This Week's [in]Security - Issue 190

Welcome to This Week’s [in]Security. PIN Requirement Future Date Changes. FAQ Update. Magecart. Cardbreaches. New breaches. New Ransomware. Facial Recognition. Right to be forgotten. NIST. MFA. Deepfakes. @New Tools. Pluton. New free CA. Encrypt only. New browser. LidarPhone. Cyber AI. AWS. ICS. Cisco. Citrix. Oldies. Tesla. Fixes. Trends. Nation States. Legal actions. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. Contact Tracing. Vaccine Progress. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI Security Standards Council Bulletin: Revisions to the Implementation Dates and Scope for PCI PIN Security Requirement 32-9 Encrypted Key Loading Deferred https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Bulletin_on_Encrypted_Key_Loading.pdf
• FAQ#1485 What is the meaning of “initial assessment” in PCI DSS? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/What-is-the-meaning-of-initial-assessment-in-PCI-DSS
• Updated index of PCI FAQ's https://controlgap.com/index-pci-frequently-asked-questions/
• SAFECode and PCI SSC Discuss the Evolution of Secure Software https://blog.pcisecuritystandards.org/safecode-and-pci-ssc-discuss-the-evolution-of-secure-software

• Magecart:

  • Heads up: A new strain of card-skimming Grelos malware is on the loose https://www.theregister.com/2020/11/18/magecart_grelos_research/
  • New Grelos skimmer variant reveals overlap in Magecart group activities, malware infrastructure https://www.zdnet.com/article/magecart-grelos-skimmer-variant-reveals-overlap-in-credit-card-thefts seller JM Bullion hacked to steal customers' credit cards https://www.bleepingcomputer.com/news/security/gold-seller-jm-bullion-hacked-to-steal-customers-credit-cards/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New breaches:

  • American Bank Systems hit by ransomware attack, full 53 GB data dump leaked https://www.databreaches.net/american-bank-systems-hit-by-ransomware-attack-full-53-gb-data-dump-leaked/
  • GO SMS Pro — one of the most popular Android messaging apps - uploads every file you send to the internet — just exposed millions of private photos and files https://www.databreaches.net/go-sms-pro-one-of-the-most-popular-android-messaging-apps-just-exposed-millions-of-private-photos-and-files/ and https://www.theverge.com/2020/11/19/21575733/go-sms-pro-media-flaw-vulnerability-messaging-app-trustwave
  • Good Heavens! 10M Impacted in Pray.com Data Exposure https://threatpost.com/10m-impacted-pray-com-data-exposure/161459/
  • Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak https://www.databreaches.net/over-80000-id-cards-and-fingerprint-scans-exposed-in-cloud-leak/
  • Iowa Hospital Alerts 60K Individuals Affected by June Data Breach https://www.darkreading.com/attacks-breaches/iowa-hospital-alerts-60k-individuals-affected-by-june-data-breach/d/d-id/1339497
  • Thousands of New Zealanders’ email addresses, passwords stolen in data breach https://www.databreaches.net/thousands-of-new-zealanders-email-addresses-passwords-stolen-in-data-breach/

• New Ransomware and "Incidents":

  • Mitsubishi Electric again falls victim to cyberattack https://www.databreaches.net/mitsubishi-electric-again-falls-victim-to-cyberattack/
  • Ransomware attack forces web hosting provider Managed.com to take servers offline https://www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack
  • Archdiocese of St. Louis websites down after ransomware attack https://www.databreaches.net/archdiocese-of-st-louis-websites-down-after-ransomware-attack/
  • French newspaper crippled by ransomware attack https://www.databreaches.net/french-newspaper-crippled-by-ransomware-attack/
  • Manchester United football club discloses security breach https://www.zdnet.com/article/manchester-united-football-club-discloses-security-breach
  • Cold Storage Firm Reports Cybersecurity Incident https://www.databreachtoday.com/cold-storage-firm-reports-cybersecurity-incident-a-15381
  • COVID-19 Antigen Firm Hit by Malware Attack https://threatpost.com/covid-19-antigen-malware-attack/161317/

• Follow-ups and fall-out:

  • Ticketmaster Fined $1.7 Million for Data Security Failures https://www.databreachtoday.com/ticketmaster-fined-17-million-for-data-security-failures-a-15369
  • FTC asks court to force Bannon to testify on Cambridge Analytica scandal https://www.databreaches.net/ftc-asks-court-to-force-bannon-to-testify-on-cambridge-analytica-scandal/
  • Inside the Cit0Day Breach Collection https://www.troyhunt.com/inside-the-cit0day-breach-collection/
  • Ongoing Data Breach Dispute Underscores Emerging Legal Issues in Data Privacy Litigation https://www.databreaches.net/ongoing-data-breach-dispute-underscores-emerging-legal-issues-in-data-privacy-litigation/

Privacy

Articles about privacy related news, risks, and trends.

• EPIC to Massachusetts Supreme Court: Facebook Needs to Disclose Apps that Violated User Privacy https://epic.org/2020/11/epic-to-massachusetts-supreme-.html
• The US Military Buys Commercial Location Data https://www.schneier.com/blog/archives/2020/11/the-us-military-buys-commercial-location-data.html
• We Should Be Able to Use Apps Without Fear of Government Surveillance https://www.nytimes.com/2020/11/18/technology/government-surveillance-by-data.html
• Mac certificate check stokes fears that Apple logs every app you run (has reasonable explanation) https://arstechnica.com/gadgets/2020/11/mac-certificate-check-stokes-fears-apple-logs-every-app-you-run/_Facial

• FacialRecognition:

  • EPIC Seeks Documents on Facial Recognition System Used to Identify D.C. Protester https://epic.org/2020/11/epic-seeks-documents-on-facial.html
  • LAPD Bans Use of Clearview AI Facial Recognition https://epic.org/2020/11/lapd-bans-use-of-clearview-ai-.html and https://threatpost.com/lapd-facial-recognition-privacy-concerns/161364/_Ok Google: please replace, revoke and publish your DKIM secret keys https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/ and https://www.theregister.com/2020/11/19/dkim_encryption_expiration/

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Trudeau privacy law to level stiff fines for digital breaches https://www.bnnbloomberg.ca/trudeau-privacy-law-to-level-stiff-fines-for-digital-breaches-1.1523674, https://www.ctvnews.ca/politics/trudeau-government-ready-to-usher-in-new-privacy-legislation-1.5190352
  • Privacy Pressure Points: A Closer Look at Ten Consumer Privacy Protection Act Concerns https://www.michaelgeist.ca/2020/11/privacy-pressure-points-a-closer-look-at-ten-consumer-privacy-protection-act-concerns
  • Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades https://www.michaelgeist.ca/2020/11/canadas-gdpr-moment-why-the-consumer-privacy-protection-act-is-canadas-biggest-privacy-overhaul-in-decades/
  • The Law Bytes Podcast, Episode 70: “It’s Massive Free Distribution” – Village Media’s Jeff Elgie on Why His Company Opposes Lobbying Efforts to Establish a Licence for Linking to News Stories https://www.michaelgeist.ca/2020/11/law-bytes-podcast-episode-70/

• US:

  • IoT Cybersecurity Improvement Act Passes Senate https://www.securityweek.com/iot-cybersecurity-improvement-act-passes-senate
  • FCC votes to open up more Wi-Fi spectrum https://www.theverge.com/2020/11/18/21573068/fcc-wifi-5-9ghz-unlicensed-spectrum-frequencies
  • GitHub Reinstates youtube-dl After RIAA’s Abuse of the DMCA https://www.eff.org/deeplinks/2020/11/github-reinstates-youtube-dl-after-riaas-abuse-dmca

• World:

  • Antitrust probes too slow to curb tech giants, say EU auditors https://www.cbc.ca/news/business/tech-giants-eu-antitrust-investigations-1.5807936

• New NIST:

  • Updated Workforce Framework for Cybersecurity: NIST SP 800-181 Revision 1 https://content.govdelivery.com/accounts/USNIST/bulletins/2acb799 and https://content.govdelivery.com/accounts/USNIST/bulletins/2acb053
  • National Cybersecurity Career Awareness Week Recap https://content.govdelivery.com/accounts/USNIST/bulletins/2ad1cb7
  • NISTIR 8278, National Cybersecurity Online Informative References (OLIR) Program: Program Overview and OLIR Uses https://csrc.nist.gov/publications/detail/nistir/8278/final, https://csrc.nist.gov/publications/detail/nistir/8278a/final, and https://www.nccoe.nist.gov/events/workshop-cybersecurity-online-informative-references
• ICANN Can Stand Against Censorship (And Avoid Another .ORG Debacle) by Keeping Content Regulation and Other Dangerous Policies Out of Its Registry Contracts https://www.eff.org/deeplinks/2020/11/icann-can-stand-against-censorship-and-avoid-another-org-debacle-keeping-content

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Techniques:

  • The Importance of Multi-Factor Authentication https://insights.3bdatasecurity.com/post/102gkjt/the-importance-of-multi-factor-authentication
  • How to spot a deepfake, according to experts who clocked the fake persona behind the Hunter Biden dossier https://www.businessinsider.com/how-to-spot-a-deepfake-2020-11
  • An End-to-End Approach to Next-Gen Web Application and API Security https://blog.qualys.com/product-tech/2020/11/16/an-end-to-end-approach-to-next-gen-web-application-and-api-security

• New Tools and upgrades:

  • Find Out How Ad Trackers Follow You On the Web With EFF’s “Cover Your Tracks” Tool https://www.eff.org/press/releases/find-out-how-online-trackers-follow-you-web-effs-cover-your-tracks-tool
  • AWS Network Firewall Now Generally Available https://www.securityweek.com/aws-network-firewall-now-generally-available
  • Remote Desktop Manager for Linux Now Available https://blog.devolutions.net/2020/11/remote-desktop-manager-for-linux-now-available
  • New Zoom feature can alert room owners of possible Zoombombing disruptions https://www.zdnet.com/article/new-zoom-feature-can-alert-room-owners-of-possible-zoombombing-disruptions/
  • Researchers Say They've Developed Fastest Open Source IDS/IPS https://www.darkreading.com/attacks-breaches/researchers-say-theyve-developed-fastest-open-source-ids-ips/d/d-id/1339472
  • Google is testing end-to-end encryption in Android Messages https://arstechnica.com/gadgets/2020/11/google-is-testing-end-to-end-encryption-in-android-messages/ and https://www.theregister.com/2020/11/20/google_rcs_e2e_brouhaha/
  • Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/
  • Introducing another free CA as an alternative to Let's Encrypt https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/
  • Want to Encrypt All The Things? Firefox has you covered with HTTPS-Only Mode! https://scotthelme.co.uk/firefox-https-only-mode/ and https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
  • Ghostery’s Making a Privacy Browser—and Ad-Free Search Engine https://www.wired.com/story/ghostery-browser-search-ad-free
• Preliminary Hardware Benchmarking of a Group of Round 2 NIST Lightweight AEAD Candidate https://eprint.iacr.org/2020/1459
• The MAGIC Mode for Simultaneously Supporting Encryption, Message Authentication and Error Correction https://eprint.iacr.org/2020/1460
• Twitter Hires Famed Hacker 'Mudge' as Security Head https://www.databreachtoday.com/twitter-hires-famed-hacker-mudge-as-security-head-a-15377
• Build.security raises $6M for its authorization policy management platform https://techcrunch.com/2020/11/18/build-security-raises-6m-for-its-authorization-policy-management-platform/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• (New nuance to "Hoover") LidarPhone attack converts smart vacuums into microphones https://www.zdnet.com/article/lidarphone-attack-converts-smart-vacuums-into-microphones/
• (Sigh)Online password '123456' more popular than ever and easy to crack https://www.cbc.ca/news/business/nordpass-list-of-most-common-and-worst-passwords-1.5807089 and https://www.zdnet.com/article/the-worst-passwords-of-2020-show-we-are-as-lazy-about-security-as-ever
• How AI Is powering a new generation of cyber-attacks https://www.theregister.com/2020/11/18/the_battle_of_the_algorithms/ and https://www.zdnet.com/article/artificial-intelligence-could-be-used-to-hack-connected-cars-drones-warn-security-experts/
• AWS Flaw Allows Attackers to Find Users' Access Codes https://www.databreachtoday.com/aws-flaw-allows-attackers-to-find-users-access-codes-a-15408
• Researchers Warn of Critical Flaw Affecting Industrial Automation Systems https://thehackernews.com/2020/11/researchers-warn-of-critical-flaws.html
• Researcher Discloses Critical RCE Flaws In Cisco Security Manager https://thehackernews.com/2020/11/researcher-discloses-critical-rce-flaws.html and https://www.zdnet.com/article/cisco-webex-bugs-allow-attackers-to-join-meetings-as-ghost-users
• Cisco rolls out fix for Webex flaws that let hackers eavesdrop on meetings https://arstechnica.com/information-technology/2020/11/cisco-rolls-out-fix-for-webex-flaws-that-lets-hackers-eavesdrop-on-meetings/
• Citrix SD-WAN Bugs Allow Remote Code Execution https://threatpost.com/citrix-sd-wan-bugs-remote-code-execution/161274/
• IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips https://www.theregister.com/2020/11/20/ibm_power9_specex_flaw/
• Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore https://isc.sans.edu/diary/rss/26798
• More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug https://www.zdnet.com/article/more-than-245000-windows-systems-still-remain-vulnerable-to-bluekeep-rdp-bug
• German COVID-19 Contact-Tracing Vulnerability Allowed RCE https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/
• Hundreds of Tesla Powerwall Gateways Potentially Exposed to Hacker Attacks https://www.securityweek.com/hundreds-tesla-powerwall-gateways-potentially-exposed-hacker-attacks
• Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/ and https://www.zdnet.com/article/chrome-87-released-with-fix-for-nat-slipstream-attacks-broader-ftp-deprecation
• Drupal sites vulnerable to double-extension attacks https://www.zdnet.com/article/drupal-sites-vulnerable-to-double-extension-attacks

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events:

  • This year’s biggest innovators? Hackers and cybercriminals. Again https://www.theregister.com/2020/11/16/learn_to_think_like_an_attacker/
  • GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/
  • Botnets have been silently mass-scanning the internet for unsecured ENV files https://www.zdnet.com/article/botnets-have-been-silently-mass-scanning-the-internet-for-unsecured-env-files
  • Major Power Outage in India Possibly Caused by Hackers: Reports https://www.securityweek.com/major-power-outage-india-possibly-caused-hackers-reports
  • Hacked Security Software Used in Novel South Korean Supply-Chain Attack https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/
  • Microsoft Warns of Office 365 Phishing Attacks https://www.databreachtoday.com/microsoft-warns-office-365-phishing-attacks-a-15395
  • Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns https://threatpost.com/google-services-weaponized-to-bypass-security-in-phishing-bec-campaigns/161467/
  • Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn https://arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/
  • Crypto trading platform Liquid hacked after DNS attack https://www.databreaches.net/crypto-trading-platform-liquid-hacked/
  • Nearly $20 million stolen from the DeFi protocol Pickle Finance https://www.databreaches.net/nearly-20-million-stolen-from-the-defi-protocol-pickle-finance/
  • Attackers Target Porn Site Goers in ‘Malsmoke’ Zloader Attack https://threatpost.com/attackers-porn-malsmoke-zloader-attack/161277/

• Nation State Actors:

  • State-sponsored actors 'very likely' looking to attack electricity supply, says intelligence agency https://www.cbc.ca/news/politics/cse-threat-assesment-1.5806213
  • Russia Denies Microsoft Claims of Healthcare Cyber Attacks https://www.securityweek.com/russia-denies-microsoft-claims-healthcare-cyber-attacks
  • Massive, China-state-funded hack hits companies around the world, report says https://arstechnica.com/information-technology/2020/11/massive-china-state-funded-hack-hits-companies-around-the-word-report-says/

• Crime:

  • Convicted SIM Swapper Gets 3 Years in Jail https://krebsonsecurity.com/2020/11/convicted-sim-swapper-gets-3-years-in-jail/
  • Accused Ringleader of FIN7 Hacking Group Pleads Guilty https://www.databreachtoday.com/accused-ringleader-fin7-hacking-group-pleads-guilty-a-15397
  • IE: ‘Loner’, 21, jailed over online theft of $2m worth of cryptocurrencies https://www.databreaches.net/ie-loner-21-jailed-over-online-theft-of-2m-worth-of-cryptocurrencies/
  • Florida Man Gets 3-Year Prison Term for Account Takeover Scam https://www.databreachtoday.com/florida-man-gets-3-year-prison-term-for-account-takeover-scam-a-15427

Other Security / Risk

Articles covering other types of risks.

• UK reveals new 'National Cyber Force', announces Space Command and mysterious AI agency https://www.theregister.com/2020/11/20/uk_ai_space_cyber_agency/
• Facebook says hate speech consists of less than 1% of its content (that's still huge) https://globalnews.ca/news/7474141/facebook-hate-speech-stats/
• Trump Fires Security Chief Christopher Krebs https://krebsonsecurity.com/2020/11/trump-fires-security-chief-christopher-krebs/
• After Trump tweets Defcon hacking video, voting security experts call BS https://arstechnica.com/tech-policy/2020/11/voting-security-experts-refute-trump-claims-of-voting-machine-hacking/
• Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women https://www.wired.com/story/telegram-still-hasnt-removed-an-ai-bot-thats-abusing-women
• Tax abuse and offshore havens are costing governments $427 billion a year, according to a new study https://www.businessinsider.com/tax-abuse-tax-havens-cost-tax-justice-network-study-2020-11
• Canada - Uncommon bills will lose legal tender status is 2021. Is your collection worthless? https://globalnews.ca/news/7475928/uncommon-bills-legal-tender-status-2021/

• Health, Safety & Environment:

  • In a Wild Twist, Asymptomatic Children Can Spread Malaria to Mosquitoes https://www.sciencealert.com/in-a-wild-twist-asymptomatic-children-can-spread-malaria-to-mosquitoes
  • NASA to launch satellite to track rising sea levels https://www.theverge.com/2020/11/20/21583468/nasa-launch-satellite-sea-level-rise-climate-change-esa
  • Depressing Study Shows a Big Issue With Using Cloud Seeding to Solve Global Warming https://www.sciencealert.com/solar-geoengineering-won-t-be-able-to-hold-off-global-warming-forever-scientists-warn
  • An Asteroid Made a Record Close Pass of Earth on Friday 13, And We Didn't See It Coming https://www.sciencealert.com/earth-just-had-a-record-close-shave-with-a-house-sized-asteroid and https://www.syfy.com/syfywire/on-friday-a-small-asteroid-passed-just-400-km-from-earth
  • Asteroid Apophis Has a Slim Chance of Hitting Us in 2068. Scientists Are Making Plans https://www.sciencealert.com/asteroid-apophis-has-a-slim-chance-of-hitting-earth-in-2068-scientists-want-to-study-it
• YRP RIDE check leads to seizure of an improvised firearm https://www.yrp.ca/en/Modules/News/index.aspx?newsId=6592b3d8-56bb-4405-b584-4b9110bc0658
• Toronto cops pull over driver with licence plates that expired 31 years ago (still just a $110 ticket) https://www.blogto.com/city/2020/11/toronto-cops-pull-over-driver-licence-plate-expired-31-years-ago/

• Other risks relating to COVID and the new normal:

  • Airbnb lost millions in revenue due to the coronavirus, IPO filing reveals https://www.theverge.com/2020/11/16/21570416/airbnb-coronavirus-pandemic-travel-hospitality
  • COVID Casts More Doubt On Future Of Bank Branches https://www.pymnts.com/news/banking/2020/covid-casts-more-doubt-on-future-of-bank-branches/
  • Secret Service Investigates 700 Cases of Covid Relief Fraud https://www.wired.com/story/secret-service-covid-relief-fraud-location-data-security-news

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, and waves - now reinfection:

  • Hospitals Know What’s Coming and this can't continue https://www.theatlantic.com/health/archive/2020/11/americas-best-prepared-hospital-nearly-overwhelmed/617156/ and https://www.theatlantic.com/science/archive/2020/11/third-surge-hospitals-staffing-shortage/617128/
  • Actual COVID-19 Cases Could Be 6 Times Greater Than Official Figures https://www.sciencealert.com/the-actual-number-of-covid-19-cases-is-far-higher-than-official-figures-in-many-nations
  • Most coronavirus cases spread from people with no symptoms, CDC says in new report https://www.businessinsider.com/cdc-most-coronavirus-cases-spread-from-people-without-symptoms-2020-11
  • Superspreader Events Played a Key Role in Igniting The Current Pandemic Globally https://www.sciencealert.com/superspreader-events-around-the-world-played-a-key-role-in-igniting-the-covid-19-pandemic
  • Covid: Mexico passes 100,000 coronavirus deaths https://www.bbc.co.uk/news/world-latin-america-55011840
  • Canada could see 20,000 COVID-19 cases per day by end of year https://www.cbc.ca/news/politics/covid19-tam-modelling-projections-1.5808751
  • Ontario reports nearly 1,600 new coronavirus cases, 21 more deaths https://globalnews.ca/news/7476694/ontario-coronavirus-cases-nov-21-covid19/
  • Four Ontario neighbourhoods with highest COVID-19 positivity rates last week were all in Peel Region https://toronto.ctvnews.ca/four-ontario-neighbourhoods-with-highest-covid-19-positivity-rates-last-week-were-all-in-peel-region-1.5196364
  • Toronto school declares outbreak after 13 students test positive for COVID-19 https://toronto.ctvnews.ca/toronto-school-declares-outbreak-after-13-students-test-positive-for-covid-19-1.5191255
  • ‘All it takes is one case’: How coronavirus cases suddenly spiked across Nunavut https://globalnews.ca/news/7476295/coronavirus-nunavut-cases-spike/
  • WHO chief Tedros says countries that let Covid run unchecked 'are playing with fire' https://www.cnbc.com/2020/11/16/who-chief-tedros-says-countries-that-let-covid-run-unchecked-are-playing-with-fire.html
  • Sweden finds coronavirus in mink industry workers https://www.cbc.ca/news/world/mink-coronavirus-sweden-denmark-1.5807938

• Contact Tracing:

  • EFF Urges Universities to Commit to Transparency and Privacy Protections For COVID-19 Tracing Apps https://www.eff.org/press/releases/eff-urges-universities-commit-transparency-and-privacy-protections-covid-19-tracing

• Guidance, Response and Recovery:

  • Advice to counter COVID-19 fatigue: Psychologist https://globalnews.ca/news/7473078/advice-to-counter-covid-19-fatigue-psychologist/
  • Canada must reduce contacts to ‘only essential activities’ to stop 2nd wave https://globalnews.ca/news/7474353/coronavirus-canada-tam-modelling/
  • Don’t Eat Inside a Restaurant https://www.theatlantic.com/politics/archive/2020/11/can-you-get-coronavirus-inside-restaurant/617151/
  • The CDC classified Black Friday shopping as a 'higher-risk activity' — experts say masks and avoiding crowds are key https://www.businessinsider.com/experts-advice-risk-shopping-during-higher-risk-black-friday-stores-2020-11
  • California's Covid curfew to begin, as US cases hit 12-million mark https://www.bbc.co.uk/news/world-us-canada-55030611
  • Pizza worker's 'lie' forced South Australia lockdown https://www.bbc.co.uk/news/world-australia-55011790
  • China curtailed travel ahead of the Lunar New Year. As Thanksgiving approaches, the US is ignoring that example. https://www.businessinsider.com/thanksgiving-us-not-following-chinese-new-year-example-coronavirus-2020-11
  • Virus surges complicate the distribution of scarce COVID-19 treatments https://www.theverge.com/2020/11/19/21575207/antibody-treatment-distribution-limited-dose-coronavirus-treatment
  • Majority of travellers entering Canada during COVID-19 given OK to not quarantine https://www.cbc.ca/news/business/quarantine-exempt-travellers-border-covid-19-canada-essential-workers-1.5804848
  • Canada-U.S. border closure extended 30 days as American COVID-19 cases rise https://toronto.citynews.ca/2020/11/18/canada-u-s-border-closure-extended-30-days-as-american-covid-19-cases-rise-source-2/
  • Border loophole? Canadian snowbirds shipping cars, RVs to U.S., then flying in https://www.ctvnews.ca/canada/border-loophole-canadian-snowbirds-shipping-cars-rvs-to-u-s-then-flying-in-1.5196426
  • Ontario premier says more COVID-19 testing is needed in long-term care as death toll rises https://toronto.ctvnews.ca/ontario-premier-says-more-covid-19-testing-is-needed-in-long-term-care-as-death-toll-rises-1.5190438
  • Coronavirus: Here’s what you can, can’t do in Toronto and Peel Region during lockdown stage https://globalnews.ca/news/7475735/coronavirus-toronto-peel-ontario-lockdown-restrictions/

• Treatments, Testing, Triage, and Trials:

  • (Interesting) MMR vaccine could protect against COVID-19 https://scienmag.com/mmr-vaccine-could-protect-against-covid-19/
  • Covid: Jab for people who cannot be vaccinated in trials https://www.bbc.co.uk/news/health-55022288
  • New tool helps predict outcomes for COVID-19 https://scienmag.com/new-tool-helps-predict-outcomes-for-covid-19/
  • Rapid COVID-19 Antibody Test Is Not as Accurate as We Were Told, Scientists Warn https://www.sciencealert.com/rapid-covid-19-test-is-not-as-accurate-as-we-were-told-scientists-warn
  • Rapid testing 75% of a city every 3 days could 'drive the epidemic toward extinction' within 6 weeks https://www.businessinsider.com/study-rapid-testing-make-dent-into-covid-19-six-weeks-2020-11
  • Why federal government should reject human challenge trials for COVID-19 vaccine https://www.cbc.ca/news/opinion/opinion-covid-vaccine-human-challenge-trials-1.5790713 Progress:
  • Pfizer files for emergency use of coronavirus vaccine in U.S. — what about in Canada? https://globalnews.ca/news/7474273/pfizer-emergency-use-coronavirus-vaccine-canada/
  • Moderna's coronavirus vaccine is 94.5 per cent effective, according to company data https://www.ctvnews.ca/health/coronavirus/moderna-s-coronavirus-vaccine-is-94-5-per-cent-effective-according-to-company-data-1.5190419 and https://www.sciencealert.com/moderna-joins-pfizer-in-creating-a-vaccine-that-s-effective-at-preventing-covid-19
  • Covid: Oxford vaccine shows 'encouraging' immune response in older adults https://www.bbc.co.uk/news/health-54993652
  • Doing the Touchy Math on Who Should Get a COVID Vaccine First https://www.scientificamerican.com/article/doing-the-touchy-math-on-who-should-get-a-covid-vaccine-first/
  • Canada could get multiple coronavirus vaccines. Experts say there are unique challenges https://globalnews.ca/news/7472038/coronavirus-vaccine-canada-challenges/
  • Ontario set to receive 2.4 million doses of COVID-19 vaccine in early 2021 https://toronto.ctvnews.ca/ontario-set-to-receive-2-4-million-doses-of-covid-19-vaccine-in-early-2021-1.5194268

• Things we learned:

  • How England's test-and-trace system went wrong https://www.bbc.co.uk/news/health-55008133
  • People who develop COVID-19 antibodies are unlikely to get the virus again for at least 6 months, a new Oxford University study of more than 12,000 people suggests https://www.businessinsider.com/covid-antibodies-protection-covid19-antibody-immunity-reinfection-second-infection-2020-11
  • Airflow studies reveal strategies to reduce indoor transmission of COVID-19 https://scienmag.com/airflow-studies-reveal-strategies-to-reduce-indoor-transmission-of-covid-19/
  • A sulfur molecule to block the coronavirus https://scienmag.com/a-sulfur-molecule-to-block-the-coronavirus/
  • Scientists Come Closer to Understanding COVID-19 'Cytokine Storms' https://www.mentalfloss.com/article/637580/covid-19-mechanism-behind-cytokine-storms
  • Coronavirus Antibodies Good. Machine-Made Molecules Better? https://www.nytimes.com/2020/11/21/science/coronavirus-antibodies-artificial-intelligence.html
  • Abandoning Big Cities Beats Closing Borders When Fighting Pandemics, Simulation Shows https://www.sciencealert.com/abandoning-large-cities-beats-closing-borders-when-fighting-pandemics
  • Vibrations of coronavirus proteins may play a role in infection https://scienmag.com/vibrations-of-coronavirus-proteins-may-play-a-role-in-infection/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Lockdowns could be avoided if 95% of people wore masks, says WHO https://www.cnn.com/2020/11/19/europe/coronavirus-europe-lockdown-tiers-intl/index.html
  • A new CDC report found that Kansas counties who complied with a mask mandate saw a decrease in cases compared to counties that didn't https://www.businessinsider.com/cdc-kansas-counties-mask-mandate-work-2020-11
  • Dr. Bonnie Henry op-ed: Why B.C. doesn't have a universal mask mandate https://bc.ctvnews.ca/mobile/dr-bonnie-henry-op-ed-why-b-c-doesn-t-have-a-universal-mask-mandate-1.5191721
  • Can Surgical Masks Be Reused? Scientists Are Asking Some Valid Questions https://www.sciencealert.com/can-surgical-masks-be-reused-scientists-are-asking-some-valid-questions
  • This company says it makes the first FDA-approved transparent face mask and has sold more than 12.5 million since April https://www.businessinsider.com/clearmask-fda-approved-transparent-face-mask-2020-11
  • COVID-19 fines issued after police attend large house party in Vernon https://globalnews.ca/news/7475494/covid-19-fines-large-house-party-vernon/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• 8 Infamous Macy’s Thanksgiving Day Parade Balloon Incidents https://www.mentalfloss.com/article/636676/macys-thanksgiving-day-parade-balloon-accidents
• UW engineering students create smartphone camera zoom lens that keeps picture quality https://www.cbc.ca/news/canada/kitchener-waterloo/university-of-waterloo-smartphone-camera-lens-invention-1.5808031
• GM says new batteries will make electric cars cheaper, last longer https://globalnews.ca/news/7473336/gm-electric-cars-battery/
• In a First, Scientists Say They've Partially Reversed a Cellular Aging Process in Humans https://www.sciencealert.com/oxygen-therapy-found-to-turn-back-the-sands-of-time-on-our-body-s-aging-cells
• For The First Time Ever, Scientists Have Created Diamonds in The Lab Without Heat https://www.sciencealert.com/for-the-first-time-ever-scientists-create-diamonds-in-the-lab-without-heat
• Gulls Work Out The Timing of School Lunch Breaks So They Can Steal Food https://www.sciencealert.com/gulls-in-the-uk-have-figured-out-when-schools-are-on-lunch-break-so-they-can-steal-food
• SpaceX capsule with 4 astronauts docks at International Space Station https://www.cbc.ca/news/world/spacex-docked-resilience-1.5804608
• Facing collapse, the famed Arecibo Observatory will be demolished https://www.theverge.com/2020/11/19/21575025/arecibo-observatory-puerto-rico-decommission-structural-collapse-cable-break
• A 100-Meter Rotating Liquid Mirror Telescope on the Moon? Yes Please. https://www.universetoday.com/148857/a-100-meter-rotating-liquid-mirror-telescope-on-the-moon-yes-please/
• A near-Earth asteroid passing us in December may actually be an old Moon rocket https://www.syfy.com/syfywire/a-near-earth-asteroid-passing-us-in-december-may-actually-be-an-old-moon-rocket and https://www.universetoday.com/148840/earth-and-the-moon-might-have-captured-an-old-upper-stage-rocket/
• Astronomers Detect Millions of Signals From an Intelligent Civilization: Us https://www.sciencealert.com/scientists-detected-26-million-possible-technosignatures-they-all-came-from-us
• Unexpectedly, The Universe Is Getting Hotter And Hotter as It Expands https://www.sciencealert.com/the-universe-is-getting-hotter-and-hotter-new-study-finds