This Week's [in]Security - Issue 201

Welcome to This Week’s [in]Security. Magecart. New breaches: New Ransomware. Spotify. NIST. Attack the AI. Lego? Free book. Patching! Open Source. Easy Hacking. A year of zero-days. IoT. Libgcrypt. Chrome and Google's bad week. SolarWinds. Quantum. Wi-Fi. Trends. VMware. Supercomputers. Chrome. Perl. SonicWall. Infinite Coffee. Nation States. Arrests, etc. AI Job Screeners. Moderating Speech. US vs Hackers. Peloton. Capitol Tracking. Quantum. Election Security. Chucky Alert. Day Traders. Health, Safety & Environment. New Variants. Immunity, Vaccines, and Vaccination. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise https://threatpost.com/magento-web-skimmers-costway/163593/
• Blackhawk Network Launches Canadian Virtual Prepaid Mastercard For Customer Rewards https://www.pymnts.com/news/payment-methods/2021/blackhawk-network-launches-canadian-virtual-prepaid-mastercard-customer-rewards/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • SitePoint hacked: Hashed, salted passwords pinched from web dev learning site via GitHub tool pwnage https://www.theregister.com/2021/02/05/sitepoint_hack_supply_chain/, and https://www.databreaches.net/sitepoint-hacked-hashed-salted-passwords-pinched-from-web-dev-learning-site-via-github-tool-pwnage/
  • Embedded Software Developer Wind River Security Incident Affects SSNs, Passport Numbers https://threatpost.com/wind-river-security-incident-ssns-passport-numbers/163550/ and https://www.databreachtoday.com/wind-river-systems-investigating-possible-data-breach-a-15917
  • Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State https://thehackernews.com/2021/02/data-breach-exposes-16-million-jobless.html
  • Data of 300,000 customers leaked in São Paulo https://www.databreaches.net/data-of-300000-customers-leaked-in-sao-paulo/
  • Wind River Security Incident Affects SSNs, Passport Numbers https://www.databreaches.net/wind-river-security-incident-affects-ssns-passport-numbers/
  • Report: American Cable and Internet Giant Comcast Exposed Development Database Online https://www.databreaches.net/report-american-cable-and-internet-giant-comcast-exposed-development-database-online/
  • Washington State Breach Tied to Accellion Vulnerability https://www.databreachtoday.com/washington-state-breach-tied-to-accellion-vulnerability-a-15909
  • Security firm Stormshield discloses data breach, theft of source code https://www.databreaches.net/security-firm-stormshield-discloses-data-breach-theft-of-source-code/
  • Over 1 Million Impacted by Data Breach at Washington State Auditor https://www.securityweek.com/over-1-million-impacted-data-breach-washington-state-auditor
  • Patient data breaches disclosed by Nevada, Pennsylvania entities https://www.databreaches.net/patient-data-breaches-disclosed-by-nevada-pennsylvania-entities/
  • USDA Denies Data Breach at Payroll Facility https://www.databreaches.net/usda-denies-data-breach-at-payroll-facility/
  • Second SolarWinds Attack Group Breaks into USDA Payroll — Report https://threatpost.com/second-solarwinds-attack-group-usda-payroll/163635/
  • Stiftung Warentest uncovered major security gaps in online etailer. https://www.databreaches.net/stiftung-warentest-uncovered-major-security-gaps-in-online-etailer/
  • UK: Foxtons customer data leaked onto the dark web https://www.databreaches.net/uk-foxtons-customer-data-leaked-onto-the-dark-web/
  • Goodwin says vendor breach may have exposed client data (updated) https://www.databreaches.net/goodwin-says-vendor-breach-may-have-exposed-client-data/
  • DE: Netcom-Kassel announces breach https://www.databreaches.net/de-netcom-kassel-announces-breach/
  • Patient names and colonoscopy results from US hospitals posted by hackers to the dark web https://www.theverge.com/2021/2/5/22268778/hospital-hack-patient-data-colonoscopy
  • Kids’ Health Insurer’s Website Vulnerable for 7 Years, data breached and tampered https://www.databreachtoday.com/kids-health-insurers-website-vulnerable-for-7-years-a-15904

• New Ransomware and "Incidents":

  • Oxfam Australia investigates data breach after database sold online https://www.databreaches.net/oxfam-australia-investigates-data-breach-after-database-sold-online/
  • Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months https://threatpost.com/spotify-credential-stuffing-cyberattack/163672/
  • Ransomware Attacks Hit Major Utilities https://threatpost.com/ransomware-attacks-major-utilities/163687/
  • Packaging Giant WestRock Says Ransomware Attack Hit Production https://www.securityweek.com/packaging-giant-westrock-says-ransomware-attack-hit-production
  • Ransomware attack takes out UK Research and Innovation's Brussels networking office https://www.theregister.com/2021/02/01/ukri_ransomware_ukro_brussels/
  • OH: Baldwin Wallace University target of cyber attack https://www.databreaches.net/oh-baldwin-wallace-university-target-of-cyber-attack/
  • BE: Cyber attack on Sacred Heart Hospital Mol: no patients at risk, but administration back on paper https://www.databreaches.net/__trashed-12/
  • BR: Eletronuclear administrative network suffers ransomware attack https://www.databreaches.net/br-eletronuclear-administrative-network-suffers-ransomware-attack/
  • Fr: Yvelines. The town of Houilles paralyzed by a cyberattack https://www.databreaches.net/fr-yvelines-the-town-of-houilles-paralyzed-by-a-cyberattack/
  • Ransomware Newcomers Include Pay2Key, RansomEXX, Everest https://www.databreachtoday.com/ransomware-newcomers-include-pay2key-ransomexx-everest-a-15908
  • Fonix Ransomware Gang Shuts Down Operations https://www.databreachtoday.com/fonix-ransomware-gang-shuts-down-operations-a-15937

• Follow-ups and fall-out:

  • 2020 Breach Statistics: An Analysis https://www.databreachtoday.com/2020-breach-statistics-analysis-a-15933
  • StoryBird - 1,047,200 breached accounts from 2015 added to HIBP https://haveibeenpwned.com/PwnedWebsites#StoryBird
  • PL: University fined for omitted notification of a data breach https://www.databreaches.net/pl-university-fined-for-omitted-notification-of-a-data-breach/
  • ‘Particularly Egregious’: US Fertility Hit with Class Action Over Month-Long 2020 Data Breach https://www.databreaches.net/particularly-egregious-us-fertility-hit-with-class-action-over-month-long-2020-data-breach/
  • The Accellion Mess: What Went Wrong? https://www.databreachtoday.com/blogs/accellion-mess-what-went-wrong-p-2989
  • Medical Researcher Sentenced in IP Theft Case https://www.databreachtoday.com/medical-researcher-sentenced-in-ip-theft-case-a-15928
  • Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts / Stolen User Names https://krebsonsecurity.com/2021/02/facebook-instagram-tiktok-and-twitter-target-resellers-of-hacked-accounts/ and https://www.nytimes.com/2021/02/04/style/instagram-account-fraud-ban.html

Privacy

Articles about privacy related news, risks, and trends.

• PSA: Don’t post your coronavirus vaccination card selfie on social media https://www.theverge.com/2021/2/6/22270400/coronavirus-vaccine-card-selfie-social-media
• Government Demands for Amazon User Data Exploded in 2020 https://www.wired.com/story/amazon-data-requests-smartmatic-lawsuits-security-roundup
• There Are Spying Eyes Everywhere—and Now They Share a Brain https://www.wired.com/story/there-are-spying-eyes-everywhere-and-now-they-share-a-brain
• In wake of Apple privacy controls, Facebook mulls just begging its iOS app users to let it track them over the web https://www.theregister.com/2021/02/01/facebook_app_privacy_justification/
• San Francisco Takes Small Step to Establish Oversight Over Business Association Surveillance https://www.eff.org/deeplinks/2021/02/san-francisco-takes-small-step-establish-oversight-over-business-association

Laws, Regulations, Standards, and Public Policy

News about laws, regulations, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 75: The Digital Taxman Cometh https://www.michaelgeist.ca/2021/02/law-bytes-podcast-episode-75/
  • Are expired Ontario identification and licence plate stickers still valid in 2021? https://toronto.ctvnews.ca/are-expired-ontario-identification-and-licence-plate-stickers-still-valid-in-2021-1.5294530
  • Clearview Facial-Recognition Technology Ruled Illegal in Canada https://threatpost.com/clearview-facial-recognition-canada/163650/

• US:

  • Lawmakers Ask NSA About Its Role in Juniper Backdoor Discovered in 2015 https://www.securityweek.com/lawmakers-ask-nsa-about-its-role-juniper-backdoor-discovered-2015
  • Vermont Labor Dept. facing personal info data breach https://www.databreaches.net/vermont-labor-dept-facing-personal-info-data-breach/
  • CT AG Tong Seeks Update To Data Breach Notifications https://www.databreaches.net/ct-ag-tong-seeks-update-to-data-breach-notifications/
  • The Eleventh U.S. Circuit Weighs in on Data Breach Standing Issues https://www.databreaches.net/the-eleventh-u-s-circuit-weighs-in-on-data-breach-standing-issues/
  • Democrats take first stab at reforming Section 230 after Capitol riots https://www.theverge.com/2021/2/5/22268368/democrats-section-230-moderation-warner-klobuchar-facebook-google
  • Section 1201’s Harm to Security Research Shown by Mixed Decision in Corellium Case https://www.eff.org/deeplinks/2021/02/section-1201s-harm-security-research-shown-mixed-decision-corellium-case
  • Democrats propose bill to protect privacy, data security amid growing use of pandemic-related tech https://www.databreaches.net/democrats-propose-bill-to-protect-privacy-data-security-amid-growing-use-of-pandemic-related-tech/
  • Incoming Biden Administration Officials Should Change Course on Encryption https://www.eff.org/deeplinks/2021/02/incoming-biden-administration-officials-should-change-course-encryption
  • No Secret Evidence in Our Courts https://www.eff.org/deeplinks/2021/02/no-secret-evidence-our-courts
  • EPIC Urges NIST to Adopt Privacy-Protective Standards for Federal I.D. Cards https://epic.org/2021/02/epic-urges-nist-to-adopt-priva.html
  • US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack https://www.theregister.com/2021/02/01/us_court_papers/

• World:

  • Myanmar’s new military government bans Facebook https://www.theregister.com/2021/02/04/myanmar_facebook_ban/
  • When Law Enforcement Wants Your Private Communications, What Legal Safeguards Are in Place in Latin America and Spain? https://www.eff.org/deeplinks/2021/02/when-law-enforcement-wants-your-private-communications-what-legal-safeguards-are

• New and Updated Standards:

  • NIST Preliminary Draft 3 Volume Practice Guide on 5G cybersecurity SP 1800-33A open for comment March 4, 2021 https://csrc.nist.gov/publications/detail/sp/1800-33/draft
  • NIST Releases SP 800-172, "Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 https://csrc.nist.gov/publications/detail/sp/800-172/final
  • NICE Webinar: Feb 17 2:00-3:00pm Top Ten Ways to Discover a Cybersecurity Career That Is Right for You - via https://www.nist.gov/itl/applied-cybersecurity/nice/events/webinars

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Microsoft Says It's Time to Attack Your Machine-Learning Models https://www.darkreading.com/vulnerabilities---threats/advanced-threats/microsoft-says-its-time-to-attack-your-machine-learning-models/d/d-id/1340072
• Understanding Cloud Misconfigurations — With Pizza and Lego https://www.trendmicro.com/en_us/research/21/b/understanding-cloud-misconfigurations-with-pizza-and-lego.html
• Free e-book The OpenSSL Cookbook https://www.feistyduck.com/openssl-cookbook
• Zoombombing countermeasures are ineffective in the vast majority of cases https://arstechnica.com/information-technology/2021/02/zoombombing-countermeasures-are-ineffective-in-the-vast-majority-of-cases/, and https://www.wired.com/story/zoombomb-inside-jobs
• The National Cyber Investigative Joint Task Force Releases Ransomware Fact Sheet https://www.databreaches.net/the-national-cyber-investigative-joint-task-force-releases-ransomware-fact-sheet/
• Rubbish software security patches responsible for a quarter of zero-days last year https://www.theregister.com/2021/02/03/enigma_patch_zero/ and https://www.zdnet.com/article/google-proper-patching-would-have-prevented-25-of-all-zero-days-found-in-2020
• Cisco’s AppDynamics debuts app performance, vulnerability management software https://www.zdnet.com/article/ciscos-appdynamics-debuts-new-streamlined-vulnerability-management-software
• Fixing the Leak: How to prevent JavaScript Eavesdropping https://sourcedefense.com/resources/blog/fixing-the-leak-how-to-prevent-javascript-eavesdropping/
• Addressing the Human Element of Security: Awareness & Training Programs https://blog.isc2.org/isc2_blog/2021/02/addressing-the-human-element-of-security-awareness-training-programs.html
• Mastercard Brings Cyber Education to Small Businesses https://www.databreachtoday.com/mastercard-brings-cyber-education-to-small-businesses-a-15918
• How to Audit Password Changes in Active Directory https://thehackernews.com/2021/02/how-to-audit-password-changes-in-active.html
• A Swiss Army Knife for Industrial Operations Protection https://www.securityweek.com/swiss-army-knife-industrial-operations-protection
• Chrome 89 beta: Google presses on with 'advanced hardware interactions' that Mozilla, Apple see as harmful https://www.theregister.com/2021/02/01/chrome_89_beta_brings_desktop/
• What Did NSA Do to Help Prevent Supply Chain Attacks? https://www.databreachtoday.com/what-did-nsa-do-to-help-prevent-supply-chain-attacks-a-15913

• Open Source:

  • How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well https://www.theregister.com/2021/02/04/google_open_source_security/
  • Launching OSV - Better vulnerability triage for open source https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Number of ICS Vulnerabilities Continued to Increase in 2020: Report https://www.securityweek.com/number-ics-vulnerabilities-continued-increase-2020-report
• The Hot 100 | 2020's Most Popular Passwords and Other Data Breach Exposure Trends https://www.databreachtoday.com/webinars/hot-100-2020s-most-popular-passwords-other-data-breach-exposure-trends-w-2954
• Google says it’s too easy for hackers to find new security flaws https://www.technologyreview.com/2021/02/03/1017242/google-project-zero-day-flaw-security/
• Déjà vu-lnerability https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.html
• Google paid $6.7 million to bug bounty hunters in 2020 https://www.zdnet.com/article/google-paid-6-7-million-to-bug-bounty-hunters-in-2020
• Stack Canaries – Gingerly Sidestepping the Cage https://www.sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage
• Flaws Found in Geeni Smart Doorbells, Security Cameras https://www.databreachtoday.com/flaws-found-in-geeni-smart-doorbells-security-cameras-a-15931
• Recent root-giving Sudo bug also impacts macOS https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos
• Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects https://thehackernews.com/2021/01/google-discloses-severe-bug-in.html and https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/

• Chrome and Google's bad week:

  • Chrome users have faced 3 security concerns over the past 24 hours https://arstechnica.com/information-technology/2021/02/chrome-users-have-faced-3-security-concerns-over-the-past-24-hours/
  • Google Chrome sync feature can be abused for C&C and data exfiltration https://www.zdnet.com/article/google-chrome-syncing-features-can-be-abused-for-c-c-and-data-exfiltration
  • Google Chrome Zero-Day Afflicts Windows, Mac Users https://threatpost.com/google-chrome-zero-day-windows-mac/163688/
  • Google patches an actively exploited Chrome zero-day https://www.zdnet.com/article/google-patches-an-actively-exploited-chrome-zero-day
  • CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild https://www.tenable.com/blog/cve-2021-21148-google-chrome-heap-buffer-overflow-vulnerability-exploited-in-the-wild
  • New Chrome Browser 0-day Under Active Attack—Update Immediately! https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html
  • Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android https://www.securityweek.com/google-patches-16-high-severity-privilege-escalation-vulnerabilities-android
  • Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th) https://isc.sans.edu/diary/rss/27066
  • Android Devices Prone to Botnet’s DDoS Onslaught https://threatpost.com/android-devices-prone-to-botnets-ddos-onslaught/163680/

• SolarWinds:

  • SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat https://threatpost.com/solarwinds-nsa-encryption/163561/
  • Another SolarWinds Orion Hack https://www.schneier.com/blog/archives/2021/02/another-solarwinds-orion-hack.html
  • More SolarWinds News https://www.schneier.com/blog/archives/2021/02/more-solarwinds-news.html
  • A Second SolarWinds Hack Deepens Third-Party Software Fears https://www.wired.com/story/solarwinds-hack-china-usda
  • SolarWinds patches vulnerabilities that could allow full system control https://arstechnica.com/information-technology/2021/02/solarwinds-patches-vulnerabilities-that-could-allow-full-system-control/
  • SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover https://threatpost.com/solarwinds-orion-bug-remote-code-execution/163618/
  • More patches for SolarWinds Orion after researchers find flaw allowing low-priv users to execute code, among others https://www.theregister.com/2021/02/03/solarwinds_patch_trustwave/
  • Unpacking the CVEs in the FireEye Breach – Start Here First https://blog.qualys.com/vulnerabilities-research/2021/02/01/unpacking-the-fireeye-breach-start-here-first
• A note on Post Quantum Onion Routing, by Kelesidis Evgnosia-Alexandra https://eprint.iacr.org/2021/111
• PDF is Broken: a justCTF Challenge https://blog.trailofbits.com/2021/02/02/pdf-is-broken-a-justctf-challenge/
• Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html
• Becoming A CVE Numbering Authority https://www.trendmicro.com/en_us/research/21/b/becoming-a-cve-numbering-authority.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• CISOs on Ransomware and Malicious Insiders https://www.databreachtoday.com/cisos-on-ransomware-malicious-insiders-a-15936
• When Malware Developers Slip Up https://sector.ca/when-malware-developers-slip-up/
• What tracking an attacker email infrastructure tells us about persistent cybercriminal operations https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/
• Finding and Decoding Multi-Step Obfuscated Malware https://www.trendmicro.com/en_us/research/21/b/finding-multi-step-obfuscated-malware.html
• The Drovorub Mystery: Malware NSA Warned About Can't Be Found https://www.securityweek.com/drovorub-mystery-malware-nsa-warned-about-cant-be-found

• Trends, Alerts, and Events:

  • Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks https://www.zdnet.com/article/ransomware-gangs-are-abusing-vmware-esxi-exploits-to-encrypt-virtual-hard-disks
  • Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET https://www.theregister.com/2021/02/03/kobalos_malware/ and https://thehackernews.com/2021/02/a-new-linux-malware-targeting-high.html
  • Unusual Phishing Campaign Extracted Office 365 Credentials https://www.databreachtoday.com/unusual-phishing-campaign-extracted-office-365-credentials-a-15929
  • Discord Servers Targeted In Cryptocurrency Exchange Scam Wave https://packetstormsecurity.com/news/view/31990/Discord-Servers-Targeted-In-Cryptocurrency-Exchange-Scam-Wave.html
  • WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware https://thehackernews.com/2021/02/warning-hugely-popular-great-suspender.html
  • Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html
  • Hijacked Perl.com Domain Hosted on IP Address Linked to Malicious Activity https://www.securityweek.com/hijacked-perlcom-domain-hosted-ip-address-linked-malicious-activity
  • Alleged Gaming Software Supply-Chain Attack Installs Spyware https://threatpost.com/gaming-software-attack-spyware/163537/ and https://www.securityweek.com/cyberspies-delivered-malware-gamers-supply-chain-attack
  • Android devices ensnared in DDoS botnet https://www.zdnet.com/article/android-devices-ensnared-in-ddos-botnet
  • Hackers are exploiting a critical zeroday in firewalls from SonicWall https://arstechnica.com/information-technology/2021/02/hackers-are-exploiting-a-critical-zeroday-in-firewalls-from-sonicwall/
  • Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security https://www.theregister.com/2021/02/04/nespresso_cards_hacked/

• Nation State Actors:

  • NCSC Warns of China’s Efforts to Collect US DNA Data https://www.databreachtoday.com/ncsc-warns-chinas-efforts-to-collect-us-dna-data-a-15920
  • China Has Stolen 80% Of American Adults’ Personal Data, Expert Claims https://www.databreaches.net/china-has-stolen-80-of-american-adults-personal-data-expert-claims/
  • Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers https://threatpost.com/hezbollah-lebanese-cedar-apt-servers/163555/
  • China Tied to Separate SolarWinds Espionage Campaign https://www.databreachtoday.com/china-tied-to-separate-solarwinds-espionage-campaign-a-15915

• Crime:

  • Contractor for USAO Southern District of Iowa Provided Sensitive, Non-Public Info on Criminal Investigations to a Friend; Informants Wound Up “Outed” Online https://www.databreaches.net/contractor-for-usao-southern-district-of-iowa-provided-sensitive-non-public-info-on-criminal-investigations-to-a-friend-informants-wound-up-outed-online/
  • Founder of cryptocurrency hedge funds charged over $90 million theft https://www.zdnet.com/article/founder-of-cryptocurrency-hedge-funds-charged-for-90-million-theft
  • The 24-year-old founder of 2 crypto hedge funds overseeing $100 million admits to fraud https://markets.businessinsider.com/currencies/news/stefan-he-qin-admits-fraud-crypto-hedge-funds-100-million-2021-2-1030048785
  • A German man is keeping $60 million in bitcoin from police by never revealing his password https://www.theverge.com/tldr/2021/2/5/22268646/german-police-bitcoin-digital-wallet-missing-password

Other Security / Risk

Articles covering other types of risks.

• The computers rejecting your job application https://www.bbc.co.uk/news/business-55932977
• Facebook's Latest Proposed Policy Change Exemplifies the Trouble With Moderating Speech at Scale https://www.eff.org/deeplinks/2021/02/facebooks-latest-proposed-policy-change-exemplifies-trouble-moderating-speech-0
• How the US Lost to Hackers https://www.nytimes.com/2021/02/06/technology/cyber-hackers-usa.html and https://www.databreaches.net/how-the-united-states-lost-to-hackers/
• Israeli hackers take down KKK website and reveal information about white supremacist founders https://www.independent.co.uk/life-style/gadgets-and-tech/israeli-hackers-kkk-website-b1798049.html
• Presidential Cybersecurity and Pelotons https://www.schneier.com/blog/archives/2021/02/presidential-cybersecurity-and-pelotons.html
• Go read this New York Times investigation of the location tracking data of the Capitol rioters https://www.theverge.com/2021/2/5/22268669/location-tracking-data-capitol-riot-nyt
• Fake American and Canadian bills roll through town, Kindersley RCMP warn https://globalnews.ca/news/7621298/fake-american-canadian-bills-kindersley/
• Proud Boys added to Canada’s list of terrorist groups https://globalnews.ca/news/7616542/proud-boys-added-canada-list-terrorist-groups/ and https://www.ctvnews.ca/politics/canada-adds-proud-boys-to-terror-list-1.5293967
• Proud Boys Canada still online after being listed as terror group https://globalnews.ca/news/7617644/proud-boys-social-media-telegram/,
• NYU researchers find no evidence of anti-conservative bias on social media https://www.theverge.com/2021/2/1/22260269/anti-conservative-bias-social-media-no-evidence-nyu-research
• Scientists Achieve 'Transformational' Breakthrough in Scaling Quantum Computers https://www.sciencealert.com/scientists-achieve-transformational-breakthrough-in-scaling-up-quantum-computers and https://www.independent.co.uk/life-style/gadgets-and-tech/quantum-computing-microsoft-research-qubit-record-b1797144.html
• Countless emails wrongly blocked as spam after Cisco's SpamCop failed to renew domain name at the weekend https://www.theregister.com/2021/02/01/in_brief_security/
• The Chrome Update Is Bad for Advertisers, but Good for Google https://www.wired.com/story/chrome-cookie-update-advertisers-google
• Georgia’s election certification avoided an even worse nightmare that’s just waiting to happen next time https://freedom-to-tinker.com/2021/02/01/georgias-election-certification-avoided-an-even-worse-nightmare-thats-just-waiting-to-happen-next-time/
• Georgia’s Ballot-Marking Devices https://www.schneier.com/blog/archives/2021/02/georgias-ballot-marking-devices.html
• Evil Chucky doll wanted for ‘child abduction’ in Texas Amber Alert error https://globalnews.ca/news/7616792/chucky-doll-amber-alert-texas/
• The GameStop stock roller coaster has come to the dip https://www.theverge.com/2021/2/2/22262546/gamestop-amc-stock-down-short-squeeze
• Silver tumbles 7% from 8-year high as day-trader rally runs out of steam - GameStop and other hot stocks are also sliding https://www.businessinsider.com/silver-tumbles-from-8-year-high-retail-rally-loses-steam-2021-2

• Health, Safety & Environment:

  • Weather Phenomenon Triggers Nightmarish Spider Infestations in Australian Homes https://www.sciencealert.com/so-cute-cannibalistic-baby-spiders-swarm-australian-teen-s-bedroom
  • In survey of those with uncontrolled asthma, half smoked cannabis https://scienmag.com/in-survey-of-those-with-uncontrolled-asthma-half-smoked-cannabis/
  • UK's famous White Cliffs of Dover crumble into sea https://www.bbc.co.uk/news/uk-55931406
  • Drone footage shows disastrous collapse of California’s Highway 1 https://globalnews.ca/news/7612371/california-highway-1-washout-video-drone/
  • What Exactly Is a Nor’easter? https://www.mentalfloss.com/article/639628/what-is-a-noreaster

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• New Variants:

  • The Most Worrying Mutations in Five Emerging Coronavirus Variants https://www.scientificamerican.com/article/the-most-worrying-mutations-in-five-emerging-coronavirus-variants/
  • Highly-contagious U.K. COVID-19 variant will likely be dominant strain in Ontario by March, modelling suggests https://toronto.ctvnews.ca/highly-contagious-u-k-covid-19-variant-will-likely-be-dominant-strain-in-ontario-by-march-modelling-suggests-1.5285610
  • Brazilian COVID-19 variant, believed to be more transmissible, found in Toronto https://globalnews.ca/news/7626352/brazilian-covid-19-variant-toronto/
  • South African Strain: AstraZeneca Vaccine Fails to Prevent Mild And Moderate Cases https://www.sciencealert.com/astrazeneca-vaccine-is-less-effective-against-the-south-african-coronavirus-strain
  • AstraZeneca jab may be 'limited' on Covid variant https://www.bbc.co.uk/news/uk-55967767
  • UK finds more coronavirus cases with 'concerning' mutations https://www.bbc.co.uk/news/health-55900625

• Guidance, Response, and Recovery:

  • After Hundreds of Meatpacking Workers Died From COVID-19, Congress Wants Answers http://feeds.propublica.org/link/9499/14263225/after-hundreds-of-meatpacking-workers-died-from-covid-19-congress-wants-answers
  • Iowans Were Scared Into Taking the Virus Seriously https://www.theatlantic.com/politics/archive/2021/02/why-didnt-iowa-have-post-holiday-covid-19-surge/617920/
  • Coronavirus: Ontario considering cancelling March break to curb COVID-19 spread https://globalnews.ca/news/7620360/coronavirus-ontario-march-break-covid-19/
  • Location of all COVID-19 workplace outbreaks in Toronto to be released, including major incident with nearly 70 cases https://toronto.ctvnews.ca/location-of-all-covid-19-workplace-outbreaks-in-toronto-to-be-released-including-major-incident-with-nearly-70-cases-1.5296175
  • Fact or Fiction: Are ‘circuit breaker’ lockdowns going to cut it? Or is it time for #COVIDZero? https://globalnews.ca/news/7618619/circuit-breaker-lockdown-effectiveness/
  • A world upside down: Wuhan returns to normal while rest of the world reels https://globalnews.ca/news/7621826/wuhan-covid-19-one-year-anniversary/
  • Identity Theft Spikes Due to COVID-19 Relief https://threatpost.com/identity-theft-spikes-covid-19-relief/163577/
  • Coronavirus: B.C.’s ban on social gatherings and events extended until further notice https://globalnews.ca/news/7622800/bc-ban-social-gathering-events-extended-indefinitely/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Ontario lab pioneering new COVID-19 test method calls for all positive samples to be checked for variants https://globalnews.ca/news/7620001/coronavirus-ontario-covid-19-testing-variants/
  • Coronavirus rapid testing begins in Ottawa schools, long-term care homes https://globalnews.ca/news/7615301/coronavirus-rapid-testing-ottawa-long-term-care-schools/
  • Ontario announces $2M for ‘game changer’ airborne COVID-19 detector https://globalnews.ca/news/7619820/ontario-funding-airborne-covid-19-detector/
  • The Atlantic Daily: How to Better Read COVID-19 Data https://www.theatlantic.com/newsletters/archive/2021/02/the-atlantic-daily-how-to-better-read-covid-19-data/617926/

• Canada's Vaccine Timeline is Delayed

  • Feds asked vaccine makers to produce COVID-19 shots in Canada. All said no https://globalnews.ca/news/7620092/coronavirus-covid-vaccine-made-in-canada-novavax/
  • COMMENTARY: Could Canada’s COVID-19 vaccine supply be key to an early election call? https://globalnews.ca/news/7613351/canada-covid-vaccine-election/

• Immunity, Vaccines, and Vaccination:

  • Fauci says US should prioritize administering second vaccine dose over giving out first jabs to more Americans https://www.businessinsider.com/fauci-us-should-prioritize-second-vaccine-doses-2021-2
  • Covid: More than 12 million in UK have had first jab https://www.bbc.co.uk/news/uk-55973847
  • Kroger says it will pay workers $100 to get vaccinated against the coronavirus https://www.businessinsider.com/kroger-will-pay-workers-100-to-get-covid-19-vaccine-2021-2
  • The world is on the precipice of a global vaccine war that could wreck the fight against COVID-19 https://www.businessinsider.com/global-vaccine-wars-eu-export-controls-industry-fears-2021-2
  • Covid antibodies 'last at least six months' in most https://www.bbc.co.uk/news/health-55905158
  • AstraZeneca’s coronavirus vaccine may reduce virus transmission, developers say https://globalnews.ca/news/7619153/astrazeneca-covid-vaccine-transmission-study/
  • Employers’ Vaccine Mandates Are Representative of America’s Failed Approach to Public Health https://www.theatlantic.com/ideas/archive/2021/02/privatization-public-health/617918/
  • If You've Been Working from Home, Please Wait for Your Vaccine https://www.scientificamerican.com/article/if-youve-been-working-from-home-please-wait-for-your-vaccine1/
  • Vaccine mix-and-match: U.K. to study efficacy of combining shots https://globalnews.ca/news/7619191/covid-vaccine-dose-mixing-study/
  • Scientists Are Testing Mixing AstraZeneca's COVID-19 Vaccine With Pfizer's https://www.sciencealert.com/scientists-are-testing-mixing-astrazeneca-s-covid-19-vaccine-with-pfizer-s
  • Scientists want to know if vaccinated people can still become COVID-19 long-haulers https://www.theverge.com/22266344/covid-vaccine-protection-chronic-long-haul

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Coronavirus: Hamilton’s small businesses less than 50% compliant during inspection blitz, says city https://globalnews.ca/news/7619195/hamiltons-small-business-covid-regulation-compliance/
  • Three international travellers slapped with $750 fine in Toronto for refusing COVID-19 test https://toronto.ctvnews.ca/three-international-travellers-slapped-with-750-fine-in-toronto-for-refusing-covid-19-test-1.5298347
  • Threats made against Woolwich church that ignored COVID-19 lockdown https://globalnews.ca/news/7614043/threats-woolwich-church-covid-19-rules/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• This Trippy Optical Illusion Can Reveal if You Have 'Curvature Blindness' https://www.sciencealert.com/this-trippy-optical-illusion-can-reveal-if-you-have-curvature-blindness
• Penciling in the History of A-ha's 'Take on Me' https://www.mentalfloss.com/article/641682/a-ha-take-on-me-music-video
• Okay GPT-3: Candy hearts! https://aiweirdness.com/post/642024764424306688
• How One Movie Theater's Mistake Changed Ridley Scott's Blade Runner Forever https://www.mentalfloss.com/article/641815/movie-theater-mistake-changed-blade-runner-movie
• Golf on the moon: Apollo 14 50th anniversary images find Alan Shepard's ball and show how far he hit it https://www.bbc.co.uk/sport/golf/55927727
• Astronomers Think They've Found Another Trojan Asteroid Lurking in Earth's Orbit https://www.sciencealert.com/astronomers-have-found-what-appears-to-be-a-second-earth-trojan-asteroid
• MESSENGER Saw a Meteoroid Strike Mercury https://www.universetoday.com/149936/messenger-saw-a-meteoroid-strike-mercury/
• Ancient star, ancient planets… ancient life? Well… https://www.syfy.com/syfywire/ancient-star-ancient-planets-ancient-life-well
• Scientists find the source of mysterious pulses being blasted towards Earth https://www.independent.co.uk/life-style/gadgets-and-tech/space/gamma-ray-universe-pulsar-astronomy-b1797803.html