This Week's [in]Security - Issue 167

Welcome to This Week’s [in]Security. Fallout from US Unrest. Covid-19: Spread & Curve. Lockdown, Reopening, & The New Normal. More of the Good, Bad, and Ugly. Magecart. Payment fraud and reserves. Key mismanagement. COVID related breaches. Contact tracing app problems. Facial recognition. Blaming users. Forensics survey. Fighting deepfakes. Lamphone eavesdropping attack. Lifespan of a Vulnerability. Bad GnuTLS bug. Intel side-channels. Magneto. IoT. Facebook Tails Exploit. Massive hacker for hire operation. Ransomware's hidden costs. Ransomware is fast. Root Certificate expiry will brick smart appliances. Zoom censorship. AI arms race simulations. And more.

Trending news and COVID-19 updates.

The COVID related articles here fit together. Other COVID articles will appear under our normal section headings like regulations, privacy, breaches, and other risks. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• Fallout from US Unrest:

  • Experts say not enough proof expensive body cameras will reduce police violence https://www.cbc.ca/news/canada/manitoba/body-cameras-police-violence-winnipeg-1.5605250
  • Police Reform Bill Bans Use of Facial Recognition on Body Cam Recordings Without Warrant https://epic.org/2020/06/police-reform-bill-bans-use-of.html
  • IBM exits facial recognition business, calls for police reform https://www.cbc.ca/news/technology/ibm-exits-facial-recognition-1.5604331
  • Microsoft Joins Ban on Sale of Facial Recognition Tech to Police https://threatpost.com/microsoft-joins-ban-on-sale-of-facial-recognition-tech-to-police/156521/
  • Seattle protesters take over city blocks to create police-free 'autonomous zone' https://www.theguardian.com/us-news/2020/jun/11/chaz-seattle-autonomous-zone-police-protest
  • U.S. police are ‘woefully undertrained’ in use of excessive force https://globalnews.ca/news/7058331/police-excessive-force-training-us/
  • Opinion: Minneapolis Had This Coming https://www.theatlantic.com/ideas/archive/2020/06/minneapolis-long-overdue-crisis/612826/
  • 70 coronavirus test sites were destroyed during protests https://www.businessinsider.com/george-floyd-protests-virus-test-sites-destroyed-infections-could-spike-2020-6
  • Statues of Confederate leaders torn down, beheaded in 2 Virginia cities https://globalnews.ca/news/7053196/virginia-confederate-statues-toppled/
  • How the Far-Right Boogaloo Movement Is Trying to Hijack Anti-Racist Protests for a Race War https://theintercept.com/2020/06/10/boogaloo-boys-george-floyd-protests/
  • Interesting approach - Cities and towns changing who their town is named after https://www.ctvnews.ca/canada/ontario-township-named-after-slave-owner-seeks-new-namesake-1.4983315

• The spread and the curve:

  • What if The Lockdown Never Happened? New Study Examines a Terrible Alternative https://www.sciencealert.com/scientists-estimate-lockdowns-stopped-at-least-60-million-infections-in-the-us
  • Scientists predicted the coronavirus death rate would fall, it doubled to 6% https://www.businessinsider.com/why-coronavirus-death-rate-nearly-doubled-since-march-2020-6
  • The world just reported its highest number of cases in a single day https://www.ctvnews.ca/health/coronavirus/world-reports-highest-number-of-covid-19-cases-in-a-single-day-who-says-1.4974843
  • The US just passed a terrible new milestone on June 14th - 117,466 deaths exceeding the number of people they lost in WW I https://en.wikipedia.org/wiki/World_War_I_casualties
  • A leaked CDC document put the US as the worst of 10 countries trying to fight major coronavirus outbreaks https://www.businessinsider.com/coronavirus-us-worst-fighting-outbreak-leaked-cdc-document-yahoo-2020-6
  • 100K more US deaths by September https://www.businessinsider.com/harvard-expert-predicts-coronavirus-deaths-in-us-by-september-2020-6
  • Mumbai overtakes Wuhan peak as India Covid cases spike https://www.bbc.co.uk/news/world-asia-india-52989452
  • Coronavirus has now killed more than 8,000 people in Canada https://globalnews.ca/news/7052645/coronavirus-has-killed-more-than-8000-people-in-canada/
  • New Zealand Declares COVID-19 'Eliminated' as Nation Hits Zero Active Cases https://www.sciencealert.com/new-zealand-has-hit-zero-active-covid-19-cases
  • A number of DC National Guard troops who responded to protests have tested positive for COVID-19 https://www.businessinsider.com/dc-national-guard-troops-positive-coronavirus-protests-2020-6
  • Satellite traffic images may suggest virus hit Wuhan earlier https://www.bbc.co.uk/news/world-us-canada-52975934
  • Fact-checking claims coronavirus might have started in August 2019 based on satellite data and searches https://www.bbc.co.uk/news/world-asia-china-53005768

• Lockdown, reopening, and The New Normal:

  • Fear of Public Transit Got Ahead of the Evidence https://www.theatlantic.com/ideas/archive/2020/06/fear-transit-bad-cities/612979/
  • UK single people can stay the night with loved ones https://www.bbc.co.uk/news/uk-52998806
  • Strict coronavirus measures could come back if US cases increase 'dramatically' https://www.businessinsider.com/cdc-strict-covid-19-measures-needed-cases-increase-dramatically-2020-6

• Treatments, Testing, Triage, and Trials, and things we learned:

  • Main coronavirus test produces ‘false negatives’ at least 20% of the time https://globalnews.ca/news/7045805/coronavirus-test-false-negative-study/
  • Scientists Predicted The COVID-19 Death Rate Would Fall, But It Doubled https://www.sciencealert.com/far-from-falling-like-scientists-predicted-coronavirus-death-rates-have-doubled
  • Why COVID-19 Makes People Lose Their Sense of Smell https://www.scientificamerican.com/article/why-covid-19-makes-people-lose-their-sense-of-smell/

• Guidance, Response and Recovery:

  • Good News and Bad News about COVID-19 Misinformation - people distrust all information https://blogs.scientificamerican.com/observations/good-news-and-bad-news-about-covid-19-misinformation/

• Behaviour - the good, the bad, and the ugly:

  • CRA reviewing 1,300 tips about possible CERB scammers https://globalnews.ca/news/7053486/cra-cerb-snitch-line-scammers/
  • The Facebook Groups Where People Pretend the Pandemic Isn’t Happening https://www.theatlantic.com/technology/archive/2020/06/facebook-groups-role-play-pandemic/612697/
  • COVID-19, Fake Science, And Conspiracy Theories https://scienmag.com/covid-19-fake-science-and-conspiracy-theories/

• Masks, anti-maskers, and distancing:

  • Widespread facemask use could shrink the ‘R’ number and prevent a second COVID-19 wave https://scienmag.com/widespread-facemask-use-could-shrink-the-r-number-and-prevent-a-second-covid-19-wave/
  • Toronto to make face masks mandatory on TTC https://globalnews.ca/news/7053691/coronavirus-toronto-face-masks-ttc/
  • 3M sues Amazon storefront that allegedly sold fake N95 masks for $23 apiece https://www.theverge.com/2020/6/9/21285364/amazon-marketplace-mask-price-gouging-n95-3m-ppe

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• What to Know About the Approved Scanning Vendor Program https://blog.pcisecuritystandards.org/what-to-know-about-the-approved-scanning-vendor-program
• Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets https://thehackernews.com/2020/06/magecart-skimmer-amazon.html
• The State of Payments Fraud in a Pandemic https://www.bankinfosecurity.com/interviews/state-payments-fraud-in-pandemic-i-4708
• Merchants Bracing for Higher Reserve Requirements From Acquirers https://www.digitaltransactions.net/merchants-bracing-for-higher-reserve-requirements-from-acquirers/
• Postbank (South Africa) to replace 12m bank cards after security breach prints master key in the clear https://www.databreaches.net/za-postbank-to-replace-12m-bank-cards-after-security-breach/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• COVID related breaches - unemployment, stimulus, apps:

  • Companies experiencing more insider data breaches after terminating employees who were working from home during pandemic https://www.databreaches.net/companies-experiencing-more-insider-data-breaches-after-terminating-employees-who-were-working-from-home-during-pandemic/
• Hackers breached A1 Telekom, Austria’s largest ISP https://www.databreaches.net/hackers-breached-a1-telekom-austrias-largest-isp/, https://www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/
• 12,000+ Indian blood donors’ PII and passwords leaked https://www.databreaches.net/12000-indian-blood-donors-pii-and-passwords-leaked/
• Flaw in UK property inventory website exposed thousands of users’ home contents https://www.databreaches.net/uk-flaw-in-property-inventory-website-exposed-thousands-of-users-home-contents/
• Council Demands Investigation Into NYPD Privacy Breach https://www.databreaches.net/ny-council-demands-investigation-into-nypd-privacy-breach/
• Lawsuit Filed Against Accounting Firm in Patient Data Hack https://www.bankinfosecurity.com/lawsuit-filed-against-accounting-firm-in-patient-data-hack-a-14423
• Minted hit with California data breach lawsuit after ShinyHunters hack https://www.databreaches.net/minted-hit-with-california-data-breach-lawsuit-after-shinyhunters-hack/
• Bulgarian jailed for stealing bank account data https://www.databreaches.net/bulgarian-jailed-for-stealing-bank-account-data/
• Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity https://krebsonsecurity.com/2020/06/florence-ala-hit-by-ransomware-12-days-after-being-alerted-by-krebsonsecurity/
• Keepnet kerfuffle: Firing legal threats at bloggers did infosec biz more damage than its exposed database https://www.theregister.com/2020/06/10/keepnet_data_breach_kerfuffle/, https://www.databreaches.net/months-later-keepnet-issues-a-statement-about-leak-discovered-by-researcher/
• (UPDATED) AL: Florence city computer systems hit by cyber attack https://www.databreaches.net/al-florence-city-computer-systems-hit-by-cyber-attack/
• Knoxville shuts down IT network following ransomware attack https://www.zdnet.com/article/knoxville-shuts-down-it-network-following-ransomware-attack/
• Snake Ransomware Delivers Double-Strike on Honda, Energy Co. https://threatpost.com/snake-ransomware-honda-energy/156462/
• Macy’s Settles Suit Over 2018 Data Breach for Up to $192K https://www.databreaches.net/macys-settles-suit-over-2018-data-breach-for-up-to-192k/

Privacy

Articles about privacy related news, risks, and trends.

• COVID-19 Contact tracing and surveillance:

  • Babylon Health app error allowed U.K. users to watch videos of other patients' private doctor visits https://www.cbc.ca/news/canada/calgary/babylon-health-app-1.5605570
  • Singapore to distribute wearable contact-tracing device and won't rule out making it compulsory https://www.theregister.com/2020/06/09/singapore_contact_tracing_wearable/
  • Singapore’s Contact Tracing Wearable Causes Privacy Backlash https://threatpost.com/singapore-contact-tracing-wearable-privacy/156397/
  • Researcher claims Pakistan Government’s #Covid19 tracing app leaks user’s private data https://www.databreaches.net/researcher-claims-pakistan-governments-covid19-tracing-app-leaks-users-private-data/
• Clearview AI facial recognition offers to delete some faces — but not in Canada https://www.cbc.ca/news/technology/clearview-ai-canadian-data-1.5605258
• Facial recognition website finds pictures of anyone from across the internet https://www.independent.co.uk/life-style/gadgets-and-tech/news/pimeyes-facial-recognition-app-track-people-a9560601.html
• Whatsapp blames users for QR code/URL phone number disclosure https://www.theregister.com/2020/06/12/whatsapp_google_search_results_blunder/
• The ACLU is suing Los Angeles over its controversial scooter tracking system https://www.theverge.com/2020/6/8/21284490/aclu-ladot-mds-lawsuit-scooter-tracking-uber
• CASL is Constitutional: Federal Court of Appeal Upholds Constitutionality of Canada’s Anti-Spam Law https://www.michaelgeist.ca/2020/06/casl-is-constitutional-federal-court-of-appeal-upholds-constitutionality-of-canadas-anti-spam-law/
• How To Stop Instagram From Tracking Everything You Do https://www.wired.co.uk/article/instagram-story-ads-privacy-delete
• Anonymous Camera is a new app that uses AI to quickly anonymize photos and videos https://www.theverge.com/2020/6/11/21280293/anonymize-blur-faces-photos-videos-camera-app-ios

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• Congress wants to know what commercial spyware other countries are using https://www.zdnet.com/article/congress-wants-to-know-what-commercial-spyware-other-countries-are-using/
• Senate Report: Chinese Telecoms Operated Without Oversight https://www.bankinfosecurity.com/senate-report-chinese-telecoms-operated-without-oversight-a-14409
• Medical Device Repair Again Threatened With Copyright Claims https://www.eff.org/deeplinks/2020/06/medical-device-repair-again-threatened-copyright-claims
• Germany Seeks EU Sanctions for 2015 Cyberattack on Its Parliament https://www.databreaches.net/germany-seeks-eu-sanctions-for-2015-cyberattack-on-its-parliament/
• Amazon will reportedly face formal EU antitrust charges over its treatment of third-party sellers https://www.businessinsider.com/eu-to-file-antitrust-complaint-against-amazon-over-treatment-of-third-party-sellers-wsj-2020-6
• NIST Call for Comments on the four-volume set of Digital Identity documents, (SP) 800-63-3 Digital Identity Guidelines, SP 800-63A Enrollment and Identity Proofing, SP 800-63B Authentication and Lifecycle Management, and SP 800-63C Federation and Assertions https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
• Facebook Sues 12 Fraudulent Domain Names https://www.securityweek.com/facebook-sues-12-fraudulent-domain-names
• Google countersues Sonos for patent infringement https://www.theverge.com/2020/6/11/21288161/google-countersues-sonos-patents-infringement
• Twitch streamers are getting blindsided by years-old copyright notices https://www.theverge.com/21284287/twitch-dmca-copyright-takedowns-clips-controversy-broken-system

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• NIST surveying forensics techniques https://www.nist.gov/news-events/news/2020/06/nist-digital-forensics-experts-show-us-what-you-got
• IoT Privacy and Security: Will Product Labels Help Buyers? https://www.bankinfosecurity.com/iot-privacy-security-could-label-help-buyers-a-14404
• NIST/NIC WEbinar The Challenge of That First Job in Cybersecurity - Entry Level Roles and How to Qualify (June 17) registration https://www.nist.gov/news-events/events/2020/06/nice-webinar-challenge-first-job-cybersecurity-entry-level-roles-and-how
• Comparing the difficulty of factorization and discrete logarithm: a 240-digit experiment https://eprint.iacr.org/2020/697
• Android 11 Will Help You Rein In Zombie App Permissions https://www.wired.com/story/android-11-security-permissions-updates/
• Why Third-Party Security Adoption Must Get Better https://thenewstack.io/why-third-party-security-adoption-must-get-better/
• Running dodgy programs safely with Windows Sandbox https://scotthelme.co.uk/running-dodgy-programs-safely-with-windows-sandbox/
• Facebook contest reveals deepfake detection is still an ‘unsolved problem’ https://www.theverge.com/21289164/facebook-deepfake-detection-challenge-unsolved-problem-ai

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html
• What Is the Lifespan of a Vulnerability? https://www.tenable.com/blog/what-is-the-lifespan-of-a-vulnerability
• GnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin https://www.theregister.com/2020/06/10/gnutls_patches_security_hole/
• Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks https://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html
• Another Intel Speculative Execution Vulnerability https://www.schneier.com/blog/archives/2020/06/another_intel_s.html
• Microsoft Patch Tuesday, June 2020 Edition https://krebsonsecurity.com/2020/06/microsoft-patch-tuesday-june-2020-edition/
• Windows 10 2004: Microsoft warns of a new bug that makes connected displays go black https://www.zdnet.com/article/windows-10-2004-microsoft-warns-of-a-new-bug-that-makes-connected-displays-go-black/
• Lenovo Laptops Hit By Serious Windows 10 Update Bugs https://www.forbes.com/sites/barrycollins/2020/06/09/lenovo-laptops-hit-by-serious-windows-10-upgrade-bugs/
• 'SMBleed' Vulnerability Impacts Windows SMB Protocol https://www.securityweek.com/smbleed-vulnerability-impacts-windows-smb-protocol
• Mastercard: Magneto 1 security bulletin https://globalrisk.mastercard.com/wp-content/uploads/2020/06/Security-Bulletin-Magento-1.pdf
• IoT UPNP bug DDoS - CallStranger vulnerability lets attacks bypass security systems and scan LANs https://www.zdnet.com/article/callstranger-vulnerability-lets-attacks-bypass-security-systems-and-scan-lans/
• Facebook Helped Develop a Tails Exploit https://www.schneier.com/blog/archives/2020/06/facebook_helped.html
• An example of host normalization attacks - bypassing Youtube ads https://www.theverge.com/2020/6/11/21288291/youtube-remove-ads-add-extra-period-url
• Critical Vulnerabilities Expose Siemens LOGO! Controllers to Attacks https://www.securityweek.com/critical-vulnerabilities-expose-siemens-logo-controllers-attacks
• Nearly 1,000 Vulnerabilities Found in Popular Open Source Projects in 2019 https://www.securityweek.com/nearly-1000-vulnerabilities-found-popular-open-source-projects-2019
• 5G GPRS tunneling Protocol (GTP) security issues https://www.theregister.com/2020/06/10/5g_gtp_flaws/
• Anti-Debugging JavaScript Techniques https://isc.sans.edu/diary.html?storyid=26228
• U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor https://www.securityweek.com/us-officials-ask-juniper-networks-about-investigation-2015-backdoor
• Nintendo says a total of 300,000 accounts have been hacked https://www.ctvnews.ca/mobile/sci-tech/nintendo-says-a-total-of-300-000-accounts-have-been-hacked-1.4976749

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• Dark Basin: Uncovering a Massive Hack-For-Hire Operation https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/, https://threatpost.com/dark-basin-hack-hire-group/156407/
• Encryption Utility Firm Accused of Bundling Malware Functions in Product https://threatpost.com/legitimate-italian-guloader-obfuscator/156443/
• Restructuring of IT infrastructure to take ‘several months’ after ransomware attack, says eHealth Saskatchewan
• It took just three days to find a fake industrial network and fill it with malware https://www.zdnet.com/article/ransomware-hackers-took-just-three-days-to-find-this-fake-industrial-network-and-fill-it-with-malware/
• Thanos Ransomware First to Weaponize RIPlace Tactic https://threatpost.com/thanos-ransomware-weaponize-riplace-tactic/156438/
• Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code https://www.riskiq.com/blog/labs/misconfigured-s3-buckets/
• Machine-learning clusters in Azure hijacked to mine cryptocurrency https://arstechnica.com/information-technology/2020/06/machine-learning-clusters-in-azure-hijacked-to-mine-cryptocurrency/
• US Energy Utilities Targeted by FlowCloud Malware https://www.bankinfosecurity.com/us-energy-utilities-targeted-by-flowcloud-malware-report-a-14405
• Health Sector Most Targeted by Hackers, Breach Costs Rise to $17.76B https://www.databreaches.net/health-sector-most-targeted-by-hackers-breach-costs-rise-to-17-76b/
• Phishing Attack Hits German Coronavirus Task Force https://www.databreaches.net/phishing-attack-hits-german-coronavirus-task-force/
• Conviction for teen ‘swatter’ stands despite length of case, court rules https://globalnews.ca/news/7045088/ottawa-ontario-swatting-case-stands/
• FBI Expects Increased Targeting of Mobile Banking Applications https://www.securityweek.com/fbi-expects-increased-targeting-mobile-banking-applications
• Crypto exchange Quadriga was a fraud and founder was running Ponzi scheme, OSC report finds https://www.cbc.ca/news/business/osc-quadriga-gerald-cotten-1.5607990

Other Security / Risk

Articles covering other types of risks.

• COVID-19 Other risks and impact:

  • Resumption of surgeries draining Canada’s blood supply amid coronavirus https://globalnews.ca/news/7041172/coronavirus-canada-blood-services-supply/
  • Pandemic pushes US into official recession https://www.bbc.co.uk/news/business-52972901
  • Dow plunges 800 points on Fed economic warning and fear of a 2nd wave https://markets.businessinsider.com/news/stocks/stock-market-news-today-index-reaction-fed-economy-warning-coronavirus-2020-6-1029300965
  • More than 2,100 store closings are announced in a single week, delivering a crushing blow to malls https://www.businessinsider.com/retail-store-closings-mount-in-blow-to-shopping-malls-2020-6
  • These retailers are closing Canadian locations in 2020 https://www.ctvnews.ca/mobile/canada/these-retailers-are-closing-canadian-locations-in-2020-1.4983766
  • Fed Expects 6.5 Pct Drop In GDP This Year https://www.pymnts.com/economy/2020/fed-expects-6-percent-drop-gdp-this-year/
  • What Big Tech Wants Out of the Pandemic https://www.theatlantic.com/magazine/archive/2020/07/big-tech-pandemic-power-grab/612238/
• An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher https://www.theregister.com/2020/06/10/iot_trouble_root_certificates_expire/, https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
• Smart fridges are cool, but after a few short years you could be stuck with a big frosty brick in the kitchen https://www.theregister.com/2020/06/08/smart_fridges_support_periods/
• Availability Attacks against Neural Networks https://www.schneier.com/blog/archives/2020/06/availability_at.html
• Zoom suspends account of US-based Chinese activists after Tiananmen meeting https://www.bbc.com/news/world-asia-53003688
• Democracy Live internet voting: unsurprisingly insecure, and surprisingly insecure https://freedom-to-tinker.com/2020/06/08/democracy-live-internet-voting-unsurprisingly-insecure-and-surprisingly-insecure/
• Animals evolved 'extreme weapons' through duels, scientists say after forcing artificial intelligence to fight each other https://www.independent.co.uk/life-style/gadgets-and-tech/news/artificial-intelligence-weapons-evolution-duels-ai-war-a9557591.html
• Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda https://www.zdnet.com/article/twitter-bans-32k-accounts-pushing-chinese-russian-and-turkish-propaganda/
• Famed U-2 Spy Plane Takes on a New Surveillance Mission https://www.scientificamerican.com/article/famed-u-2-spy-plane-takes-on-a-new-surveillance-mission/
• US calorie counts on menu law will save many thousands of lives and over $10B https://www.businessinsider.com/menu-calorie-counts-save-lives-10-billion-dollars-2020-6
• Canadian scientist sent deadly viruses (Non-COVID) to Wuhan lab months before RCMP asked to investigate https://www.cbc.ca/news/canada/manitoba/canadian-scientist-sent-deadly-viruses-to-wuhan-lab-months-before-rcmp-asked-to-investigate-1.5609582
• (Really?) New bill introduced that would stop a president from using nuclear bombs on a hurricane https://www.businessinsider.com/new-introduced-bill-would-stop-president-from-nuking-a-hurricane-2020-6

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• First US Woman to Walk in Space Is Now Also The First to Reach Ocean's Deepest Point https://www.sciencealert.com/an-astronaut-just-became-the-first-woman-to-reach-the-deepest-ocean-point-on-earth
• Scientists Say They've Figured Out How to Get Usable Energy From Plants https://www.sciencealert.com/scientists-harness-plants-to-produce-energy-in-the-form-of-hydrogen
• Physicists Think They've Figured Out a Way to Save Schrödinger's Cat https://www.sciencealert.com/physicists-think-they-ve-figured-out-a-way-to-save-schroedinger-s-cat
• Astronomers Discover Star And Planet Strikingly Similar to The Sun And Earth https://www.sciencealert.com/astronomers-have-discovered-a-star-and-planet-that-are-strikingly-similar-to-the-sun-and-earth
• A 2nd Planet has been Confirmed for Proxima Centauri https://www.universetoday.com/146493/a-2nd-planet-has-been-confirmed-for-proxima-centauri/
• Mysterious Radio Burst Coming From Deep Space Repeats in a Cycle Every 157 Days https://www.sciencealert.com/a-second-fast-radio-burst-has-been-caught-repeating-on-a-cycle
• Less than a million years ago, a supernova exploded just 600 light years away! https://www.syfy.com/syfywire/less-than-a-million-years-ago-a-supernova-exploded-just-600-light-years-away