This Week's [in]Security - Issue 178

Welcome to This Week’s [in]Security. Magecart Alerts, Crime, and Defense. CNP Fraud. PIN Bypass. CC PAN shortage. New breaches: New Ransomware. Contact tracing. Canadian Privacy Law. Identification by Browser History. Surveillance Capitalism. Hidden PHI. GIFCT. SSH. myths. DiceKeys. 5G Security. Application Guard for Office. Credential Stuffing #1 Risk. MITRE Shield. Printers. Azure Sphere. NPM Package. Qbot. Bribery. Attachments. Hack-for-Hire. Blockchain. Megafires. Quantum. Election Security. Disinformation. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. Reinfection. And more.

Note: The COVID section appears later in the article.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• Magecart Alerts, Crime, and Defense:

  • Visa Security Alert ‘Baka’ JavaScript Skimmer Identified http://click.broadcasts.visa.com/xfm/?41375/0/9a291a43f7e2b44ecf5a0f8318bce6a8/lonew
  • Visa’s eCommerce Threat Disruption (eTD) - Detecting compromised eCommerce merchants and disrupting fraud https://usa.visa.com/dam/VCOM/regional/na/us/run-your-business/documents/ecommerce-threat-disruption-case-study-final.pdf
  • Trojan apparently infects NCR, posing possible supply-chain risk https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
  • Magecart’s Success Paves Way For Cybercriminal Credit Card ‘Sniffer’ Market https://threatpost.com/magecarts-success-paves-way-for-cybercriminal-credit-card-sniffer-market/158684/
  • UltraRank Group Stole Card Data From Hundreds of Sites Using JS Sniffers https://www.securityweek.com/ultrarank-group-stole-card-data-hundreds-sites-using-js-sniffers
• Fighting Card-Not-Present Fraud https://www.databreachtoday.com/fighting-card-not-present-fraud-a-14873
• Tracking Card-Not-Present Fraud and Chargebacks https://www.databreachtoday.com/tracking-card-not-present-fraud-chargebacks-a-14888
• Academics bypass PINs for Visa contactless payments https://www.zdnet.com/article/academics-bypass-pins-for-visa-contactless-payments
• Japan facing credit card number shortage https://www.mobilepaymentstoday.com/news/japan-facing-credit-card-number-shortage/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New breaches:

  • Over 54,000 scanned Austrailian (NSW) driver’s licences found in open cloud storage https://www.databreaches.net/over-54000-scanned-nsw-drivers-licences-found-in-open-cloud-storage/
  • Medical Data Leaked on GitHub Due to Developer Errors https://threatpost.com/medical-data-leaked-on-github-due-to-developer-errors/158653/
  • Primary Indian ticket vendor suffers crippling data breach https://www.databreaches.net/primary-indian-ticket-vendor-suffers-crippling-data-breach/
  • 38 Japan firms’ authentication data stolen amid surge in teleworkers https://www.databreaches.net/38-japan-firms-authentication-data-stolen-amid-surge-in-teleworkers/
  • Wellington-Dufferin-Guelph Public Health notification of privacy breach https://www.databreaches.net/wellington-dufferin-guelph-public-health-notification-of-privacy-breach/
  • Ex-Nursing Home Employee Used Patient’s ID To Pay Bills https://www.databreaches.net/il-ex-nursing-home-employee-used-patients-id-to-pay-bills-police/

• New Ransomware:

  • Canadian shipping company Canpar gets an unwanted delivery – ransomware https://www.theregister.com/2020/08/24/in_brief_security/
  • New Zealand stock exchange halted by cyber-attack https://www.bbc.co.uk/news/53918580
  • Paytm Mall suffers massive data breach, ransom demanded https://economictimes.indiatimes.com/tech/internet/paytm-mall-suffers-massive-breach-ransom-demanded-report/articleshow/77833664.cms
  • City of Lafayette Colorado statement on July ransomware attack https://www.databreaches.net/co-city-of-lafayette-statement-on-july-ransomware-attack/
  • Hackers want money to release Haywood County NC school district files https://www.databreaches.net/nc-hackers-want-money-to-release-haywood-county-school-district-files/
  • More Ransomware Gangs Threaten Victims With Data Leaking https://www.databreachtoday.com/more-ransomware-gangs-threaten-victims-data-leaking-a-14883

• Follow-ups:

  • Average Cost of a Data Breach in 2020: $3.86M https://www.darkreading.com/vulnerabilities---threats/advanced-threats/average-cost-of-a-data-breach-in-2020-$386m/a/d-id/1338660
  • Morgan Stanley Is Sued Over Data Breaches Tied to Missing Equipment https://www.databreaches.net/morgan-stanley-is-sued-over-data-breaches-tied-to-missing-equipment/
  • Risky Business #596 -- DoJ gives Uber breach response one star https://risky.biz/RB596

Privacy

Articles about privacy related news, risks, and trends.

• COVID-19 Contact tracing:

  • Data Privacy Concerns, Lack of Trust Foil Automated Contact Tracing https://www.darkreading.com/application-security/data-privacy-concerns-lack-of-trust-foil-automated-contact-tracing/d/d-id/1338791
  • Secure Data Hiding for Contact Tracing https://eprint.iacr.org/2020/1028
• Canada's privacy laws have 'no teeth': Lessons from an eight-month investigation into Tim Hortons' data tracking https://financialpost.com/technology/canadas-privacy-laws-have-no-teeth-what-i-learned-during-an-eight-month-investigation-into-tim-h
• Identifying People by Their Browsing Histories https://www.schneier.com/blog/archives/2020/08/identifying_peo_9.html
• Trackers - Will More Data Make Us Healthier? https://www.nytimes.com/2020/08/28/technology/health-tracking-technology.html
• Cory Doctorow on The Age of Surveillance Capitalism https://www.schneier.com/blog/archives/2020/08/cory_doctorow_o_2.html
• Facebook Hits Back At Apple’s iOS 14 Privacy Update https://threatpost.com/facebook-hits-back-at-apples-ios-14-privacy-update/158734/
• If Privacy Dies in VR, It Dies in Real Life https://www.eff.org/deeplinks/2020/08/if-privacy-dies-vr-it-dies-real-life
• Google's own engineers admitted that the company 'confuses users' on privacy settings that are now the subject of a lawsuit https://www.businessinsider.com/google-engineers-admit-privacy-settings-confuse-users-in-legal-docs-2020-8
• 'Hidden' PHI in Medical Images Poses Risks https://www.databreachtoday.com/hidden-phi-in-medical-images-poses-risks-a-14896

Laws & Regulations / Standards

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• The Global Internet Forum to Counter Terrorism (GIFCT)- One Database to Rule Them All: The Invisible Content Cartel that Undermines the Freedom of Expression Online https://www.eff.org/deeplinks/2020/08/one-database-rule-them-all-invisible-content-cartel-undermines-freedom-1

  • Industry Groups Urge FTC to Modify Breach Notification Rule https://www.databreachtoday.com/industry-groups-urge-ftc-to-modify-breach-notification-rule-a-14890
• Facebook Plans Legal Action After Thailand Tells It to Mute Critics https://www.nytimes.com/2020/08/25/world/asia/thailand-facebook-monarchy.html
• California: Tell Your Senators That Ill-Conceived “Immunity Passports” Won’t Help Us https://www.eff.org/deeplinks/2020/08/california-tell-your-senators-ill-conceived-immunity-passports-wont-help-us

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Comparing SSH Encryption Algorithms - RSA, DSA, ECDSA, or EdDSA? https://gravitational.com/blog/comparing-ssh-keys/
• 10 cybersecurity myths you need to stop believing https://www.foxnews.com/tech/10-cybersecurity-myths-you-need-to-stop-believing
• Free cybersecurity help for Canadian charities and non-profits https://www.databreaches.net/announce-free-cybersecurity-help-for-canadian-charities-and-non-profits/
• Detecting and Locking Down Network-Based Malware in Azure https://www.sans.org/blog/detecting-and-locking-down-network-based-malware-in-azure
• DiceKeys https://www.schneier.com/blog/archives/2020/08/dicekeys.html
• CISA Releases 5G Security Guidelines https://www.darkreading.com/mobile/cisa-releases-5g-security-guidelines/d/d-id/1338740
• Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning https://www.microsoft.com/security/blog/2020/08/27/stopping-active-directory-attacks-and-other-post-exploitation-behavior-with-amsi-and-machine-learning/
• Microsoft Announces Public Preview of Application Guard for Office https://www.securityweek.com/microsoft-announces-public-preview-application-guard-office
• Chrome 85 Released With 20 Security Fixes https://www.securityweek.com/chrome-85-released-20-security-fixes

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• The Fatal Flaw in Data Security https://www.darkreading.com/application-security/the-fatal-flaw-in-data-security/a/d-id/1338675
• Troy Hunt #206 Credential Stiffing, Pwnded Passwords, Cloudflare abuse https://www.troyhunt.com/weekly-update-206/
• MITRE Releases 'Shield' Active Defense Framework https://www.darkreading.com/attacks-breaches/mitre-releases-shield-active-defense-framework-/d/d-id/1338741
• We hacked 28,000 unsecured printers to raise awareness of printer security issues https://cybernews.com/security/we-hacked-28000-unsecured-printers-to-raise-awareness-of-printer-security-issues/
• Microsoft Patches Code Execution, Privilege Escalation Flaws in Azure Sphere https://www.securityweek.com/microsoft-patches-code-execution-privilege-escalation-flaws-azure-sphere
• Impersonating users of 'protest' app Bridgefy was as simple as sniffing Bluetooth handshakes for identifiers https://www.theregister.com/2020/08/25/bridgefy_royal_holloway_security_analysis/
• Chinese smartphone maker selling devices with malware pre-installed https://www.techradar.com/news/chinese-smartphone-maker-selling-devices-with-malware-pre-installed
• Malicious npm package caught trying to steal sensitive Discord and browser files https://www.zdnet.com/article/malicious-npm-package-caught-trying-to-steal-sensitive-discord-and-browser-files
• Security researcher discloses Safari bug after Apple delays patch https://www.zdnet.com/article/security-researcher-discloses-safari-bug-after-apple-delays-patch
• Fabletics - 'My wife tried to order some clothes tonight. When she logged in, she was in someone else's account ... Now someone's charged her card' https://www.theregister.com/2020/08/27/website_leak_complaints/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends and events.

• Sendgrid Under Siege from Hacked Accounts https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/
• Your email threads are now being hijacked by the QBot Trojan https://www.zdnet.com/article/your-email-threads-are-now-being-hijacked-by-qbot-trojan/
• Russian tourist offered employee $1 million to cripple Tesla with malware https://arstechnica.com/information-technology/2020/08/russian-tourist-offered-employee-1-million-to-cripple-tesla-with-malware/
• Russian arrested for trying to recruit an insider and hack a Nevada company https://www.zdnet.com/article/russian-arrested-for-trying-to-recruit-an-insider-and-hack-a-nevada-company
• Malicious Behavior Allegedly Found in Advertising SDK Used by 1,200 iOS Apps https://www.securityweek.com/malicious-behavior-found-advertising-sdk-used-1200-ios-apps
• Malicious Attachments Remain a Cybercriminal Threat Vector Favorite https://threatpost.com/malicious-attachments-remain-a-cybercriminal-threat-vector-favorite/158631/
• Malicious Excel Sheet with a NULL VT Score https://isc.sans.edu/diary/rss/26506
• Hack-for-Hire Group Targets Financial Sector Since 2012 https://www.securityweek.com/hack-hire-group-targets-financial-sector-2012
• Luxury Real Estate Rivalry Involved Hired Hackers https://www.databreachtoday.com/luxury-real-estate-rivalry-involved-hired-hackers-a-14894
• APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage https://thehackernews.com/2020/08/autodesk-malware-attack.html
• North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure https://www.theregister.com/2020/08/25/lazarus_group_north_korea_linkedin_lure/
• “DeathStalker” hackers are (likely) older and more prolific than we thought https://arstechnica.com/information-technology/2020/08/deathstalker-hackers-are-likely-older-and-more-prolific-than-we-thought/
• Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts https://threatpost.com/ex-cisco-employee-pleads-guilty-to-deleting-16k-webex-teams-accounts/158748/
• 15-year-old Merseyside boy arrested for hacking UK PayPal accounts https://www.databreaches.net/15-year-old-merseyside-boy-arrested-for-hacking-uk-paypal-accounts/
• Follow-up on Amazon Supplier Fraud https://www.schneier.com/blog/archives/2020/08/amazon_supplier.html

Other Security / Risk

Articles covering other types of risks.

• COVID-19 Other risks and impact:

  • Canada’s GDP dropped 38.7% between April and June: Statistics Canada https://globalnews.ca/news/7303230/canada-gdp-q2-2020/
  • Up to $22 billion in COVID aid may have gone to high-income Canadians: Fraser Institute study https://nationalpost.com/news/politics/up-to-22-billion-in-covid-aid-may-have-gone-to-high-income-canadians-fraser-institute-study
  • Remote work has saved Americans $91 billion in commuting costs https://www.businessinsider.com/the-pandemic-slashes-commuting-times-saving-americans-billions-2020-8
  • Sunflower seeds surge in demand as Canadians feed more birds outside https://globalnews.ca/news/7306282/coronavirus-sunflower-seeds-canada-demand/
  • KFC drops Finger Lickin' Good slogan amid coronavirus https://www.bbc.co.uk/news/business-53901236
  • How WeChat Censored the Coronavirus Pandemic https://www.wired.com/story/wechat-chinese-internet-censorship-coronavirus
• Blockchain, the amazing solution for almost nothing https://thecorrespondent.com/655/blockchain-the-amazing-solution-for-almost-nothing/84495599980-95473476
• They Know How to Prevent Megafires. Why Won’t Anybody Listen? https://www.propublica.org/article/they-know-how-to-prevent-megafires-why-wont-anybody-listen
• US Postal Service Files Blockchain Voting Patent https://www.schneier.com/blog/archives/2020/08/us_postal_servi.html
• Plane makes emergency landing next to major Toronto-area highway https://toronto.ctvnews.ca/plane-makes-emergency-landing-next-to-major-toronto-area-highway-1.5085283
• We Just Found Another Obstacle For Quantum Computers to Overcome - And It's Everywhere https://www.sciencealert.com/natural-radiation-could-be-a-problem-for-our-quantum-computing-future
• Google reportedly took five days to decide not to remove misleading ads about voting by mail https://www.theverge.com/2020/8/29/21406609/google-voting-mail-fraud-ads-trump-election-misinformation
• Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem https://threatpost.com/2020-election-secure-vote-tallies-problem/158533/
• The 'Backdoor' Risks to Political Campaigns https://www.databreachtoday.com/backdoor-risks-to-political-campaigns-a-14886
• What to expect when you're electing: The building blocks of disinformation campaigns https://blog.talosintelligence.com/2020/08/what-to-expect-electing-disinformation-building-blocks.html
• Scots Wikipedia Is Notoriously Inaccurate Thanks to One Teenage Editor https://www.mentalfloss.com/article/628796/teen-added-thousands-fake-translations-scots-wiki
• ‘Sickening’: A California firefighter’s account was drained after his wallet was stolen as he battled wildfires https://www.washingtonpost.com/nation/2020/08/24/california-wildfire-theft-firefighter/
• Apology made after video appears to show man jumping onto moving TTC bus, officials call act ‘incredibly dumb’ https://globalnews.ca/news/7296181/ttc-bus-parkour-video/
• ‘They were about to embalm her’: A Michigan funeral home noticed a ‘dead’ woman was actually breathing https://www.washingtonpost.com/nation/2020/08/25/timesha-beauchamp-dead-funeral-home-alive/
• Part of Scarborough Bluffs near lookout point collapses onto beach https://globalnews.ca/news/7294489/scarborough-bluffs-lookout-point-rock-collapses/
• Windows 95 is 25 years old https://www.theverge.com/21398999/windows-95-anniversary-release-date-history

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, and waves - now reinfection:

  • India Is in Denial about the COVID-19 Crisis https://www.scientificamerican.com/article/india-is-in-denial-about-the-covid-19-crisis/
  • By March, The US Counted 1,500 COVID-19 Cases. Scientists Say We'd Missed 100,000 More https://www.sciencealert.com/scientists-say-we-missed-over-100-000-us-cases-by-march-when-we-only-counted-1-500
  • Canada records 267 additional coronavirus cases, 2 more deaths https://globalnews.ca/news/7293928/coronavirus-canada-daily-wrap-august-23/
  • Ontario reports 148 new coronavirus cases marking largest single-day increase since July 24 https://globalnews.ca/news/7305492/ontario-coronavirus-cases-aug-29-covid19/
  • More than 1,000 coronavirus cases diagnosed at University of Alabama campuses https://globalnews.ca/news/7305116/university-of-alabama-coronavirus/
  • COVID-19 exposure alert issued over viral party at Wreck Beach https://globalnews.ca/news/7305241/covid-19-exposure-alert-wreck-beach/
  • 'No social distancing': US college towns close bars as Covid-19 cases surge https://www.theguardian.com/us-news/2020/aug/29/theyre-not-social-distancing-us-college-towns-close-bars-as-infections-surge
  • Someone in Hong Kong Caught COVID-19 Twice - Possibly The First Confirmed Reinfection https://www.sciencealert.com/someone-has-contracted-covid-19-twice-in-hong-kong-the-first-case-of-reinfection
  • Researchers have identified a possible case of COVID-19 reinfection in Nevada https://www.businessinsider.com/study-researchers-identify-covid-19-reinfection-case-in-nevada-2020-8
  • B.C. police make arrest, issue 2nd fine at same apartment where party host fined $2,300 https://globalnews.ca/news/7293867/victoria-party-second-covid-fine/
  • Prisoners at San Quentin are dying from COVID, and help isn’t coming https://www.theverge.com/21375383/san-quentin-prison-covid-19-coronavirus-outbreak-negligence-investigation
  • Kingston health expert warns how easy it is to burst your social bubble https://globalnews.ca/news/7295730/social-bubble-covid-19/
  • Why COVID-19 infection curves behave so unexpectedly https://scienmag.com/why-covid-19-infection-curves-behave-so-unexpectedly/

• Guidance, Response and Recovery:

  • Nurses have died more often from COVID-19 than other healthcare workers during the pandemic https://www.businessinsider.com/nurses-immigrants-healthcare-workers-died-the-most-from-covid-19-2020-8
  • Researchers at the University of Arizona say they stopped a coronavirus outbreak before it spread by testing students' poop https://www.businessinsider.com/testing-poop-wastewater-stopped-covid-outbreak-university-of-arizona-2020-8
  • Yosemite National Park’s Sewage Tested Positive for Coronavirus https://www.mentalfloss.com/article/626773/yosemite-national-parks-sewage-just-tested-positive-coronavirus
  • Swimming Is One Thing in The Pandemic. The Crowd at The Beach Is Something Else https://www.sciencealert.com/in-covid-19-risk-swimming-is-one-thing-the-crowd-at-the-beach-is-something-else
  • Coronavirus: Canada extending international travel restrictions, mandatory quarantine until Sept. 30 https://globalnews.ca/news/7304292/coronavirus-canada-extending-international-travel-restrictions-mandatory-quarantine-until-sept-30/
  • After-school programs an ‘afterthought’ in COVID-19 guidelines https://globalnews.ca/news/7297086/coronavirus-canada-after-school-programs/
  • Please remain calm while the robot swabs your nose https://www.theverge.com/2020/8/24/21377011/robot-nasal-swab-machine-autonomous-covid-19-test-brain-navi
  • Citizens’ adherence to COVID-19 social distancing measures depends on government response https://scienmag.com/citizens-adherence-to-covid-19-social-distancing-measures-depends-on-government-response/
  • Hundreds of university students have been suspended for violating COVID safety policies as cases rise across college campuses https://www.businessinsider.com/college-students-suspended-for-violating-coronavirus-campus-guidelines-2020-8
  • The 6-foot social distancing rule is based on nearly 80-year-old science. Scientists at MIT and Oxford have created a traffic light system to use instead. https://www.businessinsider.com/6-foot-distancing-rule-is-outdated-oxford-mit-new-system-2020-8

• Treatments, Testing, Triage, and Trials, and things we learned:

  • A case of coronavirus reinfection shows the complexities of the pandemic https://www.theverge.com/2020/8/29/21406019/covid-19-coronavirus-reinfection-immunity-antibodies-vaccine-test
  • Children with no COVID-19 symptoms may shed virus for weeks https://scienmag.com/children-with-no-covid-19-symptoms-may-shed-virus-for-weeks/
  • The CDC quietly modified coronavirus testing guidelines to exclude people who are asymptomatic, potentially limiting our understanding of the true scope of the virus https://www.businessinsider.com/cdc-modified-covid-19-testing-guidelines-to-exclude-asymptomatic-people-2020-8
  • FDA authorizes Abbott’s fast $5 COVID-19 test https://www.theverge.com/2020/8/26/21403432/fda-authorizes-binaxnow-covid-19-test-abbott-cheap-fast
  • Blood pressure medication improves COVID-19 survival rates https://scienmag.com/blood-pressure-medication-improves-covid-19-survival-rates/
  • Evidence for Convalescent Plasma Coronavirus Treatment Lags behind Excitement https://www.scientificamerican.com/article/evidence-for-convalescent-plasma-coronavirus-treatment-lags-behind-excitement/
  • Despite CDC's Changed Advice, WHO Confirms Anyone Exposed to COVID-19 Should Be Tested https://www.sciencealert.com/after-the-cdc-s-quiet-change-who-confirms-anyone-exposed-to-covid-19-should-be-tested
  • Coronavirus: Dr Anthony Fauci warns against rushing out vaccine https://www.bbc.co.uk/news/world-us-canada-53899908
  • China says it has been injecting key workers with a coronavirus vaccine candidate for a month https://www.businessinsider.com/china-giving-coronavirus-vaccine-candidate-key-workers-2020-8
  • Scientists May Have Identified Why COVID-19 Affects Men And Women So Differently https://www.sciencealert.com/different-immune-responses-could-explain-why-covid-19-kills-more-men

• Masks, anti-maskers, and distancing:

  • ‘If I can do it, anyone can’: B.C. man to cycle across Canada wearing a mask https://globalnews.ca/news/7305134/cycling-across-canada-with-mask/
  • Delta has banned 240 passengers for refusing to wear masks during flights https://www.businessinsider.com/delta-air-lines-mask-ban-coronavirus-2020-8
  • Paris is now getting a mandatory mask requirement following an 'undeniable resurgence' of coronavirus cases https://www.businessinsider.com/paris-mask-mandate-surge-covid-19-france-2020-8
  • Here Are 6 Myths About Masks That People Really Need to Stop Sharing https://www.sciencealert.com/here-are-6-myths-about-masks-that-everyone-should-stop-believing

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• University of Ky study leads to potential for new treatment approach to Alzheimer’s https://scienmag.com/university-of-ky-study-leads-to-potential-for-new-treatment-approach-to-alzheimers/
• Africa to be declared free of wild polio https://globalnews.ca/news/7296609/africa-polio-free/
• Up to Half The World's Water Supply Is Being Stolen https://www.sciencealert.com/up-to-half-the-world-s-water-is-stolen-but-there-are-ways-to-fix-the-problem
• Mysterious ultra fuel efficient 'bullet' plane is finally revealed https://www.cnn.com/travel/article/celera-500l-plane/index.html
• Breakthrough in Artificial Photosynthesis Lets Scientists Store The Sun's Energy as Fuel https://www.sciencealert.com/new-artificial-photosynthesis-device-creates-energy-from-co2-water-and-sunlight
• Cells Solve an English Hedge Maze with the Same Skills They Use to Traverse the Body https://www.scientificamerican.com/article/cells-solve-an-english-hedge-maze-with-the-same-skills-they-use-to-traverse-the-body/
• (Mind melting)The Sudoku Trick Very Few Experts Know https://www.youtube.com/watch?v=e9_FkcNAZcA
• No, two approaching near-Earth asteroids won’t hit us. 2020, cool your jets. https://www.syfy.com/syfywire/two-asteroids-will-not-earth-2020
• How cold was the ice age? https://phys.org/news/2020-08-cold-ice-age.html
• Earth Lost a 'Staggering' 28 Trillion Tonnes of Ice in Just 23 Years https://www.sciencealert.com/earth-lost-a-staggering-28-trillin-tonnes-of-ice-in-23-years-scientist-find
• Did Jupiter Push Venus Into a Runaway Greenhouse? https://www.universetoday.com/147535/did-jupiter-push-venus-into-a-runaway-greenhouse/
• Astronomers find 100 brown dwarfs in our neighborhood https://www.universetoday.com/147581/astronomers-find-100-brown-dwarfs-in-our-neighborhood/
• Fifty new planets confirmed in machine learning first https://scienmag.com/fifty-new-planets-confirmed-in-machine-learning-first/
• Going deep on colliding galaxies https://www.syfy.com/syfywire/going-deep-on-colliding-galaxies
• There's a Theory Beyond Relativity That Would Allow You to Fly Through a Wormhole https://www.sciencealert.com/there-s-a-theory-of-relativity-that-could-allow-you-to-fly-through-a-wormhole