This Week's [in]Security - Issue 171 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Fallout from US Unrest. Facebook Ad boycott. Covid-19: Spread & Curve. Lockdown, Reopening, & The New Normal. Herd Immunity? Airborne? More of the Good, Bad, and Ugly. CPoC Listing. Even more Magecart. Card Testing. Not an EMV Clone. BlueLeaks Updates. Billions of passwords. Contact tracing app problems. Facial Recognition. TikTok privacy. Anti-Tracking. Body Cam Blues. Tech, China, and Hong Kong. Right to repair. CFAA. Stalkerware. Secure Outsourcing paper. Accelerating vulnerabilities? Citrix. F5 Backdoor implants. IoT Backdoors. Security Cameras. eHealth. 100K WordPress sites. Zoom Zero-Day. Self-inflicted Crypto Injuries. OAuth attacks. Security Awareness ROI. Sharks. And more.

Trending news and COVID-19 updates.

The COVID related articles here fit together. Other COVID articles will appear under our normal section headings like regulations, privacy, breaches, and other risks. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• Fallout from US Unrest:

  • White woman who called police on Black birder in NYC's Central Park charged with filing false report https://www.cbc.ca/news/world/white-woman-amy-cooper-nyc-central-park-charged-1.5639272
  • ‘CAREN Act’ aims to punish racist 911 callers in San Francisco https://globalnews.ca/news/7153151/karen-law-caren-act-911-san-francisco/
  • The Perils of ‘With Us or Against Us’ https://www.theatlantic.com/ideas/archive/2020/07/perils-us-or-against-us/613981/

• Facebook Ad boycott:

  • Quebec City pulls advertising from Facebook until further notice https://globalnews.ca/news/7147002/quebec-city-facebook-advertising/

• The spread and the curve:

  • Mexico’s coronavirus death toll now fourth-highest in the world https://globalnews.ca/news/7168975/mexico-coronavirus-death-toll-july/
  • South Africa prepares 1.5 million gravesites https://globalnews.ca/news/7156662/south-africa-coronavirus-cases-surge/
  • US surpasses three million cases https://www.bbc.co.uk/news/world-us-canada-53342222
  • Florida sets new state daily case record of 15,299 https://www.bbc.co.uk/news/world-us-canada-53382540 and https://globalnews.ca/news/7167691/coronavirus-florida-new-cases/
  • US Cases Skyrocket in New COVID-19 Surge, But Deaths Seem Flat. Here's Why https://www.sciencealert.com/researchers-model-what-the-us-second-peak-could-look-like
  • Interactive Map of the U.S. Shows COVID-19 Hot Spots in Real Time https://www.mentalfloss.com/article/626269/real-time-map-shows-covid-19-hot-spots
  • Brazil's President Bolsonaro tests positive https://www.bbc.co.uk/news/world-latin-america-53319517
  • Frat parties at UC Berkley have been linked to a spike in coronavirus cases and its reopening is now in jeopardy https://www.businessinsider.com/uc-berkley-opening-questioning-frat-party-tied-to-coronavirus-cases-2020-7
  • Possible coronavirus outbreak at Montreal nightclub La Voûte after 1 person tests positive https://globalnews.ca/news/7163595/coronavirus-covid-19-montreal-nightclub-la-voute/
  • Tulsa rally, protests ‘more than likely’ linked to coronavirus surge https://www.washingtonpost.com/nation/2020/07/09/trump-tulsa-rally-coronavirus/
  • Advisory issued after possible COVID-19 exposure on Air Canada flight to Halifax https://globalnews.ca/news/7152440/possible-covid-19-exposure-on-air-canada-flight/
  • Filling middle seats on airplanes doubles the risk of catching COVID-19, according to an MIT study https://www.businessinsider.com/middle-seats-flights-coronavirus-risk-study-2020-7
  • Majority of Canadians not comfortable flying since seat distancing axed https://globalnews.ca/news/7146793/coronavirus-seat-distancing-canadians/
  • All staff, residents test negative for coronavirus at P.E.I seniors’ home https://globalnews.ca/news/7166255/coronavirus-pei-staff-residents-seniors/

• Lockdown, reopening, and The New Normal:

  • Our Minds Aren’t Equipped for This Kind of Reopening https://www.theatlantic.com/ideas/archive/2020/07/reopening-psychological-morass/613858/
  • The U.S. Is Repeating Its Deadliest Pandemic Mistake https://www.theatlantic.com/health/archive/2020/07/us-repeating-deadliest-pandemic-mistake-nursing-home-deaths/613855/
  • U.S. sees new shortage of PPE as cases, hospitalizations climb https://globalnews.ca/news/7151297/coronavirus-us-ppe-shortage/
  • Ontario to reveal plans Monday to enter Stage 3 of reopening https://globalnews.ca/news/7168058/coronavirus-ontario-stage-3/
  • Canada pushes back on U.S. Congress members’ call to reopen border amid coronavirus https://globalnews.ca/news/7160749/canada-us-border-push/
  • P.E.I. top doc says traveller from U.S. linked to coronavirus cluster was turned away from province https://globalnews.ca/news/7142644/pei-covid-19-update-july-6/
  • A Rush to Reopen Could Undo New Yorkers' Hard Work https://www.scientificamerican.com/article/a-rush-to-reopen-could-undo-new-yorkers-hard-work-against-covid-19/
  • Three pubs close after drinkers test positive https://www.bbc.co.uk/news/uk-england-53315702
  • WHO Says 'Total Lockdown' Is Possible For Countries as Coronavirus Cases Surge https://www.sciencealert.com/who-says-total-lockdown-is-possible-for-countries-as-coronavirus-cases-surge

• Treatments, Testing, Triage, and Trials, and things we learned:

  • 40% of people infected with COVID-19 are asymptomatic https://www.businessinsider.com/cdc-estimate-40-percent-infected-with-covid-19-asymptomatic-2020-7
  • Nausea, diarrhea are now official symptoms of COVID-19 https://globalnews.ca/news/7152027/coronavirus-most-common-symptoms/
  • Antibody tests around the world suggest very, very few people have built immunity to the coronavirus https://www.businessinsider.com/coronavirus-antibody-tests-around-the-world-positive-results-low-2020-7
  • Strokes, ‘lumpy’ lungs: what doctors know about unusual ways coronavirus attacks your body https://globalnews.ca/news/7154380/strokes-lungs-coronavirus-blood/
  • Herd immunity won’t save us from the coronavirus pandemic https://globalnews.ca/news/7162352/coronavirus-herd-immunity-strategy/
  • Major Study Casts Doubt on COVID-19 Herd Immunity After Patient Antibodies Disappear https://www.sciencealert.com/study-suggests-in-some-cases-antibodies-can-disappear-after-mere-weeks
  • Canadian company to collaborate on potential coronavirus vaccine with GSK https://globalnews.ca/news/7147036/coronavirus-vaccine-canada-gsk/
  • UK opts out of EU Covid-19 vaccine scheme https://www.bbc.co.uk/news/uk-politics-53361906
  • Australian trials of COVID-19 vaccine https://scienmag.com/australian-trials-of-covid-19-vaccine/
  • Compounds Identified That Halt COVID-19 Virus Replication by Targeting Key Viral Enzyme https://scitechdaily.com/compounds-identified-that-halt-covid-19-virus-replication-by-targeting-key-viral-enzyme/
  • Researchers working on virus-killing plastic packaging https://www.cbc.ca/news/canada/new-brunswick/plastic-packaging-could-kill-virus-1.5644012
  • Encouraging results from functional MRI in an unresponsive patient with COVID-19 https://scienmag.com/encouraging-results-from-functional-mri-in-an-unresponsive-patient-with-covid-19/
  • Hundreds of Scientists Warn COVID-19 Is Airborne, And WHO Needs to Act https://www.sciencealert.com/hundreds-of-scientists-warn-covid-19-is-airborne-and-want-who-to-acknowledge-it
  • Mounting Evidence Suggests Coronavirus Is Airborne--but Health Advice Has Not Caught Up https://www.scientificamerican.com/article/mounting-evidence-suggests-coronavirus-is-airborne-but-health-advice-has-not-caught-up1/
  • Why the WHO won't say the coronavirus is airborne and driving the pandemic https://www.cbc.ca/news/health/coronavirus-airborne-who-1.5641054
  • Why Canadian health leaders are downplaying concerns about airborne COVID-19 microdroplets https://www.ctvnews.ca/health/coronavirus/why-canadian-health-leaders-are-downplaying-concerns-about-airborne-covid-19-microdroplets-1.5014023
  • The WHO says the coronavirus isn't airborne, but 239 scientists disagree. Either way, your precautions should remain the same. https://www.businessinsider.com/letter-who-coronavirus-airborne-transmission-precautions-2020-7
  • WHO experts head to China to investigate origins of coronavirus pandemic https://globalnews.ca/news/7161424/coronavirus-who-china-investigation/

• Guidance, Response and Recovery:

  • New global coalition aims to help policymakers leverage AI against COVID-19 https://www.zdnet.com/article/new-global-coalition-aims-to-help-policymakers-leverage-ai-against-covid-19/
  • NIST awards $50 million in funding to help manufacturers respond to the pandemic https://scienmag.com/nist-awards-50-million-in-funding-to-help-manufacturers-respond-to-the-pandemic/
  • Ontario expected to extend state of emergency to cover gap with new bill https://globalnews.ca/news/7151791/ontario-state-of-emergency-extension-new-bill/
  • B.C. to crack down on nightclubs ignoring COVID-19 guidelines https://globalnews.ca/news/7153095/bc-covid-19-nightclub-crackdown/
  • Australia may restrict return of citizens from abroad amid coronavirus surge https://globalnews.ca/news/7151517/australia-coronavirus-citizens/
  • Sweden's controversial anti-lockdown strategy resulted in a high death toll and no real economic gain https://www.businessinsider.com/sweden-coronavirus-strategy-high-death-toll-no-economic-gain-data-2020-7
  • Health Canada expands hand sanitizer recall over industrial-strength ethanol https://globalnews.ca/news/7142220/health-canada-hand-sanitizer-recall/
  • Russia digs trench around Siberian village after dozens of residents contract coronavirus https://globalnews.ca/news/7142823/russia-digs-trench-around-siberian-village-coronavirus/

• Behaviour - the good, the bad, and the ugly:

  • Microsoft sues coronavirus phishing spammers to seize their domains amid web app attacks against Office 354.5 https://www.theregister.com/2020/07/08/microsoft_sues_office_365_phishers/
  • Pandemic Scammers Robbed US Consumers Of More Than $77M https://www.pymnts.com/news/security-and-risk/2020/pandemic-scammers-robbed-us-consumers-of-more-than-77m/
  • Florida men charged with selling bleach as COVID-19 ‘miracle cure’ https://globalnews.ca/news/7161977/coronavirus-miracle-mineral-solution-cure/
  • Fake cures in Latin America’s deadly outbreak https://www.bbc.co.uk/news/53361876

• Masks, anti-maskers, and distancing:

  • Engineers design a reusable, silicone rubber face mask https://scienmag.com/engineers-design-a-reusable-silicone-rubber-face-mask/
  • Ask Ethan: What Is The Science Behind Wearing A Mask? https://www.forbes.com/sites/startswithabang/2020/07/10/ask-ethan-what-is-the-science-behind-wearing-a-mask/
  • Protesters ride TTC without masks to call for an end to mandatory face coverings in Toronto https://toronto.ctvnews.ca/protesters-ride-ttc-without-masks-to-call-for-an-end-to-mandatory-face-coverings-in-toronto-1.5013943
  • Woman faces backlash after posting video of herself refusing to wear mask at Toronto hospital https://globalnews.ca/news/7142153/mask-refusal-toronto-hospital-video-coronavirus/
  • Anti-mask shoppers at Costco and Target throw tantrums and tear down mask displays https://www.businessinsider.com/anti-mask-costco-and-target-shoppers-throw-tantrums-viral-videos-2020-7

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• First Contactless Payments on COTS (CPoC) Solution Listed https://www.pcisecuritystandards.org/assessors_and_solutions/cpoc_solutions
• Contactless Transactions at Small Businesses Have More Than Doubled Since March https://www.digitaltransactions.net/contactless-transactions-at-small-businesses-have-more-than-doubled-since-march/

• More Magecart and Skimmers:

  • An analysis of a recent web skimmer concealed in the meta data of an image https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
  • 'Keeper' hacking group behind hacks at 570 online stores https://www.zdnet.com/article/keeper-hacking-group-behind-hacks-at-570-online-stores/
  • Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites https://threatpost.com/credit-card-skimmer-imicrosoft-asp-net/157201/
  • North Korean Lazarus APT stole credit card data from US and EU stores https://securityaffairs.co/wordpress/105582/apt/north-korea-lazarus-apt-e-skimming.html
• How Criminals Are Pushing Fake Content Online to Test Stolen Cards https://www.digitaltransactions.net/how-criminals-are-pushing-fake-content-online-to-test-stolen-cards/
• Nice hands on treatment of card cloning (some Issuers not checking EMV cryptograms facilitates mag-stripe clones) https://www.cyberdlab.com/content/dam/cyberdlab/insights/it-only-takes-a-minute-to-clone-a-credit-card-thanks-to-a-50-year-old-problem/It_Only_Takes_a_Minute_to_Clone_a_Credit_Card_%20Thanks_to_a_50_Year_Old_Problem.pdf
• Some headlines leave out the some https://www.zdnet.com/article/researchers-create-magstripe-versions-of-emv-and-contactless-cards/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Half a Million IoT Passwords Leaked https://www.schneier.com/blog/archives/2020/07/half_a_million.html
• Brazil’s Hapvida Discloses Cyber Breach, Potential Client Data Leak https://www.databreaches.net/brazils-hapvida-discloses-cyber-breach-potential-client-data-leak/
• India’s Google-Backed Delivery App Dunzo Hit By Data Breach https://www.pymnts.com/news/security-and-risk/2020/india-google-backed-delivery-app-dunzo-hit-by-data-breach/
• Egyptian bus operator Swvl hit by data breach https://www.databreaches.net/egyptian-bus-operator-swvl-hit-by-data-breach/
• Unconfirmed claim of a revenge breach of a security firms collection of data from a breach monitoring service https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
• Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed https://www.zdnet.com/article/edp-energy-confirms-cyberattack-ragnar-locker-ransomware-blamed/
• Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption https://www.zdnet.com/article/conti-ransomware-uses-32-simultaneous-cpu-threads-for-blazing-fast-encryption/
• Four military schools in Canada suffer cyberattacks https://www.databreaches.net/ca-four-military-schools-in-canada-suffer-cyberattacks/

• Follow-ups:

  • BlueLeaks Server Seized By German Police https://threatpost.com/blueleaks-server-seized-by-german-police-report/157288/
  • Leaked documents show what it looks like when TikTok hands over a user's data to police https://www.businessinsider.com/tiktok-police-law-enforcement-requests-2020-7
  • 15 Billion Credentials Currently Up for Grabs on Hacker Forums https://threatpost.com/15-billion-credentials-currently-up-for-grabs-on-hacker-forums/157247/
  • Over 5 Billion Unique Credentials Offered on Cybercrime Marketplaceshttps://www.securityweek.com/over-5-billion-unique-credentials-offered-cybercrime-marketplaces
  • Lawsuits After Ransomware Incidents: The Trend Continues https://www.databreachtoday.com/lawsuits-after-ransomware-incidents-trend-continues-a-14567

Privacy

Articles about privacy related news, risks, and trends.

• COVID-19 Contact tracing and surveillance:

  • Contact tracing and privacy: we need both to restart the economy and get employees back to work https://www.pwc.com/ca/en/industries/telecommunications/contact-tracing-and-privacy-restart-economy-to-get-employees-back-to-work.html

• More Facial Recognition:

  • The UK and Australia are investigating Clearview AI, the facial recognition firm that scraped billions of photos from social media https://www.businessinsider.com/clearview-ai-under-investigation-in-the-uk-and-australia-2020-7
  • Canadians can now opt out of Clearview AI facial recognition, with a catch https://www.cbc.ca/news/technology/clearview-ai-canadians-can-opt-out-1.5645089
  • Group urges feds to ban facial recognition tools citing a violation of Canadian rights https://globalnews.ca/news/7151848/ban-federal-use-facial-recognition-tools-groups-urge-trudeau-government/
  • Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition https://www.darkreading.com/threat-intelligence/using-adversarial-machine-learning-researchers-look-to-foil-facial-recognition/d/d-id/1338326
• Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting
• Signal’s New PIN Puts Your Contacts in the Cloud - Feature Worries Cybersecurity Experts https://www.vice.com/en_us/article/pkyzek/signal-new-pin-feature-worries-cybersecurity-experts
• How to prevent being tracked while reading your Gmail https://www.theverge.com/21319293/gmail-reading-email-tracking-pixels-how-to-prevent-block-chrome
• Used Body Cams Not Securely Erased https://www.businessinsider.com/used-police-body-cameras-sold-ebay-footage-surveillance-2020-7

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy,  technology, and public interest.

• China's national security law:

  • Apple 'assessing' China's national security law as other tech companies pause government data requests https://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-china-hong-kong-national-security-law-china-a9607831.html
  • Facebook Temporarily Stops Hong Kong Data Requests https://www.nytimes.com/2020/07/06/technology/facebook-temporarily-stops-hong-kong-data-requests.html
  • Internet Powers Collide in Hong Kong https://www.nytimes.com/2020/07/07/technology/internet-powers-hong-kong.html
• Right-to-repair advocates say hospitals need new rules to keep equipment working https://www.theverge.com/2020/7/9/21318551/right-to-repair-hospital-equipment-rules-third-party-pirg-survey
• You may be distracted by the pandemic but FYI: US Senate panel OK's backdoors-by-the-backdoor EARN IT Act https://www.theregister.com/2020/07/06/revised_earn_it_act/
• On July 22-23rd, NIST will host a virtual-only event, Building the Federal Profile For IoT Device Cybersecurity: Next Steps for Securing Federal Systems https://www.nist.gov/news-events/events/2020/07/building-federal-profile-iot-device-cybersecurity-next-steps-securing
• Integrating Cybersecurity and Enterprise Risk Management (ERM): Second Public Draft of NISTIR 8286 Available for Comment https://csrc.nist.gov/publications/detail/nistir/8286/draft
• NIST is seeking comments on Draft NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 https://csrc.nist.gov/publications/detail/sp/800-172/draft
• NIST has published NISTIR 8214A, NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives https://csrc.nist.gov/publications/detail/nistir/8214a/final
• EFF To Supreme Court: Violating Terms of Service Isn’t a Crime Under the CFAA https://www.eff.org/press/releases/eff-asks-supreme-court-rule-violating-terms-service-isnt-crime-under-cfaa
• Supreme Court will hear Facebook robocalling case https://www.theverge.com/2020/7/10/21320184/supreme-court-facebook-duguid-robocall-tcpa-class-action-lawsuit
• Do Politicians Need a Musician's Permission to Play One of Their Songs at a Campaign Event? https://www.mentalfloss.com/article/625985/do-politicians-need-permission-play-music-at-campaign-events
• ICE says international students must take in-person classes to remain in the US https://www.theverge.com/2020/7/6/21315168/ice-immigration-international-students-universities-deportation
• The US government is considering a TikTok ban https://www.theverge.com/2020/7/7/21316062/tiktok-ban-app-mike-pompeo-government-china-bytedance-communist-party

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Reducing TLS Certificate Lifespans to 398 Days https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/
• Google open-sources Tsunami vulnerability scanner https://www.zdnet.com/article/google-open-sources-tsunami-vulnerability-scanner/
• Google bans stalkerware ads https://www.zdnet.com/article/google-bans-stalkerware-ads/
• Microsoft's new KDP tech blocks malware by making parts of the Windows kernel read-only https://www.zdnet.com/article/microsofts-new-kdp-tech-blocks-malware-by-making-parts-of-the-windows-kernel-read-only/
• Introducing Kernel Data Protection https://www.microsoft.com/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/
• Microsoft Halts a Global Fraud Campaign That Targeted CEOs https://arstechnica.com/information-technology/2020/07/microsoft-neuters-office-356-account-attacks-that-used-clever-ruse/ and https://arstechnica.com/information-technology/2020/07/microsoft-neuters-office-356-account-attacks-that-used-clever-ruse/
• Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html
• Coalition Against Stalkerware Expands Membership https://www.eff.org/deeplinks/2020/07/coalition-against-stalkerware-expands-membership
• IoT Security Principles https://www.schneier.com/blog/archives/2020/07/iot_security_pr.html
• Hey Alexa. Is This My Voice Or a Recording? https://www.bankinfosecurity.com/hey-alexa-this-my-voice-or-recording-a-14562
• Encrypt-to-self: Securely Outsourcing Storage https://eprint.iacr.org/2020/847
• The Best Two-Factor Authentication Apps Keeps Your Accounts Safe https://www.wired.com/story/protect-accounts-two-factor-authentication/
• How Universities Can Keep Foreign Governments from Stealing Intellectual Capital https://www.scientificamerican.com/article/how-universities-can-keep-foreign-governments-from-stealing-intellectual-capital/
• Mitigating a 754 Million PPS DDoS Attack Automatically https://blog.cloudflare.com/mitigating-a-754-million-pps-ddos-attack-automatically/
• Free decryptor available for ThiefQuest ransomware victims https://www.zdnet.com/article/free-decryptor-available-for-thiefquest-ransomware-victims/
• Applying the 80-20 Rule to Cybersecurity https://www.darkreading.com/operations/applying-the-80-20-rule-to-cybersecurity-/a/d-id/1338205

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• How the commercialization of bug bounties is creating more vulnerabilities https://www.theverge.com/2020/7/7/21315870/cybersecurity-bug-bounties-commercialization-katie-moussouris-interview-vergecast-podcast
• Digicert destroys 50K EV certificates https://www.theregister.com/2020/07/10/digicert_pulls_certs/
• Citrix Tells Everyone Not To Worry Too Much Over Its Latest Security Patches. NSA's Former Top Hacker Disagrees https://packetstormsecurity.com/news/view/31372/Citrix-Tells-Everyone-Not-To-Worry-Too-Much-Over-Its-Latest-Security-Patches.-NSAs-Former-Top-Hacker-Disagrees.html
• Citrix Patches 11 Vulnerabilities in Networking Products https://www.securityweek.com/citrix-patches-11-vulnerabilities-networking-products
• F5 BigIP vulnerability exploitation followed by a backdoor implant attempt https://isc.sans.edu/diary.html?storyid=26322
• Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
• Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack https://threatpost.com/popular-tp-link-family-of-kasa-security-cams-vulnerable-to-attack/157371/
• Traffic Analysis of Home Security Cameras https://www.schneier.com/blog/archives/2020/07/traffic_analysi_1.html
• Security lapses in eHealth system increased risk of cyberattack, says auditor https://leaderpost.com/news/saskatchewan/security-lapses-in-ehealth-system-increased-risk-of-cyberattack-says-auditor
• Vulnerabilities in Popular Open Source Management Tool Expose Hospitals to Attacks https://www.securityweek.com/vulnerabilities-popular-open-source-management-tool-expose-hospitals-attacks
• KingComposer patches XSS flaw impacting 100,000 WordPress websites https://www.zdnet.com/article/kingcomposer-wordpress-plugin-patches-xss-flaw-impacting-100000-websites/
• Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier https://thehackernews.com/2020/07/zoom-windows-security.html
• Twitter users exploit algorithm to promote celebrity death hoaxes https://www.independent.co.uk/life-style/gadgets-and-tech/news/twitter-queen-dead-hoax-ellen-jeff-bezos-trending-rip-a9608006.html
• What You Don't Understand About Crypto Can Hurt You https://www.bankinfosecurity.com/webinars/live-webinar-what-you-dont-understand-about-crypto-hurt-you-w-2420

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• Microsoft Warns on OAuth Attacks Against Cloud App Users https://threatpost.com/microsoft-warns-oauth-attacks-cloud-app/157331
• US Secret Service reports an increase in hacked managed service providers (MSPs) https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/
• Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers https://www.theregister.com/2020/07/07/microsoft_azure_takeovers/
• Honeywell Sees Rise in USB-Borne Malware That Can Cause Major ICS Disruption https://www.securityweek.com/honeywell-sees-rise-usb-borne-malware-can-cause-major-ics-disruption
• Researchers connect Evilnum hacking group to cyberattacks against Fintech firms https://www.zdnet.com/article/researchers-connect-evilnum-hacking-group-to-cyberattacks-against-fintech-firms/
• Vulnerability Scanning Surges for Citrix Systems Affected by Recent Vulnerabilities https://www.securityweek.com/hackers-scanning-citrix-systems-affected-recent-vulnerabilities
• ‘Undeletable’ Malware Shows Up in Yet Another Android Device https://threatpost.com/undeletable-malware-yet-another-android-device/157289/
• Google Play apps with 500,000 downloads subscribe users to costly services https://arstechnica.com/information-technology/2020/07/google-play-apps-with-500000-downloads-subscribe-users-to-costly-services/
• Business Email Compromise (BEC) Criminal Ring Cosmic Lynx https://www.schneier.com/blog/archives/2020/07/business_email_.html
• Fxmsp hacker indicted by feds for selling backdoor access to hundreds of companies https://www.zdnet.com/article/fxmsp-hacker-indicted-by-feds-for-selling-network-access-impacting-hundreds-of-companies/
• Was FSB Marketplace Takedown and Arrest of “Flint24” Punishment for Political Misstep? https://www.databreaches.net/was-fsb-marketplace-takedown-and-arrest-of-flint24-punishment-for-political-misstep/
• The Secret Service Tried to Catch a Hacker With a Malware Booby-Trap https://www.vice.com/en_us/article/wxqz54/secret-service-network-investigative-technique-ransomware
• Secret Service Launches Task Force To Fight Cyber Fraud https://www.pymnts.com/news/security-and-risk/2020/secret-service-launches-task-force-fight-cyber-fraud/
• Police Are Buying Access To Hacked Website Data https://www.vice.com/en_us/article/3azvey/police-buying-hacked-data-spycloud
• $90K Bitcoin scam in Red Deer prevented by warning poster https://globalnews.ca/news/7149281/bitcoin-scam-red-deer-rcmp/
• Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn https://www.zdnet.com/article/yahoo-engineer-gets-no-jail-time-after-hacking-6000-accounts-to-look-for-porn/

Other Security / Risk

Articles covering other types of risks.

• COVID-19 Other risks and impact:

  • COVID-19 Spikes Hinder Retail Recovery https://www.pymnts.com/news/retail/2020/covid-19-spikes-hinder-retail-recovery/
  • Atlanta Fed Warns Recovery Could Stall As Outbreaks Surge https://www.pymnts.com/economy/2020/atlanta-fed-warns-recovery-could-stall-as-outbreaks-surge/
  • Around 20 million renters could face eviction by the end of September because of the pandemic https://www.businessinsider.com/twenty-million-renters-facing-evictions-end-september-2020-7
  • ‘Time is up’: Ontario mayors warn of tax increases, layoffs without coronavirus relief funding https://globalnews.ca/news/7142742/ontario-mayors-coronavirus-covid19-relief/
  • WHO warns of critical shortage of HIV drugs, due to coronavirus https://globalnews.ca/news/7142422/hiv-drug-shortage-coronavirus/
  • Egypt blamed 'negligence and mismanagement' by doctors for its coronavirus crisis, then started arresting them for speaking out https://www.businessinsider.com/egypt-criticizes-arrests-doctors-for-speaking-up-covid-19-crisis-2020-7
  • The Role of Cognitive Dissonance in the Pandemic https://www.theatlantic.com/ideas/archive/2020/07/role-cognitive-dissonance-pandemic/614074/
• 2 people infected with bubonic plague after eating marmot meat in Mongolia https://globalnews.ca/news/7153722/two-bubonic-plague-cases-mongolia/
• Brain-eating amoeba: Warning issued in Florida after rare infection case https://www.bbc.co.uk/news/world-us-canada-53302773
• Woman, 74, killed by ‘celebratory gunfire’ on U.S. Independence Day https://globalnews.ca/news/7142562/shooting-independence-day-celebratory-gunfire/
• Arizona woman, 59, falls to her death while taking photos at the Grand Canyon https://globalnews.ca/news/7143370/woman-dies-grand-canyon/
• When WAFs Go Wrong https://www.darkreading.com/cloud/when-wafs-go-wrong/d/d-id/1338319
• President Trump says the US conducted a 2018 cyberattack on Russian trolls https://www.theverge.com/2020/7/12/21321703/trump-russia-trolls-2018-midterm-election-meddling
• It Could Be Decades Before Emissions Cuts Slow Global Warming https://www.sciencealert.com/even-in-optimistic-scenarios-cutting-carbon-means-we-won-t-see-results-for-decades
• Why more great white sharks are showing up in Atlantic Canada https://www.cbc.ca/news/canada/nova-scotia/great-white-sharks-atlantic-canada-1.5641078
• Facebook bans 'Roger Stone disinformation network' https://www.bbc.co.uk/news/technology-53347793
• Facebook could be ‘weaponized to suppress voting’ https://globalnews.ca/news/7152594/facebook-weaponized-to-suppress-voting-audit-warns/
• Climate Denial Spreads on Facebook as Scientists Face Restrictions https://www.scientificamerican.com/article/climate-denial-spreads-on-facebook-as-scientists-face-restrictions/
• The Tech Giants’ Invisible Helpers https://www.nytimes.com/2020/07/08/technology/internet-infrastructure.html
• Remember the the Cuban Sonic Attacks, a book suggests otherwise https://scienmag.com/havana-syndrome/
• CBSA has lost track of 34,700 people due to be deported https://globalnews.ca/news/7152195/cbsa-deportation-removal-auditor-general/
• Increase in fake guns poses real risk https://globalnews.ca/news/7149565/vancouver-replica-gun-warning/
• FBI director: China is 'greatest threat' to US https://www.bbc.co.uk/news/world-us-canada-53329755

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Shell’s Quest carbon capture project hits milestone of 5M tonnes https://globalnews.ca/news/7163101/alberta-shell-quest-carbon-capture-5-million-tonnes/
• Battle of Britain: The schoolgirl who helped design the Spitfire https://www.bbc.co.uk/news/av/uk-53352233/battle-of-britain-the-schoolgirl-who-helped-design-the-spitfire
• The Maestro: 10 Facts About Ennio Morricone https://www.mentalfloss.com/article/626323/ennio-morricone-facts
• The Far Side returns after 25 years https://www.theverge.com/21317458/far-side-new-comics-creator-gary-larson-25-years-digital-tablet
• Wizernary - Translating Security Terms from Geek to English https://web.wizer-training.com/cyber-security-geek-to-english-dictionary
• Boom supersonic jet set for 2021 take off https://www.cnn.com/travel/article/boom-supersonic-jet-set-for-2021-take-off/index.html
• What Did The Air Force Learn From Boeing's Experimental Blended Wing Body Aircraft? https://news.yahoo.com/did-air-force-learn-boeings-123000594.html
• Study reveals science behind traditional mezcal-making technique https://phys.org/news/2020-07-reveals-science-traditional-mezcal-making-technique.html
• How Venus flytraps snap https://scienmag.com/how-venus-flytraps-snap/
• Earth's Magnetic Field Could Be Changing Much Faster Than We Ever Realised https://www.sciencealert.com/earth-s-magnetic-field-could-be-flipping-a-lot-faster-than-we-thought
• Finally! We’ve got a comet that’s visible to the unaided eye. Comet C/2020 F3 NEOWISE https://www.universetoday.com/146906/finally-weve-got-a-comet-thats-visible-to-the-unaided-eye-comet-c-2020-f3-neowise/ and https://globalnews.ca/news/7152214/comet-neowise-how-to-watch-canada/
• Moon Dance - Neptune's Moons Are Caught in One of The Strangest Orbits Ever Seen https://www.sciencealert.com/neptune-s-moons-are-caught-in-one-of-the-strangest-orbits-ever-seen
• Things Are Really Weird in The Outer Solar System, And We May Have Figured Out Why https://www.sciencealert.com/things-are-real-weird-in-the-outer-solar-system-and-astronomers-are-homing-in-on-why
• Astronomers Detect Unexpected Class of Mysterious Circular Objects https://www.sciencealert.com/mysterious-unidentified-circles-have-been-found-in-space