This Week's [in]Security - Issue 221 | insecurity | Control Gap

Welcome to This Week’s [in]Security. DSSv4 RFC, HSM RFC, WFH, Sunsets, 3DS, ATM vuln & Shimming. New breaches: Mercedes-Benz, APNIC. New Ransomware: FCUK. Follow-ups & Fall-out: Regulation & Breaches, SolarWinds, Colonial Pipeline. Privacy: Medical Data, Doorbells, Cookies/FLOC. Laws & Regs - Canada, US, The world, Standards. Defense: Webinars, Webinars. Einstein, D3FEND. Vulnerabilities: Stale Dependencies, Letting one slip by, DNS, BIOS, Vmware, Linux, SonicWall, Cybercrime - Trends: My Book, USB, Nation States. Crime. Most-Wanted. Other Risks: Job loss, Water Supplies, AI, Chips, Remote working, e-Proctoring, McAfee, Windows 11. Health, Safety & Environment: 751 more children, Condo Collapse. Covid-19: Spread, Curves, Waves, and Variants, Response, Immunity, Learned, Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI DSSv4 RFC #3 goes live for 1 month as of June 28th https://www.pcisecuritystandards.org/get_involved/request_for_comments
• PCI Request for Comments: PTS HSM Modular Security Requirements open until July 26 https://blog.pcisecuritystandards.org/request-for-comments-pts-hsm-modular-security-requirements
• Reminder: P2PEv2 and PA-DSS both begin sunset July 1st. From this date, only updates to existing PA-DSS applications and P2PE V2 solutions, applications, and components will be accepted. The queue of new submissions is expected to be cleared by fall.
• New Training: Work from Home Security Awareness https://blog.pcisecuritystandards.org/new-training-work-from-home-security-awareness
• PCI Statistics That May Shock You https://www.linkedin.com/pulse/pci-statistics-may-shock-you-shahid-qureshi/
• EMV 3-D Secure 2.0 Use Soars and other Digital Transactions News briefs from 6/25/21 https://www.digitaltransactions.net/emv-3-d-secure-2-0-use-soars-and-other-digital-transactions-news-briefs-from-6-25-21/
• NFC flaws let researchers hack an ATM by waving a phone https://arstechnica.com/information-technology/2021/06/nfc-flaws-let-researchers-hack-an-atm-by-waving-a-phone/
• How Cyber Sleuths Cracked an ATM Shimmer Gang https://krebsonsecurity.com/2021/06/how-cyber-sleuths-cracked-an-atm-shimmer-gang/
• How the Semiconductor Shortage Is Putting a Crimp in Chip Card Production https://www.digitaltransactions.net/how-the-semiconductor-shortage-is-putting-a-crimp-in-chip-card-production/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Mercedes-Benz data breach exposes SSNs, credit card numbers https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/
  • APNIC left a dump from its Whois SQL database in a public Google Cloud bucket https://www.theregister.com/2021/06/22/apnic_whois_data_exposed/
  • ADATA suffers 700 GB data leak in Ragnar Locker ransomware attack https://www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/
  • Medicaid Contractor Data Breach Affected 334,000 Providers https://www.databreachtoday.com/medicaid-contractor-data-breach-affected-334000-providers-a-16929
  • Hackers leak 260,000 accounts from Pakistani music streaming site Patari https://www.databreaches.net/hackers-leak-260000-accounts-from-pakistani-music-streaming-site-patari/
  • Tulsa: Ransomware Attackers Leaked 18,000 Files https://www.databreachtoday.com/tulsa-ransomware-attackers-leaked-18000-files-a-16935
  • Embryology Data Breach Follows Fertility Clinic Ransomware Hit https://threatpost.com/embryology-data-breach-fertility-clinic-ransomware/167087/
  • Ca: Hay River health authority warns of potential privacy breach after break-in at local hospital https://www.databreaches.net/ca-hay-river-health-authority-warns-of-potential-privacy-breach-after-break-in-at-local-hospital/
  • Ohio Medicaid providers' data may have been exposed from data breach https://www.databreaches.net/ohio-medicaid-providers-data-may-have-been-exposed-from-data-breach/

• New Ransomware and "Incidents":

  • City of Liege, Belgium hit by ransomware https://www.databreaches.net/city-of-liege-belgium-hit-by-ransomware/
  • Fashion titan French Connection says 'FCUK' as REvil-linked ransomware makes off with data https://www.theregister.com/2021/06/24/french_connection_says_fcuk_as/
  • OK: Lucky Star Casino Confirmed It Suffered Ransomware Attack https://www.databreaches.net/ok-lucky-star-casino-confirmed-it-suffered-ransomware-attack/
  • Ransomware Gang Cl0p Announces New Victim After Police Bust https://packetstormsecurity.com/news/view/32392/Ransomware-Gang-Cl0p-Announces-New-Victim-After-Police-Bust.html
  • Sure looks like someone's pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes https://www.theregister.com/2021/06/23/revil_ransomware_lv/

• Follow-ups and fall-out:

  • Data leak marketplace pressures victims by emailing competitors https://www.bleepingcomputer.com/news/security/data-leak-marketplace-pressures-victims-by-emailing-competitors/
  • Kroll Data Breach Report: Less-Regulated Industries Targeted https://www.databreachtoday.com/interviews/kroll-data-breach-report-less-regulated-industries-targeted-i-4921
  • Irish Ransomware Attack Recovery Cost Estimate: $600 million https://www.databreachtoday.com/irish-ransomware-attack-recovery-cost-estimate-600-million-a-16931
  • SolarWinds hackers breach new victims, including a Microsoft support agent https://arstechnica.com/gadgets/2021/06/solarwinds-hackers-breach-new-victims-including-a-microsoft-support-agent/
  • Teespring - 8,234,193 breached accounts https://haveibeenpwned.com/PwnedWebsites#Teespring
  • yotepresto.com - 1,444,629 breached accounts https://haveibeenpwned.com/PwnedWebsites#YoteprestoCom
  • Do you Like Cookies? Some are for sale!, (Thu, Jun 24th) https://isc.sans.edu/diary/rss/27558
  • Lawsuits Allege Colonial Pipeline Had Inadequate Cybersecurity https://www.databreachtoday.com/lawsuits-allege-colonial-pipeline-had-inadequate-cybersecurity-a-16928
  • Mysterious ransomware payment traced to a sensual massage site https://www.bleepingcomputer.com/news/security/mysterious-ransomware-payment-traced-to-a-sensual-massage-site/

Privacy

Articles about privacy related news, risks, and trends.

• Hospitals are selling treasure troves of medical data - what could go wrong? https://www.theverge.com/2021/6/23/22547397/medical-records-health-data-hospitals-research
• I spy: are smart doorbells creating a global surveillance network? https://www.theguardian.com/lifeandstyle/2021/jun/26/i-spy-are-smart-doorbells-creating-a-global-surveillance-network
• 1 in 5 children's Google Play Apps breach Children's Online Privacy Protection Act rules https://www.comparitech.com/blog/vpn-privacy/app-coppa-study/
• Google Pauses Cookies Upgrade To Give Market Time To Catch Up https://www.pymnts.com/google/2021/google-pauses-cookies-upgrade-give-market-time-catch-up/
• Decoding California's New Digital Vaccine Records and Potential Dangers https://www.eff.org/deeplinks/2021/06/decoding-californias-new-digital-vaccine-records-and-potential-dangers

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 93: Lex Gill on the RCMP, Clearview AI and Canada's History of Surveillance https://www.michaelgeist.ca/2021/06/law-bytes-podcast-episode-93/
  • Midnight Madness: As Canadians Slept, the Liberals, Bloc and NDP Combined to Pass Bill C-10 in the House of Commons https://www.michaelgeist.ca/2021/06/midnight-madness-as-canadians-slept-the-liberals-bloc-and-ndp-combined-to-pass-bill-c-10-in-the-house-of-commons/
  • This Bill Reminds Me of the Maginot Line: The Bill C-10 Debate Arrives at the Senate https://www.michaelgeist.ca/2021/06/this-bill-reminds-me-of-the-maginot-line-the-bill-c-10-debate-arrives-at-the-senate/
  • Canada adds 3 groups including Three Percenters, to terrorist list https://globalnews.ca/news/7980521/canada-terrorist-entity-three-percenters/

• US:

  • Supreme Court Limits Standing to Sue in Credit Reporting Case https://epic.org/2021/06/supreme-court-limits-standing-.html
  • Supreme Court Upholds Process to Challenge Bad Patents https://www.eff.org/deeplinks/2021/06/supreme-court-upholds-process-challenge-bad-patents
  • Cybersecurity firms battle DMCA rules over good-faith research https://www.zdnet.com/article/cybersecurity-firms-battle-dmca-rules-over-good-faith-research
  • Facebook could be held liable for sex trafficking on its platform, court rules https://www.foxbusiness.com/technology/facebook-could-be-held-liable-for-sex-trafficking-platform-court-rules
  • Six Flags to Pay $36M Over Collection of Fingerprints https://threatpost.com/six-flags-to-pay-36m-over-collection-of-fingerprints/167103/
  • The New ACCESS Act Is a Good Start. Here's How to Make Sure It Delivers. https://www.eff.org/deeplinks/2021/06/new-access-act-good-start-heres-how-make-sure-it-delivers

• World:

  • European Data Protection Authorities Issue Joint Call for Ban on Facial Recognition Across the EU https://epic.org/2021/06/european-data-protection-autho-1.html
  • Dutch Group Launches Data Harvesting Claim Against TikTok https://www.securityweek.com/dutch-group-launches-data-harvesting-claim-against-tiktok
  • UK antitrust watchdog investigating Amazon and Google over fake reviews https://www.theverge.com/2021/6/25/22550171/uk-antitrust-watchdog-investigating-amazon-google-fake-reviews
  • New Australian bill would force companies to disclose ransomware payments https://www.databreaches.net/new-australian-bill-would-force-companies-to-disclose-ransomware-payments/
  • India Launches Effort to Track, Freeze Cyber Fraud Proceeds https://www.databreachtoday.com/india-launches-effort-to-track-freeze-cyber-fraud-proceeds-a-16913
  • Huawei CFO Meng Wanzhou loses publication ban bid on evidence at extradition hearing https://globalnews.ca/news/7979639/meng-publication-ban-appeal/

• Standards News:

  • Draft NIST Cybersecurity White Paper, Combinatorial Coverage Difference Measurement, is now available for public comment through August 20 https://csrc.nist.gov/publications/detail/white-paper/2021/06/22/combinatorial-coverage-difference-measurement/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars and Virtual Events:

  • NICE Symposium | Tuesday, November 16th | 1 - 5 p.m. EST | A Coordinated Approach to Supply Chain Risks | Free and open to the public https://fiu.zoom.us/webinar/register/WN_QbR7wXltRNCTYuZ8MYsRkg
• CISA: Firewall Rules Could Have Blunted SolarWinds Malware https://www.databreachtoday.com/cisa-firewall-rules-could-have-blunted-solarwinds-malware-a-16919
• CISA Shifting Einstein Detection System Deeper Into Networks https://www.databreachtoday.com/cisa-shifting-einstein-detection-system-deeper-into-networks-a-16922
• Google Chrome on iOS is getting an enhanced privacy feature https://www.bleepingcomputer.com/news/google/google-chrome-on-ios-is-getting-an-enhanced-privacy-feature/
• Google is warning users when its search results might be unreliable https://www.theverge.com/2021/6/25/22550430/google-search-results-changing-quickly-warning-breaking-news
• MITRE Adds D3FEND Countermeasures to ATT&CK Framework https://www.securityweek.com/mitre-adds-d3fend-countermeasures-attck-framework
• Prudent Practices in Security Standardization, by Feng Hao https://eprint.iacr.org/2021/839
• Boffins promise protection and perfect performance with new ZeRØ, No-FAT memory safety techniques https://www.theregister.com/2021/06/23/zero_no_fat_memory_safety/
• Tool Release: Serialized Payload Generator https://notsosecure.com/tool-serialized-payload-generator/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Lexmark Printers Open to Arbitrary Code-Execution Zero-Day https://threatpost.com/lexmark-printers-code-execution-zero-day/167111/
• Most Developers Never Update Third-Party Libraries in Their Software: Report https://www.securityweek.com/most-developers-never-update-third-party-libraries-their-software-report
• What are the odds someone will find and exploit this?' Nice one - you just released an insecure app https://www.theregister.com/2021/06/25/application_vulnerability_epidemic/
• Mitre CWE - Common Weakness Enumeration, (Mon, Jun 21st) https://isc.sans.edu/diary/rss/27552
• New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377
• BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html
• Critical Auth Bypass Bug Affects VMware Carbon Black App Control https://thehackernews.com/2021/06/critical-auth-bypass-bug-affects-vmware.html
• VMware Patches Privilege Escalation Vulnerability in Tools for Windows https://www.securityweek.com/vmware-patches-privilege-escalation-vulnerability-tools-windows
• Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks https://thehackernews.com/2021/06/unpatched-critical-flaw-affects-pling.html
• Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/
• Email Bug Allows Message Snooping, Credential Theft https://threatpost.com/email-bug-message-snooping-credential-theft/167125/
• SonicWall bug that affected 800K firewalls was only partially fixed https://www.bleepingcomputer.com/news/security/sonicwall-bug-that-affected-800k-firewalls-was-only-partially-fixed/
• Atlassian Bugs Could Have Led to 1-Click Takeover https://threatpost.com/atlassian-bugs-could-have-led-to-1-click-takeover/167203/
• Zephyr RTOS fixes Bluetooth bugs that may lead to code execution https://www.bleepingcomputer.com/news/security/zephyr-rtos-fixes-bluetooth-bugs-that-may-lead-to-code-execution/
• It's 2021 and a printf format string in a wireless network's name can break iPhone Wi-Fi https://www.theregister.com/2021/06/21/wifi_ssid_flaw/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • 74% of Q1 Malware Was Undetectable Via Signature-Based Tools https://www.darkreading.com/vulnerabilities---threats/74--of-q1-malware-was-undetectable-via-signature-based-tools/d/d-id/1341394
  • Attacks Against Container Infrastructures Increasing, Including Supply Chain Attacks https://www.securityweek.com/attacks-against-container-infrastructures-increasing-including-supply-chain-attacks
  • Cybercrime gangs as tech startups https://www.lightbluetouchpaper.org/2021/06/25/cybercrime-gangs-as-tech-startups/
  • Data breaches: Most victims unaware when shown evidence of multiple compromised accounts https://www.databreaches.net/data-breaches-most-victims-unaware-when-shown-evidence-of-multiple-compromised-accounts/
  • DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps https://thehackernews.com/2021/06/droidmorph-shows-popular-android.html
  • U.S. Government Equates Threat of Ransomware with Terrorism | #RansomwareWeek https://blog.isc2.org/isc2_blog/2021/06/us-government-equates-threat-of-ransomware-with-terrorism-ransomwareweek.html
  • Cisco ASA Bug Now Actively Exploited as PoC Drops https://threatpost.com/cisco-asa-bug-exploited-poc/167274/
  • Cisco ASA vulnerability actively exploited after exploit released https://www.bleepingcomputer.com/news/security/cisco-asa-vulnerability-actively-exploited-after-exploit-released/
  • I'm totally screwed. WD My Book Live users wake up to find their data deleted https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/
  • MyBook Users Urged to Unplug Devices from Internet https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/
  • Old Vulnerability Exploited to Hack, Wipe WD Storage Devices https://www.securityweek.com/old-vulnerability-exploited-hack-wipe-wd-storage-devices
  • Vulnerabilities Expose Fortinet Firewalls to Remote Attacks https://www.securityweek.com/vulnerabilities-expose-fortinet-firewalls-remote-attacks
  • Zyxel Warns Customers of Attacks on Security Appliances https://www.securityweek.com/zyxel-warns-customers-attacks-security-appliances
  • Much of Malware Found by Industrial Firms on USB Drives in 2020 Targeted OT https://www.securityweek.com/much-malware-found-industrial-firms-usb-drives-2020-targeted-ot
  • Ahoy, there's malice in your repos-PyPI is the latest to be abused https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/
  • Agent Tesla RAT Returns in COVID-19 Vax Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/
  • Hackers Use Fake Call Center To Trick Victims Into Installing Ransomware https://packetstormsecurity.com/news/view/32404/Hackers-Use-Fake-Call-Center-To-Trick-Victims-Into-Installing-Ransomware.html
  • Phishing attack's unusual file attachment is a double-edged sword https://www.bleepingcomputer.com/news/security/phishing-attacks-unusual-file-attachment-is-a-double-edged-sword/
  • Crackonosh virus mined $2 million of Monero from 222,000 hacked computers https://thehackernews.com/2021/06/crackonosh-virus-mined-2-million-of.html

• Nation State Actors:

  • Russian security chief says Moscow will work with U.S. to find hackers https://www.databreaches.net/russian-security-chief-says-moscow-will-work-with-u-s-to-find-hackers/
  • Iran Media Websites Seized by U.S. in Disinformation Campaign https://threatpost.com/iran-media-websites-seized-disinformation/167198/
  • N.Korean Hackers Target S.Korean Submarine Data https://www.databreaches.net/n-korean-hackers-target-s-korean-submarine-data/
  • South Korea's nuclear research agency breached by North Korea-affiliated cyberattackers, says malware analyst group https://www.theregister.com/2021/06/21/south_koreas_nuclear_think_tank/

• Crime & Arrests, etc.:

  • FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards https://thehackernews.com/2021/06/fin7-supervisor-gets-7-year-jail-term.html
  • Two South African brothers have vanished with $3.6 billion of bitcoin in what could be the biggest crypto heist in history https://markets.businessinsider.com/currencies/news/south-african-brothers-billions-bitcoin-disapper-crypto-heist-2021-6-1030548585
  • US Secret Service Releases 'Most Wanted' Cyber Fugitive List https://www.databreachtoday.com/us-secret-service-releases-most-wanted-cyber-fugitive-list-a-16942
  • Monero emerges as crypto of choice for cybercriminals https://arstechnica.com/information-technology/2021/06/monero-emerges-as-crypto-of-choice-for-cybercriminals/
  • Police just seized $160 million in cryptocurrency in the UK's biggest-ever dirty digital money haul https://markets.businessinsider.com/news/cryptocurrencies/crypto-seizure-uk-police-160-million-cryptocurrencies-digital-money-crime-6
  • Scammer sends over 25,000 phishing texts in a day, arrested https://www.bleepingcomputer.com/news/security/scammer-sends-over-25-000-phishing-texts-in-a-day-arrested/
  • Vacationers need to be aware of online rental scams, experts warn https://toronto.ctvnews.ca/vacationers-need-to-be-aware-of-online-rental-scams-experts-warn-1.5479738

Other Security / Risk

Articles covering other types of risks.

• Automation helped kill up to 70% of the US's middle-class jobs since 1980, study says https://www.businessinsider.com/automation-labor-market-wage-inequality-middle-class-jobs-study-2021-6
• How Cyber Safe is Your Drinking Water Supply? https://krebsonsecurity.com/2021/06/how-cyber-safe-is-your-drinking-water-supply/
• The Future of Machine Learning and Cybersecurity https://www.schneier.com/blog/archives/2021/06/the-future-of-machine-learning-and-cybersecurity.html
• AI Doesn't Understand ScaleOne of my favorite ways to mess around with text-generating AI is... https://aiweirdness.com/post/654883497442426880
• The chip shortage will likely get worse before it gets better https://www.theverge.com/2021/6/23/22547826/chip-shortage-cars-playstation-5-gpus-semiconductors-time-foundaries-tsmc
• The problem isn't remote working - it's clinging to office-based practices | Alexia Cambon https://www.theguardian.com/commentisfree/2021/jun/21/remote-working-office-based-practices-offices-employers
• A Long Overdue Reckoning For Online Proctoring Companies May Finally Be Here https://www.eff.org/deeplinks/2021/06/long-overdue-reckoning-online-proctoring-companies-may-finally-be-here
• Amazon Acquires Secure Messaging Platform Wickr https://www.darkreading.com/vulnerabilities---threats/amazon-acquires-secure-messaging-platform-wickr/d/d-id/1341408
• Google reportedly uses a strategy called 'pantry mode' that leads to it sitting on new ideas until a competitor forces its hand https://www.businessinsider.com/google-pantry-mode-product-strategy-holds-ideas-sundar-pichai-report-2021-6
• Peloton disabled a free feature on its $4,000 Tread+, forcing owners to pay a $39 monthly fee to use the machine. Some are threatening legal action. https://www.businessinsider.com/peloton-treadmill-customers-threaten-class-action-lawsuit-over-treadmill-membership-2021-6
• John McAfee dead: Antivirus tycoon killed himself in prison after court OK'd extradition, says lawyer https://www.theregister.com/2021/06/23/john_mcafee_dead/
• Edward Snowden says Julian Assange 'could be next' after John McAfee dies by suicide in jail https://www.businessinsider.com/edward-snowden-says-assange-could-be-next-john-mcafee-suicide-2021-6
• What Quitters Understand About the Job Market https://www.theatlantic.com/ideas/archive/2021/06/quitting-your-job-economic-optimism/619242/
• The Inequality of the GoFundMe Economy https://www.nytimes.com/2021/06/21/technology/gofundme-online-giving.html
• Windows 11 name confirmed for two weeks and everyone missed it https://www.bleepingcomputer.com/news/microsoft/windows-11-name-confirmed-for-two-weeks-and-everyone-missed-it/
• Microsoft publishes the Windows 11 hardware requirements https://www.bleepingcomputer.com/news/microsoft/microsoft-publishes-the-windows-11-hardware-requirements/
• Windows 11: Everything Microsoft is promising from the operating system nobody expected https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-windows-11-xbox-announcement-operating-system-b1869946.html
• Windows 11 Home will require a Microsoft account and an internet connection at setup https://www.theverge.com/2021/6/24/22548480/windows-11-home-internet-connection-set-up
• Microsoft kicks Cortana out of the boot experience for Windows 11 https://www.theverge.com/2021/6/24/22548899/microsoft-windows-11-cortana-experience-taskbar
• Patch of dirt hits Toronto market for almost $1 million https://toronto.ctvnews.ca/patch-of-dirt-hits-toronto-market-for-almost-1-million-1.5479500
• 17 Facts About Conspiracy Theories https://www.mentalfloss.com/article/647719/conspiracy-theories-facts
• Political trolling twice as popular as positivity, study suggests https://www.bbc.co.uk/news/technology-57558028

• Health, Safety & Environment:

  • Pandemic drives largest decrease in US life expectancy since 1943 https://scienmag.com/pandemic-drives-largest-decrease-in-us-life-expectancy-since-1943/
  • We're Not Ready for Another Pandemic https://www.theatlantic.com/politics/archive/2021/06/are-we-ready-another-pandemic/619285/
  • While World Fights The Pandemic, a Different Outbreak Was Just Quashed in Guinea https://www.sciencealert.com/who-declares-an-end-to-second-ebola-outbreak-in-guinea
  • How to Prevent the Next Pandemic https://www.scientificamerican.com/article/how-to-prevent-the-next-pandemic/
  • The Animal Viruses Most Likely to Jump into Humans https://www.scientificamerican.com/article/the-animal-viruses-most-likely-to-jump-into-humans/
  • Tick season in full swing across southern Alberta https://globalnews.ca/news/7968705/tick-season-southern-alberta-summer-2021/
  • Twin study is first to reveal genetic risk factors for PTSD and migraine https://scienmag.com/twin-study-is-first-to-reveal-genetic-risk-factors-for-ptsd-and-migraine/
  • Starting the day off with chocolate could have unexpected benefits https://scienmag.com/starting-the-day-off-with-chocolate-could-have-unexpected-benefits/
  • Gray Hair Can Return to Its Original Color--and Stress Is Involved, of Course https://www.scientificamerican.com/article/gray-hair-can-return-to-its-original-color-mdash-and-stress-is-involved-of-course/
  • 751 unmarked graves found at former Saskatchewan residential school https://globalnews.ca/news/7977208/marieval-residential-school-unmarked-graves/
  • 'Who owns the land?': Finding residential school graves predicted to be complicated https://globalnews.ca/news/7970651/finding-residential-school-graves-complicated/
  • More Than Half of All Buildings in The US Are at Risk of Natural Disasters https://www.sciencealert.com/more-than-half-of-all-buildings-in-the-us-are-at-risk-of-natural-disasters
  • Collapsed Building Near Miami Had Serious Concrete Damage https://www.nytimes.com/2021/06/26/us/miami-building-collapse-investigation.html
  • Death toll in Miami condo building collapse rises to 4 and 159 remain missing https://globalnews.ca/news/7980114/miami-condo-building-collapse-death-toll/
  • Firefighters hear banging noises while tunneling under condo building that collapsed in Miami https://www.businessinsider.com/firefighters-hear-banging-noises-in-building-that-collapsed-in-miami-2021-6
  • Inspection reports for collapsed Miami-area condo detail 'major structural damage' over garage https://news.yahoo.com/inspection-reports-collapsed-miami-condo-073026965.html
  • It's not just flight attendants dealing with unruly passengers: airport security face assaults too, the TSA said. One passenger is accused of biting 2 TSA officers, and faces a $14,000 fine. https://www.businessinsider.com/tsa-unruly-passengers-airline-assaults-crew-biting-denver-14k-fine-2021-6
  • Tesla recalls 285,000 cars, this time over faulty cruise-control software http://feeds.mashable.com/~r/Mashable/~3/Y62dV_PzyP8/-tesla-recall-model-3-and-model-y-cruise-control
  • Calgary police warn of increase in thefts, robberies linked to buy-and-sell meetups https://globalnews.ca/news/7970984/calgary-buy-and-sell-meet-ups-thefts-robberies/
  • Glowing Bacteria May One Day Protect People From Landmines https://www.nytimes.com/2021/06/21/science/landmines-glowing-bacteria.html
  • Photos: Turkey's Sea-Snot Disaster https://www.theatlantic.com/photo/2021/06/photos-turkeys-sea-snot-disaster/619254/
  • We Need to Manage a Careful Retreat From Climate Change, Scientists Urge https://www.sciencealert.com/we-need-to-figure-out-how-to-retreat-from-climate-change-scientists-say
  • A 'bio-refinery': using the chemistry of willow trees to treat municipal wastewater https://scienmag.com/a-bio-refinery-using-the-chemistry-of-willow-trees-to-treat-municipal-wastewater/
  • How to Prevent Air Conditioners from Heating the Planet https://www.scientificamerican.com/article/how-to-prevent-air-conditioners-from-heating-the-planet/
  • Recycling next-generation solar panels fosters green planet https://scienmag.com/recycling-next-generation-solar-panels-fosters-green-planet/
  • Transforming CO2 and sugars into biofuel https://scienmag.com/transforming-co2-and-sugars-into-biofuel/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Canada's 7-day average of new COVID-19 cases has dropped below 1,000 per day https://globalnews.ca/news/7969386/canada-covid-cases-june-21-2021/
  • Majority of COVID-19 infections, deaths now among unvaccinated people in Canada: Data https://globalnews.ca/news/7981772/covid-19-infections-death-unvaccinated/
  • 99% of Current US COVID-19 Deaths Have One Major Thing in Common https://www.sciencealert.com/the-vaccines-are-working-99-of-current-us-covid-19-deaths-are-unvaccinated-people
  • Australia Covid: Outbreaks emerge across country in 'new phase' of pandemic https://www.bbc.co.uk/news/world-australia-57633457
  • The paths through which COVID-19 spread across Brazil https://scienmag.com/the-paths-through-which-covid-19-spread-across-brazil/
  • Tens of thousands of COVID-19 survivors in India are developing deadly 'black fungus' infections that can lead to blindness https://www.businessinsider.com/india-coronavirus-survivors-black-fungus-infections-more-than-31k-2021-6
  • Kids are more likely to be vectors for fast-spreading new coronavirus strains like the Delta variant, former FDA chief says https://www.businessinsider.com/kids-more-likely-vectors-coronavirus-variants-scott-gottlieb-2021-6
  • A map shows how many people had undiagnosed COVID-19 in the first 6 months of the pandemic, across 7 regions of the US https://www.businessinsider.com/map-how-many-people-had-coronavirus-us-regions-2021-6
  • A 'constellation' of COVID-19 mutations may be coming - how worried should we be? https://globalnews.ca/news/7975068/covid-19-mutation-variants/
  • New Coronavirus Variants Are Urgently Being Tracked around the World https://www.scientificamerican.com/article/new-coronavirus-variants-are-urgently-being-tracked-around-the-world/
  • A runny nose and headaches are some of the top Delta variant symptoms reported https://www.businessinsider.com/insiders-top-healthcare-stories-for-june-24-2021-6
  • Delta variant to account for 90% of COVID-19 cases in EU by end-August: health agency https://globalnews.ca/news/7974451/covid-delta-variant-eu/
  • Israel says the Delta variant is infecting vaccinated people - as many as 50% of cases. But they are less severe. https://www.businessinsider.com/israel-50-of-delta-variant-cases-vaccinated-severe-2021-6
  • The Delta variant appears to have tripled to 31% of all US coronavirus cases in just 11 days. It's more dangerous than other variants and could imperil the country's recovery. https://www.businessinsider.com/delta-coronavirus-variant-growing-in-us-could-imperil-recovery-2021-6
  • The UK's battle with the Delta variant may serve as a crystal ball for the US: Cases and hospitalizations could soar again https://www.businessinsider.com/uk-delta-variant-warning-coronavirus-surge-in-us-2021-6
  • The WHO warned that the Delta coronavirus variant is the 'fittest' strain yet and will 'pick off' the most vulnerable people https://www.businessinsider.com/delta-fittest-coronavirus-variant-who-warns-vulnerable-2021-6
  • India is tracking a new mutated coronavirus strain that health officials call 'Delta Plus' - but experts say there's no need to worry https://www.businessinsider.com/delta-plus-variant-india-ay1-covid-coronavirus-experts-not-worried-2021-6

• Guidance, Response, and Recovery:

  • Fully vaccinated Canadians can enter country without quarantine on July 5 https://globalnews.ca/news/7967149/covid-fully-vaccinated-canadians-quarantine-border/
  • Fully vaccinated against COVID-19? Canada unveils new guidance on what you can, can't do https://globalnews.ca/news/7981308/updated-guidance-fully-vaccinated-canadians/
  • The U.S. updated COVID-19 rules for fully vaccinated citizens 41 days ago. When will Canada? https://globalnews.ca/news/7973718/fully-vaccinated-covid-rules-canada/
  • Experts say Ontario's fractured vaccine booking system is complex but gets job done https://globalnews.ca/news/7970682/ontario-covid-vaccine-booking-system-experts/
  • What's allowed when Ontario enters Step 2 of its COVID-19 reopening plan https://toronto.ctvnews.ca/what-s-allowed-when-ontario-enters-step-2-of-its-covid-19-reopening-plan-1.5484017
  • COVID-19: Blockade of N.S. highway underway over province's N.B. restriction changes https://globalnews.ca/news/7971666/ns-nb-border-restrictions-blockade/
  • N.S. premier hints at modified self-isolation for N.B. travellers ahead of today's briefing https://globalnews.ca/news/7970154/ns-covid-19-june-22-2021/
  • New COVID-19 border rules don't provide enough clarity, travel industry says https://globalnews.ca/news/7969290/covid-border-rules-clarity/
  • What you need to know as a modified Atlantic Bubble opens https://globalnews.ca/news/7970808/atlantic-bubble-travel-restrictions-june-23/
  • Canada extends ban on flights from India to July 31 - but not Pakistan https://globalnews.ca/news/7967424/canada-extends-india-flight-ban-july-31/
  • These Videos Could Boost COVID Vaccination Rates https://www.scientificamerican.com/article/these-videos-could-boost-covid-vaccination-rates/
  • A Disaster Expert Says These 6 Steps Could Help The World Recover From The Pandemic https://www.sciencealert.com/a-disaster-expert-says-these-6-steps-could-help-the-world-recover-from-the-pandemic
  • Most parents believe e-learning failed kids during COVID-19 pandemic, Ipsos poll finds https://globalnews.ca/news/7967668/online-learning-fails-kids-ipsos/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • Low-cost method for finding new coronavirus variants https://scienmag.com/low-cost-method-for-finding-new-coronavirus-variants/
  • Artificial Proteins Never Seen in the Natural World Are Becoming New COVID Vaccines and Medicines https://www.scientificamerican.com/article/artificial-proteins-never-seen-in-the-natural-world-are-becoming-new-covid-vaccines-and-medicines/

• Immunity and Vaccinations:

  • Canada set to receive 5.2M COVID-19 vaccine doses this week https://globalnews.ca/news/7967017/canada-covid-vaccine-pfizer-moderna/
  • Canadian study finds mRNA vaccines produce more COVID-19 antibodies than AstraZeneca https://globalnews.ca/news/7972729/covid-antibody-study-canada-vaccine/
  • Toronto sets national record with 11,000 vaccinations in one day at Scotiabank clinic, city says https://toronto.ctvnews.ca/toronto-sets-national-record-with-11-000-vaccinations-in-one-day-at-scotiabank-clinic-city-says-1.5487455
  • Winnipeg adults cancelling Pfizer vaccine bookings to make room for youth amid supply issues https://globalnews.ca/news/7968895/winnipeg-adults-cancelling-pfizer-vaccine-bookings-youth/
  • The US hasn't vaccinated enough people to stop a Delta variant spike of infections, one of the leading US public-health experts has warned https://www.businessinsider.com/delta-variant-covid-vaccine-us-cases-surge-wave-ashish-jha-2021-6
  • U.S. experts expand study on whether Moderna vaccine curbs COVID-19 spread https://globalnews.ca/news/7970277/moderna-covid-vaccine-transmission-study/
  • China increased its threshold for herd immunity from 70% vaccinated to 85% as the efficacy of its shots comes into question https://www.businessinsider.com/china-herd-immunity-85-percent-vaccinated-not-70-shots-questioned-2021-6
  • Covid: Vaccines running out in poorer nations, WHO says https://www.bbc.co.uk/news/world-57558401
  • Who needs COVID-19 boosters? https://www.theverge.com/22549336/covid-vaccine-booster-immunocompromised-antivirus

• Things we learned:

  • A scientist says he's found 13 Wuhan coronavirus sequences that were deleted from a US database - and claims they're a 'goldmine' for research into the virus' origins https://www.businessinsider.com/covid-origins-wuhan-china-sequences-jesse-bloom-deleted-sequences-coronavirus-2021-6
  • 1st COVID-19 case could have emerged in China in October 2019: study https://globalnews.ca/news/7980102/covid-first-case-october-2019-study/
  • A third of people with COVID-19 symptoms develop 'long COVID' that lasts for 12 weeks, a new survey of 500,000 people suggests https://www.businessinsider.com/long-covid-long-haulers-study-coronavirus-symptoms-2021-6
  • Long Covid: More than two million in England may have suffered, study suggests https://www.bbc.co.uk/news/health-57584295
  • Study confirms the low likelihood that SARS-CoV-2 on hospital surfaces is infectious https://scienmag.com/study-confirms-the-low-likelihood-that-sars-cov-2-on-hospital-surfaces-is-infectious/
  • Virus that causes COVID-19 can find alternate route to infect cells https://scienmag.com/virus-that-causes-covid-19-can-find-alternate-route-to-infect-cells/
  • A Coronavirus Epidemic Hit Humanity 20,000 Years Ago, DNA Study Reveals https://www.sciencealert.com/scientists-find-traces-of-humanity-s-long-battle-with-coronaviruses-in-our-dna
  • Can Vitamin D Help Protect against COVID? https://www.scientificamerican.com/article/can-vitamin-d-help-protect-against-covid/

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • COVID-19: Police allege Toronto store employee punched, stomped on after 'interaction' over mask https://globalnews.ca/news/7974990/covid-face-mask-toronto-store-assault-police/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Bullet Time: When Pistol Dueling Was an Olympic Event https://www.mentalfloss.com/article/646824/when-pistol-dueling-was-an-olympic-event
• Virgin Galactic gets OK for passenger flights to space - and Richard Branson will be on one https://www.cbc.ca/news/business/virgin-galactic-branson-space-bezos-1.6080115
• There's a Problem With Hubble, and NASA Hasn't Been Able to fix it yet https://www.universetoday.com/151611/theres-a-problem-with-hubble-and-nasa-hasnt-been-able-to-fix-it-yet/
• To fix the Hubble Space Telescope, NASA may have to rely on a computer that hasn't turned on since 2009 https://www.businessinsider.com/nasa-troubleshooting-hubble-space-telescope-computer-error-2021-6
• Get a load of this: NASA to test laundry detergent made for space https://www.cbc.ca/news/science/nasa-laundry-detergent-space-1.6075627
• Don't panic! But a gigantic comet is currently inbound toward the Sun https://www.syfy.com/syfywire/gigantic-comet-is-currently-inbound-toward-the-sun
• The Red Plains of Pluto's Cthulhu Macula May Not Be What We Thought https://www.sciencealert.com/the-red-plains-of-pluto-s-cthulhu-macula-may-not-be-what-we-thought
• A Newly-Discovered (Almost) Dwarf Planet Will Come Surprisingly Close in 2031 https://www.universetoday.com/151624/a-newly-discovered-almost-dwarf-planet-will-come-surprisingly-close-in-2031/
• Most Exoplanets won't Receive Enough Radiation to Support an Earth-Like Biosphere https://www.universetoday.com/151637/most-exoplanets-wont-receive-enough-radiation-to-support-an-earth-like-biosphere/
• Astronomers Identify The Star Systems That Could Be Watching Earth From Space https://www.sciencealert.com/these-nearby-star-systems-could-have-spotted-life-on-earth
• Astronomers saw the Same Supernova Three Times Thanks to Gravitational Lensing. And in Twenty Years They Think They'll see it one More Time https://www.universetoday.com/151581/astronomers-saw-the-same-supernova-three-times-thanks-to-gravitational-lensing-and-in-twenty-years-they-think-theyll-see-it-one-more-time/