This Week’s [in]Security – Issue 156

Welcome to This Week’s [in]Security. Trending: Improved layout. COVID-19 update spread, impact, and behaviour. Extreme measures. Supplies. Masks. Tragedy. COVIDIOTS. Remote and Work from Home. Magecart. Carders smacked. Virus surveillance. Facial recognition gets scarier. Zoom privacy issues. Insurance and COVID. Internet and mail-in voting. NIST. Testing, treatments and trials. Industry steps up. 3D printers. ICS hacking. Reporting vulnerabilities isn't easy. Snail mail USB booby traps. Bypassing 2FA. And more.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

New - Emerging Issues and Trending Stories

This special section is dedicated to emerging issues and trending stories that cross multiple of our regular news categories.

Coronovirus updates. After 7 weeks of reporting all Coronavirus articles under "Trending", we are changing the way we report COVID articles to you so it is less overwhelming. Going forward we will be reporting many of these articles beneath our normal blog section headings each with a sub-group dedicated to COVID-19. For example:

• Facts about its spread, direct impact, and how people react will continue under Trending.
• Regulations and restrictions to counter the virus will be under Regulations.
• Treatments, Vaccines, Innovations, Coping methods under Defense
• Information on how/why it spreads, improvements understanding it, etc. under Vulnerabilities
• Breaches (and Ransomware) under Breaches.
• Economic impact and articles that don't fit into the other categories will be under Other Risk.
• Privacy Implications, PCI/Payments, Cybercrime under their respective sections Our first regular reports on coronavirus can be found at https://controlgap.com/blog/this-weeks-insecurity-issue-147. And our first use of the trending topic section can be found https://controlgap.com/blog/this-weeks-insecurity-issue-149.

• COVID-19 spread:

  • Pandemic is 'accelerating', WHO warns as cases pass 300,000 https://www.bbc.co.uk/news/world-52010304
  • WHO Daily situation reports https://www.who.int/emergencies/diseases/novel-coronavirus-2019/situation-reports
  • New York Has More Confirmed Coronavirus Cases Than All Of France https://www.forbes.com/sites/trevornace/2020/03/23/new-york-has-more-confirmed-coronavirus-cases-than-all-of-france/
  • Coronavirus: Spain’s death toll surpasses China’s https://www.bbc.co.uk/news/world-europe-52036836
  • USA Now Has More COVID-19 Cases Than Any Other Country in The World https://www.sciencealert.com/usa-is-now-the-centre-of-the-covid-19-outbreak-as-their-case-numbers-top-italy-s
  • A coronavirus 'super-spreader' in India who refused to self-isolate sparked an outbreak that left 40,000 people in quarantine https://www.businessinsider.com/coronavirus-super-spreader-linked-to-quarantine-of-40000-in-india-2020-3
  • South Korea reports lowest number of new cases in four weeks https://www.bbc.co.uk/news/world-asia-52001837
  • Germany has a remarkably low coronavirus death rate https://www.businessinsider.com/germany-why-coronavirus-death-rate-lower-italy-spain-test-healthcare-2020-3
  • Up to 4K undiagnosed coronavirus cases in Ottawa https://globalnews.ca/news/6716377/coronavirus-ottawa-covid-19/
  • Toronto subway operator tests positive for COVID-19 https://globalnews.ca/news/6727591/coronavirus-ttc-subway-operator-covid-19/
  • Inmate at Toronto South Detention Centre tests positive for COVID-19 https://globalnews.ca/news/6734327/coronavirus-inmate-toronto-prison/
  • 13 healthcare workers test positive for COVID-19 in Toronto https://globalnews.ca/news/6717564/coronavirus-toronto-health-care-workers/
  • Stay home, stay informed': Ontario reports 1st COVID-19-related death as province declares state of emergency https://www.cbc.ca/news/canada/toronto/coronavirus-covid-19-ontario-tuesday-1.5500006
  • Ontario's COVID-19) information page https://www.ontario.ca/page/2019-novel-coronavirus
  • Exponential Infection Increases Are Deadly Serious https://www.scientificamerican.com/podcast/episode/exponential-infection-increases-are-deadly-serious/
  • A new CDC report said the coronavirus was found on surfaces in cabins aboard the Diamond Princess 17 days after passengers disembarked, but that doesn't necessarily mean it could have infected people https://www.businessinsider.com/coronavirus-found-on-diamond-princess-surfaces-17-days-later-2020-3
  • Forbes’ Time Line Of The Coronavirus https://www.forbes.com/sites/elisabethbrier/2020/03/23/forbes-timeline-of-the-coronavirus/

• COVID-19 impact:

  • Coronavirus: Iran bans internal travel to avert 'second wave' https://www.bbc.co.uk/news/world-middle-east-52039298
  • India's 1.3billion population in lockdown https://www.theguardian.com/world/gallery/2020/mar/27/indias-13billion-population-in-lockdown-in-pictures
  • At least 1 N.Y. hospital has 2 patients on single ventilator as coronavirus cases rise https://globalnews.ca/news/6738273/new-york-coronavirus-split-ventilators/
  • At least 2 Toronto hospitals begin rationing protective gear as COVID-19 crisis deepens https://globalnews.ca/news/6731507/coronavirus-ontario-hospitals-protective-gear-rationing-covid-19/
  • America’s Hospitals Have Never Experienced Anything Like This https://www.theatlantic.com/science/archive/2020/03/coronavirus-hospitals-need-more-beds/608677/
  • A massive stockpile of 39 million N95 masks is being sold to American hospitals — around 27 million more than the US government's emergency stockpile https://www.businessinsider.com/coronavirus-39-million-n95-medical-masks-stockpile-us-hospitals-union-2020-3
  • The US government reportedly has a stockpile of 1.5 million expired N95 masks in storage as hospitals around the country face critical shortage https://www.businessinsider.com/cbp-stockpile-expired-n95-masks-in-storage-indiana-coronavirus-2020-3
  • Everybody who was in New York should be self-quarantining' https://www.businessinsider.com/all-new-york-visitors-and-residents-self-quarantine-coronavirus-2020-3
  • Photos show the National Guard converting New York City's Javits Center into a disaster hospital https://www.businessinsider.com/photos-emergency-coronavirus-hospital-built-in-nyc-javits-center-2020-3
  • Why Canada's COVID-19 'war-time' response could be derailed by a swab on a stick https://www.cbc.ca/news/health/covid19-testing-1.5509051
  • Ontario schools won’t reopen on April 6 https://globalnews.ca/news/6719180/coronavirus-ontario-schools-doug-ford/
  • Ontario issues emergency alert warning returning travellers to stay home for 14 days https://www.cbc.ca/news/canada/toronto/coronavirus-alert-1.5512525
  • Ontarians with COVID-19 no longer require tests to be considered virus-free https://globalnews.ca/news/6734316/ontarians-covid-19-testing-recovery/
  • Social distancing is crucial, but Canada also needs more coronavirus testing https://globalnews.ca/news/6726525/social-distancing-testing-coronavirus/
  • UK asks carriers to send coronavirus alert as emergency system was never finished https://www.theverge.com/2020/3/24/21192131/uk-goverment-coronavirus-alert-sms-message-emergency-system-mobile-carriers
  • Coronavirus: Why some countries wear face masks and others don't https://www.bbc.co.uk/news/world-52015486 AND https://time.com/5799964/coronavirus-face-mask-asia-us
  • Experts increasingly question advice against widespread use of face masks - any face mask may help but not for the reasons you may think https://slate.com/news-and-politics/2020/03/experts-question-advice-against-face-mask-use-coronavirus.html
  • The city of Wuhan will end the world's harshest coronavirus lockdown after 11 weeks https://www.businessinsider.com/coronavirus-wuhan-eases-lockdown-april-8-world-fears-resurgence-2020-3
  • China censored people who spoke out about the coronavirus, but there's reason to believe the country's numbers are still trustworthy https://www.businessinsider.com/reasons-china-coronavirus-data-may-be-trustworthy-2020-3
  • Panama Canal blocks Holland America cruise ship with 138 ill crew members and passengers, and 2 confirmed cases of COVID-19 on board https://www.businessinsider.com/holland-america-zaandam-cruise-ship-blocked-panama-canal-covid-19-2020-3
  • What the Great Plague of Athens Can Teach Us Now https://www.theatlantic.com/ideas/archive/2020/03/great-plague-athens-has-eerie-parallels-today/608545/
  • Lessons from Past Outbreaks Could Help Fight the Coronavirus Pandemic https://www.scientificamerican.com/article/lessons-from-past-outbreaks-could-help-fight-the-coronavirus-pandemic1/
  • Japan’s PM, IOC say 2020 Olympics will be postponed over coronavirus https://globalnews.ca/news/6723586/tokyo-olympics-delay-shinzo-abe/

• COVID-19 behaviour, reactions, COV-IDIOTS:

  • Provinces are opening snitch lines to report people breaking isolation https://www.cbc.ca/player/play/1716608579902
  • Tragic - Man Dead From Taking Chloroquine Product After Trump Touts Drug For Coronavirus https://www.forbes.com/sites/tarahaelle/2020/03/23/man-dead-from-taking-chloroquine-after-trump-touts-drug-for-coronavirus/
  • COVIDIOTS: New name for shaming ignorant, selfish coronavirus reactions https://globalnews.ca/news/6717139/covidiots-coronavirus/
  • Are people actually this stupid? Twitter locks account encouraging coronavirus ‘chickenpox parties’ https://www.theverge.com/2020/3/25/21190928/twitter-locks-account-encouraging-coronavirus-chickenpox-parties
  • A man accused of licking deodorants in a Missouri Walmart after asking 'Who's afraid of the coronavirus?' was charged with making a terrorist threat https://www.businessinsider.com/coronavirus-man-accused-licking-walmart-items-charged-with-terror-threat-2020-3
  • Young people attended a ‘coronavirus party’ in Kentucky, governor says. At least one reveler is now infected. https://www.washingtonpost.com/nation/2020/03/25/coronavirus-party-kentucky/
  • Worker at Hamilton McDonald’s charged after fake positive COVID-19 test closed restaurant https://globalnews.ca/news/6740139/coronavirus-hamilton-woman-charged-mcdonalds-fake-positive-covid-19-test/
  • Really hazmat sightings? - We Asked Experts Whether You Should Wear a Hazmat Suit in Public https://futurism.com/grocery-stores-hazmat-suits

• Get a grip - One hantavirus death in China sparks ‘hysteria’ over old disease https://globalnews.ca/news/6724399/hantavirus-china-death-coronavirus/

  • Stop calling 911 for COVID-19 testing: Waterloo CAO https://globalnews.ca/news/6731950/coronavirus-covid-19-testing-911-waterloo-ontario/
  • Coronavirus: why are your parents sending you so much fake news? – podcast https://www.theguardian.com/news/audio/2020/mar/25/going-viral-fake-news-and-covid-19
  • London Mayor: 'Stop Tube travel or more will die' https://www.bbc.co.uk/news/uk-england-london-52017910
  • Ageism Is Making the Pandemic Worse https://www.theatlantic.com/culture/archive/2020/03/americas-ageism-crisis-is-helping-the-coronavirus/608905/
  • Gilead Sciences Backs Off Monopoly Claim for Promising Coronavirus Drug https://theintercept.com/2020/03/25/gilead-sciences-coronavirus-drug/
  • AT&T Says It’s An ‘Essential’ Retailer – And GameStop Does, Too https://www.pymnts.com/news/retail/2020/att-gamestop-essential-retailers-covid19/
  • Amazon has kicked 3,900 sellers off its platform for price gouging during the coronavirus crisis https://www.businessinsider.com/amazon-kicked-3900-sellers-off-its-platform-coronavirus-price-gouging-2020-3
  • Toronto grocery store called out for price gouging now claims it was a pricing error https://www.cbc.ca/news/canada/toronto/pusateris-ford-price-gouging-1.5511240, and https://www.blogto.com/city/2020/03/pusateris-toronto-lysol-wipes-price-gouging/
  • Spain is battling the black marketeers and price-gougers of the coronavirus crisis https://www.cnn.com/2020/03/28/europe/spain-coronavirus-black-market-gougers-intl/index.html
  • Google Bans Infowars Android App Over Coronavirus Claims https://www.wired.com/story/google-bans-infowars-android-app-alex-jones-coronavirus/
  • UK coronavirus lockdown has led daytime internet usage to more than double, Virgin Media says https://www.independent.co.uk/life-style/gadgets-and-tech/news/coronavirus-uk-lockdown-internet-broadband-wifi-virgin-usage-traffic-data-a9424441.html

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• 5 Reasons Organizations Find it Difficult to Comply with PCI-DSS Regulations https://www.datex.ca/blog/5-reasons-organizations-find-it-difficult-to-comply-with-pci-dss-regulations
• PCI Security Standards Council Bulletin: Extension of Expiration of the PCI PTS POI v5 and PTS HSM v3 Security Requirements https://www.pcisecuritystandards.org/pdfs/Bulletin_Extension_of_Expiration_of_the_PCI_PTS_POI_5_HSM_3_Security_Requirements.pdf

• COVID-19 Payments/PCI:

  • Protecting Payments While Working Remotely https://blog.pcisecuritystandards.org/protecting-payments-while-working-remotely
  • How the PCI DSS Can Help Remote Workers https://blog.pcisecuritystandards.org/how-the-pci-dss-can-help-remote-workers
  • Beware of COVID-19 Online Scams and Threats https://blog.pcisecuritystandards.org/beware-of-covid-19-online-scams-and-threats
• The Ecommerce Surge: Guarding Against Fraud https://www.databreachtoday.com/interviews/ecommerce-surge-guarding-against-fraud-i-4632
• Tupperware website hacked and infected with payment card skimmer https://www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/
• Russians Shut Down Huge Card Fraud Ring https://krebsonsecurity.com/2020/03/russians-shut-down-huge-card-fraud-ring/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Indian property site hack leads to 2 million users’ data exposed https://www.databreaches.net/indian-property-site-hack-leads-to-2-million-users-data-exposed/
• PropTiger - 2,156,921 breached accounts https://haveibeenpwned.com/PwnedWebsites#PropTiger
• Tamodo - 494,945 breached accounts https://haveibeenpwned.com/PwnedWebsites#Tamodo
• GE Employees Lit Up with Sensitive Doc Breach https://threatpost.com/ge-employees-sensitive-hr-doc-breach/154136/
• University of Utah Health Discloses Data Breach https://www.securityweek.com/university-utah-health-discloses-data-breach
• Brit housing association blabs 3,500 folks' sexual orientation, ethnicity in email blunder https://www.theregister.co.uk/2020/03/25/watford_community_housing_data_breach/
• More Ransomware Gangs Join Data-Leaking Cult https://www.bankinfosecurity.com/more-ransomware-gangs-join-data-leaking-cult-a-14008
• Cyberattack forces Ontario Beer Store locations to go cash only https://www.cbc.ca/news/business/beer-store-cyberattack-1.5511164
• Hackers Hit Cybersecurity Insurance Co Chubb https://www.pymnts.com/news/security-and-risk/2020/hackers-hit-cybersecurity-insurance-company-chubb/
• An old HIPAA incident rears its very ugly head again https://www.databreaches.net/an-old-hipaa-incident-rears-its-very-ugly-head-again/
• Fintech Firm Finastra Recovering From Ransomware Attack https://www.bankinfosecurity.com/fintech-firm-finastra-recovering-from-ransomware-attack-a-14000

• COVID-19 Breaches/Randsomware:

  • UK medical firm poised for work on coronavirus had been hit by Maze ransomware https://www.databreaches.net/uk-medical-firm-poised-for-work-on-coronavirus-had-been-hit-by-maze-ransomware/

Privacy

Articles about privacy related news, risks, and trends.

• COVID-19 Privacy:

  • How location data could play a role in managing the coronavirus crisis https://www.theverge.com/interface/2020/3/25/21192629/coronavirus-surveillance-location-data-taiwan-israel-us-google
  • It's time to track people's smartphones to ensure they self-isolate during this global pandemic, says WHO boffin https://www.theregister.co.uk/2020/03/23/track_phones_coronavirus_who/
  • Tracking The Trackers: Coronavirus Surveillance Around The World https://www.forbes.com/sites/emmawoollacott/2020/03/25/tracking-the-trackers-coronavirus-surveillance-around-the-world/
  • Red and Blue America Agree That Now Is the Time to Violate the Constitution https://www.theatlantic.com/ideas/archive/2020/03/coronavirus-america-constitution/608665/
  • Trudeau leaves door open to using smartphone data to track Canadians' compliance with pandemic rules https://www.cbc.ca/news/politics/cellphone-tracking-trudeau-covid-1.5508236
  • The LawBytes Podcast, Episode 44: Michael Birnhack on Israel’s Use of Cellphone Tracking to Combat the Spread of Coronavirus http://www.michaelgeist.ca/2020/03/lawbytes-podcast-episode-44/
  • How Canada Should Ensure Cellphone Tracking to Counter the Spread of Coronavirus Does Not Become the New Normal http://www.michaelgeist.ca/2020/03/how-canada-should-ensure-cellphone-tracking-to-counter-the-spread-of-coronavirus-does-not-become-the-new-normal/
  • Verily's COVID-19 Screening Website Leaves Privacy Questions Unanswered https://www.eff.org/deeplinks/2020/03/verilys-covid-19-screening-website-leaves-privacy-questions-unanswered
  • Edward Snowden warns COVID-19 could give governments invasive new data collection powers that will last long after the pandemic https://www.businessinsider.com/edward-snowden-coronavirus-surveillance-new-powers-2020-3
• Facial Recognition for People Wearing Masks https://www.schneier.com/blog/archives/2020/03/facial_recognit_3.html
• Zoom updates iOS app to remove code that sent device data to Facebook https://www.theverge.com/2020/3/28/21197967/zoom-ios-app-code-tracking-facebook
• Trolls exploit Zoom privacy settings as app gains popularity https://www.theguardian.com/technology/2020/mar/27/trolls-zoom-privacy-settings-covid-19-lockdown
• Yeah, that Zoom app you're trusting with work chatter? It lives with 'vampires feeding on the blood of human data' https://www.theregister.co.uk/2020/03/27/doc_searls_zoom_privacy/
• Toronto residents’ data improperly shared with councillor’s office in privacy breach https://www.databreaches.net/ca-toronto-residents-data-improperly-shared-with-councillors-office-in-privacy-breach/

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• COVID 19 Regulations/Restrictions/Policy:

  • Ontario releases list of essential workplaces and services https://www.680news.com/2020/03/23/coronavirus-province-releases-list-of-essential-workplaces/
  • COVID-19 And The (Legal) Ripple Effects Of ‘Force Majeure’ https://www.pymnts.com/coronavirus/2020/covid-19-ripple-effects-force-majeure/
  • Freedom of information requests sidelined as governments focus on COVID-19 https://globalnews.ca/news/6738445/coronavirus-canada-freedom-of-information/
  • Price gougers could face jail time under new Ontario order https://globalnews.ca/news/6746374/coronavirus-price-gougers-jail-time-ontario/
• Internet Voting in Puerto Rico https://www.schneier.com/blog/archives/2020/03/internet_voting.html
• Senators Back Bill to Promote Vote-by-Mail https://epic.org/2020/03/senators-back-bill-to-promote-.html
• NIST draft (SP) 800-56C r2 Key-Derivation Methods in Key-Establishment Schemes available for comment until May 15 https://csrc.nist.gov/publications/detail/sp/800-56c/rev-2/draft
• NIST draft (SP) 800-124 Guidelines for Managing the Security of Mobile Devices in the Enterprise available for comment until June 26 https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• COVID-19 Treatments, Innovation, Vaccines:

  • Groundbreaking At-Home Coronavirus Antibody Test Available In The U.K. ‘Within Days’ https://www.forbes.com/sites/isabeltogoh/2020/03/25/groundbreaking--at-home-coronavirus-antibody-test-available-in-the-uk-within-days/
  • Old School - New York To Begin Trials With Plasma For Seriously Ill And Antibody Test To Send Survivors Back To Work https://www.forbes.com/sites/alexandrasternlicht/2020/03/23/new-york-to-begin-trials-with-plasma-for-seriously-ill-and-antibody-test-to-send-survivors-back-to-work/
  • FDA Approves New Rapid Coronavirus Test That Can Give Results In 45 Minutes https://www.forbes.com/sites/brucelee/2020/03/22/fda-approves-new-rapid-coronavirus-test-that-can-give-results-in-45-minutes/
  • Canadian company working with Ottawa to boost ventilator production https://globalnews.ca/news/6716103/canada-coronavirus-ventilators-manufacturing/
  • Winnipeg biotech company says COVID-19 treatment nearing production https://globalnews.ca/news/6716475/winnipeg-researchers-covid-19-treatment/
  • U.S. Approves Abbott Labs Five-Minute ‘Rapid’ Coronavirus Test https://www.forbes.com/sites/brucejapsen/2020/03/27/us-approves-abbott-labs-five-minute-rapid-coronavirus-test/
  • San Francisco startups have suspended sales of at-home coronavirus test kits after the FDA issued a warning https://www.businessinsider.com/coronavirus-home-tests-startups-nurx-carbon-health-stop-fda-warning-2020-3
  • Startup Uses Fever Detection Technology To Stop Spread of Coronavirus https://www.forbes.com/sites/geekgirlrising/2020/03/20/texas-based-ai-company-gears-up-to-fight-coronavirus-with-fever-detection-system/
  • Hydroxychloroquine Use For COVID-19 Coronavirus Shows No Benefit In First Small—But Limited—Controlled Trial https://www.forbes.com/sites/tarahaelle/2020/03/25/chloroquine-use-for-covid-19-shows-no-benefit-in-first-small-but-limited-controlled-trial/
  • Australia's Trialing a TB Vaccine Against COVID-19, And Health Workers Get It First https://www.sciencealert.com/australia-is-trialling-a-tb-vaccine-for-coronavirus-and-health-workers-get-it-first
  • Ford Will Work With 3M And GE To Make Respirators And Ventilators To Address Shortages https://www.forbes.com/sites/amyfeldman/2020/03/24/ford-will-work-with-3m-and-ge-to-make-respirators-ventilators-and-n95-masks/
  • Dyson to produce 15,000 ventilators to help with coronavirus fight https://globalnews.ca/news/6737451/coronavirus-dyson-ventilators/
  • Gap Inc. is using its factories to make masks, gowns, and scrubs for healthcare workers https://www.businessinsider.com.au/gap-to-make-masks-healthcare-workers-coronavirus-2020-3/

• Why companies like Goldman Sachs, Apple, and Facebook had all of those N95 masks to donate in the first place https://www.businessinsider.com/heres-why-companies-like-facebook-had-n95-masks-to-donate-2020-3

  • These U.K And U.S. Distilleries Are Making And Donating Hand Sanitizer https://www.forbes.com/sites/felipeschrieberg/2020/03/17/these-uk-and-us-distilleries-are-making-and-donating-hand-sanitizer/
  • Queen’s medical students make protective equipment for front-line health-care workers https://globalnews.ca/news/6727155/coronavirus-queens-medical-students-personal-protective-equipment/
  • The ventilators made from diving masks in Italy https://www.dailymail.co.uk/news/article-8143099/The-ventilators-diving-masks-Italy.html
  • Calling All Makers With 3D Printers: Join Critical Mission To Make Face Masks And Shields For 2020 Healthcare Workers https://www.forbes.com/sites/tjmccue/2020/03/24/calling-all-makers-with-3d-printers-join-critical-mission-to-make-face-masks-and-shields-for-2020-healthcare-workers/
  • U of O lab putting 3D printers to use in fight against COVID-19 https://www.cbc.ca/news/canada/ottawa/maker-space-university-of-ottawa-3d-printing-face-shields-1.5507011
  • YouTube is reducing its default video quality to standard definition for the next month https://www.theverge.com/2020/3/24/21192384/youtube-video-quality-reduced-hd-broadband-europe-streaming
  • Struggling with self-isolation and quarantine? Jason Rezaian has lessons from prison in Iran. https://www.washingtonpost.com/opinions/2020/03/24/i-survived-solitary-confinement-you-can-survive-self-isolating/
  • University of Regina professor exploring impact on mental health https://globalnews.ca/news/6717942/coronavirus-university-regina-mental-health/
  • A Twitch Streamer Is Exposing Coronavirus Scams Live https://www.wired.com/story/kitboga-twitch-streams-coronavirus-scams/
• Working from home? Switch off Amazon's Alexa (say lawyers) https://www.zdnet.com/article/working-from-home-switch-off-amazons-alexa-say-lawyers/
• Windows Sandbox - available in Windows 10 1909 https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849
• JumpStart Guide for Application Security in AWS https://pages.awscloud.com/awsmp-JS-SEC-Fortinet-AppSec.html
• Apple Safari Blocks Ad-Targeting Cookie Support https://threatpost.com/apple-safari-blocks-cookies-ad-targeting/154124/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• COVID-19 Information and Understanding:

  • The Doctor Who Helped Defeat Smallpox Explains What's Coming https://www.wired.com/story/coronavirus-interview-larry-brilliant-smallpox-epidemiologist/
  • How the Pandemic Will End https://www.theatlantic.com/health/archive/2020/03/how-will-coronavirus-end/608719/
  • Microsoft’s Major New Browser Security Move Reveals Serious COVID-19 Impact https://www.forbes.com/sites/kateoflahertyuk/2020/03/22/microsofts-major-new-browser-security-move-suggests-broader-covid-19-impact/
• Critical RCE Bug Affects Millions of OpenWrt-based Network Devices https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
• Windows code-execution zeroday is under active exploit https://arstechnica.com/information-technology/2020/03/attackers-exploit-windows-zeroday-that-can-execute-malicious-code/
• Hackers Target Two Unpatched Flaws in Windows Adobe Type Manager Library https://www.securityweek.com/hackers-target-two-unpatched-flaws-windows-adobe-type-manager-library
• Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html
• FireEye warns about the proliferation of ready-made ICS hacking tools https://www.zdnet.com/article/fireeye-warns-about-the-proliferation-of-ready-made-ics-hacking-tools/
• No Patch for VPN Bypass Flaw Discovered in iOS https://www.securityweek.com/no-patch-vpn-bypass-flaw-discovered-ios
• New attack on home routers sends users to spoofed sites that push malware https://arstechnica.com/information-technology/2020/03/new-attack-on-home-routers-sends-users-to-spoofed-sites-that-push-malware/
• US Government Sites Give Bad Security Advice https://krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/
• Vulnerability reporting is dysfunctional https://freedom-to-tinker.com/2020/03/25/vulnerability-reporting-is-dysfunctional/
• Hacking Voice Assistants with Ultrasonic Waves https://www.schneier.com/blog/archives/2020/03/hacking_voice_a_1.html
• Netflix Still Sends Cookies Over HTTP https://arstechnica.com/information-technology/2020/03/bugcrowd-tries-to-muzzle-hacker-who-found-netflix-account-compromise-weakness/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• COVID-19 Crime and Cybercrime:

  • Online 'phishing' attacks targeting housebound federal staffers as COVID-19 spreads https://www.cbc.ca/news/politics/online-hacking-phishing-covid-19-coronavirus-1.5499725
  • COVID-19 Phishing Schemes Escalate; FBI Issues Warning https://www.bankinfosecurity.com/covid-19-phishing-schemes-escalate-fbi-issues-warning-a-13998
  • Coronavirus: WHO sees rise in cyberattack attempts by hackers, official says https://globalnews.ca/news/6720754/coronavirus-who-cyberattack-hackers/
  • Scammers are using the promise of phony COVID-19 test kits to get Tricare recipient personal private info https://www.databreaches.net/scammers-are-using-the-promise-of-phony-covid-19-test-kits-to-get-tricare-recipient-personal-private-info/
  • Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown
  • Canada's cyber spies taking down sites as battle against COVID-19 fraud begins https://www.cbc.ca/news/politics/cse-disinformation-spoofing-1.5504619
• Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics https://www.zdnet.com/article/booz-allen-analyzed-200-russian-hacking-operations-to-better-understand-their-tactics/
• Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign https://threatpost.com/chinese-hackers-exploit-cisco-citrix-espionage/154133/
• FIN7 hackers target enterprises with weaponized USB drives via USPS https://securityaffairs.co/wordpress/100661/cyber-crime/fin7-usb-teddy-bears-attacks.html
• Dark web hosting provider hacked again -- 7,600 sites down https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/
• Someone’s wiping out elastic searches and leaving a security firm’s name https://www.databreaches.net/someones-wiping-out-elastic-searches-and-leaving-a-security-firms-name/
• FBI Shutters Alleged Russian Cybercriminal Forum https://www.bankinfosecurity.com/fbi-shutters-alleged-russian-cybercriminal-forum-a-14010
• Mobile Malware Bypasses Banks' 2-Factor Authentication https://www.bankinfosecurity.com/mobile-malware-bypasses-banks-2-factor-authentication-report-a-14009
• BEC Campaign Targets HR Departments: Report https://www.bankinfosecurity.com/bec-campaign-targets-hr-departments-report-a-13997
• Source code of Dharma ransomware pops up for sale on hacking forums https://www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/
• A mysterious hacker group is eavesdropping on corporate email and FTP traffic https://www.databreaches.net/a-mysterious-hacker-group-is-eavesdropping-on-corporate-email-and-ftp-traffic/

Other Security / Risk

Articles covering other types of risks.

• COVID-19 Economic impact and articles that don't fit anywhere else:

• Relaxing isolation rules won’t help the economy, say economists https://www.theverge.com/2020/3/25/21193670/trump-easter-coronavirus-isolation-relax-rules-economy-social-distancing

  • 44% of Canadian households report lost work amid COVID-19 pandemic https://globalnews.ca/news/6726202/coronavirus-canada-job-loss-poll/
  • Nearly 1 million Canadians applied for EI last week https://globalnews.ca/news/6726111/coronavirus-ei-claims-1-million/
  • US Senate passes $2tn disaster aid bill https://www.bbc.co.uk/news/world-us-canada-52033863
  • We Need a Hard Pause, Followed by a Soft Start https://www.theatlantic.com/ideas/archive/2020/03/economic-framework-responding-coronavirus/608566/
  • Welcome To The Isolation Economy (Goodbye Sharing Economy) https://www.forbes.com/sites/kmehta/2020/03/23/welcome-to-the-isolation-economy-goodbye-sharing-economy/
  • COVID-19 should be wake-up call for robotics research https://scienmag.com/covid-19-should-be-wake-up-call-for-robotics-research/
  • There may be a worldwide condom shortage as factories are forced to shut down during the coronavirus pandemic https://www.businessinsider.com/worldwide-condom-shortage-inevitable-production-hubs-shut-down-2020-3
• Gus Weiss masterminded a long campaign to feed technical disinformation to the Soviet Union https://www.schneier.com/blog/archives/2020/03/story_of_gus_we.html
• If there's something strange in Symantec's neighborhood, who you gonna call? Not Broadcom, it seems: Systems go down, cut off customers https://www.theregister.co.uk/2020/03/25/broadcom_wss_outage/
• Speeding up Linux disk encryption https://blog.cloudflare.com/speeding-up-linux-disk-encryption/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Marine biodegradable plastics https://scienmag.com/made-to-degrade-eventually/
• Denser Cities Could Spare Climate but Also Increase Virus Transmission https://www.scientificamerican.com/article/denser-cities-could-spare-climate-but-also-increase-virus-transmission/
• Better, safer batteries https://scienmag.com/better-safer-batteries/
• Scientists 'Reset' The Age of Stem Cells From a Supercentenarian Who Lived to 114 https://www.sciencealert.com/scientists-have-reset-the-stem-cells-of-a-supercentenarian-who-lived-to-114
• Squids Can Edit Their RNA in an Unprecedented Way https://www.sciencealert.com/researchers-have-found-a-brand-new-way-that-squid-can-edit-rna
• Solving a 50-year-old puzzle in signal processing, part two: https://scienmag.com/solving-a-50-year-old-puzzle-in-signal-processing-part-two/
• This Powerful Ion Engine Will Be Flying on NASA’s DART Mission to Try and Redirect an Asteroid https://www.universetoday.com/145445/this-powerful-ion-engine-will-be-flying-on-nasas-dart-mission-to-try-and-redirect-an-asteroid/
• The n-body problem is busted - Just Three Orbiting Black Holes Can Break Time-Reversal Symmetry, Physicists Find https://www.sciencealert.com/three-black-holes-orbiting-each-other-can-t-always-go-backwards-in-time
• Necroplanetology: The Strangest Field of Astronomy You've Never Heard Of
• Really far out. Astronomers Think They Just Found The Edge of The Milky Way Galaxy https://www.sciencealert.com/astronomers-have-found-the-edge-of-our-galaxy-it-s-bigger-than-you-think