This Week's [in]Security - Issue 169

Welcome to This Week’s [in]Security. Fallout from US Unrest. Covid-19: Spread & Curve. Lockdown, Reopening, & The New Normal. More of the Good, Bad, and Ugly. PCI SPOC v1.1. POS ransomware. Smile and say Magecart. e-Skimmers and IFRAMES. Breaches: BlueLeaks, Twitter, e-learning, Brazil, Preen.me, Contact tracing app problems. Tim's Privacy Violation. New nosier Edge. Tech Fines. More crypto-wars. Taxing Links? One year certificates. Crims lock in with MFA. Insecurity included. PDF Safety. Banking backdoor. All your base printer are belong to us? Denial. AI is gullible, biased, misunderstood, and misapplied. Unintended Cyber-consequences. And more.

Trending news and COVID-19 updates.

The COVID related articles here fit together. Other COVID articles will appear under our normal section headings like regulations, privacy, breaches, and other risks. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• Fallout from US Unrest:

  • Mississippi’s flag has a Confederate emblem. Now Baptists want it gone and Walmart won’t display it. https://www.washingtonpost.com/nation/2020/06/24/mississippi-flag-walmart-baptists/
  • Mississippi votes to remove Confederate emblem from state flag https://globalnews.ca/news/7119292/mississippi-confederate-emblem-flag/
  • Future of Seattle’s protest zone uncertain as police promise to return after shootings https://www.washingtonpost.com/nation/2020/06/23/seattle-chop-future-police/ and https://www.bbc.co.uk/news/world-us-canada-53146258
  • What 'Less Lethal' Weapons Actually Do https://www.scientificamerican.com/article/what-less-lethal-weapons-actually-do/
  • Winnipeg to form community group to look into historical street, monument naming https://globalnews.ca/news/7096939/winnipeg-group-historical-street-monument-naming/
  • How teargas became the go-to weapon for US police https://www.bbc.co.uk/news/av/world-us-canada-53195127/how-teargas-became-the-go-to-weapon-for-us-police
  • Do Protests Even Work? https://www.theatlantic.com/technology/archive/2020/06/why-protests-work/613420/
  • Ad Boycott of Facebook Keeps Growing https://www.nytimes.com/2020/06/23/business/media/facebook-ad-boycott.html
  • Facebook policy changes fail to quell advertiser revolt as Coca-Cola pulls ads https://www.theguardian.com/technology/2020/jun/26/facebook-policies-hate-speech-advertisers-unilever
  • Katie Hopkins permanently suspended from Twitter https://www.bbc.co.uk/news/technology-53111295
  • Stop Firing the Innocent https://www.theatlantic.com/ideas/archive/2020/06/stop-firing-innocent/613615/

• The spread and the curve:

  • Canada records six new coronavirus deaths, lowest daily increase since March 29 https://globalnews.ca/news/7094463/coronavirus-canada-update-june-22/
  • How Delhi 'wasted' lockdown to become India's biggest hotspot https://www.bbc.com/news/world-asia-india-53190500
  • For 3rd day in a row, U.S. coronavirus cases surge by more than 40,000 https://globalnews.ca/news/7118782/us-coronavirus-cases-surge/ and https://www.sciencealert.com/surging-us-case-numbers-threaten-to-erase-months-of-progress-against-coronavirus
  • Here's Why The United States Is Still So Far From Containing The Pandemic https://www.sciencealert.com/the-us-s-failed-coronavirus-response-continues-to-snowball
  • The US Death Rate From The Coronavirus Is 49 Times Higher Than The Flu https://www.sciencealert.com/the-us-death-rate-for-covid-19-is-50-times-higher-than-the-flu
  • Canada reports 279 new coronavirus cases, 30 more deaths https://globalnews.ca/news/7104737/coronavirus-canada-update-june-24/
  • Ontario reports 216 new coronavirus cases, 1st death of person 19 or younger https://globalnews.ca/news/7096073/ontario-coronavirus-cases-june-23-covid-19/
  • Hundreds of ‘excess deaths’ in Alberta amid COVID-19 pandemic https://globalnews.ca/news/7095141/excess-deaths-alberta-covid-19/

• Lockdown, reopening, and The New Normal:

  • Texas was one of the first states to reopen. Now it's seeing record numbers of the coronavirus and its Republican governor is urging people to stay home. https://www.businessinsider.com/texas-record-coronavirus-cases-governor-tells-people-to-stay-home-2020-6
  • Welcome to the whack-a-mole stage of coronavirus https://edition.cnn.com/2020/06/24/europe/coronavirus-germany-outbreaks-intl-grm/index.html
  • Australia, once nearly free of coronavirus, reports worst case surge in 2 months https://globalnews.ca/news/7105927/australia-coronavirus-new-cases/

• Treatments, Testing, Triage, and Trials, and things we learned:

  • Ontario researchers seek 50,000 participants to study impact of COVID-19 on the brain https://globalnews.ca/news/7097807/western-sunnybrook-toronto-coronavirus-brain-study/
  • Human trial of new vaccine begins in UK https://www.bbc.co.uk/news/health-53061288
  • Cancer drug cures COVID-19 patient with acute respiratory distress https://scienmag.com/cancer-drug-cures-covid-19-patient-with-acute-respiratory-distress/
  • Doctors Warn COVID-19 May Trigger Diabetes in Otherwise Healthy People https://www.sciencealert.com/covid-19-might-be-triggering-diabetes-in-healthy-people
  • Many Canadians dealing with mental health issues due to coronavirus https://globalnews.ca/news/7092929/coronavirus-mental-health-canada/
  • At height of COVID-19, nurses and doctors reported high levels of distress https://scienmag.com/at-height-of-covid-19-nurses-and-doctors-reported-high-levels-of-distress/
  • U of O scientist seeking edible vaccine https://www.cbc.ca/news/canada/ottawa/covid-19-research-edible-vaccine-plants-tomato-lettuce-mucosal-immunity-1.5626484

• Guidance, Response and Recovery:

  • COVID-19 Risks of Flying May Not be What We Thought https://www.schneier.com/blog/archives/2020/06/covid_risks_of_.html
  • U.S. governors who quickly lifted coronavirus restrictions backpedal as cases spike https://globalnews.ca/news/7111064/coronavirus-spike-u-s-governors/
  • The EU plans to ban US travelers indefinitely after haphazard COVID-19 response https://www.theverge.com/2020/6/23/21300747/european-union-eu-ban-us-travel-coronavirus-reopening-borders-draft-list
  • Ireland will quarantine British travellers because of the UK's 'significantly poorer' response to the coronavirus https://www.businessinsider.com/ireland-quarantine-british-uk-travellers-air-bridge-prevent-coronavirus-spread-2020-6
  • New strategy for Canada’s National Emergency Stockpile System https://scienmag.com/new-strategy-for-canadas-national-emergency-stockpile-system/
  • WestJet will end physical distancing on flights starting July 1 https://globalnews.ca/news/7113341/westjet-ends-social-distancing/
  • Coronavirus reveals difference in U.S., Canadian health care https://globalnews.ca/news/7107456/coronavirus-difference-us-canadian-health-care/

• Behaviour - the good, the bad, and the ugly:

  • Illegal lockdown parties hosted in online rentals https://www.bbc.co.uk/news/technology-53171583
  • American citizens fined $1,200 under the Alberta Health Act by RCMP https://calgary.ctvnews.ca/rcmp-issued-7-tickets-to-americans-found-in-banff-alta-over-the-past-week-1.4993704
  • Nurses Allege Hospital Falsified COVID-19 Negative Tests https://www.databreachtoday.com/nurses-allege-hospital-falsified-covid-19-testing-a-14500
  • ‘Don’t be a sheep’: Sheriffs rebel against new statewide mask requirements https://www.washingtonpost.com/nation/2020/06/26/sheriffs-mask-covid/
  • At least 17 students test positive for coronavirus following 90-person trip to Myrtle Beach https://globalnews.ca/news/7101708/coronavirus-myrtle-beach-trip/

• Masks, anti-maskers, and distancing:

  • Bug zapper? - Electrified Fabric Could Zap the Coronavirus on Masks and Clothing https://www.scientificamerican.com/article/electrified-fabric-could-zap-the-coronavirus-on-masks-and-clothing/
  • A second COVID-19 wave could be avoided if social distancing and the use of face masks are maintained https://scienmag.com/a-second-covid-19-wave-could-be-avoided-if-social-distancing-and-the-use-of-face-masks-are-maintained/
  • 'Deadly masks' claims debunked https://www.bbc.co.uk/news/53108405
  • Via Rail says face masks are mandatory for passengers as of June 23 https://globalnews.ca/news/7087168/via-rail-face-masks/
  • More than half of Canadians want to keep 2-metre distancing rule https://globalnews.ca/news/7095944/coronavirus-canadians-two-metre-distancing/
  • Cineplex not requiring guests to wear masks when theatres reopen https://globalnews.ca/news/7085969/cineplex-masks-coronavirus-reopen/
  • The Dudes Who Won’t Wear Masks https://www.theatlantic.com/ideas/archive/2020/06/dudes-who-wont-wear-masks/613375/
  • The Oklahoma Supreme Court unanimously rejected requiring masks at Trump's Tulsa rally https://www.businessinsider.com/oklahoma-supreme-court-supports-trump-rally-tulsa-without-masks-distancing-2020-6
  • 'They want to throw God's wonderful breathing system out' https://www.bbc.co.uk/news/av/world-us-canada-53174415/they-want-to-throw-god-s-wonderful-breathing-system-out
  • No, Your Coronavirus Face Mask Does Not Limit Your Oxygen Intake https://www.mentalfloss.com/article/626036/your-coronavirus-face-mask-does-not-limit-oxygen-intake

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI Updates SPoC (Software-based PIN on COTS) standard with v1.1

  • What’s New https://blog.pcisecuritystandards.org/whats-new-in-pci-spoc-security-standard-version-1-1
  • Summary of changes document https://www.pcisecuritystandards.org/documents/SPoC-v1.1_Summary_Of_Changes.pdf
  • Program Guide https://www.pcisecuritystandards.org/documents/SPoC_Program_Guide_v1.2_June_2020.pdf
  • Security Requirements https://www.pcisecuritystandards.org/documents/SPoC_SecurityRequirements-v1.1.pdf
  • Testing Requirements https://www.pcisecuritystandards.org/documents/SPoC_TestRequirements-v1.1.pdf
  • Annex for Magnetic Strip Readers https://www.pcisecuritystandards.org/documents/SPoC_MSR_Annex-v1.1.pdf
  • Technical (mandatory) FAQ document https://www.pcisecuritystandards.org/documents/SPoC_Technical_FAQs_v1.5.pdf
  • Attestation https://www.pcisecuritystandards.org/documents/SPoC_Solution_AOV_v1.2_June_2020.docx
• Sodinokibi Ransomware Now Scans Networks For PoS Systems https://threatpost.com/sodinokibi-ransomware-now-scans-networks-for-pos-systems/156855/

• Crooks abuse Google Analytics to conceal theft of payment card data https://arstechnica.com/information-technology/2020/06/google-analytics-trick-allows-crooks-to-hide-card-skimming/

  • 8 U.S. City Websites Targeted in Magecart Attacks https://www.databreaches.net/8-u-s-city-websites-targeted-in-magecart-attacks/ and https://threatpost.com/8-city-gov-websites-magecart/156954/
  • Credit card skimmers are now being buried in image file metadata on e-commerce websites https://www.zdnet.com/article/your-credit-card-information-is-now-being-stolen-through-image-files/

• Some articles from earlier this year on Magecart and advances in attacks against IFRAME based payment pages:

  • (Something needs to change) The Fall of iframes and the Evolution of Client-Side Security https://sourcedefense.com/resources/blog/the-fall-of-iframes-and-the-evolution-of-client-side-security/
  • The Simple Yet Dangerous Impact of Formjacking https://sourcedefense.com/resources/blog/the-simple-yet-dangerous-impact-of-formjacking/
• Square Is Withholding Money Merchants Say They Need https://www.nytimes.com/2020/06/23/technology/square-jack-dorsey-pandemic-withholding.html
• Feeling Heat, Square Explains Its New Reserve Policy https://www.digitaltransactions.net/feeling-heat-square-explains-its-new-reserve-policy/
• Wirecard’s Former CEO Markus Braun Arrested https://www.pymnts.com/news/security-and-risk/2020/wirecards-former-ceo-markus-braun-arrested/
• Wirecard Files For Insolvency, Seeks Court Protection https://www.pymnts.com/news/2020/wirecard-files-for-insolvency-seeks-court-protection/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• BlueLeaks: Data from 200 US police departments & fusion centers published online https://www.zdnet.com/article/blueleaks-data-from-200-us-police-departments-fusion-centers-published-online/
• Twitter Apologizes To Clients For Business Data Breach https://www.pymnts.com/safety-and-security/2020/twitter-apologizes-to-clients-for-business-data-breach/
• e-Learning Data Breach Exposes 1M College Students’ Data https://www.databreaches.net/report-e-learning-data-breach-exposes-1-million-college-students-data/
• Brazilian federal police investigates presidential data leak https://www.databreaches.net/brazilian-federal-police-investigates-presidential-data-leak/
• Preen.Me Personal Data of 350,000+ Social Media Influencers and Users Compromised https://www.databreaches.net/personal-data-of-350000-social-media-influencers-and-users-compromised-following-preen-me-hack/
• N.S. government reveals May privacy breach involved 10,599 unredacted decisions https://www.databreaches.net/n-s-government-reveals-may-privacy-breach-involved-10599-unredacted-decisions/
• Choice Health - If you needed yet one more example of the risks of PHI in employee email accounts https://www.databreaches.net/if-you-needed-yet-one-more-example-of-the-risks-of-phi-in-employee-email-accounts/
• Data breach at Mid-Michigan College endangers personal data of up to 16,000 https://www.databreaches.net/data-breach-at-mid-michigan-college-endangers-personal-data-of-up-to-16000/
• Why weren’t patients told that their data was dumped publicly? https://www.databreaches.net/why-werent-patients-told-that-their-data-was-dumped-publicly/
• Hackers breach E27, want “donation” to reveal vulnerabilities https://www.databreaches.net/hackers-breach-e27-want-donation-to-reveal-vulnerabilities/
• Philippines - Unauthorized disclosure of COVID-19 patients’ identities continues https://www.databreaches.net/ph-unauthorized-disclosure-of-covid-19-patients-identities-continues/
• Data breach exposes information, activities of Maine Information and Analysis Center https://www.databreaches.net/data-breach-exposes-information-activities-of-maine-information-and-analysis-center/
• Average Cost of a Data Breach: $116M https://www.darkreading.com/vulnerabilities---threats/average-cost-of-a-data-breach-$116m/a/d-id/1338121

• Follow-ups:

  • Twitter terminates DDoSecrets, falsely claims it may infect visitors https://arstechnica.com/tech-policy/2020/06/twitter-terminates-ddosecrets-and-falsely-claims-it-may-infect-visitors/
  • Quidd - 3,805,863 breached accounts (2019) on HIBP https://haveibeenpwned.com/PwnedWebsites#Quidd
  • eHealth must do ‘much’ more to prevent security breaches: Saskatchewan auditor https://globalnews.ca/news/7097739/saskatchewan-auditor-eheath-security/
  • LifeLabs failed to protect the personal health information of millions of Canadians- Privacy Commissioners https://www.databreaches.net/lifelabs-failed-to-protect-the-personal-health-information-of-millions-of-canadians-privacy-commissioners/
• Maze ransomware gang threatens to publish sensitive stolen data after US aerospace biz sensibly refuses to pay https://go.theregister.com/feed/www.theregister.com/2020/06/24/maze_ransomware_gang_vt_aerospace_rant/
• New ransomware masquerades as COVID-19 contact-tracing app on your Android device https://www.zdnet.com/article/new-crycryptor-ransomware-masquerades-as-covid-19-contact-tracing-app-on-your-device/
• New WastedLocker ransomware demands payments of millions of USD https://www.zdnet.com/article/new-wastedlocker-ransomware-demands-payments-of-millions-of-usd/
• Australia's Lion brewery hit by second cyber attack as nation staggers under suspected Chinese digital assault https://www.theregister.com/2020/06/19/lion_brewery_second_cyber_attack_australia/

Privacy

Articles about privacy related news, risks, and trends.

• COVID-19 Contact tracing and surveillance:

  • Many Indian citizens believe their government is trying to steal and sell their data. https://www.cnn.com/2020/06/21/tech/india-privacy-app-hnk-intl/index.html
  • Ireland set to launch contact-trace app https://www.bbc.co.uk/news/technology-53137816
  • Boston City Council Votes to Ban Facial Recognition https://epic.org/2020/06/boston-city-council-votes-to-b.html
• New Google Accounts Will Delete Your Data by Default—in 18 Months https://www.wired.com/story/google-auto-delete-data/
• Is Twopcharts safe? Concerns raised over privacy of site showing Twitter social circle https://www.independent.co.uk/life-style/gadgets-and-tech/news/twopcharts-safe-twitter-social-circle-privacy-data-interaction-a9582751.html
• Privacy watchdogs taking a look at Tim Hortons app’s location tracking technology https://business.financialpost.com/technology/privacy-watchdogs-taking-a-look-at-tim-hortons-apps-location-tracking-technology
• Microsoft Edge is stealing Chrome users' data? I asked Microsoft if it's true https://www.zdnet.com/article/microsoft-edge-is-stealing-chrome-users-data-i-asked-microsoft-if-its-true/

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• Facebook Loses Antitrust Decision in Germany Over Data Collection https://www.nytimes.com/2020/06/23/technology/facebook-antitrust-germany.html
• Google Loses Appeal Against 50-Mn-Euro French Fine https://www.securityweek.com/google-loses-appeal-against-50-mn-euro-french-fine
• Lawful Access to Encrypted Data Act Weakens Encryption, Undermines Public Safety https://epic.org/2020/06/lawful-access-to-encrypted-dat.html
• The Senate’s New Anti-Encryption Bill Is Even Worse Than EARN IT, and That’s Saying Something https://www.eff.org/deeplinks/2020/06/senates-new-anti-encryption-bill-even-worse-earn-it-and-thats-saying-something
• The PACT Act would force platforms to disclose shadowbans and demonetizations https://www.theverge.com/2020/6/24/21302170/facebook-google-brian-schatz-john-thune-section-230-content-moderation
• Citing NY’s SHIELD Act, NYSBA Approves Cybersecurity CLE Requirement for All Attorneys https://www.databreaches.net/citing-nys-shield-act-nysba-approves-cybersecurity-cle-requirement-for-all-attorneys/
• Pay to Link?: Canadian Heritage Minister Guilbeault Backs Bringing the Link Tax to Canada https://www.michaelgeist.ca/2020/06/pay-to-link-canadian-heritage-minister-guilbeault-backs-bringing-the-link-tax-to-canada/
• The US government fired the entire leadership team of the Open Technology Fund https://www.theverge.com/2020/6/23/21300424/open-technology-fund-usagm-circumvention-tools-china-censorship-michael-pack
• Alberta government introduces bill to stop sex offenders from legally changing their name https://globalnews.ca/news/7105130/alberta-legislature-bill-sex-offender-names-change-ucp/
• iKeepSafe Announces Change to a Virtual Format for 2020 NICE K12 Cybersecurity Education Conference https://www.k12cybersecurityconference.org/
• Can your employer really cut your pay for working from home? https://globalnews.ca/news/7093108/pay-cut-work-from-home/
• Apple strong-arms entire CA industry into one-year certificate lifespans https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Certificates: Cross-Signing and Alternate Trust Paths; How They Work https://scotthelme.co.uk/cross-signing-alternate-trust-paths-how-they-work/
• Who's watching the watchers (or how's your monitoring) https://www.linkedin.com/pulse/whos-watching-watcher-jason-bar
• Analyzing IoT Security Best Practices https://www.schneier.com/blog/archives/2020/06/analyzing_iot_s.html
• Microsoft is adding Linux, Android, and firmware protections to Windows https://arstechnica.com/information-technology/2020/06/microsoft-is-adding-linux-android-and-firmware-protections-to-windows/ and https://www.theverge.com/2020/6/23/21300596/microsoft-defender-android-atp-download-app-preview-features
• Microsoft Releases Windows File Recovery Tool https://www.thurrott.com/windows/windows-10/237109/microsoft-releases-windows-file-recovery-tool
• Risky Business #589 -- Why Microsoft's steep E5 license pricing is a national security risk https://risky.biz/RB589
• None shall pass: Yet another layer to protect hapless users, employers from dodgy docs added to Microsoft 365 https://go.theregister.com/feed/www.theregister.com/2020/06/23/microsoft_safe_documents/
• Google is on a mission to stop you from reusing passwords https://www.theverge.com/2020/6/23/21299007/google-password-checkup-security
• Turn on MFA Before Crooks Do It For You https://krebsonsecurity.com/2020/06/turn-on-mfa-before-crooks-do-it-for-you/
• Micro-Segmentation for Endpoints Shows Promising Defense Against Lateral Movement https://www.securityweek.com/micro-segmentation-endpoints-stops-lateral-movement-after-initial-compromise

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• When one open-source package riddled with vulns pulls in dozens of others, what's a dev to do? https://www.theregister.com/2020/06/26/open_source_security_snyk_survey/
• Safely opening PDFs received by e-mail (or fax?!) - use your browser! https://freedom-to-tinker.com/2020/06/24/safely-opening-pdfs-received-by-e-mail-or-fax/
• Chinese bank requires foreign firm to install app with covert backdoor dubbed GoldenSpy https://arstechnica.com/information-technology/2020/06/chinese-bank-requires-foreign-firm-to-install-app-with-covert-backdoor/
• Windows 10 critical process failure: Microsoft admits June updates are triggering reboots https://www.zdnet.com/article/windows-10-critical-process-failure-microsoft-admits-june-updates-are-triggering-reboots/
• Warning Issued For Millions Of User of Outlook and Gmail Users https://www.forbes.com/sites/gordonkelly/2020/06/27/google-gmail-serious-problem-deleted-emails-spam/
• 80,000 printers are exposing their IPP port online https://www.databreaches.net/80000-printers-are-exposing-their-ipp-port-online/
• Privacy-Focused OS Wants To Know How Facebook And The FBI Hacked It https://www.vice.com/en_us/article/dyz3jy/privacy-focused-os-tails-wants-to-know-how-facebook-and-the-fbi-hacked-it
• What did it take for stubborn IBM to fix flaws in its Data Risk Manager security software? Someone dropping zero-days https://www.theregister.com/2020/06/23/ibm_data_risk_manager/
• Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html
• Docker Images Containing Cryptojacking Malware Distributed via Docker Hub https://thehackernews.com/2020/06/cryptocurrency-docker-image.html
• Firmware Flaw Allows Attackers to Evade Security on Some Home Routers https://www.darkreading.com/vulnerabilities---threats/firmware-flaw-allows-attackers-to-evade-security-on-some-home-routers/d/d-id/1338150
• HTTP Request Smuggling: Abusing Reverse Proxies https://www.sans.org/blog/http-request-smuggling-abusing-reverse-proxies
• Security and Human Behavior (SHB) 2020 https://www.schneier.com/blog/archives/2020/06/security_and_hu_9.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• Nation-State Espionage Campaigns against Middle East Defense Contractors https://www.schneier.com/blog/archives/2020/06/nation-state_es.html
• Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider https://isc.sans.edu/diary.html?storyid=26266
• European Bank Targeted in Massive Packet-Based DDoS Attack https://www.bankinfosecurity.com/european-bank-targeted-in-massive-packet-based-ddos-attack-a-14505
• Facebook bans 'loot-to-order' antiquities trade https://www.bbc.co.uk/news/world-middle-east-53140615
• ‘Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards https://threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/
• Developer of DDoS Botnets Based on Mirai Code Sentenced to Prison https://www.securityweek.com/developer-ddos-botnets-based-mirai-code-sentenced-prison
• UCSF admits it paid NetWalker more than $1 million ransom https://www.databreaches.net/ucsf-admits-it-paid-netwalker-more-than-1-million-ransom/

Other Security / Risk

Articles covering other types of risks.

• COVID-19 Other risks and impact:

  • CERB extension to cost $17.9B, budget officer says https://globalnews.ca/news/7096481/coronavirus-cerb-extension-budget/
  • ‘I can make more money on CERB’: More concerns benefit may be a disincentive for workers https://globalnews.ca/news/7105603/cerb-benefit-unintended-consequeces/
  • Dalhousie University could see a loss of $50M in upcoming academic year https://globalnews.ca/news/7105341/dalhousie-university-lost-revenue-2021/
  • Unsecured credit - Consumers left with worthless passes and gift cards following COVID-19 business closures https://globalnews.ca/news/7103824/alberta-consumers-closed-businesses-gift-cards/
  • Software developers: We won't take a pay cut just to work remotely https://www.zdnet.com/article/software-developers-we-wont-take-a-pay-cut-just-to-work-remotely/
  • Coronavirus Responses Highlight How Humans Have Evolved to Dismiss Facts That Don't Fit Their Worldview https://www.scientificamerican.com/article/coronavirus-responses-highlight-how-humans-have-evolved-to-dismiss-facts-that-dont-fit-their-worldview/

• AI is gullible, biased, misunderstood, and misapplied:

  • Machine learning has a flaw; it’s gullible https://scienmag.com/machine-learning-has-a-flaw-its-gullible/
  • AI experts say research into algorithms that claim to predict criminality must end https://www.theverge.com/2020/6/24/21301465/ai-machine-learning-racist-crime-prediction-coalition-critical-technology-springer-study
  • Facial recognition to 'predict criminals' sparks row over AI bias https://www.bbc.co.uk/news/technology-53165286
  • Photo "Enhancement" AI creates fake and biased images - watch tool turns Obama white https://www.theverge.com/21298762/face-depixelizer-ai-machine-learning-tool-pulse-stylegan-obama-bias
  • Facial recognition company vows review after software leads to wrongful arrest in U.S https://globalnews.ca/news/7106097/facial-recognition-wrongful-arrest/
  • When the Police Treat Software Like Magic https://www.nytimes.com/2020/06/25/technology/facial-recognition-software-dangers.html
• The Unintended Harms of Cybersecurity https://www.schneier.com/blog/archives/2020/06/the_unintended_.html
• Looking for viruses in Thai bats https://www.bbc.co.uk/news/av/world-asia-53146195/coronavirus-looking-for-viruses-in-thai-bats
• One-time treatment generates new neurons, eliminates Parkinson’s disease in mice https://scienmag.com/one-time-treatment-generates-new-neurons-eliminates-parkinsons-disease-in-mice/
• What are ‘cappers’? What parents need to know about the dangerous online predators https://globalnews.ca/news/7102385/kids-online-safety-cappers/
• Segway: End of the road for the much-hyped two-wheeler https://www.bbc.co.uk/news/business-53160518
• Trump’s decision to extend visa ban could affect hundreds of Canadians working in U.S. https://globalnews.ca/news/7098550/canadians-affected-trump-visa-ban/
• India expels dozens of Pakistan diplomatic staff https://www.bbc.co.uk/news/world-asia-53156264
• Siberian town hits record 38C over weekend amid heat wave https://www.cbc.ca/news/world/siberia-arctic-circle-temperature-record-1.5622576
• Toronto to begin issuing speeding tickets from automated speed cameras July 6 https://globalnews.ca/news/7111925/toronto-speeding-tickets-automated-enforcement-speed-cameras-july-6/
• Satellite images show massive Sahara desert dust plume drifting toward United States https://globalnews.ca/news/7096316/sahara-dust-plume-us/
• Why it was easier to be skinny in the 80's https://www.theatlantic.com/health/archive/2015/09/why-it-was-easier-to-be-skinny-in-the-1980s/407974/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Nabta Playa: The world's first astronomical site was built in Africa https://astronomy.com/news/2020/06/nabta-playa-the-worlds-first-astronomical-site-was-built-in-africa-and-is-older-than-stonehenge
• A Gene May Help Discern Language Tone Differences: Is It Shí or Shì? https://www.scientificamerican.com/article/a-gene-may-help-discern-language-tone-differences-is-it-shi-or-shi/
• Dolphins Are So Smart They're Learning Tool-Use From Their Friends https://www.sciencealert.com/clever-dolphins-can-pick-up-fishing-tricks-from-their-friends
• This Giant Jellyfish's Venom Is So Complex, Scientists Aren't Sure What Makes It Deadly https://www.sciencealert.com/this-giant-jellyfish-has-a-venomous-brew-so-complex-it-s-hard-to-tell-what-makes-it-deadly
• Saskatchewan’s nuclear secretariat tasked to develop, deploy small modular reactors https://globalnews.ca/news/7102249/saskatchewan-nuclear-secretariat-small-modular-reactors/
• ARM-based Japanese supercomputer is now the fastest in the world https://www.theverge.com/2020/6/23/21300097/fugaku-supercomputer-worlds-fastest-top500-riken-fujitsu-arm
• U of C engineer invents duffel bag that freshens sports gear and clothes https://www.cbc.ca/news/canada/calgary/u-of-c-engineer-invents-duffel-bag-that-cleans-sports-gear-and-clothes-1.5626121
• Introducing a new isotope: Mendelevium-244 https://scienmag.com/introducing-a-new-isotope-mendelevium-244/
• Is Dark Matter Made of Axions? https://www.scientificamerican.com/article/is-dark-matter-made-of-axions/

• NASA:

  • Names headquarters after Mary Jackson, the agency’s first Black female engineer https://www.theverge.com/2020/6/25/21302786/nasa-names-headquarters-after-mary-jackson-the-agencys-first-black-female-engineer
  • Mars Helicopter Will Be Red Planet's 'Wright Brothers Moment' https://www.nytimes.com/2020/06/23/science/mars-helicopter-nasa.html
  • Returning to Neptune With its Trident Mission https://www.universetoday.com/146554/nasa-thinks-its-time-to-return-to-neptune-with-its-trident-mission-2/
• Astronomers find two super-Earths orbiting a star 11 light-years away https://www.ctvnews.ca/sci-tech/astronomers-find-super-earths-orbiting-a-star-11-light-years-away-1.5001112
• Wait. How big is Antares? https://www.syfy.com/syfywire/wait-how-big-is-antares
• New ‘black neutron star’ stuns astronomers with its spectacular death https://globalnews.ca/news/7102112/black-neutron-star-ligo-hole/
• A Repeating Fast Radio Burst Has Been Found. It Flares for 4 Days and then Remains Silent for 12 Days https://www.universetoday.com/146662/a-repeating-fast-radio-burst-has-been-found-it-flares-for-4-days-and-then-remains-silent-for-12-days/