This Week's [in]Security - Issue 165

Welcome to This Week’s [in]Security. Covid-19: Spread & Curve Toronto COVID map & stats. Lockdown, Reopening, & The New Normal. More Good, Bad, and Ugly. Update on PCI DSS v4. COVID related breaches. A whopping 8B record giga-breach. 100M+ in smaller ones. Breach reports down? 5.5M older breaches added to HIBP. Ransomware's growth. Forensics report not 'protected' in lawsuit. Contact tracing app problems. Location tracking lawsuit. Twitter War. NIST monitoring, microservices, and crypto-agility. Doomsday Planning. Identifying fake photos. EXIM mail actively being exploited. Password reuse, SHA-1 login deprecated, 26 USB vulnerabilities. Bulletproof TLS #65. Random number security. Free ACM Digital Library Access. COVID Crimes. Scam anti-5G tech. Port-scanning customers without consent! UK 5G re-think. Rhyming AIs. We have liftoff. And more.

COVID-19 Updates.

The COVID related articles here fit together. Other COVID articles will appear under our normal section headings like regulations, privacy, breaches, and other risks. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread and the curve:

  • US deaths top 100K https://www.bbc.com/news/world-us-canada-52821090
  • U.S. coronavirus deaths hit grim record as cases rise rapidly in India, Russia https://globalnews.ca/news/6996328/coronavirus-worldwide-may-28/
  • The UK now has the highest coronavirus death rate in the world https://www.businessinsider.com/uk-has-highest-coronavirus-death-rate-in-the-world-2020-5
  • Photos of mass graves in Brazil show the stark toll of the coronavirus, as experts predict that it will surpass 125,000 deaths by August https://www.businessinsider.com/photos-brazil-mass-graves-experts-anticipate-covid-19-deaths-2020-5
  • How Anti-Science Attitudes Have Impacted the Coronavirus Pandemic in Brazil https://www.nature.com/articles/d41586-020-01506-2
  • Russia records its highest daily death toll from the coronavirus as its number of new cases appears to decline https://www.businessinsider.com/russia-records-highest-daily-death-toll-from-the-coronavirus-2020-5
  • Nightmare spreads through Russia's care homes https://www.bbc.co.uk/news/world-europe-52784913
  • Coronavirus: How Turkey took control of Covid-19 emergency https://www.bbc.com/news/world-europe-52831017
  • Mother’s Day gatherings boosted coronavirus cases in Ontario https://globalnews.ca/news/6984147/coronavirus-ontario-mothers-day-cases/
  • A single illegal birthday party has been blamed for a spike of coronavirus infections in Spain https://www.businessinsider.com/birthday-party-in-spain-linked-to-outbreak-of-coronavirus-cases-2020-5
  • A partygoer who attended the now-infamous Lake of the Ozarks pool party has tested positive for COVID-19 https://www.businessinsider.com/lake-ozarks-pool-party-attendee-tests-positive-coronavirus-2020-5
  • Quebec, province hardest hit by health crisis, tops 50,000 coronavirus cases https://globalnews.ca/news/7002064/quebec-coronavirus-may-29/
  • Ontario reports 287 new coronavirus cases, lowest since end of March https://globalnews.ca/news/6986115/ontario-coronavirus-cases-may-26-covid19/
  • Manufacturing plants, grocery stores, delivery companies all have COVID-19 outbreaks in GTA https://www.cbc.ca/news/canada/toronto/manufacturing-plants-grocery-stores-delivery-companies-all-have-covid-19-outbreaks-in-gta-1.5588221
  • Reopening up-tick: 344 new coronavirus cases, 41 deaths in Ontario as total cases rise to 27,210 https://globalnews.ca/news/7001656/ontario-coronavirus-cases-may-29-covid19/__New Toronto neighbourhood map details number of coronavirus cases https://globalnews.ca/news/6993844/coronavirus-toronto-neighbourhoods-covid-19-map/
  • 62,000 healthcare workers in the US have tested positive for the coronavirus https://www.businessinsider.com/us-healthcare-workers-62000-tested-positive-coronavirus-cdc-likely-more-2020-5
  • Two hairstylists in Missouri may have exposed more than 140 clients to the coronavirus https://www.businessinsider.com/two-missouri-hairstylists-may-have-exposed-140-clients-to-coronavirus-2020-5
  • Heading to the International Peace Garden? Don’t forget to quarantine afterwards https://globalnews.ca/news/6982605/heading-to-the-international-peace-garden-dont-forget-to-quarantine-cbsa-says/
  • One Key Factor in whether COVID-19 Will Wane This Summer https://blogs.scientificamerican.com/blogs/observations/one-key-factor-in-whether-covid-19-will-wane-this-summer/_Lockdown, reopening, and The New Normal:
  • Ontario to reveal new COVID-19 testing strategy to gauge phased reopening https://globalnews.ca/news/7001949/ontario-covid19-testing-strategy-phased-reopening/
  • Ontario now considering regional approach to reopening the province https://toronto.ctvnews.ca/ontario-now-considering-regional-approach-to-reopening-the-province-1.4960136
  • Quebec sends 1,000 prevention agents to workplaces to boost coronavirus safeguard measures https://globalnews.ca/news/6981746/quebec-coronavirus-prevention-workers/
  • Poll finds many in B.C. uncomfortable with reopening plans https://vancouversun.com/news/local-news/covid-19-poll-finds-most-in-b-c-uncomfortable-with-reopening-plans/
  • Amid COVID-19 Crisis, 1/2 Of Canadians Say Governments Are Hiding Full Truth: Poll https://www.huffingtonpost.ca/entry/covid-19-crisis-governments-poll_ca_5ecd0b82c5b6086f7e6ebda0
  • English-speaking Quebecers fear COVID-19 more than francophones, poll suggests https://www.cbc.ca/news/canada/montreal/quebec-survey-language-covid-19-1.5567194
  • Denmark and Norway exclude Sweden from tourism https://www.bbc.co.uk/news/world-europe-52853556
  • Large cruise ships banned from Canadian waters until Oct. 3 https://globalnews.ca/news/7001865/coronavirus-large-cruise-ships-banned-until-oct-31/
  • Coronavirus: Ontario says drive-in movie theatres are clear to reopen https://globalnews.ca/news/7006755/coronavirus-ontario-drive-in-theatres/
  • Coronavirus: SaskTel Centre aims to break attendance record — virtually https://globalnews.ca/news/6982385/sasktel-centre-saskatoon-attendance-record-coronavirus/

• Treatments, Testing, Triage, and Trials, and things we learned:

  • Antibody test results are often wrong and should not be relied on https://www.businessinsider.com/cdc-says-antibody-test-results-wrong-half-the-time-2020-5
  • Experimental rapid COVID-19 test using nanoparticle technique https://scienmag.com/researchers-develop-experimental-rapid-covid-19-test-using-nanoparticle-technique/
  • Nearly 2 million Canadians believe they have or had COVID-19 and aren't getting tested https://www.intelligencer.ca/news/nearly-2-million-canadians-believe-they-have-or-had-covid-19-and-arent-getting-tested/wcm/d6c43394-31ca-40de-a68d-235a951bbc90
  • Coronavirus testing open to anyone in Ottawa as hospitalized case numbers drop https://globalnews.ca/news/6982102/ottawa-coronavirus-testing-open-to-anyone/
  • Millions Tested In Wuhan Amid Fears Of Second COVID Wave https://www.pymnts.com/coronavirus/2020/millions-tested-in-wuhan-fears-of-second-wave/
  • Coronavirus: 'Baffling' observations from the front line https://www.bbc.co.uk/news/52760992
  • COVID-19 should be treated as a thrombotic disease, Brazilian pulmonologist argues https://scienmag.com/covid-19-should-be-treated-as-a-thrombotic-disease-brazilian-pulmonologist-argues/
  • Scientist posits 'wild' hypothesis that cross immunity could slow pandemic https://www.timesofisrael.com/scientist-posits-wild-hypothesis-that-cross-immunity-could-slow-pandemic/
  • Largest Study Yet Finds Chloroquine Increases Risk of Death in COVID-19 Patients https://www.sciencealert.com/huge-study-found-covid-19-patients-who-took-hydroxychloroquine-or-chloroquine-had-a-higher-risk-of-death
  • WHO halts trials of hydroxychloroquine over safety fears https://www.bbc.co.uk/news/health-52799120
  • Moderna's clinical trial just entered phase two. Here's how mRNA vaccines work https://www.nationalgeographic.com/science/2020/05/coronavirus-vaccine-passes-first-human-trial-but-is-it-frontrunner-cvd/
  • Emergency COVID-19 vaccines will have to convince a skeptical public https://www.theverge.com/2020/5/26/21266591/covid-19-coronavirus-vaccine-fda-authorize-emergency-experimental
  • Dementia gene raises risk of severe COVID-19 https://scienmag.com/dementia-gene-raises-risk-of-severe-covid-19/
  • University of Cincinnati study uncovers clues to COVID-19 in the brain https://scienmag.com/university-of-cincinnati-study-uncovers-clues-to-covid-19-in-the-brain/
  • AMP releases preliminary results to nationwide SARS-CoV-2 molecular testing survey https://scienmag.com/amp-releases-preliminary-results-to-nationwide-sars-cov-2-molecular-testing-survey/

• Guidance, Response and Recovery:

  • Can a store make me wear a mask to shop? Your COVID-19 questions answered https://www.cbc.ca/news/mask-rights-covid-questions-answered-1.5590534
  • Doctors in London hospitals are using headsets from Microsoft to reduce the amount of staff coming into contact with COVID-19 patients https://www.businessinsider.com/london-doctors-microsoft-hololens-headsets-covid-19-patients-ppe-2020-5
  • Countering COVID-19 impacts on children from low-income households https://scienmag.com/countering-covid-19-impacts-on-children-from-low-income-households/
  • Unmanned drones to slash NHS delivery times to one-fifth of road 'n' rail transport https://www.theregister.co.uk/2020/05/26/drone_deliveries_bvlos_isle_mull/
  • The five: robots helping to tackle coronavirus https://www.theguardian.com/technology/2020/may/31/the-five-robots-helping-to-tackle-coronavirus
  • It may take up to a year to get through elective surgeries due to COVID-19 https://scienmag.com/it-may-take-up-to-a-year-to-get-through-elective-surgeries-due-to-covid-19/
  • Coronavirus lockdowns might be delaying flu season in the southern hemisphere https://globalnews.ca/news/6999217/coronavirus-lockdown-flu-rsv/_Behaviour - the good, the bad, and the ugly:
  • The DOJ has dropped its probe into 3 US senators who dumped stock work millions shortly before the coronavirus market crash https://www.businessinsider.com/doj-drops-probe-3-senators-dumped-stock-before-crash-2020-5
  • Amazon sellers are marking products as ‘collectible’ to get around price gouging rules https://www.theverge.com/21273383/amazon-price-gouging-collectible-loophole-dumbbells-hot-tub

• Masks, anti-maskers, and distancing:

  • The Right Way to Clean Your Face Mask https://www.mentalfloss.com/article/624932/right-way-to-clean-your-face-mask
  • Summer heat, humidity will be a problem when wearing COVID-19 masks outdoors https://globalnews.ca/news/6989302/coronavirus-heat-face-masks-outdoors/
  • Refusing to Wear a Mask Is an Empty Act of Defiance https://www.theatlantic.com/culture/archive/2020/05/face-mask-videos-culture-wars-trump-logic/612139/

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI DSS v4.0: Anticipated Timelines and Latest Updates https://blog.pcisecuritystandards.org/pci-dss-v4-0-anticipated-timelines-and-latest-updates
• US EMV Chip Card Count Surpasses 1 Billion https://www.digitaltransactions.net/the-us-emv-chip-card-count-surpasses-1-billion/
• ATM Counts Slip in the US, Canada, and China https://www.digitaltransactions.net/atm-counts-slip-in-the-u-s-canada-and-china-new-study-shows/
• Credit card fraud surges 35% as coronavirus freezes the economy and wipes out jobs https://www.businessinsider.com/credit-card-account-fraud-skyrockets-coronavirus-pandemic-recession-economy-layoffs-2020-5
• Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months https://www.theregister.com/2020/05/19/paramo_hack_magecart/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• COVID related breaches - unemployment, stimulus, apps:

  • BoA Experiences Potential Data Breach With PPP Applications https://www.pymnts.com/safety-and-security/2020/bank-of-america-experiences-potential-data-breach-with-ppp-applications/
  • Qatar Tracing App Flaw Exposed 1M Users' Data https://www.securityweek.com/qatar-tracing-app-flaw-exposed-1-mn-users-data-amnesty
  • Kentucky unemployment website experienced April data breach https://www.databreaches.net/kentucky-unemployment-website-experienced-april-data-breach/_A massive 8B record database leaks from Thai internet provider https://www.databreaches.net/a-massive-database-of-8-billion-thai-internet-records-leaks/_Truecaller denies database breach after details of over 45 million Indians appear on the dark web https://www.databreaches.net/truecaller-denies-database-breach-after-details-of-over-45-million-indians-appear-on-the-dark-web/
• 26 million LiveJournal credentials leaked online, sold on the dark web https://www.databreaches.net/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/, https://haveibeenpwned.com/PwnedWebsites#LiveJournal
• Personal Details and IDs of Millions of Indian Families Exposed by Unsecured MMPSY Elasticsearch db https://securitydiscovery.com/personal-details-and-ids-of-millions-of-indian-families-exposed-as-a-result-of-security-incident/
• Wishbone (2020) - 9,705,172 breached accounts https://haveibeenpwned.com/PwnedWebsites#Wishbone2020
• Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets https://www.databreaches.net/hacker-selling-80000-users-data-stolen-from-cryptocurrency-wallets/
• Arbonne MLM data breach exposes user passwords, personal info https://www.databreaches.net/arbonne-mlm-data-breach-exposes-user-passwords-personal-info/
• Japanese ICT Solutions Provider NTT Com Discloses Data Breach https://www.securityweek.com/japanese-ict-solutions-provider-ntt-com-discloses-data-breach
• Mercedes-Benz onboard logic unit (OLU) source code leaks online https://www.zdnet.com/article/mercedes-benz-onboard-logic-unit-olu-source-code-leaks-online/
• Identities of Northern Ireland abuse survivors exposed in email gaffe https://www.databreaches.net/identities-of-northern-ireland-abuse-survivors-exposed-in-email-gaffe/
• Hacker leaks database of dark web hosting provider https://www.zdnet.com/article/hacker-leaks-database-of-dark-web-hosting-provider/_UK Data Breach Reports Decline https://www.bankinfosecurity.com/uk-data-breach-reports-decline-a-14331
• It wasn't just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims https://www.theregister.com/2020/05/22/easyjet_hack_victim_notification/_Lifebear - 3,670,561 breached accounts (2019) https://haveibeenpwned.com/PwnedWebsites#Lifebear
• Artsy - 1,079,970 breached accounts (2018) https://haveibeenpwned.com/PwnedWebsites#Artsy
• PetFlow - 990,919 breached accounts (2017) https://haveibeenpwned.com/PwnedWebsites#PetFlow
• Class-action lawsuit filed against state contractor over Ohio Department of Job and Family Services data leak https://www.databreaches.net/class-action-lawsuit-filed-against-state-contractor-over-ohio-department-of-job-and-family-services-data-leak/
• NZ: ASB Securities hit with $80,000 fine for 14-year privacy breach https://www.databreaches.net/nz-asb-securities-hit-with-80000-fine-for-14-year-privacy-breach/
• Ransomware's Big Jump: Ransoms Grew 14 Times In One Year https://www.datex.ca/blog/ransomwares-big-jump-ransoms-grew-14-times-in-one-year
• Ransomware Gangs' Ruthlessness Leads to Bigger Profits https://www.bankinfosecurity.com/ransomware-gangs-ruthlessness-leads-to-bigger-profits-a-14349
• Michigan State hit by ransomware threatening leak of student and financial data https://www.databreaches.net/michigan-state-hit-by-ransomware-threatening-leak-of-student-and-financial-data/
• Capital One Must Turn Over Mandiant's Forensics Report https://www.bankinfosecurity.com/capital-one-must-turn-over-mandiant-forensics-report-a-14352

Privacy

Articles about privacy related news, risks, and trends.

• COVID-19 Contact tracing and surveillance:

  • State-Based Contact-Tracing Apps Could Be a Mess https://www.wired.com/story/covid-19-contact-tracing-app-fragmentation/
  • North Dakota Contact Tracing App Contract Goes Against Privacy Policy and Sends Data to Third Parties https://epic.org/2020/05/epic-obtains-north-dakota-cont.html
  • India said its coronavirus contact-tracing app is perfect... adds bug bounty and open-sources it anyway https://www.theregister.co.uk/2020/05/27/aarogya_set_open_source_bug_bounty/
  • UK test and trace system started https://www.bbc.co.uk/news/health-52820592
  • Contact-tracing app may become a permanent fixture in major Chinese city https://www.theregister.co.uk/2020/05/26/hangzhou_permanent_contact_tracing/
  • Immunity Passports Are a Threat to Our Privacy and Information Security https://www.eff.org/deeplinks/2020/05/immunity-passports-are-threat-our-privacy-and-information-security_Arizona sues Google over claims it illegally tracked location of Android users https://www.theverge.com/2020/5/27/21272625/arizona-ag-sues-google-location-tracking-android-allegations
• Beer rating app reveals homes and identities of spies and military bods, warns Bellingcat https://www.theregister.com/2020/05/19/bellingcat_beer_app_osint/
• ACLU sues facial recognition firm Clearview AI, calling it a ‘nightmare scenario’ for privacy https://www.theverge.com/2020/5/28/21273388/aclu-clearview-ai-lawsuit-facial-recognition-database-illinois-biometric-laws
• AMA Outlines Privacy Principles for Health Data https://www.bankinfosecurity.com/interviews/ama-outlines-privacy-principles-for-health-data-i-4690
• Mortgage broker buys a list of 5000 names from Desjardins' breach https://www.databreaches.net/leak-at-desjardins-a-mortgage-broker-buys-a-list-of-5000-names/

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• Expect a legal war over the social media executive order:

  • Twitter flags Trump’s tweets with its fact-check label for the first time https://globalnews.ca/news/6989440/twitter-fact-checks-trump/
  • Trump signs executive order targeting Twitter after fact-checking row https://www.bbc.co.uk/news/technology-52843986
  • Donald Trump’s executive order is ‘plainly illegal,’ says co-author of Section 230 https://www.theverge.com/2020/5/28/21273495/donald-trump-section-230-ron-wyden-author-bill-twitter-facebook-law-speech
  • Trump Executive Order Misreads Key Law Promoting Free Expression Online and Violates the First Amendment https://www.eff.org/deeplinks/2020/05/trump-executive-order-misreads-key-law-promoting-free-expression-online-and
  • Why Twitter labeled Trump’s tweets as misleading and Facebook didn’t https://www.theverge.com/interface/2020/5/29/21273370/trump-twitter-executive-order-misleading-facebook-authoritarianism
  • Twitter Had Been Drawing a Line for Months When Trump Crossed It https://www.nytimes.com/2020/05/30/technology/twitter-trump-dorsey.html
  • It’s not just Trump — Twitter fact-checking thousands of tweets, many about coronavirus https://globalnews.ca/news/7007935/trump-twitter-fact-checking-coronavirus/
  • Twitter Doubles Down on Labeling Tweets https://www.nytimes.com/2020/05/28/technology/trump-twitter-fact-check.html
  • Review of Internet Censorship Order https://www.theverge.com/2020/5/29/21273191/trump-twitter-social-media-censorship-executive-order-analysis-bias_NIST updates and drafts:
  • (SP) 800-137, Information Security Continuous Monitoring (ISCM) https://csrc.nist.gov/publications/detail/sp/800-137a/final
  • SP 800-204A, Building Secure Microservices-based Apps Using Service Mesh https://csrc.nist.gov/publications/detail/sp/800-204a/final
  • Crypto-agility initiative whitepaper Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms open for comments until June 30 https://csrc.nist.gov/publications/detail/white-paper/2020/05/26/getting-ready-for-post-quantum-cryptography/draft
• AI Commission Seeks Public Comments https://epic.org/2020/05/ai-commission-seeks-public-com.html
• Vermont Updates its Data Breach Notification Law https://www.databreaches.net/vermont-updates-its-data-breach-notification-law/
• Social media bias lawsuits keep failing in court https://www.theverge.com/2020/5/27/21272066/social-media-bias-laura-loomer-larry-klayman-twitter-google-facebook-loss
• Meng Wanzhou loses key court fight, must stay in B.C. to fight extradition https://globalnews.ca/news/6992243/meng-wanzhou-extradition-case-ruling-2/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• It’s Time to Listen to the Doomsday Planners https://www.theatlantic.com/politics/archive/2020/05/doomsday-planners-united-states-trump-continuity-government/612208/
• A Look at the 5 Most Common Types of Cyberattacks https://www.tenable.com/blog/a-look-at-the-5-most-common-types-of-cyberattacks
• Chinese Researchers Disrupt Malware Attack That Infected Thousands ofs https://thehackernews.com/2020/05/chinese-botnet-malware.html
• Verifying Windows binaries, without Windows https://blog.trailofbits.com/2020/05/27/verifying-windows-binaries-without-windows/
• Detecting Bad OpenSSL Usage https://blog.trailofbits.com/2020/05/29/detecting-bad-openssl-usage/
• Windows Task Manager secrets https://www.zdnet.com/article/windows-10-the-developer-who-wrote-windows-task-manager-reveals-its-secrets/
• Google removes apps pushing far-right QAnon conspiracy theory https://www.independent.co.uk/life-style/gadgets-and-tech/news/qanon-app-google-play-store-far-right-conspiracy-theory-a9532741.html
• Facebook Announces Messenger Security Features that Don't Compromise Privacy https://www.schneier.com/blog/archives/2020/05/facebook_announ.html_The Hidden Signs That Can Reveal a Fake Photo (2017) https://www.bbc.com/future/article/20170629-the-hidden-signs-that-can-reveal-if-a-photo-is-fake
• Saftey - The Reason Target Has Those Giant Red Concrete Spheres Outside https://www.mentalfloss.com/article/624378/why-target-stores-have-giant-red-spheres-outside

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• NSA publicly warns of ctive EXIM attacks by Kremlin hackers https://www.theregister.co.uk/2020/05/29/nsa_warns_of_gru/ and https://arstechnica.com/information-technology/2020/05/russian-hackers-are-exploiting-bug-that-gives-control-of-us-servers/_People Know Reusing Passwords Is Dumb, But Still Do It https://threatpost.com/threatlist-people-know-reusing-passwords-is-dumb-but-still-do-it/155996/_OpenSSH To Deprecate SHA-1 Logins Due To Security Risk https://www.zdnet.com/article/openssh-to-deprecate-sha-1-logins-due-to-security-risk/_New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/
• New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Side-Channel Attacks Effective https://thehackernews.com/2020/05/noise-resilient-flush-attack.html
• Windows 10 2004: More patch issues https://www.zdnet.com/article/windows-10-2004-were-already-looking-into-these-10-issues-says-microsoft/_Bulletproof TLS #65 - Digicert, post-quantum, some AES and CGM problems to be aware of https://www.feistyduck.com/bulletproof-tls-newsletter/issue_65_private_key_of_digicert_certificate_transparency_log_compromised
• Bluetooth Impersonation AttackS (BIAS) vulnerability https://www.schneier.com/blog/archives/2020/05/bluetooth_vulne_1.html
• New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html_Security Analysis of NIST CTR-DRBG (random number generators) https://eprint.iacr.org/2020/619
• The Direction of Updatable Encryption does not Matter Much https://eprint.iacr.org/2020/622The ACM has freely opened their digital library through June 30 to support research during COVID-19 https://www.acm.org/articles/bulletins/2020/march/dl-access-during-covid-19 and https://dl.acm.org/
• FTC Approves Settlement with Canadian Lockmaker Over Deceptive Security Claims https://www.databreaches.net/ftc-approves-settlement-with-canadian-lockmaker-over-deceptive-security-claims/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• COVID-19 Crime, Cybercrime, Fraud, ...:

  • Don't Be Fooled by Covid-19 Contact-Tracing Scams https://www.wired.com/story/covid-19-contact-tracing-scams/
  • ‘[F]Unicorn’ Ransomware Impersonates Legit COVID-19 Contact-Tracing App https://threatpost.com/funicorn-ransomwarecovid-19-contact-tracing-app/156069/
  • A used-car salesman tried to scam New York out of $45 million for N95 masks he didn’t have https://www.washingtonpost.com/nation/2020/05/27/used-car-salesman-tried-scam-new-york-out-45-million-n95-masks-he-didnt-have-feds-say/
  • Coronavirus fraud: Feds bust scheme to sell imaginary N95 masks https://www.cnbc.com/2020/05/28/coronavirus-fraud-feds-bust-scheme-to-sell-imaginary-n95-masks.html
• Prices for criminal tech services like botnet rentals and stolen credit cards are are plummeting https://www.theregister.co.uk/2020/05/27/criminal_services_cheaper/
• Hackers Expose Gaping Holes in North Macedonia’s IT Systems https://www.databreaches.net/hackers-expose-gaping-holes-in-north-macedonias-it-systems/
• Thousands of enterprise systems infected by new Blue Mockingbird malware gang https://www.zdnet.com/article/thousands-of-enterprise-systems-infected-by-new-blue-mockingbird-malware-gang/
• Minneapolis city systems temporarily brought down by cyberattack https://www.databreaches.net/minneapolis-city-systems-temporarily-brought-down-by-cyberattack/
• New persistent Discord malware https://www.itpro.co.uk/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords and https://www.bleepingcomputer.com/news/security/discord-client-turned-into-a-password-stealer-by-updated-malware/
• MA: New York City Man Charged with Hacking, Credit Card Trafficking, and Money Laundering Conspiracies https://www.databreaches.net/ma-new-york-city-man-charged-with-hacking-credit-card-trafficking-and-money-laundering-conspiracies/
• One down: Nathan Wyatt of thedarkoverlord agrees to plead guilty https://www.databreaches.net/one-down-nathan-wyatt-of-thedarkoverlord-agrees-to-plead-guilty/
• ATM Skimmer Gang Had Protection from Mexican Attorney General’s Office https://krebsonsecurity.com/2020/05/report-atm-skimmer-gang-had-protection-from-mexican-attorney-generals-office/
• Another Alleged FIN7 Cybercrime Gang Member Arrested https://www.bankinfosecurity.com/another-alleged-fin7-cybercrime-gang-member-arrested-a-14345
• Former IT Administrator Sentenced in Insider Threat Case https://www.bankinfosecurity.com/former-administrator-sentenced-in-insider-threat-case-a-14358
• Researchers ID Hacktivist Who Defaced Nearly 5,000 Websites https://www.darkreading.com/attacks-breaches/researchers-id-hacktivist-who-defaced-nearly-5000-websites-/d/d-id/1337942_Scam: $350 anti-5G USB stick is a cheap flash drive with a sticker attached https://www.zdnet.com/article/350-anti-5g-usb-stick-is-a-cheap-flash-drive-with-a-sticker-attached/
• Schneier calls same out as Snake-Oil https://www.schneier.com/blog/archives/2020/05/bogus_security_.html

Other Security / Risk

Articles covering other types of risks.

• COVID-19 Other risks and impact:

  • COVID-19 disinformation being spread by Russia & China https://www.cbc.ca/news/politics/covid-coronavirus-russia-china-1.5583961
  • Thermal Imaging as Security Theater https://www.schneier.com/blog/archives/2020/05/thermal_imaging.html
  • 14M+ people could go hungry in Latin America https://globalnews.ca/news/6995993/coronavirus-latin-america-poverty-un/
  • Ontario: Inspectors wouldn’t go into long-term care homes fearing for their safety https://globalnews.ca/news/7001445/inspectors-long-term-care-homes-ontario-coronavirus/
  • Coronavirus: 1,694 mental health patients discharged in 'error' https://www.bbc.co.uk/news/uk-wales-52827479
  • The pandemic is messing economic data production and making it hard to work out how badly it's hitting the global economy https://markets.businessinsider.com/news/stocks/imf-covid-19-is-skewing-economic-data-actual-impact-unclear-2020-5-1029262594
  • Goldman Sachs: Unemployment Could Remain High For Next 2 Years https://www.pymnts.com/economy/2020/goldman-sachs-unemployment-could-remain-high-for-next-2-years/
  • TD, CIBC report massive profit drops amid COVID-19 https://globalnews.ca/news/6998611/td-cibc-profit-drops-coronavirus/
  • Remote work could accelerate the tech industry's migration to Canada https://www.businessinsider.com/remote-work-could-accelerate-silicon-valleys-migration-to-canada-2020-5
  • Leaving hand sanitizer in hot vehicles a fire risk: Alberta doctors https://www.cbc.ca/news/canada/edmonton/leaving-hand-sanitizer-in-hot-vehicles-a-fire-risk-alberta-doctors-1.5581693
  • Another COVID monkey wrench into the future: Who Will Own the Cars That Drive Themselves? https://www.nytimes.com/2020/05/29/business/ownership-autonomous-cars-coronavirus.html
  • Nature sightings - Black bear seen roaming streets of Toronto suburb https://globalnews.ca/news/6987210/black-bear-markham-york-police/
  • A humpback whale is swimming in the St. Lawrence River in Montreal https://www.cbc.ca/news/canada/montreal/humpback-whale-st-lawrence-1.5591877
  • Will the Earth 'Remember' the Coronavirus Pandemic? https://www.scientificamerican.com/article/will-the-earth-remember-the-coronavirus-pandemic1/
• eBay and Citibank are running localhost port-scanning against their users PCs https://www.schneier.com/blog/archives/2020/05/websites_conduc.html, https://nullsweep.com/why-is-this-website-port-scanning-me/, https://www.theregister.co.uk/2020/05/26/ebay_port_scans_your_pc/
• Similar report of unauthoried scans of anyone visting a web page from 2018 https://www.theregister.co.uk/2018/08/07/halifax_bank_ports_scans/
• Facebook reportedly ignored its own research showing algorithms divided users https://www.theverge.com/2020/5/26/21270659/facebook-division-news-feed-algorithms_Britain Re-Evaluating Huawei's Role in 5G Rollout https://www.bankinfosecurity.com/britain-re-evaluating-huaweis-role-in-5g-rollout-a-14338
• Microsoft 'to replace journalists with robots' https://www.bbc.com/news/world-us-canada-52860247
• Boys let black widow bite them in hopes of becoming Spider-Man https://globalnews.ca/news/6991712/black-widow-bite-spider-man/
• Experts Warn Climate Change Is Already Killing Way More People Than We Record https://www.sciencealert.com/official-death-records-are-terrible-at-showing-how-many-people-are-dying-from-the-climate-crisis
• The Mysterious South Atlantic Anomaly Weakening Earth's Magnetic Field Seems to Be Splitting https://www.sciencealert.com/mysterious-anomaly-weakening-earth-s-magnetic-field-seems-to-be-splitting-into-two
• The Dinosaur-Killer Asteroid May Have Hit Earth at 'Deadliest Possible' Angle https://www.sciencealert.com/the-asteroid-that-killed-the-dinosaurs-could-have-hit-earth-at-deadliest-possible-angle_More AI wierdness - Rhyming is hard https://aiweirdness.com/post/619190785060028416/rhyming-is-hard

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• A Breakthrough Study Just Linked Gut Bacteria to Neurovascular Disease https://www.sciencealert.com/scientists-made-a-significant-discovery-linking-gut-bacteria-with-neurovascular-disease
• Cannonball Run records smashed during pandemic 4500km in 26 hours https://driving.ca/audi/auto-news/news/people-keep-breaking-new-illegal-cannonball-run-records-during-lockdown
• Electric Vehicle "Skateboard" Chassis https://driving.ca/chevrolet/column/how-it-works/how-it-works-electric-vehicle-skateboard-chassis
• Another "Miracle Sudoku" soved from 2 digits only https://www.youtube.com/watch?v=Tv-48b-KuxI and one from an empty grid https://www.youtube.com/watch?v=5O1W893jCjc
• Computer chess: how the ancient game revolutionised AI https://www.theguardian.com/plug-into-hybrid/2020/may/19/computer-chess-how-the-ancient-game-revolutionised-ai
• Failure to launch - Virgin Orbit Launch Attempt Ends Without Trip to Space https://www.nytimes.com/2020/05/25/science/virgin-orbit-launch-time.html
• SpaceX loses another Starship prototype in massive explosion https://www.theverge.com/2020/5/29/21274931/spacex-starship-prototype-rocket-explosion-static-fire-test
• How SpaceX Got to Launch NASA's Astronauts to Orbit https://www.nytimes.com/2020/05/26/science/spacex-launch-nasa.html
• NASA and SpaceX Make History with Successful Crew Dragon Launch! https://www.universetoday.com/146290/nasa-and-spacex-make-history-with-successful-crew-dragon-launch/
• SpaceX’s Crew Dragon successfully docks with the space station https://www.theverge.com/2020/5/31/21271269/spacex-docking-iss-crew-dragon-nasa-success
• Solving the space junk problem and the UK's search for smart solutions https://scienmag.com/solving-the-space-junk-problem/ and https://www.bbc.co.uk/news/science-environment-52795923
• Planet Nine Might Not Exist After All - seasonal observational bias and Neptune may be responsible https://www.sciencealert.com/astronomers-now-doubt-there-is-an-undiscovered-9th-planet-in-our-solar-system
• How Will we Receive Signals From Interstellar Probes, Like Starshot? https://www.universetoday.com/146166/how-will-we-receive-signals-from-interstellar-probes-like-starshot/
• The Inevitable Abyss: Each Year, We Lose Yet Another Section of The Universe https://www.sciencealert.com/the-inevitable-abyss-each-year-we-lose-yet-another-section-of-the-universe