms-caused-national
• FTC Mulls Antitrust Injunction Against Facebook https://www.pymnts.com/facebook/2019/ftc-mulls-antitrust-injunction-against-facebook/
• The lawyer who led the antitrust battle against Microsoft says tech's 'next big fight' will be making sure Amazon doesn't unfairly lock customers in to its cloud https://www.businessinsider.com/gary-reback-ftc-amazon-cloud-rivals-antitrust-probe-2019-12
• "NIST interactive workshop and conference on “Identify Management and Access Control in Multi-Cloud” Jan 22-24 for further information & point of contact for conference: https://www.nist.gov/news-events/events/2020/01/identity-management-access-control-multiclouds-workshop-and-conference "

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Google Chrome will check for leaked credentials every time you sign in anywhere https://www.theregister.co.uk/2019/12/11/googlechromecredential_check/
• Google's latest Pixel update automatically silences unknown numbers in a push to end robocalls once and for all https://www.businessinsider.com/google-pixel-android-update-silence-robocalls-assistant-2019-12
• Cloud and Firewalls: Gartner Has It Right. Palo Alto Networks Has it Wrong. https://www.forbes.com/sites/richardstiennon/2019/12/09/gartner-has-it-right-palo-alto-networks-has-it-wrong/
• Google Releases Open Source Tool for Finding File Access Vulnerabilities https://www.securityweek.com/google-releases-open-source-tool-finding-file-access-vulnerabilities
• Canada's cyber intelligence agency is helping the U.K. protect its election https://www.cbc.ca/news/politics/cse-uk-election-1.5385818
• GitLab Doles Out Half a Million Bucks to White Hats https://threatpost.com/gitlab-doles-out-half-a-million-bucks-to-white-hats/151138/
• Can DuckDuckGo replace Google search while offering better privacy? https://www.theguardian.com/technology/askjack/2019/dec/12/duckduckgo-google-search-engine-privacy
• Tailgating awareness video "Thanks Larry" https://www.darkreading.com/edge/theedge/thanks-larry!/b/d-id/1336592
• Metasploit for drones? Best of luck with that, muses veteran tinkerer https://www.theregister.co.uk/2019/12/09/dronesploit_framework/
• Worlds largest computing society announces 2019 Fellows https://scienmag.com/worlds-largest-computing-society-announces-2019-fellows/
• Download: The 2020 Cybersecurity Salary Survey Results https://thehackernews.com/2019/12/cybersecurity-jobs-salary.html
• Benefits of fraud data https://news.cardnotpresent.com/news/5-ways-fraud-data-can-creatively-boost-your-business
• The Fraud That 85 Percent Of Fraud Detection Systems Miss https://www.pymnts.com/news/security-and-risk/2019/synthetic-fraud-evolution-prevention-tools/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long https://www.forbes.com/sites/louiscolumbus/2019/12/15/shadow-it-is-the-cybersecurity-threat-that-keeps-giving-all-year-long/
• Critical Remote Code-Execution Bugs Threaten Global Power Plants https://threatpost.com/critical-remote-code-execution-global-power-plants/151087/
• Intel Issues Fix for 'Plundervolt' SGX Flaw https://www.darkreading.com/vulnerabilities---threats/intel-issues-fix-for-plundervolt-sgx-flaw/d/d-id/1336589
• Intel's CPU Flaws Continue to Create Problems for the Tech Community https://www.darkreading.com/vulnerabilities---threats/intels-cpu-flaws-continue-to-create-problems-for-the-tech-community-/a/d-id/1336533
• Hackers Can Mess With Voltages to Steal Intel Chips' Secrets https://www.wired.com/story/plundervolt-intel-chips-sgx-hack/
• If You Don’t Update To Apple iOS 13.3 You Could Get Locked Out Of Your iPhone https://www.forbes.com/sites/daveywinder/2019/12/11/if-you-dont-update-to-apple-ios-133-you-could-get-locked-out-of-your-iphone/ and https://threatpost.com/airdos-bug-cripples-nearby-iphones/151030/
• LightAnchors array: LEDs in routers, power strips, and more, can sneakily ship data to this smartphone app https://www.theregister.co.uk/2019/12/12/augmentedrealityleddatatransfer/
• Doh! Hardware-based Password Managers Store Credentials in Plaintext https://www.securityweek.com/hardware-based-password-managers-store-credentials-plaintext
• Creepy: Santa hacker speaks to girl via smart camera https://www.bbc.co.uk/news/technology-50760103
• Serious Security Flaws Found in Children’s Connected Toys https://threatpost.com/serious-security-flaws-found-in-childrens-connected-toys/151020/
• Bad news: KeyWe Smart Lock is easily bypassed and can't be fixed https://www.theregister.co.uk/2019/12/11/fsecurekeywe/
• Hacker hurls racial slurs at family after breaking into home Ring camera https://globalnews.ca/news/6282895/ring-camera-hacker-racial-slurs/
• Blink Cameras Found with Multiple Vulnerabilities https://www.darkreading.com/vulnerabilities---threats/blink-cameras-found-with-multiple-vulnerabilities/d/d-id/1336571
• Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis https://www.wired.com/story/ring-hacks-exemplify-iot-security-crisis/
• Insecure Network Protocols: The Hidden Dangers https://www.packetlabs.net/insecure-network-protocols/
• 5 Questions to Ask Legal About Vulnerability Disclosure https://www.tenable.com/blog/5-questions-to-ask-legal-about-vulnerability-disclosure
• Blunt the Effect of the Two-Edged Sword of Vulnerability Disclosures https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures
• Paper: Benchmarking Post-Quantum Cryptography in TLS https://eprint.iacr.org/2019/1447
• Get ready for the nag screens. Here's what will happen to your Windows 7 PC on January 15, 2020 https://www.zdnet.com/article/heres-what-will-happen-to-your-windows-7-pc-on-january-15-2020/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• CRTC calls on Canadian telecoms to do more to fight scammers https://www.cbc.ca/news/politics/phone-scams-crtc-telecom-1.5389080
• Waterbear is Back, Uses API Hooking to Evade Security Product Detection https://blog.trendmicro.com/trendlabs-security-intelligence/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection/
• Trickbot Operators Now Selling Attack Tools to APT Actors https://www.darkreading.com/attacks-breaches/trickbot-operators-now-selling-attack-tools-to-apt-actors/d/d-id/1336590
• Who’s Hacking Your Spotify? https://www.nytimes.com/2019/12/05/style/spotify-hacked-what-to-do.html
• Windows 10 Warning: ‘Devious And Evil’ Malware Bypasses Security Software https://www.forbes.com/sites/daveywinder/2019/12/10/windows-10-security-warning-as-devious-and-evil-malware-bypasses-antivirus-measures/
• Criminals Hide Fraud Behind the Green Lock Icon https://www.darkreading.com/theedge/criminals-hide-fraud-behind-the-green-lock-icon/b/d-id/1336549
• Highly Targeted 'Zeppelin' Ransomware Hits Tech, Healthcare Firms https://www.securityweek.com/highly-targeted-zeppelin-ransomware-hits-tech-healthcare-firms
• Algonquin and Lakeshore Catholic District School Board victim of malware attack https://globalnews.ca/news/6295160/algonquin-lakeshore-school-board-malware-attack/
• Suspected Cyberattack Hobbles New Orleans City Government https://www.securityweek.com/suspected-cyberattack-hobbles-new-orleans-city-government
• Georgia Wire Manufacturer Struck by Ransomware https://www.bankinfosecurity.com/georgia-wire-manufacturer-struck-by-maze-ransomware-a-13496
• September cyberattack cost Woodstock nearly $670,000 https://globalnews.ca/news/6277131/cyberattack-woodstock-cost/
• U.S. City Hit by Cyberattack Days After Military Base Shooting https://www.securityweek.com/us-city-hit-cyberattack-days-after-military-base-shooting
• The Great $50M African IP Address Heist https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/
• A Facebook worker reportedly accepted thousands of dollars in bribes to restore banned accounts (FB) https://www.businessinsider.com/facebook-contractor-bribe-restored-banned-accounts-report-2019-12
• $200,000 Internet Fraud: Will Anyone Investigate? https://www.bankinfosecurity.com/blogs/us200k-internet-fraud-will-someone-investigate-p-2828
• Five Charged in $722 Million Cryptomining Ponzi Scheme https://www.databreachtoday.com/five-charged-in-722-million-cryptomining-ponzi-scheme-a-13490
• Romanian Duo Receives Jailtime For Infecting 400,000 With Malware https://threatpost.com/romanian-duo-jailtime-malware/150942/
• Lawyers for QuadrigaCX customers ask RCMP to exhume body of Gerald Cotten https://globalnews.ca/news/6293160/quadriga-cx-exhume-gerald-cotten/
• Winnipeg police warn of gift card scam https://globalnews.ca/news/6289280/winnipeg-police-gift-card-scam-warning/
• Fraudsters almost swindled the Royal Canadian Mint with payroll 'spoofing' scam https://www.cbc.ca/news/politics/mint-spear-phishing-scam-1.5392036
• RCMP reveal they've been working with Amazon to catch thieves with bait packages https://www.cbc.ca/news/canada/british-columbia/prince-george-rcmp-amazon-catch-thieves-bait-packages-1.5393279
• SaskPower warns customers of phone scam surrounding smart meters https://globalnews.ca/news/6292779/saskpower-phone-scam-smart-meters/
• Credential Harvesting Campaign Targets Government Procurement Services https://www.securityweek.com/credential-harvesting-campaign-targets-government-procurement-services
• More than 320 catalytic converters stolen in Edmonton since October https://globalnews.ca/news/6283826/edmonton-police-catalytic-converters-thefts/

Other Security / Risk

Articles covering other types of risks.

• How saving the ozone layer in 1987 slowed global warming https://scienmag.com/how-saving-the-ozone-layer-in-1987-slowed-global-warming/
• Researchers to tackle the mysteries of the AI 'black box' problem https://scienmag.com/researchers-to-tackle-the-mysteries-of-the-ai-black-boxa-problem/
• Failure Modes in Machine Learning https://www.schneier.com/blog/archives/2019/12/failuremodesi.html
• Could Virtual Reality Influence Election Campaigns? https://www.forbes.com/sites/solrogers/2019/12/10/could-virtual-reality-influence-election-campaigns/
• WhatsApp Says Israeli Firm Used Its App in Spy Program https://citizenlab.ca/2019/10/new-york-times-whatsapp-says-israeli-firm-used-its-app-in-spy-program/
• The FAA calculated that Boeing's 737 Max could crash a total of 15 times, killing more than 3,000 people, if it wasn't grounded and fixed https://www.businessinsider.com/boeing-737-max-faa-feared-15-more-crashes-document-shows-2019-12
• Here's What Happened When a City in Alaska Took Fluoride Out of Its Drinking Water https://www.sciencealert.com/here-s-what-happened-when-a-city-in-alaska-took-fluoride-out-of-its-drinking-water
• Three-digit suicide prevention hotline - 988 - given green light in US https://www.bbc.co.uk/news/world-us-canada-50781661
• A New Jersey man was killed after being pinned by a 2002 Lexus that was retrofitted with a remote ignition https://www.businessinsider.com/new-jersey-man-dies-pinned-remote-car-starter-report-2019-12
• White Island volcano: Why New Zealand is importing skin https://www.bbc.co.uk/news/health-50743303
• ‘It isn’t safe yet’: Trucks fall through the ice on Lake Winnipeg https://globalnews.ca/news/6273990/it-isnt-safe-yet-trucks-fall-through-the-ice-on-lake-winnipeg/
• Why New Zealand's White Island Erupted Without Warning https://www.scientificamerican.com/article/why-new-zealands-white-island-erupted-without-warning/
• Thousands of Mysterious Holes Have Been Found in The Ocean Floor Off The Californian Coast https://www.sciencealert.com/thousands-of-mysterious-holes-have-been-found-in-the-ocean-floor-off-the-californian-coast
• The Fed's liquidity problem hasn't yet gone away — and an abrupt shock may be looming in 2020 https://markets.businessinsider.com/news/stocks/the-fed-s-liquidity-problem-hasn-t-yet-gone-away-and-an-abrupt-shock-may-be-looming-in-2020-1028747171
• Four hours to walk off pizza calories' warning works https://www.bbc.co.uk/news/health-50711652
• Arizona man ‘registers’ swarm of bees as emotional support animals — to prove a point https://globalnews.ca/news/6282569/bee-emotional-support-animal/
• A Harvard geneticist is creating a dating app that matches users based on DNA, and people are worried it's eugenics https://www.businessinsider.com/harvard-geneticist-dating-app-matches-users-based-on-dna-eugenics-2019-12
• "Microsoft’s first Office app arrives on Linux. https://www.theverge.com/2019/12/10/21004846/microsoft-office-linux-microsoft-teams-app-launch-public-preview"
• Russia doping ban: A timeline of cases and coverups https://globalnews.ca/news/6271912/russia-doping-olympics-timeline/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• The World's First Fully Electric Plane Has Flown Successfully For Almost 15 Minutes https://www.sciencealert.com/the-first-fully-electric-plane-takes-to-the-skies-for-10-successful-minutes
• Scientists Find a Way to Break Plastic Down Into Useful Chemicals With Light https://www.sciencealert.com/scientists-have-found-a-way-to-break-plastic-down-into-useful-chemicals-using-sunlight
• A sustainable new material for carbon dioxide capture https://scienmag.com/a-sustainable-new-material-for-carbon-dioxide-capture/
• Space Heater: Scientists Find New Way to Transfer Energy Through a Vacuum https://www.scientificamerican.com/article/space-heater-scientists-find-new-way-to-transfer-energy-through-a-vacuum/
• Scientists Just Created Quantum States in Everyday Electronics https://www.sciencealert.com/scientists-have-managed-to-create-quantum-states-in-everyday-electronics
• SpaceX to Make Starlink Satellites Dimmer to Lessen Impact on Astronomy https://www.scientificamerican.com/article/spacex-to-make-starlink-satellites-dimmer-to-lessen-impact-on-astronomy/
• NASA Completes Core Stage of The Next Rocket to Take Us to The Moon, And It's Glorious https://www.sciencealert.com/nasa-s-finally-completed-it-s-next-moon-rocket-and-we-can-t-wait
• Astronomers surprised to find a star similar to our sun devouring the atmosphere of a giant planet https://www.cbc.ca/news/technology/white-dwarf-exoplanet-1.5387790
• So, about that 'too massive' black hole… yeah, not so much. https://www.syfy.com/syfywire/so-about-that-too-massive-black-hole-yeah-not-so-much
• Secret miltary bases are fuel for conspiracy theories, but at their core is a grain of truth. Here's an article talking about 5 of them. But we have to ask if they are actually travel destinations now? https://www.reservations.com/blog/resources/secret-military-bases/ (We were surpised they didn't mention the experiment on https://en.wikipedia.org/wiki/Gruinard_Island))
• Electric eel powers Christmas tree lights in shocking aquarium exhibit https://globalnews.ca/news/6253649/electric-eel-christmas-lights/