This Week's [in]Security - Issue 200

Welcome to This Week’s [in]Security. SIGS. FAQ. New breaches: 220M, GOAT Breach? UScellular. EU. Mensa. New Ransomware. SkipTheDishes. Remote Proctoring. Facebook Oversight Board. catfishing. Credential Stuffing Liability. Crypto-wars. NIST&ISO. Pwn2Own. BlastDoor. Sudo. Flash Reflux?? Libgcrypt. WordPress Popup Builder. TikTok. Fuji HMI. ADT. Deepfakes. PrusaSlicer. NAT Slipstreaming. Trends. Ghost Accounts. Realtime Phishing. SolarWinds. Nation States. Arrests, etc. Netwalker. Disrupting Emotet. Influence Operations. Twice Victimized. Big Data. Bulletproof TLS. Health, Safety & Environment. GameStop. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI SSC Announces 2021 Special Interest Group Election Results https://blog.pcisecuritystandards.org/pci-ssc-announces-2021-special-interest-group-election-results
• PCI PTS PIN Security Requirements v3 Technical (Mandatory) Frequently Asked Questions https://www.pcisecuritystandards.org/documents/PTS_PIN_Technical_FAQs_v3_Jan_2021.pdf
• New PCI FAQ 1491 https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Does-PCI-DSS-define-which-versions-of-TLS-must-be-used
• Our Updated Index of PCI FAQ's https://controlgap.com/index-pci-frequently-asked-questions/
• PCI SSC Executive Director Discusses New Board and 2021 Priorities https://blog.pcisecuritystandards.org/pci-ssc-executive-director-discusses-new-board-and-2021-priorities
• Mastercard Debuts NextGen Contactless Technology https://www.pymnts.com/mastercard/2021/mastercard-debuts-nextgen-contactless-technology/
• Visa, Mastercard, Amex Earnings To Shed Light On Contactless, Debit Surge https://www.pymnts.com/earnings/2021/visa-mastercard-amex-earnings-to-shed-light-on-contactless-debit-surge/
• Debit Card Growth Outpaces Credit Cards and other Digital Transactions News briefs from 1/25/21 https://www.digitaltransactions.net/debit-card-growth-outpaces-credit-cards-and-other-digital-transactions-news-briefs-from-1-25-21/
• Touchless buttons that ‘mirror’ your finger could be the future in a post-pandemic world https://www.independent.co.uk/life-style/gadgets-and-tech/touchless-button-mirror-finger-b1792158.html
• Why your face could be set to replace your bank card https://www.bbc.co.uk/news/business-55748964

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Massive Brazilian Data Breach - 220M poeple https://www.schneier.com/blog/archives/2021/01/massive-brazilian-data-breach.html
  • 23M Gamer Records Exposed in VIPGames Leak https://threatpost.com/gamer-records-exposed-vipgames-leak/163352/
  • UScellular Breach Allowed Hackers to Port Customer Phone Numbers https://www.securityweek.com/uscellular-breach-allowed-hackers-port-customer-phone-numbers and https://www.databreachtoday.com/uscellular-hackers-accessed-customer-data-a-15889
  • Today's 'sophisticated cyber attack' victim is the Woodland Trust: Pre-Xmas breach under investigation https://www.theregister.com/2021/01/27/woodland_trust_cyber_attack/
  • Florida Healthy Kids website breached; vendor blamed for not patching https://www.databreaches.net/florida-healthy-kids-website-breached-vendor-blamed-for-not-patching/
  • Illinois Court Exposes More Than 323,000 Sensitive Records https://www.securityweek.com/illinois-court-exposes-more-323000-sensitive-records
  • Australian Securities and Investments Commission (ASIC) reports server breached via Accellion vulnerability https://www.zdnet.com/article/asic-reports-server-breached-via-accellion-vulnerability/
  • European Commission redacts AstraZeneca vaccine contract – but forgets to wipe the bookmarks tab and discloses whole document https://www.theregister.com/2021/01/29/eu_commission_vaccine_contract_redaction_fail/
  • Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords https://www.databreaches.net/mensa-website-hacked-after-britains-smartest-folk-failed-to-secure-passwords/
  • Dutch COVID-19 patient data sold on the criminal underground https://www.databreaches.net/dutch-covid-19-patient-data-sold-on-the-criminal-underground/
  • Dutch Insider Attack on COVID-19 Data https://www.schneier.com/blog/archives/2021/01/dutch-insider-attack-on-covid-19-data.html

• New Ransomware and "Incidents":

  • UKRI issues statement about ransomware attack https://www.databreaches.net/ukri-issues-statement-about-ransomware-attack/
  • Crisp (Georgia) Regional Health Services falls victim to ransomware attack https://www.databreaches.net/ga-crisp-regional-health-services-falls-victim-to-ransomware-attack/
  • Cyber Incident Knocks Construction Firm Palfinger Offline https://www.databreachtoday.com/cyber-incident-knocks-construction-firm-palfinger-offline-a-15849
  • Calgary consumer questions SkipTheDishes security after ‘account takeover’ https://globalnews.ca/news/7601271/calgary-consumer-questions-skipthedishes-security-after-account-takeover/
  • Premier Tech victim of a cyberattack (Quebec) https://www.databreaches.net/ca-premier-tech-victim-of-a-cyberattack/
  • Police investigating Peel District School Board cybersecurity ‘incident’ https://globalnews.ca/news/7606905/pdsb-cybersecurity-incident/
  • Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems https://www.securityweek.com/packaging-giant-westrock-says-ransomware-attack-impacted-ot-systems
  • Haywood County (NC) Schools Sends Data Breach Notices for August Ransomware Attack https://www.databreaches.net/nc-haywood-county-schools-sends-data-breach-notices-for-august-ransomware-attack/
  • Georgetown County (SC) computer network down after cyber attack https://www.databreaches.net/sc-georgetown-county-computer-network-down-after-cyber-attack/
  • Palfinger Group crippled by massive attack https://www.databreaches.net/palfinger-group-crippled-by-massive-attack/
  • Tennessee Wesleyan University systems recovering after Friday ransomware attack https://www.databreaches.net/tennessee-wesleyan-university-systems-recovering-after-friday-ransomware-attack/

• Follow-ups and fall-out:

  • Bonobos - 2,811,929 breached accounts from August added to HIBP https://haveibeenpwned.com/PwnedWebsites#Bonobos
  • Pixlr - 1,906,808 breached accounts from October added to HIBP https://haveibeenpwned.com/PwnedWebsites#Pixlr
  • Citrix's $2.3 million settlement offer for employees impacted by data breach approved https://www.zdnet.com/article/citrix-agrees-to-2-3-million-settlement-for-employees-impacted-by-data-breach
  • Deep Analysis of More than 60,000 Breach Reports Over Three Years https://www.securityweek.com/deep-analysis-more-60000-breach-reports-over-three-years
  • Reported US Data Breaches Declined by 19% in 2020 https://www.databreachtoday.com/reported-us-data-breaches-declined-by-19-in-2020-a-15885
  • Pediatric Hospital Faces Lawsuit After Blackbaud Breach https://www.databreachtoday.com/pediatric-hospital-faces-lawsuit-after-blackbaud-breach-a-15848

Privacy

Articles about privacy related news, risks, and trends.

• Google QUIC-ly left privacy behind in its quest for a speedier internet, boffins find https://www.theregister.com/2021/01/30/quic_fingerprinting_flaw/
• Facebook Ad Services Let Anyone Target US Military Personnel https://www.wired.com/story/facebook-ad-targeting-us-military
• Global Privacy Control wants to succeed where Do Not Track failed https://www.theverge.com/2021/1/28/22252935/global-privacy-control-personal-data-tracking-ccpa-cpra-gdpr-duckduckgo
• Edmonton Pharmacist Fined for Breaching Health Information https://www.databreaches.net/ca-pharmacist-fined-for-breaching-health-information/
• University will stop using controversial remote-testing software following student outcry https://www.theverge.com/2021/1/28/22254631/university-of-illinois-urbana-champaign-proctorio-online-test-proctoring-privacy
• Google announces plan to tackle privacy issues in online advertising https://www.theguardian.com/technology/2021/jan/25/google-announces-plan-to-tackle-privacy-issues-in-online-advertising
• Why Your TV Spies on You https://www.nytimes.com/2021/01/25/technology/why-your-tv-spies-on-you.html
• New advances in the detection of bias in face recognition algorithms https://scienmag.com/new-advances-in-the-detection-of-bias-in-face-recognition-algorithms/

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 74: Heidi Tworek on the Challenges of Internet Platform Regulation https://www.michaelgeist.ca/2021/01/law-bytes-podcast-episode-74/

• US:

  • Facebook Oversight Board overturns some hate speech and pandemic misinformation takedowns https://www.theverge.com/2021/1/28/22254155/facebook-oversight-board-first-rulings-coronavirus-misinformation-hate-speech
  • Why Is Big Tech Policing Speech? Because the Government Isn’t https://www.nytimes.com/2021/01/26/magazine/free-speech-tech.html
  • They Found a Way to Limit Big Tech’s Power: Using the Design of Bitcoin https://www.nytimes.com/2021/01/26/technology/big-tech-power-bitcoin.html
  • Researchers use AI to help businesses understand Code of Federal Regs, other legal docs https://scienmag.com/researchers-use-ai-to-help-businesses-understand-code-of-federal-regs-other-legal-docs/
  • Lawmakers Take Aim at Insidious Digital ‘Dark Patterns’ https://www.wired.com/story/lawmakers-take-aim-insidious-digital-dark-patterns
  • Utah tests the waters in turning online catfishing into a criminal act https://www.zdnet.com/article/utah-tests-the-waters-in-turning-online-catfishing-into-a-criminal-act
  • Former Cambridge Analytica director Brittany Kaiser talks data rights legislation and the future of Big Tech under Biden https://www.businessinsider.com/brittany-kaiser-cambridge-analytica-data-rights-legislation-big-tech-biden-2021-1
  • Dominion is suing Rudy Giuliani for $1.3 billion after he accused the voting-machine company of election fraud https://www.businessinsider.com/dominion-sues-rudy-giuliani-13-billion-over-election-fraud-claim-2021-1

• World:

  • CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing https://www.databreaches.net/fr-cnil-fines-a-data-controller-and-its-processor-225000-euros-for-security-violation-in-connection-with-credential-stuffing/
  • Encrypted Services Providers Concerned About EU Proposal for Encryption Backdoors https://www.securityweek.com/encrypted-services-providers-concerned-about-eu-proposal-encryption-backdoors
  • Hamburg DPA Deems Clearview AI’s Biometric Photo database Illegal, Orders a Partial Deletion of Biometric Profile https://epic.org/2021/01/hamburg-dpa-deems-clearview-ai.html
  • Grindr fined $11.7 million for illegally sharing private user information with advertisers https://www.theverge.com/2021/1/25/22249578/grindr-fined-norwegian-data-protection-authority

• New and Updated Standards:

  • NIST Draft (SP) 800-204B, Attribute-based Access Control for Microservices-based Applications using a Service Mesh is open for comments until Feb 24 https://csrc.nist.gov/publications/detail/sp/800-204b/draft
  • NIST Releases Supplemental Materials for the OSCAL versions of SP 800-53 and SP 800-53B: Control Catalog and Control Baselines Spreadsheets added to https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
  • NIST Draft (SP) 800-47, Revision 1, Managing the Security of Information Exchanges open for comments until Mar 12 https://csrc.nist.gov/publications/detail/sp/800-47/rev-1/draft
  • ISO updated 27001 https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:dis:ed-3:v1:en

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Three key documents you need BEFORE you have a security breach https://www.itworldcanada.com/blog/three-key-documents-you-need-before-you-have-a-security-breach/441276
• Pwn2Own 2021: Hackers Offered $200,000 for Zoom, Microsoft Teams Exploits https://www.securityweek.com/pwn2own-2021-hackers-offered-200000-zoom-microsoft-teams-exploits
• Google Online Security Blog: Data Driven Security Hardening in Android https://security.googleblog.com/2021/01/data-driven-security-hardening-in.html
• Firefox 85 removes Flash and adds protection against supercookies https://www.zdnet.com/article/firefox-85-removes-flash-and-adds-protection-against-supercookies
• Google researcher discovers new iOS security system https://www.zdnet.com/article/google-researcher-discovers-new-ios-security-system
• Apple to Crack Down on Tracking iPhone Users in Early Spring https://www.securityweek.com/apple-crack-down-tracking-iphone-users-early-spring
• Apple’s next iOS 14 beta will begin forcing developers to ask for permission to track you https://www.theverge.com/2021/1/28/22253366/apple-app-tracking-transparency-opt-in-requirement-beta-launch
• YARA v4.0.4 tool used widely in malware analysis updated https://isc.sans.edu/diary/rss/27050
• New iMessage Security Features https://www.schneier.com/blog/archives/2021/01/new-imessage-security-features.html
• Catching and dealing with naughty devices on my home network - V2 https://scotthelme.co.uk/catching-and-dealing-with-naughty-devices-on-my-home-network-v2/
• This Encrypted Gun Registry Might Bridge a Partisan Divide https://www.wired.com/story/national-gun-registry-encrypted-decentralized
• Comparing Different AI Approaches to Email Security https://www.darkreading.com/edge/theedge/comparing-different-ai-approaches-to-email-security/b/d-id/1339965
• How to Keep Internet Trolls Out of Remote Workplaces https://www.nytimes.com/2021/01/24/business/remote-work-culture-online.html
• Google Says Chrome Cookie Replacement Plan Making Progress https://www.securityweek.com/google-says-chrome-cookie-replacement-plan-making-progress
• Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 http://www.fireeye.de/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html
• Twitter will test letting some users fact-check tweets. https://www.nytimes.com/2021/01/25/technology/twitter-will-test-letting-some-users-fact-check-tweets.html and https://www.bbc.co.uk/news/technology-55806002

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• CVE-2021-3156: Heap-Based Buffer Overflow in Sudo https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit and https://threatpost.com/sudo-bug-root-access-linux-2/163395/
• South African government releases its own browser just to re-enable Flash support https://www.zdnet.com/article/south-african-government-releases-its-own-browser-just-to-re-enable-flash-support/
• Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble https://www.theregister.com/2021/01/29/severe_libgcrypt_bug/
• Many WordPress Sites Affected by Vulnerabilities in 'Popup Builder' Plugin https://www.securityweek.com/many-wordpress-sites-affected-vulnerabilities-popup-builder-plugin
• TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers https://thehackernews.com/2021/01/tiktok-bug-could-have-exposed-users.html
• Low Powered but High Risk: Evaluating Possible Attacks on LoRaWAN Devices https://www.trendmicro.com/en_us/research/21/a/Low-Powered-but-High-Risk-Evaluating-Possible-Attacks-on-LoRaWAN-Devices.html
• RUP Security of the SAEF Authenticated Encryption mode, by Elena Andreeva and Amit Singh Bhati and Damian Vizar https://eprint.iacr.org/2021/103
• CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products https://www.securityweek.com/cisa-issues-advisory-high-severity-vulnerabilities-fuji-electric-hmi-products
• ADT Security Camera Flaws Open Homes to Eavesdropping https://threatpost.com/adt-security-camera-flaw-opened-homes-stores-to-eavesdropping/163378/
• Deepfakes Expose Cracks in Virtual ID Verification https://www.databreaches.net/deepfakes-expose-cracks-in-virtual-id-verification/
• Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer https://blog.talosintelligence.com/2021/01/vulnerability-spotlight-out-of-bounds.html
• Nvidia Squashes High-Severity Jetson DoS Flaw https://threatpost.com/nvidia-squashes-high-severity-jetson-dos-flaw/163360/
• Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server https://blog.talosintelligence.com/2021/01/vuln-spotlight-.html
• Former LulzSec Hacker Releases SonicWall VPN Zero-Day https://packetstormsecurity.com/news/view/31962/Former-LulzSec-Hacker-Releases-SonicWall-VPN-Zero-Day.html
• Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming https://threatpost.com/remote-attackers-internal-network-devices-nat-slipstreaming/163400/
• Mainframe Security Automation Is Not a Luxury https://www.darkreading.com/perimeter/mainframe-security-automation-is-not-a-luxury/a/d-id/1339917
• Apple fixes another three iOS zero-days exploited in the wild https://www.zdnet.com/article/apple-fixes-another-three-ios-zero-days-exploited-in-the-wild
• CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability https://www.securityweek.com/crowdstrike-discloses-details-recently-patched-windows-ntlm-vulnerability

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events:

  • Cybercriminals use deceased staff accounts to spread Nemty ransomware https://www.zdnet.com/article/cybercriminals-use-deceased-staff-accounts-to-spread-nemty-ransomware
  • Fonix ransomware shuts down and releases master decryption key https://www.databreaches.net/fonix-ransomware-shuts-down-and-releases-master-decryption-key/
  • Phishers Target C-Suite with Fake Office 365 Password Expiration Reports https://www.securityweek.com/phishers-target-c-suite-fake-office-365-password-expiration-reports
  • Beware — A New Wormable Android Malware Spreading Through WhatsApp https://thehackernews.com/2021/01/beware-new-wormable-android-malware.html
  • DreamBus botnet targets enterprise apps running on Linux servers https://www.zdnet.com/article/dreambus-botnet-targets-enterprise-apps-running-on-linux-servers
  • Chopper ASPX web shell used in targeted attack https://www.trendmicro.com/en_us/research/21/a/targeted-attack-using-chopper-aspx-web-shell-exposed-via-managed.html
  • New cybercrime tool can build phishing pages in real-time https://www.zdnet.com/article/new-cybercrime-tool-can-build-phishing-pages-in-real-time
  • 'Clone Firm' Fraudsters Stealing Millions From UK Investors https://www.databreachtoday.com/clone-firm-fraudsters-stealing-millions-from-uk-investors-a-15880
  • Google warns of ‘novel social engineering method’ used by N. Korean Hackers to hack security researchers https://www.theverge.com/2021/1/26/22250060/google-threat-analysis-group-north-korean-hackers-cybersecurity-researchers-social-engineering and https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html
  • Facebook users’ phone numbers are for sale through a Telegram bot https://www.theverge.com/2021/1/25/22249571/facebook-phone-number-hack-telegram-bot
  • Italy CERT Warns of a New Credential Stealing Android Malware https://thehackernews.com/2021/01/italy-cert-warns-of-new-credential.html
  • TeamTNT Cloaks Malware With Open-Source Tool https://threatpost.com/teamtnt-cloaks-malware-open-source-tool/163414/
  • Phishing Campaign Spoofed DHL Delivery Service https://www.databreachtoday.com/phishing-campaign-spoofed-dhl-delivery-service-a-15878

• Solar-gate week 7:

  • Talos Takes Ep. #39: SolarWinds' implications for IoT and OT https://blog.talosintelligence.com/2021/01/talos-takes-ep-39-solarwinds.html
  • Striking back: 4 ways the Biden administration should respond to SolarWinds https://fortune.com/2021/01/29/solarwinds-hack-biden-administration-us-government-cisa-cybersecurity-standards-data-breach-notification/
  • Combating SolarWinds Supply Chain and SUNBURST Backdoor - from Device to Cloud https://www.databreachtoday.com/combating-solarwinds-supply-chain-sunburst-backdoor-from-device-to-cloud-a-15853
  • Mimecast Confirms SolarWinds Hackers Breached Company https://www.databreachtoday.com/mimecast-confirms-solarwinds-hackers-breached-company-a-15855
  • Hard lessons of the SolarWinds hack https://www.theverge.com/2021/1/26/22248631/solarwinds-hack-cybersecurity-us-menn-decoder-podcast
  • Four security vendors disclose SolarWinds-related incidents https://www.zdnet.com/article/four-security-vendors-disclose-solarwinds-related-incidents

• Nation State Actors:

  • Nation-state campaign targets Talos researchers https://blog.talosintelligence.com/2021/01/nation-state-campaign-targets-talos.html
  • Google: North Korean hackers have targeted security researchers via social media https://www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media
  • Hezbollah's cyber unit hacked into telecoms and ISPs https://www.zdnet.com/article/hezbollahs-cyber-unit-hacked-into-telecoms-and-isps and https://thehackernews.com/2021/01/hezbollah-hacker-group-targeted.html

• Crime:

  • Arrest, Seizures Tied to Netwalker Ransomware (including Canadian connection) https://krebsonsecurity.com/2021/01/arrest-seizures-tied-to-netwalker-ransomware/, ttps://threatpost.com/netwalker-ransomware-suspect-charged/163405/
  • Police Have Disrupted the Emotet Botnet https://www.schneier.com/blog/archives/2021/01/police-have-disrupted-the-emotet-botnet.html, https://www.zdnet.com/article/authorities-plan-to-mass-uninstall-emotet-from-infected-hosts-on-april-25-2021
  • Serious Prison Time for Hackers Behind Wolf & Associates Breach (California) https://www.databreaches.net/ca-serious-prison-time-for-hackers-behind-wolf-associates-breach/
  • Man arrested after UK school finds wiped hard drives on devices connected to network https://www.databreaches.net/man-arrested-after-uk-school-finds-wiped-hard-drives-on-devices-connected-to-network/
  • 2 Arrested for Alleged Theft of COVID-19 Patient Data https://www.databreachtoday.com/2-arrested-for-alleged-theft-covid-19-patient-data-a-15856
  • Russian Pleads Guilty to Running Cybercrime Forum https://www.databreachtoday.com/russian-pleads-guilty-to-running-cybercrime-forum-a-15844
  • IRS Agent Charged with Identity Theft and Wire Fraud https://www.databreaches.net/irs-agent-charged-with-identity-theft-and-wire-fraud/

Other Security / Risk

Articles covering other types of risks.

• The Old Media and the New Must Work Together to Preserve Free Speech Values https://www.eff.org/deeplinks/2021/01/new-media-and-old-must-work-together-preserve-free-speech-values
• Using an Old Model for New Questions on Influence Operations https://freedom-to-tinker.com/2021/01/27/using-an-old-model-for-new-questions-on-influence-operations/
• The Taxman Cometh for ID Theft Victims https://krebsonsecurity.com/2021/01/the-taxman-cometh-for-id-theft-victims/
• VA Workers Hid ‘Big Data’ Project Privacy, Security Risks https://www.databreachtoday.com/oig-va-workers-hid-big-data-project-privacy-security-risks-a-15893
• Linux distributors frustrated by Google's new Chromium web browser restrictions https://www.zdnet.com/article/linux-distributors-frustrated-by-googles-new-chromium-web-browser-restrictions/
• The cost of internet shutdowns from 2020 to 2021 (to date) https://www.comparitech.com/blog/vpn-privacy/internet-shutdowns/
• Microsoft CEO Satya Nadella: There is ‘a big crisis right now’ for cybersecurity https://ca.yahoo.com/finance/news/microsoft-ceo-satya-nadella-there-is-a-big-crisis-right-now-for-cybersecurity-192533356.html
• Bulletproof TLS Newsletter#73 distrusting Camerfirma, OpenSSL 3 alpha, :LibreSSL, Partitioning Oracles, Ruby Net::SMTP vuln, TLS 1.3, post-quantum signatures https://www.feistyduck.com/bulletproof-tls-newsletter/issue_73_google_chrome_distrusts_camerfirma
• Including Hackers in NATO Wargames https://www.schneier.com/blog/archives/2021/01/including-hackers-in-nato-wargames.html
• Australian man survives crocodile attack by 'prising jaws off his head' https://www.bbc.co.uk/news/world-australia-55837971
• Military eyes adaptive camouflage, self-repairing clothing for future troops https://www.cbc.ca/news/canada/nova-scotia/military-research-technology-combat-protection-1.5889528

• Health, Safety & Environment:

  • Vaccines Have Saved 37 Million Children's Lives Since 2000 https://www.sciencealert.com/vaccines-have-saved-37-million-children-s-lives-in-lower-income-countries-since-2001
  • Flu cases 'almost completely wiped out' this winter in England, but COVID-19 continues to soar https://www.businessinsider.com/flu-has-been-almost-completely-wiped-out-winter-say-experts-2021-1
  • Toronto paramedics responded to record-breaking number of opioid overdose calls Friday https://toronto.ctvnews.ca/toronto-paramedics-responded-to-record-breaking-number-of-opioid-overdose-calls-friday-1.5289237
  • Immune system sets ‘tripwire’ to protect against viruses https://scienmag.com/immune-system-sets-tripwire-to-protect-against-viruses/
  • PSA: phones, MagSafe or not, should be kept away from your pacemaker https://www.theverge.com/22248748/iphone-magsafe-pacemaker-interference-risk
  • Making wheat and peanuts less allergenic https://scienmag.com/making-wheat-and-peanuts-less-allergenic/
  • Automated AI algorithm uses routine imaging to predict cardiovascular risk https://scienmag.com/automated-ai-algorithm-uses-routine-imaging-to-predict-cardiovascular-risk/
  • ‘He was pretty paranoid’: Dog owner issues warning after pet gets high on walk https://globalnews.ca/news/7603784/dog-owner-warning-high-walk/
  • How Useful Is Recycling, Really? https://www.theatlantic.com/science/archive/2021/01/recycling-wont-solve-climate-change/617851/
  • Misconceptions about Wildfires Are Fueling the Problem https://www.scientificamerican.com/video/apocalypse-no-wildfire-damage-and-impacts-can-be-overstated/
  • Major discovery helps explain coral bleaching https://scienmag.com/major-discovery-helps-explain-coral-bleaching/

• The fascinating story that's part "David vs. Goliath" and part "Leiningen Versus the Ants": Gamestop, Hedge Funds, and Reddit Day Traders may require the investment industry to rethink their risk strategies.

  • ‘Dumb Money’ Is on GameStop, and It’s Beating Wall Street at Its Own Game https://www.nytimes.com/2021/01/27/business/gamestop-wall-street-bets.html
  • Short-sellers are nursing estimated losses of $19 billion in 2021 after betting GameStop's share price would fall https://markets.businessinsider.com/news/stocks/short-sellers-sitting-on-19-billion-of-losses-on-gamestop-data-shows-2021-1-1030020684
  • r/WallStreetBets went private — and now it’s back with a message https://www.theverge.com/2021/1/27/22253339/reddit-wallstreetbets-subreddit-private-gamestop
  • Why a Reddit group pumped GameStop shares up 1,000% on a lark https://www.cbc.ca/news/business/reddit-gamestop-blackberry-1.5890039
  • Discord has turned into a virtual trade floor with memes, stonks, and chaos https://www.theverge.com/2021/1/28/22253892/discord-wallstreetbets-server-virtual-trade-floor-reddit
  • The GameStop Reckoning Was a Long Time Coming https://www.nytimes.com/2021/01/28/technology/gamestop-stock.html
  • GameStop frenzy is stock market gambling, WallStreetBets founder says https://globalnews.ca/news/7602333/gamestop-frenzy-stock-market-gambling/
  • ‘You stand for everything I hate’: Reddit WallStreetBets posts open letter to Wall Street hedge funds https://www.independent.co.uk/life-style/gadgets-and-tech/gamestop-reddit-wall-street-letter-b1794036.html
  • How r/WallStreetBets gamed the stock of GameStop https://www.theverge.com/22251427/reddit-gamestop-stock-short-wallstreetbets-robinhood-wall-street
  • Discord bans the r/WallStreetBets server https://www.theverge.com/2021/1/27/22253251/discord-bans-the-r-wallstreetbets-server

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • Rise in travel-related COVID-19 cases coincides with holiday vacation period, data suggests https://globalnews.ca/news/7604541/covid-canada-travel-related-cases/
  • More people in Whistler have contracted COVID-19 in January than in all of 2020 https://globalnews.ca/news/7603677/whistler-covid-19-huge-spike-cases/
  • Five days that shaped the outbreak https://www.bbc.co.uk/news/world-55756452
  • Should I be worried about mail after Canada Post outbreak? Doctor answers COVID-19 questions https://globalnews.ca/news/7597441/coronavirus-questions-3/

• New Variants:

  • The Most Worrying Mutations in Five Emerging Coronavirus Variants https://www.scientificamerican.com/article/the-most-worrying-mutations-in-five-emerging-coronavirus-variants/
  • Highly-contagious U.K. COVID-19 variant will likely be dominant strain in Ontario by March, modelling suggests https://toronto.ctvnews.ca/highly-contagious-u-k-covid-19-variant-will-likely-be-dominant-strain-in-ontario-by-march-modelling-suggests-1.5285610

• Impact:

  • Downtown Toronto traffic dips to 63 per cent of normal volumes after new restrictions implemented https://toronto.ctvnews.ca/downtown-toronto-traffic-dips-to-63-per-cent-of-normal-volumes-after-new-restrictions-implemented-1.5277781
  • TD Bank closing 81 branches https://www.mobilepaymentstoday.com/news/td-bank-closing-81-branches/
  • Impaired driving charges have dropped across the Greater Toronto Area since the pandemic began https://toronto.ctvnews.ca/impaired-driving-charges-have-dropped-across-the-greater-toronto-area-since-the-pandemic-began-1.5283337

• Guidance, Response, and Recovery:

  • 6.3M travellers entered Canada and didn’t quarantine https://globalnews.ca/news/7605621/covid19-travellers-quarantine-coronavirus-exemption/
  • Ontario officially extends state of emergency and stay-at-home order by 14 days https://toronto.ctvnews.ca/ontario-officially-extends-state-of-emergency-and-stay-at-home-order-by-14-days-1.5281211
  • Toronto to likely extend COVID-19 masking, distancing rules until at least June https://toronto.ctvnews.ca/toronto-to-likely-extend-covid-19-masking-distancing-rules-until-at-least-june-1.5286128
  • Trudeau suspending Caribbean vacation travel; will require all incoming air travellers to quarantine in hotels https://www.cp24.com/news/trudeau-suspending-caribbean-vacation-travel-will-require-all-incoming-air-travellers-to-quarantine-in-hotels-1.5287360
  • France closes borders to most non-EU travel https://www.bbc.com/news/world-europe-55863069
  • Oregon health workers vaccinated drivers after they got stuck in a snowstorm https://www.businessinsider.com/oregon-health-workers-vaccinated-drivers-after-getting-stuck-in-snow-2021-1
  • As Ottawa mulls more travel restrictions, CBSA has turned away more than 30K at border https://globalnews.ca/news/7600722/canada-travel-restrictions-cbsa/
  • California’s Governor Newsom eases Covid restrictions - why now? https://www.bbc.co.uk/news/world-us-canada-55805696
  • Majority of Canadians call for inter-provincial travel ban: survey https://globalnews.ca/news/7598069/majority-of-canadians-agree-inter-provincial-travel-ban-survey/
  • New Zealand expects borders to remain closed through 2021 https://www.flightglobal.com/air-transport/new-zealand-expects-borders-to-remain-closed-through-2021/142117.article
  • ‘Sign me up!’ Calgary man staying in self-isolation hotel room calls COVID-19 program money well spent https://globalnews.ca/news/7597681/calgary-coronavirus-self-isolation-hotel-experience/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Stories from a Past Pandemic https://www.scientificamerican.com/article/stories-from-a-past-pandemic/
  • How rapid tests are being used to test for COVID-19 across Canada https://globalnews.ca/news/7600775/how-rapid-tests-are-being-used-provinces/
  • New research about emerging ‘COVID-19 personality types’ https://scienmag.com/new-research-about-emerging-covid-19-personality-types/
  • New biosensors quickly detect coronavirus proteins and antibodies https://scienmag.com/new-biosensors-quickly-detect-coronavirus-proteins-and-antibodies/
  • You can now buy $150 coronavirus tests from vending machines in Oakland airport. It's the first US airport with the machines, which are also rolling out in other cities. https://www.businessinsider.com/coronavirus-tests-cost-oakland-airport-vending-machines-2021-1
  • The Dogs Trained to Sniff Out COVID-19 https://www.theatlantic.com/photo/2021/01/dogs-trained-sniff-out-covid-19/617846/
  • WHO experts in Wuhan leave quarantine, visit hospital and market in search for virus origins https://www.cbc.ca/news/world/who-team-wuham-quarantine-1.5891196, https://globalnews.ca/news/7607205/covid-origins-who-china-hospitals/, and https://globalnews.ca/news/7610455/who-wuhan-food-market/
  • Signs of Unusual Symptoms Spread on Twitter Well Before Official COVID-19 Reports https://www.sciencealert.com/signs-of-spreading-symptoms-were-on-twitter-well-before-reports-of-pandemic-cases

• Immunity, Vaccines, and Vaccination:

  • Canada’s expected COVID-19 vaccine shipments reduced again https://globalnews.ca/news/7604822/covid-canada-vaccine-delivery-delay/
  • Ramp up Canadian vaccine manufacturing, says COVID-19 task force health adviser https://www.ctvnews.ca/health/coronavirus/ramp-up-canadian-vaccine-manufacturing-says-covid-19-task-force-health-adviser-1.5288939
  • Data error sees number of Ontario residents who received two COVID-19 vaccine doses slashed in half https://globalnews.ca/news/7605152/ontario-covid19-vaccinations-data-misinterpretation-coronavirus/
  • Johnson & Johnson Covid-19 vaccine is 66% effective in global trial, but 85% effective against severe disease https://www.cnn.com/2021/01/29/health/johnson-coronavirus-vaccine-results/index.html
  • Johnson & Johnson says coronavirus vaccine data expected next week https://globalnews.ca/news/7599989/johnson-and-johnson-coronavirus-data-next-week/
  • Made-in-Canada coronavirus vaccine starts human clinical trials https://www.cbc.ca/news/health/covid-19-vaccine-providence-1.5887613
  • Novavax submits coronavirus vaccine to Health Canada for approval https://globalnews.ca/news/7610676/health-canada-novavax/
  • Novavax coronavirus vaccine 1st to be effective against U.K., South Africa variants: study https://globalnews.ca/news/7605972/coronavirus-variant-vaccine-novavax/
  • Moderna says vaccine appears to protect against COVID-19 variants https://globalnews.ca/news/7597273/moderna-vaccine-covid-variant/
  • Moderna vaccine can be spaced 6 weeks in some situations, WHO says https://globalnews.ca/news/7599762/moderna-second-dose-who/
  • Nurse vaccinated for COVID-19 tests positive https://www.cbc.ca/news/canada/ottawa/ottawa-covid-19-positive-after-vaccination-1.5884463
  • EU to tighten vaccine exports amid row with AstraZeneca - https://www.bbc.co.uk/news/world-europe-55805903
  • Belgium sends inspectors to AstraZeneca factory amid delivery dispute with EU https://globalnews.ca/news/7604549/coronavirus-vaccine-europe-astrazeneca/
  • Germany set to limit AstraZeneca jab to under-65s https://www.bbc.co.uk/news/world-europe-55839885
  • The U.S. is vaccinating nearly 1M people per day. How does Canada compare? https://globalnews.ca/news/7596337/canada-us-coronavirus-vaccinations/
  • Ontario updates COVID-19 vaccine plan as Pfizer delays continue https://globalnews.ca/news/7597316/ontario-coronavirus-pfizer-vaccination-rollout/
  • ‘Vaccine tourism’: Perks and problems of travelling to get COVID-19 shots https://globalnews.ca/news/7596830/coronavirus-vaccine-tourism-florida-dubai/
  • It's Time to Consider Vaccine Mandates in High-Risk Settings https://www.scientificamerican.com/article/its-time-to-consider-vaccine-mandates-in-high-risk-settings/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • CDC mandates wearing masks on public transportation https://www.businessinsider.com/cdc-mandates-wearing-masks-on-public-transportation-2021-1
  • Court date set for B.C. couple accused of jumping vaccine queue in Yukon https://globalnews.ca/news/7605146/bc-couple-vaccine-queue-jumpers-yukon-court-date/ and https://www.bbc.co.uk/news/world-us-canada-55805907
  • More than 1,500 COVID-19 violations found at B.C. workplaces so far https://globalnews.ca/news/7610802/worksafebc-covid-safety-plan-order-inspection/
  • One arrested, $17K in fines issued at Vancouver penthouse allegedly hosting ‘makeshift nightclub’ https://globalnews.ca/news/7610670/vancouver-police-detained-telus-gardens/
  • Anti-vaccine protesters shut down one of largest COVID-19 vaccination sites in U.S. https://globalnews.ca/news/7610411/coronavirus-vaccine-anti-us-dodger-stadium/
  • The Pandejo Movement Destroyed California’s Pandemic Progress https://www.theatlantic.com/ideas/archive/2021/01/why-southern-california-got-so-bad/617830/
  • Dutch curfew riots rage for third night https://www.bbc.com/news/world-europe-55799919
  • Woolwich pastor faces fine of up to $100,000 for Sunday service ignoring COVID-19 lockdown https://globalnews.ca/news/7604542/woolwich-pastor-church-lockdown-fine/
  • Fines up to $1.2 million for flouting public health rules; Manitoba premier to hold press conference https://globalnews.ca/news/7600262/fines-up-to-1-2-million-for-flouting-public-health-rules-manitoba-premier-to-hold-press-conference/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• The Tragic Mystery of The Dyatlov Pass Incident Has a New Scientific Explanation https://www.sciencealert.com/the-tragic-mystery-of-the-dyatlov-pass-incident-has-a-new-scientific-explanation
• SpaceX sets record for most spacecraft shuttled to orbit in a single mission https://www.cbc.ca/news/technology/spacex-sets-record-most-spacecraft-shuttled-to-orbit-on-single-mission-1.5886319
• Canadian among private space crew paying $55M US each to fly to station https://www.cbc.ca/news/technology/canadian-private-space-crew-1.5888445
• In a World First, Physicists Narrow Down The Possible Mass of Dark Matter https://www.sciencealert.com/in-a-world-first-physicists-have-steeply-narrowed-down-the-mass-range-of-dark-matter
• Cool: Six-star system found. Cooler: Made of three binaries. Coolest: Eclipsing binaries. https://www.syfy.com/syfywire/cool-six-star-system-found-cooler-made-of-three-binaries-coolest-eclipsing-binaries
• The weirdest binary: Planet and not-a-star barely orbit each other https://www.syfy.com/syfywire/the-weirdest-binary-planet-and-not-a-star-barely-orbit-each-other
• Low-Cost Approach to Scanning Historic Glass Plates Yields an Astronomical Surprise https://www.universetoday.com/149644/low-cost-approach-to-scanning-historic-glass-plates-yields-an-astronomical-surprise/
• Astronomers Hoped to see Evidence of Dark Matter Particles Inside Betelgeuse. No Luck https://www.universetoday.com/149809/astronomers-hoped-to-see-evidence-of-dark-matter-particles-inside-betelgeuse-no-luck/
• Astronomers Have Discovered a Star That Survived Nearly Being Swallowed by a Black Hole https://www.sciencealert.com/astronomers-have-discovered-a-star-that-survived-being-swallowed-by-a-black-hole