This Week's [in]Security - Issue 223 | insecurity | Control Gap

Welcome to This Week’s [in]Security. Major incidents: Kaseya/REvil! New breaches: Morgan Stanley, CAN, Marsh McLennan, Mint Mobile, The GOP. New Ransomware: Iran. Follow-ups & Fall-out: Probes, Dumps, New fines, Settlements. Privacy: Alexa, Job Applications, SPAM. Laws & Regs - Canada: C-10, cyberlaw series. US: Right-to-repair. The world: EU Surveillance, China Privacy, Twitter liability, Legal Theater? Standards: NIST, FIDO. Defense: Webinars, 2020 attack methods, Internal threats, DoH-eh, database auditing. Vulnerabilities: PrintNightmare, Kaspersky Passwords, Sage X3, Quantum KD. Trends, Nation States, Crime, Other Risks: Chime Banking App, Windows 11. Health, Safety & Environment: Surfside, Heatdome. Covid-19: Spread, Curves, Waves, and Variants, Response, Immunity, Learned, Impact, And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration https://thehackernews.com/2021/07/magecart-hackers-hide-stolen-credit.html

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major incidents:

  • Up to 1,500 businesses infected in one of the worst ransomware attacks ever https://arstechnica.com/gadgets/2021/07/up-to-1500-businesses-infected-in-one-of-the-worst-ransomware-attacks-ever/
  • Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours https://www.darkreading.com/vulnerabilities---threats/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours/d/d-id/1341496
  • Kaseya's Staff Sounded the Alarm About Security Flaws for Years Before Ransomware Attack https://gizmodo.com/kaseyas-staff-sounded-the-alarm-about-security-flaws-fo-1847270346
  • White hats reported key Kaseya VSA flaw months ago. Ransomware outran the patch https://www.theregister.com/2021/07/08/kaseya_dutch_vulnerability/
  • Kaseya Ransomware Attack: 'It Could Have Been Much Worse' https://www.databreachtoday.com/kaseya-ransomware-attack-it-could-have-been-much-worse-a-16995
  • Kaseya Ransomware Attack: 'This is a Dramatic Escalation' https://www.databreachtoday.com/kaseya-ransomware-attack-this-dramatic-escalation-a-16996
  • REvil victims are refusing to pay after flawed Kaseya ransomware attack https://www.bleepingcomputer.com/news/security/revil-victims-are-refusing-to-pay-after-flawed-kaseya-ransomware-attack/
  • REvil ransomware asks $70 million to decrypt all Kaseya attack victims https://www.bleepingcomputer.com/news/security/revil-ransomware-asks-70-million-to-decrypt-all-kaseya-attack-victims/
  • Analyzing the REvil Ransomware Attack https://blog.qualys.com/vulnerabilities-threat-research/2021/07/07/analyzing-the-revil-ransomware-attack
  • Digging into Decoder.re in Kaseya ransom notes– threat intel by Resecurity https://www.databreaches.net/digging-into-decoder-re-in-kaseya-ransom-notes-threat-intel-by-resecurity/
  • Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly https://thehackernews.com/2021/07/kaseya-rules-out-supply-chain-attack.html
  • Researchers Reproduce Exploit Used in Kaseya Hack https://www.securityweek.com/researchers-reproduce-exploit-used-kaseya-hack
  • Bogus Kaseya VSA patches circulate, booby-trapped with remote-access tool https://www.theregister.com/2021/07/07/kaseya_malware_patches_/
  • Fake Kaseya VSA Security Update Drops Cobalt Strike https://threatpost.com/fake-kaseya-vsa-update-cobalt-strike/167587/
  • Malware campaign targets companies waiting for Kaseya security patch https://www.databreaches.net/malware-campaign-targets-companies-waiting-for-kaseya-security-patch/
  • Kaseya Was Working on Patches Before Ransomware Attack https://www.databreachtoday.com/kaseya-was-working-on-patches-before-ransomware-attack-a-16987
  • Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack https://thehackernews.com/2021/07/kaseya-releases-patches-for-flaws.html

• New Breaches:

  • Morgan Stanley reports data breach after vendor Accellion hack https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/
  • Insurance giant CNA reports data breach after ransomware attack https://www.databreaches.net/insurance-giant-cna-reports-data-breach-after-ransomware-attack/
  • Marsh McLennan reveals April data breach involving third-party software https://www.databreaches.net/marsh-mclennan-reveals-april-data-breach-involving-third-party-software/
  • Mint Mobile hit by a data breach after numbers ported, data accessed https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/
  • NC: Hackers Steal Critical Customer Data From Bank Of Oak Ridge https://www.databreaches.net/nc-hackers-steal-critical-customer-data-from-bank-of-oak-ridge/
  • Ca: Data theft from Meals on Wheels reveals gap in provincial privacy legislation, expert says https://www.databreaches.net/ca-data-theft-from-meals-on-wheels-reveals-gap-in-provincial-privacy-legislation-expert-says/
  • Russia ‘Cozy Bear' Hackers Breached GOP as Ransomware Attack Hit https://www.databreaches.net/russia-cozy-bear-hackers-breached-gop-as-ransomware-attack-hit/
  • Republican National Committee Says Systems Weren't Breached https://www.databreachtoday.com/republican-national-committee-says-systems-werent-breached-a-16997
  • NZ: Whanganui DHB apologizes after vaccine privacy breach https://www.databreaches.net/nz-whanganui-dhb-apologizes-after-vaccine-privacy-breach/
  • Spanish King's health info exposed due to vulnerability in COVID certificate portal https://www.databreaches.net/spanish-kings-health-info-exposed-due-to-vulnerability-in-covid-certificate-portal/

• New Ransomware and "Incidents":

  • ‘Cyber-attack' hits Iran's transport ministry and railways https://www.theguardian.com/world/2021/jul/11/cyber-attack-hits-irans-transport-ministry-and-railways

• Follow-ups and fall-out:

  • Sweden's FSA Probes Klarna Over Customer Info Breach https://www.pymnts.com/news/security-and-risk/2021/sweden-fsa-probes-klarna-over-customer-info-breach/
  • Delayed Data Breach Detection: Facing the Consequences https://www.databreachtoday.com/delayed-data-breach-detection-facing-consequences-a-17012
  • Hacker dumps private info of pro-Trump GETTR social network members https://www.bleepingcomputer.com/news/security/hacker-dumps-private-info-of-pro-trump-gettr-social-network-members/
  • Norwegian DPA: Moss Municipal Council fined https://www.databreaches.net/norwegian-dpa-moss-municipal-council-fined/
  • UK: ICO fines transgender charity for data protection breach exposing sensitive personal data https://www.databreaches.net/uk-ico-fines-transgender-charity-for-data-protection-breach-exposing-sensitive-personal-data/
  • British Airways settles with 2018 data breach victims https://www.databreaches.net/british-airways-settles-with-2018-data-breach-victims/
  • New York Department of Financial Services Announces a $1.8 Million Settlement with Two Life Insurers for Data Breach Violations https://www.databreaches.net/new-york-department-of-financial-services-announces-a-1-8-million-settlement-with-two-life-insurers-for-data-breach-violations/

Privacy

Articles about privacy related news, risks, and trends.

• Healthcare Workers Allege Amazon Alexa Violates Privacy https://www.databreachtoday.com/healthcare-workers-allege-amazon-alexa-violates-privacy-a-17002
• You can now apply for a job through TikTok https://www.theverge.com/2021/7/7/22567220/tiktok-resumes-job-application
• ICO survey on data flouters: 50% say they receive more unwanted calls than before pandemic https://www.theregister.com/2021/07/08/ico_data_protection_survey/
• In conversation with Gene Hoffman, co-creator of the internet's first ad blocker https://www.theregister.com/2021/07/08/interview_gene_hoffman/
• Employee at New Brunswick hospital fired after ‘significant' privacy breach https://globalnews.ca/news/8012245/charlotte-county-hospital-privacy-breach/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Reviving Bill C-10: CRTC Re-Opens Data Gathering Plans To Require Disclosures from Internet Streaming Services https://www.michaelgeist.ca/2021/07/reviving-bill-c-10-part-one-crtc-re-opens-data-gathering-plans-to-require-disclosures-from-internet-streaming-services/
  • Understanding Canadian Cybersecurity Laws: ‘Insert Something Clever Here' — Canada's Anti-Spam Legislation https://www.datex.ca/blog/canadas-anti-spam-legislation-article-5
  • Understanding Canadian Cybersecurity Laws: Peer-to-peer privacy protection — ‘Intrusion upon seclusion' and the protection of intimate images https://www.datex.ca/blog/the-protection-of-intimate-images-article-6
  • Understanding Canadian Cybersecurity Laws: Deep, Dark, and Undetectable – Canadian Jurisdictional Considerations In Global Encrypted Networks https://www.datex.ca/blog/canadian-jurisdictional-considerations-in-global-encrypted-networks-article-7
  • Understanding Canadian Cybersecurity Laws: Outlining Existing Federal Cybersecurity Legislation in Canada, the UK, Australia, and the US https://www.datex.ca/blog/legislation-in-canada-the-uk-australia-and-the-us-article-8
  • Understanding Canadian Cybersecurity Laws: Legislative Modernization — Responding and Adapting to Technological Change in a Global Domain https://www.datex.ca/blog/responding-and-adapting-to-technological-change-in-a-global-domain-article-9

• US:

  • President Joe Biden's latest executive order is a huge win for right to repair https://www.theverge.com/2021/7/9/22570826/president-joe-biden-executive-order-right-to-repair
  • Apple founder Steve Wozniak backs right-to-repair movement https://www.bbc.co.uk/news/technology-57763037
  • Biden's New Executive Order Looks to Address Data Privacy https://www.databreachtoday.com/bidens-new-executive-order-looks-to-address-data-privacy-a-17021
  • Improving Enforcement in State Consumer Privacy Laws https://www.eff.org/deeplinks/2021/07/improving-enforcement-state-consumer-privacy-laws
  • Several U.S. states file lawsuit against Google over antitrust violations https://globalnews.ca/news/8010702/u-s-states-suing-google-antitrust-violations/
  • BJC HealthCare Data Breach Lawsuit Survives Motions to Dismiss https://www.databreaches.net/bjc-healthcare-data-breach-lawsuit-survives-motions-to-dismiss/

• World:

  • Europe Makes the Case to Ban Biometric Surveillance https://www.wired.com/story/europe-ban-biometric-surveillance
  • How Norway's photo law will affect influencers https://www.bbc.co.uk/news/newsbeat-57721080
  • People's Republic of China Passes the Data Security Law: A Summary of What We Know https://www.databreaches.net/peoples-republic-of-china-passes-the-data-security-law-a-summary-of-what-we-know/
  • Twitter has lost legal immunity for users' posts in India, government argues https://www.theverge.com/2021/7/6/22564768/twitter-india-legal-liability-users-posts-defamation-digital-media-ethics-code
  • Twitter will comply with India's new rules to keep its legal immunity https://www.theverge.com/2021/7/8/22568433/twitter-india-legal-immunity-user-posts-regulations
  • (Legal theater - a bigger stick with no one to use it on?) Ransomware-hit law firm gets court order asking crooks not to publish the data they stole https://www.databreaches.net/ransomware-hit-law-firm-gets-court-order-asking-crooks-not-to-publish-the-data-they-stole/
  • High Court Notice To Centre, State On Data Leak Allegations Against TrueCaller https://www.databreaches.net/high-court-notice-to-centre-state-on-data-leak-allegations-against-truecaller/
  • How to navigate open source licensing risks https://www.trendmicro.com/en_us/research/21/g/navigating-open-source-licensing-risk.html

• Standards News:

  • Draft NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM), is now available for a second public comment period through August 6 https://csrc.nist.gov/publications/detail/nistir/8286a/draft
  • FIDO Alliance Update: New Guidelines, Standard Enhancements https://www.databreachtoday.com/fido-alliance-update-new-guidelines-standard-enhancements-a-17003

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars, Virtual Events, and other training related:

  • NICE Webinar: Securing Operational Technologies and Control Systems with a Skilled Workforce July 21, 2021 2:00-3:00PM EDT https://events-na13.adobeconnect.com/content/connect/c1/2209463749/en/events/event/shared/2812297760/event_registration.html?sco-id=9011444812&_charset_=utf-8
  • Home schooling for Cyber Professionals Part 2 – Students and instructors share their training routines and tips. https://www.sans.org/blog/home-schooling-for-cyber-professionals-part-2-students-and-instructors-share-their-training-routines-and-tips-
• CISA Analysis Reveals Successful Attack Techniques of FY 2020 https://www.darkreading.com/threat-intelligence/cisa-analysis-reveals-successful-attack-techniques-of-fy-2020/d/d-id/1341510
• Experts explained how and where confidential company data leaks and 85% is due to internal risks https://www.ehackingnews.com/2021/07/experts-explained-how-and-where.html
• Autonomous Security Is Essential if the Edge Is to Scale Properly https://www.darkreading.com/endpoint/autonomous-security-is-essential-if-the-edge-is-to-scale-properly/a/d-id/1341391
• FBI: Businesses Need AI To Curb Social Engineering, Phishing Fraud https://www.pymnts.com/fraud-prevention/2021/fbi-ai-mfa-social-engineering/
• Why the password isn't dead quite yet https://arstechnica.com/information-technology/2021/07/why-the-password-isnt-dead-quite-yet/
• Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix https://thehackernews.com/2021/07/security-awareness-training-is-broken.html
• A New System Is Helping Crack Down on Child Sex Abuse Images https://www.wired.com/story/new-system-crack-down-child-sex-abuse-images
• Forward Health On Securing Biometric Data From Breaches https://www.pymnts.com/digital-identity/2021/forward-health-on-securing-biometric-data-from-breaches/
• Mozilla Firefox to roll out DNS over HTTPS for Canadian users https://www.bleepingcomputer.com/news/security/mozilla-firefox-to-roll-out-dns-over-https-for-canadian-users/
• Rainbow tables explained: How they work and why they're (mostly) obsolete https://www.csoonline.com/article/3623195/rainbow-tables-explained-how-they-work-and-why-theyre-mostly-obsolete.html
• 8 Ways to Preserve Legal Privilege After a Cybersecurity Incident https://beta.darkreading.com/attacks-breaches/8-ways-to-preserve-legal-privilege-after-a-cybersecurity-incident
• Oracle Auditing Part 1: Standard Auditing https://www.imperva.com/blog/oracle-auditing-part-1-standard-auditing/
• Oracle Auditing Part 2: Mandatory and Fine-Grained Auditing https://www.imperva.com/blog/oracle-auditing-part-2-mandatory-and-fine-grained-auditing/
• Oracle Auditing Part 3: Unified Auditing https://www.imperva.com/blog/oracle-auditing-part-3-unified-auditing/
• Security Auditing for MongoDB on Atlas https://www.imperva.com/blog/security-auditing-for-mongodb-on-atlas/
• Welcoming the Dutch Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-dutch-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Microsoft Issues Emergency Patch for Windows Flaw https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/
• Microsoft's incomplete PrintNightmare patch fails to fix vulnerability https://www.bleepingcomputer.com/news/microsoft/microsofts-incomplete-printnightmare-patch-fails-to-fix-vulnerability/
• Users must update PCs ‘as soon as possible' as Windows left vulnerable to massive flaw, Microsoft says https://www.independent.co.uk/life-style/gadgets-and-tech/windows-microsoft-10-printnightmare-update-b1879863.html
• Kaspersky Password Manager's random password generator was about as random as your wall clock https://www.theregister.com/2021/07/06/kaspersky_password_manager/
• Vulnerability in the Kaspersky Password Manager https://www.schneier.com/blog/archives/2021/07/vulnerability-in-the-kaspersky-password-manager.html
• Android Updates for July 2021 Patch Tens of High-Severity Vulnerabilities https://www.securityweek.com/android-updates-july-2021-patch-tens-high-severity-vulnerabilities
• An Office Phone Flaw Can't Be Fixed by Cisco Alone https://www.wired.com/story/office-phone-flaw-cant-be-fixed-by-cisco-alone
• Critical Flaws Reported in Sage X3 Enterprise Management Software https://thehackernews.com/2021/07/critical-flaws-reported-in-sage-x3.html
• Python DLL Injection Check, (Tue, Jul 6th) https://isc.sans.edu/diary/rss/27608
• You've patched that critical Sage X3 ERP security hole, yeah? Not exposing the suite to the internet, either, yeah? https://www.theregister.com/2021/07/07/sage_x3_rce/
• CISA Says Philips Vue Healthcare Products Affected by 15 Vulnerabilities https://www.securityweek.com/cisa-says-philips-vue-healthcare-products-affected-15-vulnerabilities
• Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw https://www.securityweek.com/researcher-describes-potential-impact-recently-patched-sonicwall-nsm-flaw
• Quantum Key Distribution: Is it as secure as claimed and what can it offer the enterprise? https://www.theregister.com/2021/07/06/quantum_key_distribution/
• Why I Love (Breaking Into) Your Security Appliances https://threatpost.com/breaking-into-security-appliances/167584/
• Coursera API vulnerabilities disclosed by researchers https://www.zdnet.com/article/coursera-api-vulnerabilities-disclosed-by-researchers
• On the (in)security of ElGamal in OpenPGP, by Luca De Feo and Bertram Poettering and Alessandro Sorniotti https://eprint.iacr.org/2021/923

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Ransomware as a service: Negotiators are now in high demand https://www.zdnet.com/article/ransomware-as-a-service-negotiators-between-hackers-and-victims-are-now-in-high-demand
  • 170 Android cryptocurrency mining scam apps steal $350 000 from users https://www.zdnet.com/article/170-android-cryptocurrency-mining-scam-apps-have-stolen-350000-from-users
  • Non-Malicious Android Crypto Mining Apps Scam Users at Scale https://www.securityweek.com/non-malicious-android-crypto-mining-apps-scam-users-scale
  • Android Apps in Google Play Harvest Facebook Credentials https://threatpost.com/android-apps-google-play-facebook-credentials/167563/
  • Use of Common Malware in Operation Targeting Energy Sector Makes Attribution Difficult https://www.securityweek.com/use-common-malware-operation-targeting-energy-sector-makes-attribution-difficult
  • Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America https://thehackernews.com/2021/07/experts-uncover-malware-attacks.html
  • Mac Malware Used in Attacks Targeting Industrial Organizations in Middle East https://www.securityweek.com/mac-malware-used-attacks-targeting-industrial-organizations-middle-east
  • India under attack by rapidly-evolving advanced persistent threat actor SideCopy, says Cisco Talos https://www.databreaches.net/india-under-attack-by-rapidly-evolving-advanced-persistent-threat-actor-sidecopy-says-cisco-talos/
  • Observed Increased Scanning for Microsoft Secure Socket Tunneling Protocol, (Sat, Jul 10th) https://isc.sans.edu/diary/rss/27622

• Nation State Actors:

  • Researchers Learn From Nation-State Attackers' OpSec Mistakes https://www.darkreading.com/threat-intelligence/researchers-learn-from-nation-state-attackers-opsec-mistakes/d/d-id/1341483
  • US warns of action against ransomware gangs if Russia refuses https://www.bleepingcomputer.com/news/security/us-warns-of-action-against-ransomware-gangs-if-russia-refuses/

• Crime & Arrests, etc.:

  • Inside the FBI, Russia, and Ukraine's failed cybercrime investigation https://www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/
  • Spike in “Chain Gang” Destructive Attacks on ATMs https://krebsonsecurity.com/2021/07/spike-in-chain-gang-destructive-attacks-on-atms/
  • Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities https://thehackernews.com/2021/07/interpol-arrests-hacker-in-morocco-who.html
  • Suspected hacker Dr HeX arrested over cybercrime, bank fraud impacting thousands https://www.zdnet.com/article/suspected-hacker-dr-hex-arrested-over-cybercrime-bank-fraud-impacting-thousands
  • TX: Fraudster Who Stole Protected Health Information to Fund Spending Spree Sentenced to Prison https://www.databreaches.net/tx-fraudster-who-stole-protected-health-information-to-fund-spending-spree-sentenced-to-prison/
  • UK: Years in jail for Cambridgeshire computer hacker who blackmailed victims https://www.databreaches.net/uk-years-in-jail-for-cambridgeshire-computer-hacker-who-blackmailed-victims/
  • Schneier on last week's $10M Xbox activation code insider theft https://www.schneier.com/blog/archives/2021/07/stealing-xbox-codes.html

Other Security / Risk

Articles covering other types of risks.

• GitHub's automatic coding tool rests on untested legal ground https://www.theverge.com/2021/7/7/22561180/github-copilot-legal-copyright-fair-use-public-code
• Mozilla's RegretsReporter data shows YouTube keeps recommending harmful videos https://www.theverge.com/2021/7/7/22567640/youtube-algorithm-suggestions-radicalization-mozilla
• Voice cloning of interest to actors and cybercriminals https://www.bbc.co.uk/news/business-57761873
• The cost of cyber insurance increased 32 per cent last year and shows no signs of easing https://www.theregister.com/2021/07/05/cyber_insurance_report/
• A Banking App Has Been Suddenly Closing Accounts, Sometimes Not Returning Customers' Money https://www.propublica.org/article/chime#1072735
• Pentagon cancels Microsoft JEDI contract, will ask for new cloud computing bids https://www.theverge.com/2021/7/6/22565281/pentagon-microsoft-jedi-amazon
• Flooded subways and submerged cars in New York https://www.bbc.co.uk/news/world-us-canada-57781840
• What caused the Great Recession? Understanding the key factors that led to one of the worst economic downturns in US history https://www.businessinsider.com/what-caused-the-great-recession
• Fighting language extinction: Blackfoot language taught through new app https://globalnews.ca/news/8010902/blackfoot-language-taught-app/

• Windows 11:

  • Hands on with Windows 11 File Explorer and Settings https://www.bleepingcomputer.com/news/microsoft/hands-on-with-windows-11-file-explorer-and-settings/
  • Taking Microsoft's Windows 11 for a Test Drive https://www.nytimes.com/2021/07/07/technology/personaltech/windows-11-test-drive.html
  • Windows 11 will soon let you know how long updates take to install https://www.bleepingcomputer.com/news/microsoft/windows-11-will-soon-let-you-know-how-long-updates-take-to-install/
  • OnePlus admits to throttling popular apps to save battery life https://www.theverge.com/2021/7/8/22568107/oneplus-9-pro-battery-life-app-throttling-benchmarks

• Health, Safety & Environment:

  • Fighting disease: How are genetically engineered mosquitoes regulated? https://globalnews.ca/news/8002028/genetically-engineered-mosquitoes-regulation/
  • Maine Has a Dangerous, Small, and Very Itchy Problem https://www.theatlantic.com/science/archive/2021/07/maine-caterpillar-itchy-poisonous-browntail-moth/619376/
  • Moderna co-founder using mRNA technology to treat venomous snakebites https://globalnews.ca/news/8005422/moderna-cofounder-mrna-snakebotes/
  • No, Your Clean Home Isn't Messing With Your Immune System. Here's Why https://www.sciencealert.com/no-your-home-being-too-clean-isn-t-causing-our-immune-systems-to-be-weaker-here-s-why
  • Muscle relaxants ‘very questionable' treatment for low back pain, experts say https://globalnews.ca/news/8013724/low-back-pain-muscle-relaxant-treatment/
  • Death toll in Surfside condo collapse rises to 90 with 31 still missing https://globalnews.ca/news/8019432/death-toll-surfside-condo-collapse-2/
  • Fiery explosion on container ship in Dubai rocks Middle East's busiest port https://globalnews.ca/news/8011883/dubai-port-explosion/
  • Jaipur: Lightning strike kills 16 taking selfies in India https://www.bbc.co.uk/news/world-asia-india-57801398
  • Group of scientists concludes climate change made B.C., Alberta heat wave 150 times more likely https://globalnews.ca/news/8011109/british-columbia-alberta-heat-wave-climate-change-scientists/
  • More than a billion seashore animals may have cooked to death in B.C. heat wave, says UBC researcher https://www.cbc.ca/news/canada/british-columbia/intertidal-animals-ubc-research-1.6090774
  • B.C. heat wave 'cooks' fruit crops on the branch in sweltering Okanagan and Fraser valleys https://www.cbc.ca/news/canada/british-columbia/heat-fruit-crops-okanagan-fraser-valley-1.6092155
  • Powerful fire tornado in California is latest extreme weather sign https://www.bbc.co.uk/news/world-us-canada-57785882
  • Freshwater methamphetamine pollution turns brown trout into addicts https://scienmag.com/freshwater-methamphetamine-pollution-turns-brown-trout-into-addicts/
  • America used fewer fossil fuels in 2020 than it has in three decades https://www.theverge.com/2021/7/6/22565353/fossil-fuel-america-consumption-united-states-low
  • Satellites can Track Microplastics From Space https://www.universetoday.com/151742/satellites-can-track-microplastics-from-space/
  • This craft brewery is using carbon capture to reuse CO2 in its brews https://www.cbc.ca/news/canada/calgary/blindman-brewing-carbon-capture-1.6091241
  • Expert panel to explore 'carbon budget' as part of Canada's net-zero emissions goal https://www.cbc.ca/news/science/net-zero-advisory-canada-panel-exploring-carbon-budget-2050-1.6092840
  • The Streetlights in an Entire County Were Swapped to LEDs. Light Pollution got Worse https://www.universetoday.com/151767/the-streetlights-in-an-entire-county-were-swapped-to-leds-light-pollution-got-worse/
  • The Caspian Sea Exploded Into a Towering Inferno, And The Cause Was Entirely Natural https://www.sciencealert.com/a-rare-mud-volcano-just-exploded-into-a-towering-inferno
  • Volkswagen, BMW fined $1 billion for colluding to make dirtier cars https://www.theverge.com/2021/7/8/22568356/volkswagen-bmw-daimler-emissions-cartel-fine-audi-porsche-eu

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Poor global vaccine access could create COVID-19 variants, risk economic recovery: G20 https://globalnews.ca/news/8018299/covid-coronavirus-global-vaccine-variants/
  • Over 4 million people worldwide have now died from COVID-19 https://globalnews.ca/news/8011756/covid-deaths-4-million/
  • A leading US disease expert says there's 'no doubt in my mind' vaccinated people are helping spread Delta https://www.businessinsider.com/covid-expert-vaccinated-people-can-spread-the-delta-variant-2021-7
  • The Delta variant for the 1st time accounts for more than half of all US COVID-19 cases, CDC says https://www.businessinsider.com/cdc-delta-variant-more-than-half-cases-us-2021-7
  • The US recorded more than 20,000 new COVID-19 cases each of the past four days as the Delta variant spreads https://www.businessinsider.com/us-recorded-20000-daily-covid-19-cases-delta-variant-spreads-2021-7
  • The Lambda COVID-19 variant is in Canada. How worried should we be? https://globalnews.ca/news/8010175/lambda-covid-variant-canada/
  • The Lambda virus variant is worrying scientists after taking over in Peru. Limited evidence says it's more infectious, but still vulnerable to vaccines. https://www.businessinsider.com/lambda-variant-emerges-experts-fear-could-spread-fast-resist-vaccine-2021-7
  • Ontario reports 166 new COVID-19 cases, 6 deaths https://globalnews.ca/news/8019218/ontario-covid-coronavirus-numbers-july-11/
  • Ontario gym that relied on exemption to stay open during COVID-19 faces variant outbreak https://globalnews.ca/news/8007545/covid-ontario-oakville-gym-delta-variant-cases/

• Guidance, Response, and Recovery:

  • ‘Premature' to remove COVID restrictions with youth not yet eligible for vaccine: epidemiologist https://globalnews.ca/news/8010146/covid-restrictions-youth-vaccinate/
  • Canada won't be welcoming unvaccinated tourists any time soon: Trudeau https://globalnews.ca/news/8013469/unvaccinated-tourists-canada-trudeau-covid/

• Treatments, Testing, Triage, Trials, and things we Learned:

  • A Breathalyzer to Detect Covid-19? Scientists Are on It. https://www.nytimes.com/2021/07/11/health/covid-breathing-test.html
  • Flu jab protects against some of the severe effects of COVID-19, including https://scienmag.com/flu-jab-protects-against-some-of-the-severe-effects-of-covid-19-including/

• Immunity and Vaccinations:

  • G20 wants greater COVID-19 vaccine sharing, but makes no new commitments https://globalnews.ca/news/8015601/g20-covid-vaccine-access-no-commitments/
  • mRNA vaccines slash risk of COVID-19 infection by 91% in fully vaccinated people https://scienmag.com/mrna-vaccines-slash-risk-of-covid-19-infection-by-91-in-fully-vaccinated-people/
  • One vaccine dose isn't enough to protect against the Delta variant, new research shows https://www.businessinsider.com/how-well-does-one-vaccine-dose-work-delta-variant-coronavirus-2021-7
  • Ontario top doctor calls for COVID-19 vaccine push among young people ahead of school return https://globalnews.ca/news/8007666/ontario-top-doctor-calls-for-covid-vaccine-push-among-young-people/
  • New study estimates America's rapid COVID-19 vaccine rollout saved nearly 300,000 lives https://www.businessinsider.com/us-vaccine-rollout-saved-nearly-300000-lives-report-says-2021-7
  • Vermont is about to become the first state to reach herd immunity. Massachusetts and Hawaii are close behind. https://www.businessinsider.com/vermont-to-be-first-state-to-reach-herd-immunity-2021-7
  • More than half of Ontario adults are fully vaccinated against COVID-19 https://toronto.ctvnews.ca/more-than-half-of-ontario-adults-are-fully-vaccinated-against-covid-19-1.5501281
  • Fully vaccinated but left out: Canada's new border rules put some in a conundrum https://globalnews.ca/news/8010165/canada-border-rules-china-sputnik-covid-vaccine/
  • Having a more intense response to 2nd COVID-19 vaccine dose? Here's why https://globalnews.ca/news/8008604/covid-vaccine-second-dose-intense-response/
  • Canada says COVID-19 boosters may be needed but no approval request from Pfizer yet https://globalnews.ca/news/8017169/canada-request-pfizer-booster-shot/
  • Pfizer developing booster shot to combat COVID-19 Delta variant https://globalnews.ca/news/8014256/pfizer-booster-covid-delta-variant/

• Things we learned:

  • Ontario researchers find how some COVID-19 vaccines can trigger blood clots https://globalnews.ca/news/8012329/ontario-researchers-covid-19-vaccines-blood-clots/

• Impact:

  • Toronto's Financial District, underground PATH braces for longer recovery as businesses reopen https://globalnews.ca/news/8006386/toronto-financial-district-path-longer-covid-recovery/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Virgin Galactic successfully sends Richard Branson to the edge of space The Joyride Era of Space Travel Is Here https://www.theverge.com/2021/7/11/22572374/richard-branson-virgin-galactic-space-unity and https://www.theatlantic.com/science/archive/2021/07/richard-branson-really-did-it/619412/
• 50 years ago, astronauts trained in Sudbury, Ont., for the Apollo 16 moon mission https://www.cbc.ca/news/canada/sudbury/apollo-asronauts-trained-sudbury-50-years-ago-1.6096556
• New ground base telescope designed to out perform Hubble https://scitechdaily.com/bursting-the-hubble-bubble-powerful-ground-based-telescope-will-see-further-and-clearer-than-hubble-space-telescope/
• Physics Gets a Vote: No Starcruisers for Space Force https://warontherocks.com/2021/06/physics-gets-a-vote-no-starcruisers-for-space-force/
• Researchers Have Taught a Drone to Recognize and Hunt Down Meteorites Autonomously https://www.universetoday.com/151657/researchers-have-taught-a-drone-to-recognize-and-hunt-down-meteorites-autonomously/
• Hubble on the Bubble: Can NASA fix the world's most famous telescope? https://www.syfy.com/syfywire/hubble-on-the-bubble-can-nasa-fix-the-worlds-most-famous-telescope
• Multiple Earth-Mass Rogue Planets Have Been Discovered Drifting Through the Milky Way https://www.universetoday.com/151765/multiple-earth-mass-rogue-planets-have-been-discovered-drifting-through-the-milky-way/
• China plans mass rocket launch to divert asteroid that could wipe out life on Earth https://www.independent.co.uk/life-style/gadgets-and-tech/china-bennu-asteroid-rocket-earth-b1879582.html
• We Might Know why There's so Little Antimatter in the Universe https://www.universetoday.com/151775/we-might-know-why-theres-so-little-antimatter-in-the-universe/
• 11 Shipwrecks That Haunt the Great Lakes https://www.mentalfloss.com/article/647983/great-lakes-shipwrecks
• Poutine anyone? 11 Fantastic Ways People Eat French Fries Around the World https://www.mentalfloss.com/article/648145/french-fries-around-world
• Semicolon vs. Colon: When to Use Each One https://www.mentalfloss.com/article/647941/when-to-use-semicolon-vs-colon
• Peugeot reveals a wicked wingless hypercar https://www.theverge.com/2021/7/6/22565547/peugeot-le-mans-hypercar-wec-endurance-sports-car
• World's tallest sandcastle built in Denmark https://www.bbc.co.uk/news/world-europe-57757530