This Week's [in]Security - Issue 204

Welcome to This Week’s [in]Security. PCI Updates: DSSv4. SLC. FAQ. Visa 8-Digit BIN Mandate. Skimmers. New breaches: VPNs. Zee5. T-Mobile. Bombardier. Gab. New Ransomware. Contact Tracing. Surveillance Capitalism. Clubhouse. LastPass Trackers. SolarWinds. Facebook. NIST. Crackpot Crypto. ETERNALBLUE. Alexa. Dependency Confusion. GPS. Trends. VMWare. Nation States. Crime. Foreign Platforms. Health, Safety & Environment. Covid-19: Spread, Curves, Spikes, Waves, & reinfections. New Variants. Impact. Immunity, Vaccines, and Vaccination. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud.

• PCI DSS v4.0 Timeline Updated to Support an Additional RFC https://blog.pcisecuritystandards.org/pci-dss-v4.0-timeline-updated-to-support-an-additional-rfc
• Why PCI Is Refreshing Its Software Lifecycle Standard—And Retiring PA-DSS https://www.digitaltransactions.net/why-pci-is-refreshing-its-software-lifecycle-standard-and-retiring-pa-dss/
• New PCI FAQ on 8-digit BINs https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-can-an-entity-meet-PCI-DSS-requirements-for-PAN-masking-and-truncation-if-it-has-migrated-to-8-digit-BINs
• (Related) How can an entity meet PCI DSS requirements for PAN masking and truncation if it has migrated to 8-digit BINs? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-can-an-entity-meet-PCI-DSS-requirements-for-PAN-masking-and-truncation-if-it-has-migrated-to-8-digit-BINs
• Visa 8-Digit BINs are Just Around the Corner and Many Questions Remain https://controlgap.com/blog/Visa%208-digit-BINs-are-just-around-the-corner

• Visa Updates on April 2022 implementation date for 8-Digit BINs on 16-digit PANs. There is significant impacts to a large segment of the payment eco-system. Visa's 'Numerics' page which covers the 'BIN Expansion' initative https://usa.visa.com/partner-with-us/info-for-partners/numerics-initiative.html and sub-links:

  • New 2021, Must Read - Impact Assessment Survey showing 43%-69% of Visa Clients could be significantly impacted https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/visa-numerics-impact-assessment-discovery-interview-findings.pdf \
  • Visa FAQ (2020) https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/visa.com-numerics-faq.pdf
  • Questionnaire for Acquirers/Processors https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/acquirer-and-acquirer-processor-impact-questionnaire.pdf
  • Questionnaire for Issuers/Processors https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/issuer-and-issuer-processor-impact-questionnaire.pdf
  • Merchant actions and FAQ https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/merchant-action-sheet.pdf
  • Service Provider actions and FAQ https://usa.visa.com/dam/VCOM/global/partner-with-us/documents/service-provider-action-sheet.pdf
  • We wrote about 8-digit BINs and the lack of clarity about compliance impacts four years ago:
  • 3 Ways 8-Digit BIN Ranges May Impact PCI Compliance (Apr 2017) https://controlgap.com/blog/new-bin-ranges-and-pci-truncation
  • 8-digit BIN Issues and Risks Remain after PCI Truncation Rules Clarified (May 2017) https://controlgap.com/blog/pci-truncation-rules-clarified
• Checkout Skimmers Powered by Chip Cards https://krebsonsecurity.com/2021/02/checkout-skimmers-powered-by-chip-cards/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Australian Health and Transport Agencies Hit by Accellion Hack https://www.securityweek.com/australian-health-and-transport-agencies-hit-accellion-hack
  • SuperVPN & GeckoVPN - 20,339,937 breached accounts https://haveibeenpwned.com/PwnedWebsites#SuperVPNGeckoVPN
  • Zee5 Data Breach: PII of 9 Million Zee5 Users’ Allegedly Leaked Online https://www.databreaches.net/zee5-data-breach-pii-of-9-million-zee5-users-allegedly-leaked-online/
  • The Jones Day dump contains prescription drug records. Who’s notifying those patients of the breach? https://www.databreaches.net/the-jones-day-dump-contains-prescription-drug-records-whos-notifying-those-patients-of-the-breach/
  • T-Mobile discloses data breach after SIM swapping attacks https://www.databreaches.net/t-mobile-discloses-data-breach-after-sim-swapping-attacks/
  • Airplane maker Bombardier data posted on ransomware leak site following FTA hack https://www.zdnet.com/article/airplane-maker-bombardier-data-posted-on-ransomware-leak-site-following-fta-hack
  • Cleveland – Ohio, CMHA: Doppel Paymer ransomware publishes first stolen data https://www.databreaches.net/cleveland-ohio-cmha-doppel-paymer-ransomware-publishes-first-stolen-data/
  • DRM Screws People Yet Again: Book DRM Data Breach Exposes Reporters’ Emails And Passwords https://www.databreaches.net/drm-screws-people-yet-again-book-drm-data-breach-exposes-reporters-emails-and-passwords/
  • MI: Covenant HealthCare reports data breach through employee emails https://www.databreaches.net/mi-covenant-healthcare-reports-data-breach-through-employee-emails/
  • Fears grow data hacked from Reserve Bank may be leaked by CLOP ransomware group https://www.databreaches.net/fears-grow-data-hacked-from-reserve-bank-may-be-leaked-by-clop-ransomware-group/
  • VC Giant Sequoia Capital Informs Investors of Data Breach https://www.securityweek.com/vc-giant-sequoia-capital-informs-investors-data-breach
  • Watermark takes action after data security breach potentially affects people in 10 states https://www.databreaches.net/watermark-takes-action-after-data-security-breach-potentially-affects-people-in-10-states/
  • Far-Right Platform Gab Has Been Hacked—Including Private Data https://www.wired.com/story/gab-hack-data-breach-ddosecrets
  • Housing corporation Stadgenoot hacked; data stolen 30,000 people https://www.databreaches.net/housing-corporation-stadgenoot-hacked-data-stolen-30000-people/

• New Ransomware and "Incidents":

  • Ryuk ransomware now self-spreads to other Windows LAN devices https://www.databreaches.net/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/
  • Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance https://www.databreaches.net/ransomware-gang-hacks-ecuadors-largest-private-bank-ministry-of-finance/
  • Cheating Companies Hacked Websites at MIT, Stanford, Columbia And More Than 100 Other Schools https://www.databreaches.net/cheating-companies-hacked-websites-at-mit-stanford-columbia-and-more-than-100-other-schools/
  • South Carolina County Rebuilds Network After Hacking https://www.securityweek.com/south-carolina-county-rebuilds-network-after-hacking
  • Finnish IT Giant Hit with Ransomware Cyberattack https://threatpost.com/finnish-it-giant-ransomware-cyberattack/164193/
  • Ca: Saint John won’t pay ransom to hackers, city manager says https://www.databreaches.net/ca-saint-john-wont-pay-ransom-to-hackers-city-manager-says/
  • Kentucky reports ‘possible cyberattack’ on unemployment claims website https://www.databreaches.net/kentucky-reports-possible-cyberattack-on-unemployment-claims-website/

• Follow-ups and fall-out:

  • Supermarket Chain Kroger Discloses Data Breach due to FTA https://www.securityweek.com/supermarket-chain-kroger-discloses-data-breach
  • NetGalley - 1,436,435 breached accounts https://haveibeenpwned.com/PwnedWebsites#NetGalley
  • People's Energy - 358,822 breached accounts https://haveibeenpwned.com/PwnedWebsites#PeoplesEnergy
  • NurseryCam - 10,585 breached accounts https://haveibeenpwned.com/PwnedWebsites#NurseryCam
  • Filmai.in - 645,786 breached accounts https://haveibeenpwned.com/PwnedWebsites#FilmaiIn
  • March 1, 2021: Deadline for Reporting 2020 Small Healthcare Data Breaches https://www.databreaches.net/march-1-2021-deadline-for-reporting-2020-small-healthcare-data-breaches/
  • French Regulator Lambasts Health Firms Over Mass Data Leak https://www.databreaches.net/french-regulator-lambasts-health-firms-over-mass-data-leak/

Privacy

Articles about privacy related news, risks, and trends.

• ‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security https://www.politico.eu/article/data-at-risk-amazon-security-threat/
• New tool reveals security and privacy issues with contact tracing apps, Canada's Covid Alert performed as reasonably https://www.databreaches.net/new-tool-reveals-security-and-privacy-issues-with-contact-tracing-apps/ and https://arxiv.org/abs/2006.10933
• Have you ever felt that a few big tech companies are following you around the internet? That's because ... they are https://www.theregister.com/2021/02/25/big_tech_extension/
• Assume Clubhouse Conversations Are Being Recorded, Researchers Warn https://threatpost.com/clubhouse-conversations-recorded/164158/
• Privacy Faces Risks in Tech-Infused Post-Covid Workplace https://www.securityweek.com/privacy-faces-risks-tech-infused-post-covid-workplace
• 1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app? https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• US:

  • At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill https://www.databreaches.net/at-house-solarwinds-hearing-bipartisan-lawmakers-announce-breach-disclosure-bill/
  • House SolarWinds Hearing Focuses on Updating Cyber Laws https://www.databreachtoday.com/house-solarwinds-hearing-focuses-on-updating-cyber-laws-a-16078
  • What Facebook's Australia news ban could mean for its future in the US https://www.theguardian.com/technology/2021/feb/27/facebook-australia-news-ban-us-legislation
  • Judge approves $650 million Facebook privacy settlement over facial recognition feature https://www.theverge.com/2021/2/27/22304618/judge-approves-facebook-privacy-settlement-illinois-facial-recognition
  • How One State Managed to Actually Write Rules on Facial Recognition https://www.nytimes.com/2021/02/27/technology/Massachusetts-facial-recognition-rules.html
  • Federal Court Agrees: Prosecutors Can’t Keep Forensic Evidence Secret from Defendants https://www.eff.org/deeplinks/2021/02/federal-court-agrees-prosecutors-_cant-keep-forensic-evidence-secret-defendants
  • The SAFE Tech Act Wouldn't Make the Internet Safer for Users https://www.eff.org/deeplinks/2021/02/safe-tech-act-wouldnt-make-internet-safer-users
  • Wawa Reaches Proposed $12M Settlement in Data Breach Litigation https://www.databreaches.net/wawa-reaches-proposed-12m-settlement-in-data-breach-litigation/
  • With a Federal Lawsuit, Intuit Challenges the Card Networks’ Interchange Regime https://www.digitaltransactions.net/with-a-federal-lawsuit-intuit-challenges-the-card-networks-interchange-regime/
  • Student Surveillance Vendor Proctorio Files SLAPP Lawsuit to Silence A Critic https://www.eff.org/deeplinks/2021/02/student-surveillance-vendor-proctorio-files-slapp-lawsuit-silence-critic

• World:

  • Australia passes law requiring Facebook and Google to pay for news content https://www.theverge.com/2021/2/24/22283777/australia-new-media-bargaining-code-facebook-google-paying-news

• Standards News:

  • Toward a Privacy-Enhancing Cryptography Use-Case Suite: Preliminary Draft White Paper Available for Comment until March 22 https://csrc.nist.gov/publications/detail/white-paper/2021/01/21/toward-a-pec-use-case-suite-preliminary-draft/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• How data trusts can protect privacy https://www.technologyreview.com/2021/02/24/1017801/data-trust-cybersecurity-big-tech-privacy/
• The Problem with Treating Data as a Commodity https://www.schneier.com/blog/archives/2021/02/the-problem-with-treating-data-as-a-commodity.html
• The Pitfalls of DIY Security for Your AWS RDS Databases https://www.imperva.com/blog/the-pitfalls-of-diy-security-for-your-aws-rds-databases/
• Biden signs executive order calling for semiconductor supply chain review https://www.theverge.com/2021/2/24/22298376/biden-sign-semiconductor-shortage-executive-order-apple-amd-playstation
• Bulletproof TLS Newsletter #74 https://www.feistyduck.com/bulletproof-tls-newsletter/issue_74_rust_and_cryptographic_code
• "Crackpot Cryptography and Security Theater” (some NSFW language) https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/
• The Citizen App Will Now Tell You Why Helicopters Are Making a Racket in Your Neighborhood https://www.mentalfloss.com/article/642870/citizen-app-now-includes-alerts-about-police-helicopters
• Chrome will soon try HTTPS first when you type an incomplete URL https://www.zdnet.com/article/chrome-will-soon-try-https-first-when-you-type-an-incomplete-url
• Android users now have an easy way to check the security of their passwords https://arstechnica.com/information-technology/2021/02/android-users-now-have-an-easy-way-to-check-the-security-of-their-passwords/
• New Password Checkup Feature Coming to Android https://security.googleblog.com/2021/02/new-password-checkup-feature-coming-to.html
• Firefox 86 Introduces Total Cookie Protection https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
• How to Fight Business Email Compromise (BEC) with Email Authentication? https://thehackernews.com/2021/02/how-to-fight-business-email-compromise.html
• Nvidia’s Anti-Cryptomining GPU Chip May Not Discourage Attacks https://threatpost.com/nvidia-tries-discourage-crypto-jacking-new-gpu/164221/
• Forensicating Azure VMs, (Thu, Feb 25th) https://isc.sans.edu/diary/rss/27136

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• We are living in 1984 (ETERNALBLUE) https://blog.erratasec.com/2021/02/we-are-living-in-1984-eternalblue.html
• Python programming language hurries out update to tackle remote code vulnerability https://www.zdnet.com/article/python-programming-language-hurries-out-update-to-tackle-remote-code-vulnerability/
• Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10 https://arstechnica.com/information-technology/2021/02/hard-coded-key-vulnerability-in-logix-plcs-has-severity-score-of-10-out-of-10/
• Microsoft Patches Windows Remote Code Flaw https://www.databreachtoday.com/microsoft-patches-windows-remote-code-flaw-a-16075
• Alexa, swap out this code that Amazon approved for malware... Installed Skills can double-cross their users https://www.theregister.com/2021/02/25/alexa_amazon_skills/
• Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking https://threatpost.com/mozilla-firefox-bugs-cookie-tracking/164246/
• IBM issues patches for Java Runtime, Planning Analytics Workspace, Kenexa LMS https://www.zdnet.com/article/ibm-patches-vulnerabilities-in-java-runtime-planning-analytics-kenexa-lms
• Powerhouse VPN products can be abused for large-scale DDoS attacks https://www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks
• What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses https://www.theregister.com/2021/02/24/dns_cname_tracking/
• Twelve-Year-Old Vulnerability Found in Windows Defender https://www.schneier.com/blog/archives/2021/02/twelve-year-old-vulnerability-found-in-windows-defender.html
• Jamaica’s Amber Group fixes second JamCOVID security lapse https://www.databreaches.net/jamaicas-amber-group-fixes-second-jamcovid-security-lapse/
• Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs https://thehackernews.com/2021/02/shadow-attacks-let-attackers-replace.html
• Dependency Confusion: Another Supply-Chain Vulnerability https://www.schneier.com/blog/archives/2021/02/dependency-confusion-another-supply-chain-vulnerability.html
• Risky Business #615 -- Dependency confusion is, uh, pretty bad https://risky.biz/RB615
• Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter https://www.zdnet.com/article/stored-xss-bug-in-apple-icloud-domain-disclosed-by-bug-bounty-hunter
• Technology and the New Frontier of the Healthcare Industry (The Internet of Medical Things) https://blog.isc2.org/isc2_blog/2021/02/technology-and-the-new-frontier-of-the-healthcare-industry.html
• GPS Vulnerabilities https://www.schneier.com/blog/archives/2021/02/gps-vulnerabilities.html
• Cisco Warns of Critical Auth-Bypass Security Flaw https://threatpost.com/cisco-critical-security-flaw/164255/
• Google Discloses Details of Remote Code Execution Vulnerability in Windows https://www.securityweek.com/google-discloses-details-remote-code-execution-vulnerability-windows
• 'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security https://www.theregister.com/2021/02/24/google_ups_linux_security_effort/
• Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique https://thehackernews.com/2021/02/online-trackers-increasingly-switching.html

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events:

  • The SolarWinds Body Count Now Includes NASA and the FAA https://www.wired.com/story/solarwinds-nasa-faa-robot-dog-fight-security-news
  • No, 1,000 engineers were not needed for SolarWinds https://blog.erratasec.com/2021/02/no-1000-engineers-were-not-needed-for.html
  • Microsoft open sources CodeQL queries used to hunt for Solorigate activity https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/
  • Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html
  • 10K Microsoft Email Users Hit in FedEx Phishing Attack https://threatpost.com/microsoft-fedex-phishing-attack/164143/
  • Malicious Mozilla Firefox Extension Allows Gmail Takeover https://threatpost.com/malicious-mozilla-firefox-gmail/164263/
  • CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance https://www.databreaches.net/cisa-releases-joint-cybersecurity-advisory-on-exploitation-of-accellion-file-transfer-appliance/
  • FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group https://www.zdnet.com/article/fireeye-links-0-day-attacks-on-fta-servers-extortion-campaign-to-fin11-group
  • Accellion: How Attackers Stole Data and Ransomed Companies https://www.databreachtoday.com/accellion-how-attackers-stole-data-ransomed-companies-a-16038
  • Two ransomware strains target VMware’s ESXI hypervisor through stolen vCenter creds https://www.theregister.com/2021/03/01/esxi_ransomware/
  • More than 6,700 VMware servers exposed online and vulnerable to major new bug. https://www.zdnet.com/article/more-than-6700-vmware-servers-exposed-online-and-vulnerable-to-major-new-bug/
  • Updated Minebridge RAT Targets Security Researchers https://www.databreachtoday.com/updated-minebridge-rat-targets-security-researchers-a-16054
  • This botnet is abusing Bitcoin blockchains to stay in the shadows https://www.zdnet.com/article/this-botnet-is-abusing-bitcoin-blockchains-to-stay-in-the-shadows https://arstechnica.com/information-technology/2021/02/crooks-use-the-bitcoin-blockchain-to-protect-their-botnets-from-takedown/
  • Qakbot Bougus and Malicious Response on the Full Disclosure List - https://isc.sans.edu/diary/rss/27130
  • Report: Cyberattacks cost financial firms $4.7M on average last year https://www.mobilepaymentstoday.com/news/report-cyberattacks-cost-financial-firms-47m-on-average-last-year/
  • India second only to Japan in Asia Pacic in cyberattacks faced in 2020 https://www.databreaches.net/india-second-only-to-japan-in-asia-pacic-in-cyberattacks-faced-in-2020/
  • COVID pandemic causes spike in cyberattacks against hospitals, medical companies https://www.zdnet.com/article/covid-pandemic-prompts-rise-in-cyberattacks-against-hospitals-medical-companies

• Nation State Actors:

  • Hackers tied to Russia’s GRU targeted the US grid for years https://arstechnica.com/information-technology/2021/02/hackers-tied-to-russias-gru-targeted-the-us-grid-for-years/, and https://www.wired.com/story/russia-gru-hackers-us-grid
  • Ukraine reports cyber-attack on government document management system https://www.zdnet.com/article/ukraine-reports-cyber-attack-on-government-document-management-system
  • Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report https://threatpost.com/chinese-hackers-hijacked-nsa-hacking-tool/164155/ and https://arstechnica.com/information-technology/2021/02/crooks-use-the-bitcoin-blockchain-to-protect-their-botnets-from-takedown/
  • Ukraine says Russian hackers attacked state document system https://www.databreaches.net/ukraine-says-russian-hackers-attacked-state-document-system/
  • Oxford University Covid-19 laboratory hacked by cyber gang https://www.databreaches.net/oxford-university-covid-19-laboratory-hacked-by-cyber-gang/
  • North Korea hacked Pfizer because it wants to sell bootleg COVID vaccines on the international black market, sources say https://www.businessinsider.com/north-korea-hack-pfizer-covid-19-coronavirus-vaccine-2021-2

• Crime & Arrests, etc.:

  • Tactical rescue unit responds to ‘swatting’ call in Milton, Ont. https://globalnews.ca/news/7658314/tactical-rescue-unit-swatting-call-milton-ont/

Other Security / Risk

Articles covering other types of risks.

• Texas’s Disaster Is Over. The Fallout Is Just Beginning. https://www.theatlantic.com/politics/archive/2021/02/what-texas-energy-crisis-means-democrats/618127/
• Machine Learning Pwns Old-School Atari Games https://www.scientificamerican.com/podcast/episode/gamer-machine-learning-vanquishes-old-school-atari-games/
• On Chinese-Owned Technology Platforms https://www.schneier.com/blog/archives/2021/02/on-chinese-owned-technology-platforms.html
• The number of public listings by zero-revenue companies valued above $1 billion currently exceeds the dot-com era (CCIV) https://markets.businessinsider.com/news/stocks/spac-public-listings-zero-revenue-valued-billion-exceeds-dot-com-2021-2-1030132208
• Everything is about to get more expensive. It's a crucial next step for the US economic recovery. https://www.businessinsider.com/us-economy-rebound-goods-commodities-services-more-expensive-inflation-stimulus-2021-2
• GameStop short-sellers have lost $1.9 billion in just 2 days amid the stock's latest spike https://www.businessinsider.com/gamestop-short-sellers-billions-losses-reddit-traders-wallstreetbets-rally-gme-2021-2
• Hundreds of workers at cybersecurity agency vote to strike https://www.cbc.ca/news/politics/cse-cybersecurity-strike-1.5926825
• Why Putting Your Windshield Wipers Up in the Winter Is Probably Doing More Harm Than Good https://www.mentalfloss.com/article/642733/windshield-wipers-winter-snow

• Health, Safety & Environment:

  • ‘It is a parallel pandemic’: What loneliness does to our mental health https://globalnews.ca/news/7650743/loneliness-pandemic-mental-health/
  • 'Historically' Low Flu Activity Reported This Year https://www.accuweather.com/en/health-wellness/historically-low-flu-activity-reported-this-year/904761
  • mRNA vaccine technology could be used to protect against other deadly diseases: experts https://globalnews.ca/news/7667997/mrna-vaccine-other-diseases/
  • Scientists Find 140,000 Virus Species in The Human Gut, And Most Are Unknown https://www.sciencealert.com/scientists-identify-140-000-virus-species-in-the-human-gut-and-most-are-unknown
  • Hundreds of students evacuated over WW2 bomb https://www.bbc.co.uk/news/uk-england-devon-56212295
  • Mega Iceberg About The Size of Los Angeles Just Broke Off From an Antarctic Ice Shelf https://www.sciencealert.com/mega-iceberg-the-size-of-manhattan-just-broke-off-antarctica-s-ice-shelf
  • Electricity needed to mine bitcoin is more than used by 'entire countries' https://www.theguardian.com/technology/2021/feb/27/bitcoin-mining-electricity-use-environmental-impact
  • Niagara Falls Freezes Over As Temperatures Plunge in North America https://www.mentalfloss.com/article/642769/niagara-falls-frozen-feburary-2021

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, and reinfection:

  • Ontario reports 1,185 new coronavirus cases, 16 more deaths https://globalnews.ca/news/7667090/ontario-coronavirus-cases-february-27-covid-19/
  • Two active COVID-19 outbreaks at Toronto police facilities https://toronto.ctvnews.ca/two-active-covid-19-outbreaks-at-toronto-police-facilities-1.5321125

• New Variants:

  • ‘Minefield’ of variants: How the California strain is different from the others https://globalnews.ca/news/7659473/california-variant-covid-19-strain-study/

• Guidance, Response, and Recovery:

  • Return to lockdown: Ontario pulls 'emergency brake' on Simcoe Muskoka https://barrie.ctvnews.ca/return-to-lockdown-ontario-pulls-emergency-brake-on-simcoe-muskoka-1.5326033
  • Coronavirus: Ontario government to open COVID-19 vaccination portal on March 15 https://globalnews.ca/news/7659499/coronavirus-ontario-covid-19-vaccines/
  • Montrealers who are 80 and older can now book appointment for COVID-19 vaccine https://globalnews.ca/news/7665583/montrealers-over-80-coronavirus-vaccine-appointment/

• Impact:

  • New Ontario procurement system stalled restocking of PPE ahead of pandemic: health minister https://globalnews.ca/news/7667083/new-ontario-procurement-system-stalled-restocking-ppe-health-minister/
  • NRF Says Vaccine Availability Will Boost Economy https://www.pymnts.com/news/retail/2021/nrf-vaccine-availability-will-boost-economy/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • A Baby Sick With COVID-19 in Washington Had 51,000 Times More Viral Particles https://www.sciencealert.com/baby-sick-with-covid-variant-found-with-51-000-times-the-number-of-virus-particles
  • A Simple Rule of Thumb for Knowing When the Pandemic Is Over https://www.theatlantic.com/health/archive/2021/02/how-know-when-pandemic-over/618122/
  • Scientists identify potential contributor to hyper immune responses in patients with severe COVID-19 https://scienmag.com/scientists-identify-potential-contributor-to-hyper-immune-responses-in-patients-with-severe-covid-19/
  • New discoveries on the containment of COVID-19 finds travel bans are of limited value https://scienmag.com/new-discoveries-on-the-containment-of-covid-19-finds-travel-bans-are-of-limited-value/

• Immunity, Vaccines, and Vaccination:

  • Breaking: US Regulators Approve Johnson & Johnson COVID-19 Vaccine https://www.sciencealert.com/breaking-us-regulators-approve-johnson-johnson-covid-19-vaccine
  • Health Canada received more Johnson & Johnson data on same day as U.S. approval https://www.cbc.ca/news/politics/health-canada-johnson-and-johnson-data-1.5931225
  • Canada approves AstraZeneca’s COVID-19 vaccine https://globalnews.ca/news/7629162/astrazeneca-covid-vaccine-approval-canada/
  • A 3rd dose of Pfizer? Company testing booster of COVID-19 vaccine in new trial https://globalnews.ca/news/7661819/pfizer-vaccine-booster-trial/
  • Is a single COVID-19 vaccine dose enough for those previously infected? https://globalnews.ca/news/7660292/coronavirus-vaccine-single-dose/
  • Great News! Pfizer Vaccine 94% Effective in Huge Real-World Study of 1.2 M People https://www.sciencealert.com/first-real-world-study-on-pfizer-s-vaccine-confirms-it-s-94-percent-effective
  • There’s no ‘best’ vaccine, expert says as Canada OKs AstraZeneca shots https://globalnews.ca/news/7665048/cda-astrazeneca-pfizer-vaccine-covid7665048/
  • The Surprising Key to Combatting Vaccine Refusal https://www.theatlantic.com/ideas/archive/2021/02/vaccine-hesitancy-isnt-just-one-thing/618164/
  • Coronavirus: Quebec considering ‘immunization passports’ https://globalnews.ca/news/7666211/coronavirus-covid-19-passports-quebec/
  • Meet the Vaccine Appointment Bots, and Their Foes https://www.securityweek.com/meet-vaccine-appointment-bots-and-their-foes
  • In 1959, Thousands of Vaccines Were Stolen in a Heist. Here's Why That's Important Now https://www.sciencealert.com/in-1959-thousands-of-vaccines-were-stolen-in-a-heist-here-s-why-that-s-important-now

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Some travellers walking out of Pearson airport instead of paying for quarantine hotel https://nationalpost.com/news/canada/some-travellers-walking-out-of-pearson-airport-or-take-a-fine-instead-of-paying-for-quarantine-hotel
  • Delta passenger faces $27,500 fine for hitting flight attendant in face mask dispute with fellow passenger https://www.businessinsider.com/delta-passengers-27500-fine-for-hitting-flight-attendant-in-mask-row-2021-2
  • Ontario COVID-19 quarantine screening officer charged with extortion, sexual assault https://toronto.ctvnews.ca/ontario-covid-19-quarantine-screening-officer-charged-with-extortion-sexual-assault-1.5322691
  • Ontario warns of potential counterfeit N95 masks in provincial stockpile https://toronto.ctvnews.ca/ontario-warns-of-potential-counterfeit-n95-masks-in-provincial-stockpile-1.5325983

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• 16-year-old Toronto diver cleans up water at Humber Bay Park on weekends https://globalnews.ca/news/7668593/diver-volunteer-water-cleaner-humber-bay-park/
• Fireball caught on-camera over the sky in Chatham, Ont. https://globalnews.ca/news/7667516/fireball-chatham-ont/
• Check Out the 10 Weirdest Things the TSA Confiscated in 2020—Including a Dead Baby Shark https://www.mentalfloss.com/article/642869/tsa-bizarre-confiscations-2020
• Scientists May Have Just Solved The Long-Standing Mystery of Earth's 'Missing Ice' https://www.sciencealert.com/scientists-just-solved-the-mystery-of-where-earth-s-missing-ice-disappeared-to
• The Mars Helicopter is Online and Getting Ready to Fly https://www.universetoday.com/150224/the-mars-helicopter-is-online-and-getting-ready-to-fly/
• Perseverance’s Landing … Seen From Orbit! https://www.universetoday.com/150245/perseverances-landing-seen-from-orbit/
• There was a Secret Code in the Perseverance Parachute https://www.universetoday.com/150262/there-was-a-secret-code-in-the-perseverance-parachute/