This Week's [in]Security - Issue 203

Welcome to This Week’s [in]Security. Texas Disaster. News/Link Taxing. More SolarWinds. SLC Update. PINs vs. Passwords. Skimmers. New breaches: CRA lockout. New Ransomware. Location. Tracker Pixels. NIST. Zero-Day. Routers. OpenSSL. Big Mac Attack. Trends. Buy-to-infect. Scams & Fraud. Nation States. Arrests, etc. AI. Misinformation. CRISPR. Quantum Fail. Serial Killers. Health, Safety & Environment. H5N8. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. Disinformation. The Good, Bad, and Ugly (Behaviour). And more.

Trending news

Texas Disaster, Australia vs. Social Media, More on the SolarWinds Supply Chain Attack:

• One bad storm crippled Texas shutting down electricity, water, gas, and more:

  • Texas weather: Deaths mount as winter storm leaves millions without power https://www.bbc.co.uk/news/world-us-canada-56095479
  • How Did Texas Electricity Grid Fail Residents So Catastrophically? An Expert Explains https://www.sciencealert.com/how-did-texas-electricity-grid-fail-residents-so-catastrophically-an-expert-explains
  • Texas weather: Are frozen wind turbines to blame for power cuts? https://www.bbc.co.uk/news/world-56085733
  • What went wrong with the Texas power grid? https://www.houstonchronicle.com/business/energy/article/Wholesale-power-prices-spiking-across-Texas-15951684.php
  • Why the Deep Freeze Caused Texas to Lose Power https://www.scientificamerican.com/article/why-the-deep-freeze-caused-texas-to-lose-power/
  • Texas weather: How to stay safe in freezing conditions https://www.bbc.co.uk/news/world-us-canada-56099519
  • Texas Power Outage Underscores Looming Climate Tests https://www.scientificamerican.com/article/texas-power-outage-underscores-looming-climate-tests/
  • Samsung forced to halt chip production in Austin due to power outages https://www.theverge.com/2021/2/17/22287054/samsung-chip-production-halted-austin-winter-storm-uri-power-blackouts
  • Why some Texas residents are ending up with $5,000 electric bills after the winter storms https://www.businessinsider.com/why-texas-residents-hit-with-soaring-electric-bills-winter-storms-2021-2
  • Senators Push for Action on Water Treatment Hack Investigation https://www.databreachtoday.com/senators-push-for-action-on-water-treatment-hack-investigation-a-16018
  • Federal Regulators Plan to Investigate Massive Texas Power Outage https://www.nbcdfw.com/investigations/federal-regulators-plan-to-investigate-massive-texas-power-outage/2555819/
  • Saskpower sending electricity to southern parts of United States amid storm https://globalnews.ca/news/7645562/saskpower-energy-us-snow-storm/
  • ‘We’re used to the cold’: Canadians in Texas cope better than most amid winter storm https://globalnews.ca/news/7652741/canadians-winter-storm-texas/

• Australia vs. Facebook:

  • Australia news code: What’s this row with Facebook and Google all about? https://www.bbc.co.uk/news/world-australia-56107028
  • Facebook says users in Australia can no longer view, share news content https://globalnews.ca/news/7646403/Facebook-news-content-blocked-australia/
  • Facebook’s Australian media ban is taking down official government pages https://www.theverge.com/2021/2/17/22288256/Facebook-australia-news-ban-governmental-agency-accounts
  • Australian law could make internet ‘unworkable’, says World Wide Web inventor Tim Berners-Lee https://www.independent.co.uk/news/australia-internet-law-tim-berners-lee-b1803988.html
  • Beware the Unintended Consequences: Some Warning Signs for Canada from the Australian Government Battle With Facebook https://www.michaelgeist.ca/2021/02/beware-the-unintended-consequences-some-warning-signs-for-canada-from-the-australian-government-battle-with-Facebook/
  • ‘Highly irresponsible’: Canada condemns Facebook over Australian news ban https://globalnews.ca/news/7650435/canada-Facebook-media-australia/
  • Google Is Suddenly Paying for News in Australia. What About Everywhere Else? https://www.nytimes.com/2021/02/17/business/media/australia-google-pay-for-news.html and https://www.theverge.com/2021/2/18/22288510/google-Facebook-australia-news-media-bargaining-code

• More on the SolarWinds fallout:

  • Microsoft says SolarWinds hackers stole source code for 3 products https://arstechnica.com/information-technology/2021/02/microsoft-says-solarwinds-hackers-stole-source-code-for-3-products/ and https://threatpost.com/microsoft-solarwinds-azure-exchange-code/164104/
  • Microsoft's Smith: SolarWinds Attack Involved 1,000 Developers https://www.databreachtoday.com/microsofts-smith-solarwinds-attack-involved-1000-developers-a-15993
  • Shining some light on Solarwinds and ICS https://www.sans.org/blog/shining-some-light-on-solarwinds-and-ics
  • U.S. government SolarWinds hack was largest, ‘most sophisticated attack’ ever: Microsoft https://globalnews.ca/news/7641103/us-government-solarwinds-hack-microsoft/
  • White House now says 100 companies hit by SolarWinds hack, but more may be impacted https://www.theverge.com/2021/2/18/22288961/solarwinds-hack-100-companies-9-federal-agencies
  • White House Preparing 'Executive Action' After SolarWinds Attack https://www.databreachtoday.com/white-house-preparing-executive-action-after-solarwinds-attack-a-16024

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI Security Standards Council Publishes Version 1.1 of Secure Software Lifecycle (SLC) Standard and Program https://www.pcisecuritystandards.org/about_us/press_releases/pr_02182021
• PCI Secure SLC Program Expands Vendor Eligibility with Version 1.1 https://blog.pcisecuritystandards.org/pci-secure-slc-program-expands-vendor-eligibility-with-version-1-1
• PCI has many requirements for passwords/passphrases, but what about PINs? You may be surprised they are handled differently https://controlgap.com/blog/PINs_Password_PCI
• Bluetooth Overlay Skimmer That Blocks Chip https://krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/
• Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang https://krebsonsecurity.com/2021/02/mexican-politician-removed-over-alleged-ties-to-romanian-atm-skimmer-gang/
• New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card https://thehackernews.com/2021/02/new-hack-lets-attackers-bypass.html
• Q4 2020 eCommerce Sales Rose 32 Pct Over 2019 https://www.pymnts.com/news/retail/2021/q4-2020-ecommerce-sales-rose-32-pct-yoy/
• Fully 30% of Retailers Plan POS Software Replacement in Next 12 Months, Report Finds https://www.digitaltransactions.net/fully-30-of-retailers-plan-pos-software-replacement-in-next-12-months-report-finds/
• Google Maps will now let you pay for public transportation and parking through its app https://www.theverge.com/2021/2/17/22287043/google-maps-pay-parking-public-transportation-cities
• Crypto on a Credit Card? BitPay Says Its Simplex Deal Makes it Easier And Cheaper (But the volatility!) https://www.digitaltransactions.net/crypto-on-a-credit-card-bitpay-says-its-simplex-deal-makes-it-easier-and-cheaper/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • CRA locks online accounts amid investigation, leaving users worried https://www.cbc.ca/news/technology/cra-accounts-locked-1.5916607
  • CRA suspends online accounts of over 100,000 Canadians after login credentials found for sale on dark web https://nationalpost.com/news/politics/cra-suspends-online-accounts-of-over-100000-canadians-after-their-login-credentials-found-for-sale-on-dark-web
  • ‘It’s not right’: Users with locked CRA accounts still waiting for answers https://globalnews.ca/news/7645263/cra-locked-accounts/
  • India’s cyber defenses breached and reported; govt. yet to fix it https://www.databreaches.net/indias-cyber-defenses-breached-and-reported-govt-yet-to-fix-it/
  • Personal info compromised at 88 firms in Japan in 2020 https://www.databreaches.net/personal-info-compromised-at-88-firms-in-japan-in-2020/
  • 'Cuba' Ransomware Gang Hits Payment Processor and Steals Data https://www.databreachtoday.com/cuba-ransomware-gang-hits-payment-processor-steals-data-a-16027
  • CityBee - 110,156 breached accounts https://haveibeenpwned.com/PwnedWebsites#CityBee
  • Ca: Simon Fraser University warns cyberattack exposed personal information of about 200,000 students, staff and alumni https://www.databreaches.net/ca-simon-fraser-university-warns-cyberattack-exposed-personal-information-of-about-200000-students-staff-and-alumni/
  • A data breach is exposing Big Law firms who were using a 20-year-old system for handling sensitive documents. Here's what we know so far. https://www.businessinsider.com/jones-day-hack-data-breach-law-firms-cybersecurity-accellion-customers-2021-2
  • Amber Group breaks silence on unsecured storage bucket; NatSec minister suggests TechCrunch reporter may have violated CyberCrime Act https://www.databreaches.net/amber-group-breaks-silence-on-unsecured-storage-bucket-natsec-minister-suggests-techcrunch-reporter-may-have-violated-cybercrime-act/
  • Ca: School division apologizes for privacy breach at Winnipeg Adult Education Centre https://www.databreaches.net/ca-school-division-apologizes-for-privacy-breach-at-winnipeg-adult-education-centre/
  • Nurserycam horror show: 'Secure' daycare video monitoring product beamed DVR admin creds to all users https://www.theregister.com/2021/02/18/nurserycam_security_problems_footfallcam_ltd/
  • Hundreds of University of Alabama – Huntsville email accounts compromised through phishing attempts https://www.databreaches.net/hundreds-of-university-of-alabama-huntsville-email-accounts-compromised-through-phishing-attempts/
  • Information Posted Online After N Carolina Ransomware Attack https://www.securityweek.com/information-posted-online-after-n-carolina-ransomware-attack
  • Kroger reports Accellion data breach affecting pharmacy records, associate HR data https://www.databreaches.net/kroger-reports-accellion-data-breach-affecting-pharmacy-records-associate-hr-data/

• New Ransomware and "Incidents":

  • Think your backups will protect you from ransomware? What do you think the malware attacked first? https://www.theregister.com/2021/02/17/protect_yourself_from_ransomware_webcast/
  • Kia Motors Hit With $20M Ransomware Attack – Report https://threatpost.com/kia-motors-ransomware-attack/164085/
  • Ransomware attacks on medical entities continue: a laboratory in Italy and a health care service in New Mexico among latest victims https://www.databreaches.net/ransomware-attacks-on-medical-entities-continue-a-laboratory-in-italy-and-a-health-care-service-in-new-mexico-among-latest-victims/
  • Lakehead University campus computers remain inaccessible due to cyber attack https://www.databreaches.net/lakehead-university-campus-computers-remain-inaccessible-due-to-cyber-attack/

• Follow-ups and fall-out:

  • NZ Reserve Bank Issues Update on Accellion Breach https://www.databreachtoday.com/nz-reserve-bank-issues-update-on-accellion-breach-a-16008
  • Data Breaches: ShinyHunters' Dominance Continues https://www.databreachtoday.com/blogs/data-breaches-shinyhunters-dominance-continues-p-2998
  • First it was Blackbaud, now it’s Sodinokibi — Southern Arkansas University becomes a breach victim again https://www.databreaches.net/first-it-was-blackbaud-now-its-sodinokibi-southern-arkansas-university-becomes-a-breach-victim-again/
  • Ge.tt - 2,481,121 breached accounts (2017) https://haveibeenpwned.com/PwnedWebsites#Gett

Privacy

Articles about privacy related news, risks, and trends.

• AI and Data Privacy: Compatible, or at Odds? https://www.infosecurity-magazine.com/opinions/ai-privacy-compatible-odds/
• Location tracking apps and privacy implications https://scienmag.com/location-tracking-apps-and-privacy-implications/
• Schneier on Cell Phone Location Privacy and PGPP https://www.schneier.com/blog/archives/2021/01/cell-phone-location-privacy.html
• Facebook is quietly building its own smartwatch so it can track your body, report says https://www.independent.co.uk/life-style/gadgets-and-tech/Facebook-smartwatch-health-fitness-b1802340.html

• Tracker Pixels (Hasn't this been a problem for a long-time):

  • Tracker pixels in emails are now an ‘endemic’ privacy concern https://www.zdnet.com/article/spy-pixels-in-emails-to-track-recipient-activity-are-now-an-endemic-privacy-concern
  • Browser Tracking Using Favicons https://www.schneier.com/blog/archives/2021/02/browser-tracking-using-favicons.html
  • New browser-tracking hack works even when you flush caches or go incognito https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/
  • How to stop your emails from being tracked https://www.theverge.com/22288190/email-pixel-trackers-how-to-stop-images-automatic-download

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Circumventing Parliament: How Bill C-10 Dramatically Reduces Parliamentary Oversight and Review Over Broadcast Policy https://www.michaelgeist.ca/2021/02/circumventing-parliamentc10/

• US:

  • EFF to Patent Office: No New Design Patents https://www.eff.org/deeplinks/2021/02/eff-patent-office-no-new-design-patents
  • North Dakota Senate Rejects Bill To Regulate Apple App Store https://www.pymnts.com/news/regulation/2021/nd-bill-on-app-store-regulations-nixed-in-victory-for-apple/
  • Maryland Passes First US Tax On Digital Ads https://www.pymnts.com/taxes/2021/maryland-passes-first-us-tax-on-digital-ads/
  • Privacy Legislation Progresses in 5 More States https://www.databreachtoday.com/privacy-legislation-progresses-in-5-more-states-a-15995
  • The State House Versus Big Tech https://www.nytimes.com/2021/02/16/technology/the-state-house-versus-big-tech.html
  • Speak Up for Real Privacy in Virginia https://www.eff.org/deeplinks/2021/02/speak-real-privacy-virginia
  • Virginia Data Privacy Law https://www.schneier.com/blog/archives/2021/02/virginia-data-privacy-law.html
  • Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed https://www.schneier.com/blog/archives/2021/02/deliberately-playing-copyrighted-music-to-avoid-being-live-streamed.html and https://www.eff.org/deeplinks/2021/02/cops-using-music-try-stop-being-filmed-just-tip-iceberg
  • LAPD Requested Ring Footage of Black Lives Matter Protests https://www.eff.org/deeplinks/2021/02/lapd-requested-ring-footage-black-lives-matter-protests
  • Reddit’s lead GameStop hypebeast is being sued for his role in the stock surge https://www.theverge.com/2021/2/17/22287612/reddit-wallstreetbets-gamestop-lawsuit-roaring-kitty-gill-market-manipulation
  • ‘Spinning’ is trademarked, and Peloton isn’t happy about it https://www.theverge.com/2021/2/18/22289005/peloton-spinning-spin-trademark-mad-dogg-dispute-appeal

• World:

  • Citizen Lab Response to the U. N. Working Group on the Use of Mercenaries https://citizenlab.ca/2021/02/citizen-lab-response-to-the-u-n-working-group-on-the-use-of-mercenaries/
  • How Do Copyright Rules Affect Internet Creators? And What Can They Do About It? https://www.eff.org/deeplinks/2021/02/how-do-copyright-rules-affect-internet-creators-and-what-can-they-do-about-it

• Standards News:

  • The next NICE Conference and Expo will take place June 6-8, 2022 at the Westin Peachtree Plaza in Atlanta, GA. https://niceconference.org/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Asset Detection with Nessus Scanners: The First Step In Assessing Cyber Risk https://www.tenable.com/blog/asset-detection-with-nessus-scanners-the-first-step-in-assessing-cyber-risk
• CIS launches no-cost ransomware service for U.S. hospitals https://www.databreaches.net/cis-launches-no-cost-ransomware-service-for-u-s-hospitals/
• Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets https://www.tenable.com/blog/cloud-security-why-you-shouldn-t-ignore-ephemeral-assets
• Controlling Smart Lights Using Dumb Switches with Shelly and Home Assistant https://www.troyhunt.com/controlling-smart-lights-using-dumb-switches-with-shelly-and-home-assistant/
• IRS Issues Guidance For Pandemic Identify Theft Victims https://www.pymnts.com/news/security-and-risk/2021/irs-issues-guidance-pandemic-identify-theft-victims/
• Let's Encrypt completes huge upgrade, can now rip and replace 200 million security certs in 'worst case scenario' https://www.theregister.com/2021/02/15/in_brief_security/
• Microsoft starts removing Flash from Windows devices via new KB4577586 update https://www.zdnet.com/article/microsoft-starts-removing-flash-from-windows-devices-via-new-kb4577586-update
• Mitigating Memory Safety Issues in Open Source Software https://security.googleblog.com/2021/02/mitigating-memory-safety-issues-in-open.html
• Six free alternatives to the LastPass password manager https://www.theverge.com/22285499/password-manager-lastpass-free-bitwarden-zoho
• The Weeds and Flowers of Information Security https://blog.isc2.org/isc2_blog/2021/02/the-weeds-and-flowers-of-information-security.html
• Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication, by Michael Kounavis and Shay Gueron https://eprint.iacr.org/2008/464
• Exploit Details Emerge for Unpatched Microsoft Bug https://threatpost.com/exploit-details-unpatched-microsoft-bug/164083/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• WebKit Zero-Day Vulnerability Exploited in Malvertising Operation https://www.securityweek.com/webkit-zero-day-vulnerability-exploited-malvertising-operation
• Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two) http://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html
• Brave browser leaks onion addresses in DNS traffic https://www.zdnet.com/article/brave-browser-leaks-onion-addresses-in-dns-traffic
• Ninja Forms WordPress Plugin Bug Opens Websites to Hacks https://threatpost.com/ninja-forms-wordpress-plugin-hacks/164042/
• Gauging LoRaWAN Communication Security with LoraPWN https://www.trendmicro.com/en_us/research/21/b/gauging-lorawan-communication-security-with-lorapwn.html
• Misconfigured Baby Monitors Allow Unauthorized Viewing https://threatpost.com/baby-monitors-unauthorized-viewing/163982/
• PACS Flaws Put Data at Risk for 18 Months https://www.databreachtoday.com/pacs-flaws-put-data-at-risk-for-18-months-a-16021
• Router Security https://www.schneier.com/blog/archives/2021/02/router-security.html
• SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps https://threatpost.com/sdk-bug-spy-calls-dating-healthcare-apps/164068/
• Three New Vulnerabilities Patched in OpenSSL https://www.securityweek.com/three-new-vulnerabilities-patched-openssl
• Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware https://threatpost.com/unpatched-android-app-billion-downloads-malware/163976/
• Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware https://thehackernews.com/2021/02/unpatched-shareit-android-app-flaw.html and https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
• Security Enhancement of the Vortex Family of Hash Functions, by Shay Gueron and Michael Kounavis https://eprint.iacr.org/2011/652
• Small Leaks Sink a Great Ship: An Evaluation of Key Reuse Resilience of PQC Third Round Finalist NTRU-HRSS, by Xiaohan Zhang and Chi Cheng and Yue Qin and Ruoyu Ding https://eprint.iacr.org/2021/168

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• The Big Mac Attack:

  • Enterprise Windows Threats Drop as Mac Attacks Rise: Report https://www.darkreading.com/attacks-breaches/enterprise-windows-threats-drop-as-mac-attacks-rise-report/d/d-id/1340184
  • Malware Is Now Targeting Apple’s New M1 Processor https://www.wired.com/story/apple-m1-malware
  • Mysterious Silver Sparrow Malware Found Nesting on 30K Macs https://threatpost.com/silver-sparrow-malware-30k-macs/164121/ and https://arstechnica.com/information-technology/2021/02/new-malware-found-on-30000-macs-has-security-pros-stumped/
  • New malware found on 30,000 Macs has security pros stumped https://arstechnica.com/information-technology/2021/02/new-malware-found-on-30000-macs-has-security-pros-stumped/

• Trends, Alerts, and Events:

  • Owner of Barcode Scanner App that hijacked millions of devices with one update exposes buy-to-infect scam https://www.schneier.com/blog/archives/2021/02/malicious-barcode-scanner-app.html and https://www.zdnet.com/article/owner-of-app-that-hijacked-millions-of-devices-with-one-update-exposes-buy-to-infect-scheme/
  • Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed https://threatpost.com/safari-browser-scamclub-campaign-revealed/164023/
  • Dutch police post 'friendly' warnings on hacking forums https://www.zdnet.com/article/dutch-police-post-friendly-warnings-on-hacking-forums
  • French IT monitoring company’s software targeted by hackers https://www.databreaches.net/french-it-monitoring-companys-software-targeted-by-hackers/
  • Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities https://thehackernews.com/2021/02/hackers-exploit-it-monitoring-tool.html
  • Hackers Target 'Instant Quote' Websites https://www.databreachtoday.com/hackers-target-instant-quote-websites-a-16023
  • Malformed URL Prefix Phishing Attacks Spike 6,000% https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
  • Masslogger Swipes Microsoft Outlook, Google Chrome Credentials https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/ and https://thehackernews.com/2021/02/masslogger-trojan-upgraded-to-steal-all.html
  • Windows and Linux servers targeted by new WatchDog botnet for almost two years https://www.zdnet.com/article/windows-and-linux-servers-targeted-by-new-watchdog-botnet-for-almost-two-years and https://threatpost.com/windows-linux-devices-hijacked-in-two-year-cryptojacking-campaign/164048/

• Scams and Fraud in the news:

  • 270 addresses are responsible for 55% of all cryptocurrency money laundering https://www.zdnet.com/article/270-addresses-are-responsible-for-55-of-all-cryptocurrency-money-laundering
  • Scammers are targeting Texans as winter storm leaves many without power, feds warn https://www.businessinsider.com/scammers-targeting-texans-after-winter-storm-feds-warn-2021-2
  • Apartment rental scams on the rise during pandemic, Toronto police say https://toronto.ctvnews.ca/apartment-rental-scams-on-the-rise-during-pandemic-toronto-police-say-1.5310031
  • Losses to romance scams reached a record $304 million in 2020 https://www.zdnet.com/article/losses-to-romance-scams-reached-a-record-304-million-in-2020
  • The new (and fake) 'LinkedInSecureMessage' ?, (Wed, Feb 17th) https://isc.sans.edu/diary/rss/27110
  • Multiple reports of dating app 'sextortion' scams in York Region, police issue warning https://toronto.ctvnews.ca/multiple-reports-of-dating-app-sextortion-scams-in-york-region-police-issue-warning-1.5316011

• Nation State Actors:

  • France Ties 3-Year Hacking Campaign to Russia's Sandworm https://www.databreachtoday.com/france-ties-3-year-hacking-campaign-to-russias-sandworm-a-15998
  • South Korea Claims North Korea Tried Hacking Pfizer https://www.databreachtoday.com/south-korea-claims-north-korea-tried-hacking-pfizer-a-16011
  • North Korea may have hacked into Pfizer servers looking for COVID data https://arstechnica.com/gadgets/2021/02/north-korea-may-have-hacked-into-pfizer-servers-looking-for-covid-data/

• Crime:

  • U.S. Indicts North Korean Hackers in Theft of $200 Million https://krebsonsecurity.com/2021/02/u-s-indicts-north-korean-hackers-in-theft-of-200-million/
  • US charges three North Koreans over $1.3bn theft https://www.bbc.co.uk/news/technology-56103921
  • US announces charges against North Korean hackers for sweeping hacking scheme https://www.theverge.com/2021/2/17/22287578/doj-fbi-north-korea-hack-wannacry-sony-pictures-the-interview
  • US charges two more members of the 'Lazarus' North Korean hacking group https://www.zdnet.com/article/us-charges-two-more-members-of-the-lazarus-north-korean-hacking-group
  • Malaysia arrests 11 suspects for hacking government sites https://www.zdnet.com/article/malaysia-arrests-11-suspects-for-hacking-government-sites

Other Security / Risk

Articles covering other types of risks.

• Soviet 'Enigma' cipher machine sells for $22k at collapsed museum's exhibits auction https://www.theregister.com/2021/02/17/soviet_spy_gadgets_museum_auction/
• The mascot of AI Weirdness is a cyborg tomato? https://aiweirdness.com/post/643472149501362176
• AI may mistake chess discussions about 'black and white' as racist talk https://scienmag.com/ai-may-mistake-chess-discussions-as-racist-talk/
• How governments were left playing catch-up on misinformation https://www.theguardian.com/australia-news/2021/feb/18/how-governments-were-left-playing-catch-up-on-misinformation
• Humour over rumour? The world can learn a lot from Taiwan’s approach to fake news | Arwa Mahdawi https://www.theguardian.com/commentisfree/2021/feb/17/humour-over-rumour-taiwan-fake-news
• The Librarian War Against QAnon https://www.theatlantic.com/education/archive/2021/02/how-librarians-can-fight-qanon/618047/
• The Dark Side of CRISPR https://www.scientificamerican.com/article/the-dark-side-of-crispr/
• The Internet Is Splintering https://www.nytimes.com/2021/02/17/technology/the-internet-is-splintering.html
• Why We Want Tech Copycats to Fail https://www.nytimes.com/2021/02/19/technology/why-we-want-tech-copycats-to-fail.html
• Hitting send too soon? Citibank can't get back $500 million it wired by mistake, judge rules https://www.cnn.com/2021/02/16/business/citibank-revlon-lawsuit-ruling/index.html
• Microsoft’s Big Win in Quantum Computing Was an ‘Error’ After All https://www.wired.com/story/microsoft-win-quantum-computing-error/
• Parler says it’s back without “Big Tech” after being kicked off Amazon https://arstechnica.com/tech-policy/2021/02/parler-says-its-back-without-big-tech-after-being-kicked-off-amazon/
• Why Were There So Many Serial Killers Between 1970 and 2000 — and Where Did They Go? https://www.rollingstone.com/culture/culture-features/serial-killers-1970s-2000s-murders-1121705/

• Health, Safety & Environment:

  • 'New Car Smell' Is The Scent of Carcinogens, And Even Short Trips May Overexpose Us https://www.sciencealert.com/a-20-minute-commute-puts-you-at-risk-of-unacceptably-high-levels-of-carcinogens
  • Tired? Here's What Happens to The Body And Brain After Pulling an All-Nighter https://www.sciencealert.com/tired-here-s-what-happens-to-your-body-and-brain-when-you-pull-an-all-nighter
  • USDA Warning: Your Yard Is Not a Freezer, So Don’t Put Your Food Outside If You Lose Power https://www.mentalfloss.com/article/642652/usda-warning-dont-freeze-food-yard
  • Using a machine model to predict risk of human aneurysms https://scienmag.com/using-a-machine-model-to-predict-risk-of-human-aneurysms/
  • What Are Those Meatless, Plant-Based Burgers Actually Made Of? https://www.mentalfloss.com/article/620473/impossible-burger-ingredients-and-nutrition
  • Why Did We Ever Send Sick Kids to School? https://www.theatlantic.com/family/archive/2021/02/when-schools-punish-sick-kids-poor-attendance/618045/
  • Bird flu: Russia detects first case of H5N8 bird flu in humans https://www.bbc.co.uk/news/world-europe-56140270
  • Scientists are racing to develop coronavirus drugs that could fight the common cold and protect us from the next pandemic https://www.businessinsider.com/scientists-work-on-universal-coronavirus-drugs-fight-covid-pandemic-2021-2
  • Russian Scientists Are Probing Prehistoric Viruses Emerging From Siberian Permafrost https://www.sciencealert.com/russian-lab-announces-plans-to-research-ancient-viruses-from-permafrost
  • What Are The Chances of Another COVID? Much Greater Than We Realised https://www.sciencealert.com/what-are-the-chances-of-another-covid-higher-than-we-previously-thought
  • Bacteria-hunting viruses can track down antibiotic-resistant bugs where they hide https://www.cbc.ca/player/play/1863797827869
  • TB vaccine may protect newborns against other infectious diseases https://scienmag.com/tb-vaccine-may-protect-newborns-against-other-infectious-diseases/
  • An mRNA vaccine for cancer immunotherapy https://scienmag.com/an-mrna-vaccine-for-cancer-immunotherapy/
  • Zika vaccine candidate shows promise in phase I trial https://scienmag.com/zika-vaccine-candidate-shows-promise-in-phase-i-trial/
  • Bill Gates: ‘Carbon neutrality in a decade is a fairytale. Why peddle fantasies?’ https://www.theguardian.com/technology/2021/feb/15/bill-gates-carbon-neutrality-in-a-decade-is-a-fairytale-why-peddle-fantasies
  • Russia's stray dogs with bright-coloured fur - pictures https://www.bbc.co.uk/news/world-europe-56129464
  • Neanderthals died out after Earth's magnetic poles flipped, causing a climate crisis 42,000 years ago, a study says https://www.businessinsider.com/neanderthal-extinction-earth-magnetic-poles-flip-climate-change-2021-2
  • Earth's Magnetic Field Flipped 42,000 Years Ago. The Consequences Were Dramatic https://www.sciencealert.com/earth-s-magnetic-field-flipped-42-000-years-ago-with-dramatic-consequences
  • The Colossal Weight of Cities Is Making Them Sink, Even as Sea Levels Are Rising https://www.sciencealert.com/the-weight-of-cities-is-sinking-urban-areas-at-the-same-time-sea-levels-are-rising

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • ‘Perfect storm’: Is Canada headed for a third wave of COVID-19? https://globalnews.ca/news/7641757/canada-coronavirus-third-wave-explainer/
  • 2 Ontario universities to study COVID-19 transmission, immunity on campus https://globalnews.ca/news/7645223/universities-funding-covid-19-campus/
  • 40% of COVID-19 cases in B.C. are linked to social gatherings https://globalnews.ca/news/7645729/covid-19-social-gatherings-bc-positivity-rate/
  • As COVID-19 variants spread, why are global coronavirus cases declining? https://globalnews.ca/news/7650282/global-coronavirus-cases-decline-covid-19/
  • Experts puzzled by India’s dramatic drop in coronavirus cases https://globalnews.ca/news/7642779/coronavirus-cases-fall-india-experts/
  • COVID-19 Cases Are Dropping Fast. Why? https://www.theatlantic.com/ideas/archive/2021/02/why-covid-19-cases-are-falling-so-fast/618041/
  • Variants could spark resurgence even under current health measures: modelling https://www.ctvnews.ca/health/coronavirus/variants-could-spark-resurgence-even-under-current-health-measures-modelling-1.5315741
  • Maps show ZIP codes hit hardest by COVID-19 have low vaccination rates https://www.theverge.com/2021/2/17/22287123/covid-vaccination-death-inequity-race-maps
  • Ontario logs fewer than 900 new COVID-19 cases, lowest single-day tally since last October https://toronto.ctvnews.ca/ontario-logs-fewer-than-900-new-covid-19-cases-lowest-single-day-tally-since-last-october-1.5312390

• New Variants:

  • A coronavirus variant with a mutation which 'likely helps it escape' antibodies is already in at least 11 countries, including the US https://www.businessinsider.com/virus-variant-in-11-countries-and-may-resist-antibodies-report-2021-2
  • Another new coronavirus variant seen in the UK https://www.bbc.co.uk/news/health-56082573
  • Mutation in SARS-CoV-2 spike protein renders virus up to eight times more infectious https://scienmag.com/mutation-in-sars-cov-2-spike-protein-renders-virus-up-to-eight-times-more-infectious/
  • Scientists Discover 7 New Coronavirus Variants in Locations Across The US https://www.sciencealert.com/scientists-discover-7-new-coronavirus-variants-in-locations-across-the-us
  • PHAC monitoring reports of 2 COVID-19 variants merging into heavily mutated hybrid https://globalnews.ca/news/7643533/covid-uk-california-hybrid-mutant-variants/

• Guidance, Response, and Recovery:

  • Canada’s new travel restrictions at land borders come into effect https://globalnews.ca/news/7641191/canada-covid-us-border-restrictions/
  • Is It Safe to Go Back to the Movie Theater? https://www.theatlantic.com/ideas/archive/2021/02/i-want-go-back-movies/617298/
  • Ontario investing $2.5M in wearable tracing tech that will beep or vibrate if people aren’t six feet apart https://toronto.ctvnews.ca/ontario-investing-2-5m-in-wearable-tracing-tech-that-will-beep-or-vibrate-if-people-aren-t-six-feet-apart-1.5314282
  • This wearable device beeps when workers get too close to each other https://www.cbc.ca/news/canada/calgary/wearable-tech-covid-workers-calgary-1.5898673
  • Thousands of UK Amazon workers given false Covid test results https://www.theguardian.com/world/2021/feb/16/uk-amazon-workers-false-covid-test-results
  • Toronto, Peel, North Bay-Parry Sound COVID-19 shutdown extended to March 8, York to enter red zone https://globalnews.ca/news/7650151/toronto-peel-region-north-bay-parry-sound-coronavirus-lockdown-extended-york-red-zone/

• Impact:

  • American woman whose car has been parked near Toronto Pearson for almost one year says she's being asked to pay $2,800 in fees https://toronto.ctvnews.ca/american-woman-whose-car-has-been-parked-near-toronto-pearson-for-almost-one-year-says-she-s-being-asked-to-pay-2-800-in-fees-1.5316608
  • Covid and suicide: Japan's rise a warning to the world? https://www.bbc.co.uk/news/world-asia-55837160
  • Covid: Dutch crisis as court orders end to Covid curfew https://www.bbc.co.uk/news/world-europe-56084466
  • COVID-19 may have caused the loss of more than 20.5 million years of life worldwide https://scienmag.com/covid-19-may-have-caused-the-loss-of-more-than-20-5-million-years-of-life-worldwide/
  • Milken Institute assesses pandemic’s economic impact on 400 cities nationwide https://scienmag.com/milken-institute-assesses-pandemics-economic-impact-on-400-cities-nationwide/
  • Italians mark coronavirus outbreak anniversary by paying tribute to those who died https://globalnews.ca/news/7653488/italy-coronavirus-anniversary/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • A genetic variant inherited from Neanderthals reduces the risk of severe COVID-19 https://scienmag.com/a-genetic-variant-inherited-from-neanderthals-reduces-the-risk-of-severe-covid-19/
  • A machine-learning approach to finding treatment options for Covid-19 https://scienmag.com/a-machine-learning-approach-to-finding-treatment-options-for-covid-19/
  • Could a nasal spray prevent coronavirus transmission? https://scienmag.com/could-a-nasal-spray-prevent-coronavirus-transmission/
  • Existing heart failure drug may treat potential COVID-19 long-hauler symptom https://scienmag.com/existing-heart-failure-drug-may-treat-potential-covid-19-long-hauler-symptom/
  • Study questions whether pubs can effectively prevent COVID-19 transmission risk https://scienmag.com/study-questions-whether-pubs-can-effectively-prevent-covid-19-transmission-risk/
  • Thousands of COVID-19 long-haulers have been crippled by months of physical pain and mental anguish, but recovery clinics are springing up, offering hope https://www.businessinsider.com/recovery-clinics-for-long-haulers-opening-up-and-offering-hope-2021-2

• Immunity, Vaccines, and Vaccination:

  • A 90-year-old Seattle woman trudged three miles through 10 inches of snow to get her vaccine shot https://www.washingtonpost.com/nation/2021/02/17/seattle-snowstorm-90-woman-vaccine/
  • All Toronto long-term care residents and staff to be fully vaccinated by Tuesday https://toronto.ctvnews.ca/all-toronto-long-term-care-residents-and-staff-to-be-fully-vaccinated-by-tuesday-1.5309457
  • Booster Shots Against Scary COVID Virus Variants Are In the Works https://www.scientificamerican.com/article/booster-shots-against-scary-covid-virus-variants-are-in-the-works1/
  • Canadian COVID-19 vaccine maker says it can produce 50 million doses this year https://globalnews.ca/news/7643740/canada-made-coronavirus-vaccine-providence-therapeutics/
  • Canadian researchers say Pfizer vaccine's second dose can be delayed as first is highly effective https://www.ctvnews.ca/health/coronavirus/canadian-researchers-say-pfizer-vaccine-s-second-dose-can-be-delayed-as-first-is-highly-effective-1.5313926
  • Delay a Shot? Skip One? Vaccine-Dosing Messaging Is a Nightmare. https://www.theatlantic.com/science/archive/2021/02/vaccine-dosing-debate/618055/
  • Covid vaccines: G7 increase support for Covax scheme https://www.bbc.co.uk/news/world-56130419
  • COVID-19 vaccines are starting to work in the US https://www.theverge.com/2021/2/19/22290107/covid-vaccine-working-case-death-connecticut-nursing-home
  • Covid-19: World's first human challenge trials to start in UK https://www.bbc.co.uk/news/health-56097088
  • Rich nations see virus rates fall quicker — study https://scienmag.com/rich-nations-see-virus-rates-fall-quicker-study/
  • Drive-thru COVID-19 vaccination clinic to open at Canada's Wonderland https://toronto.ctvnews.ca/drive-thru-covid-19-vaccination-clinic-to-open-at-canada-s-wonderland-1.5309026
  • Fauci: There's evidence COVID-19 vaccines don't just protect you — they may stop you spreading the virus to others, too https://www.businessinsider.com/fauci-vaccines-may-decrease-spread-of-covid-lower-viral-load-2021-2
  • Israel study reports 94% drop in symptomatic COVID-19 cases among people who receive 2 doses of Pfizer vaccine https://www.businessinsider.com/pfizer-vaccine-reduces-symptomatic-covid-19-cases-israel-2021-2
  • Pfizer says COVID-19 vaccine can be stored at higher temperatures https://globalnews.ca/news/7651176/pfizer-covid-vaccine-storage-temperatures/
  • Pfizer’s COVID-19 vaccine reduces virus transmission, Israel studies find https://globalnews.ca/news/7650236/pfizer-covid-19-vaccine-transmission/
  • Seniors may be notified by doctors, advertisements on when they could get the COVID-19 vaccine https://toronto.ctvnews.ca/seniors-may-be-notified-by-doctors-advertisements-on-when-they-could-get-the-covid-19-vaccine-1.5316084
  • The Lancet: 3-month interval between first and second dose of Oxford COVID-19 vaccine results in higher vaccine efficacy than 6-week interval https://scienmag.com/the-lancet-3-month-interval-between-first-and-second-dose-of-oxford-covid-19-vaccine-results-in-higher-vaccine-efficacy-than-6-week-interval/
  • U.K. will issue vaccine passports if needed, but won’t use at home https://globalnews.ca/news/7642872/uk-covid-vaccine-immunity-passports/

• Disinformation:

  • More than 4,000 advertisers including Pfizer, Walmart, and even the CDC ran ads alongside vaccine misinformation https://www.businessinsider.com/pfizer-walmart-cdc-ran-ads-on-websites-peddling-vaccine-misinformation-2021-2

• More of the good, the bad, and the ugly:

  • China arrested a scammer whose gang made $3 million from selling water as COVID-19 vaccine shots https://www.businessinsider.com/man-sold-water-coronavirus-vaccines-china-arrested-2021-2
  • China arrests leader of fake vaccine scam https://www.bbc.co.uk/news/world-asia-china-56080092
  • Two US women pose as 'grannies' to skip vaccine queue https://www.bbc.co.uk/news/world-us-canada-56138699

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • How to Buy a Real N95 Mask Online https://www.nytimes.com/2021/02/17/technology/personaltech/buy-real-n95-mask.html
  • 'Smart' face masks promise high-tech protection https://www.bbc.co.uk/news/technology-56114512
  • 64.4 per cent compliance rate found during inspection blitz at distribution centres in Peel Region https://toronto.ctvnews.ca/64-4-per-cent-compliance-rate-found-during-inspection-blitz-at-distribution-centres-in-peel-region-1.5313595
  • Coronavirus: Richmond RCMP bust 2 illegal karaoke parties over the weekend https://globalnews.ca/news/7644489/coronavirus-richmond-rcmp-bust-illegal-karaoke-parties/
  • Charges laid after large gatherings in downtown Toronto https://toronto.ctvnews.ca/charges-laid-after-large-gatherings-in-downtown-toronto-1.5308995
  • Eleven Ontario students fined at least $17,000 for cottage weekend in Quebec Laurentians https://montreal.ctvnews.ca/eleven-ontario-students-fined-at-least-17-000-for-cottage-weekend-in-quebec-laurentians-1.5309718
  • Partying students at UBC fined more than $5,000 for breaking COVID-19 rules https://globalnews.ca/news/7647231/ubc-partying-students-covid-19-fines/
  • Police issue $7,500 tickets to restaurants for allegedly violating COVID-19 restrictions https://globalnews.ca/news/7643679/police-tickets-restaurants-coronavirus-restrictions/
  • COVID-19: Vancouver man accused of hosting illegal penthouse party faces new charge https://globalnews.ca/news/7654093/vancouver-accused-penthouse-party-new-charges/
  • Four fined £10,000 at Birmingham airport for not declaring arrival from 'red list' country https://www.theguardian.com/world/2021/feb/16/quarantine-hotel-users-england-extra-bill-positive-covid-test

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• A Trippy Visualization Charts the Internet's Growth https://www.wired.com/story/opte-internet-map-visualization
• All Your Base Are Belong To Us has turned 20 https://www.theverge.com/2021/2/17/22287208/all-your-base-are-belong-to-us-20th-anniversary-internet-culture
• Scientists try to fix flat maps with new double-sided projections https://www.theverge.com/2021/2/18/22289120/globe-2d-map-double-sided-gott-equidistant-azimuthal-projection
• The Real Reason Cars Have Those 'Grab Handles' Above the Doors https://www.mentalfloss.com/article/641640/real-reason-cars-have-grab-handles-above-doors
• Just wrong - Lamborghini Avendator on snow tracks is a beautiful, terrible idea https://driving.ca/lamborghini/auto-news/news/watch-this-lambo-avendator-on-snow-tracks-is-a-beautiful-terrible-idea
• 'My daughter had asked for a bigger one': Toronto man creates massive 14-foot snowman https://toronto.ctvnews.ca/my-daughter-had-asked-for-a-bigger-one-toronto-man-creates-massive-14-foot-snowman-1.5311543
• The Most Accurate Flat Map of Earth Yet https://www.scientificamerican.com/article/the-most-accurate-flat-map-of-earth-yet/
• Abydos beer factory: Ancient large-scale brewery discovered in Egypt https://www.bbc.co.uk/news/world-middle-east-56067717
• NASA has Decided to Start Building the Lunar Gateway Using the Falcon Heavy https://www.universetoday.com/150124/nasa-has-decided-to-start-building-the-lunar-gateway-using-the-falcon-heavy/
• The Largest Crater on the Moon Reveals Secrets About its Early History https://www.universetoday.com/150170/the-largest-crater-on-the-moon-reveals-secrets-about-its-early-history/
• Landing on Mars: Seven Minutes of Terror https://apod.nasa.gov/apod/ap210215.html
• NASA’s Perseverance Rover: The Most Ambitious Space Mission Ever? https://www.universetoday.com/150122/nasas-perseverance-rover-the-most-ambitious-space-mission-ever/
• Perseverance has Landed. Here are its First Pictures From the Surface of Mars https://www.universetoday.com/150197/perseverance-has-landed-here-are-its-first-pictures-from-the-surface-of-mars/
• See the first incredible images from the NASA rover Perseverance on Mars! https://www.syfy.com/syfywire/perseverance-mars-images
• Mars landings that did (and didn't) go to plan https://www.bbc.co.uk/news/science-environment-56034431
• Juno Just Saw a Spacerock Crash Into Jupiter https://www.universetoday.com/150174/juno-just-saw-a-spacerock-crash-into-jupiter/
• New analysis weakens — but doesn't kill — the case for Planet Nine https://www.syfy.com/syfywire/new-analysis-weakens-but-doesnt-kill-the-case-for-planet-nine
• Can a planet be bigger than its star? https://www.syfy.com/syfywire/can-a-planet-be-bigger-than-its-star
• Cygnus X-1, the first black hole ever detected, is more massive than we thought https://www.syfy.com/syfywire/cygnus-x-1-the-first-black-hole-ever-detected-is-more-massive-than-we-thought