This Week's [in]Security - Issue 230

Welcome to This Week’s [in]Security. SSF faqs, firewalls, Storing CVV. New breaches: Microsoft Power Apps: IndiaMart, Imavex. New Ransomware: Ragnarok shutdown, FBI alerts. Major outages: Record DDoS, TSYS, OneDrive. Follow-ups & Fall-out: T-Mobile, Poly, SubaGames, Eatigo. Privacy: WFH surveillance. Laws & Regs: Canada: Online harms. US: non-competes. CSP troll, Chinese Tech. Standards: NIST. Defense: Webinars, Webinars. Supply-chain. Vulnerabilities: Unitrends zero-day, Medical IoT, Windows 10, F5 BIG-IP, SSL VPNs, OpenSSL, SNI, Cosmos DB, Confluence, Glowworm. Cybercrime: Trends: Nation States. Crime. Other Risks: Tech-hype, Voting Systems, Fooling AI. Health, Safety & Environment: Zoom fatigue. Covid-19: Spread, Curves, Waves, and Variants; Response; Treatments; Immunity; Impact; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• FAQs for SSF v1.1 https://www.pcisecuritystandards.org/documents/SSF-v1_1-FAQs.pdf
• Back-to-Basics: Properly Configured Firewalls https://blog.pcisecuritystandards.org/back-to-basics-properly-configured-firewalls
• Don’t Tie Yourself in Knots Thinking you can Store Payment Card Verification Codes/Values https://controlgap.com/blog/Storing-Card-Security-Values

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

  • Microsoft Power App misconfiguration includes contact tracing info https://www.theregister.com/2021/08/23/power_shell_records/, https://arstechnica.com/information-technology/2021/08/38-million-records-exposed-online-including-contact-tracing-info/, https://www.wired.com/story/microsoft-power-apps-data-exposed, https://threatpost.com/microsoft-38-million-sensitive-records-power-app/168885/
  • Microsoft Cloud Databases Vulnerable for Years, Firm Says https://www.databreaches.net/microsoft-cloud-databases-vulnerable-for-years-firm-says/
  • IndiaMART - 20,154,583 breached accounts https://haveibeenpwned.com/PwnedWebsites#IndiaMART
  • Imavex - 878,209 breached accounts https://haveibeenpwned.com/PwnedWebsites#Imavex
  • RCMP investigating hack of spy watchdog network involving theft of files https://www.ctvnews.ca/canada/rcmp-investigating-hack-of-spy-watchdog-network-involving-theft-of-files-agency-says-1.5562601
  • Metro Infectious Disease Consultants Notifies 171,740 Individuals of Privacy Incident https://www.databreaches.net/metro-infectious-disease-consultants-notifies-171740-individuals-of-privacy-incident/
  • Data Breaches Tied to Ransomware: Look Harder https://www.databreachtoday.com/blogs/data-breaches-tied-to-ransomware-look-harder-p-3090

• New Ransomware and "Incidents":

  • Ragnarok ransomware releases master decryptor after shutdown https://www.databreaches.net/ragnarok-ransomware-releases-master-decryptor-after-shutdown/
  • Boston Public Library discloses cyberattack, system-wide technical outage https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/
  • Worried ransomware merchants know more about file storage than you do? You should be… https://www.theregister.com/2021/08/23/nasuni_cloud_bound_21/
  • FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020 https://www.bleepingcomputer.com/news/security/fbi-onepercent-group-ransomware-targeted-us-orgs-since-nov-2020/
  • FBI Issues Alert on Hive Ransomware https://www.databreachtoday.com/fbi-issues-alert-on-hive-ransomware-a-17397
  • FBI shares technical details for Hive ransomware https://www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/

• Major outages/downs:

  • Record-Setting DDoS Attack Hits Financial Service Firm https://www.databreachtoday.com/record-setting-ddos-attack-hits-financial-service-firm-a-17345
  • Questions Loom Over What Caused the TSYS Outage And the Fallout From It https://www.digitaltransactions.net/questions-loom-over-what-caused-the-tsys-outage-and-the-fallout-from-it/
  • Microsoft accidentally lowers OneDrive for Business storage limits https://www.bleepingcomputer.com/news/microsoft/microsoft-accidentally-lowers-onedrive-for-business-storage-limits/

• Follow-ups and fall-out:

  • Details of the Recent T-Mobile Breach https://www.schneier.com/blog/archives/2021/08/details-of-the-recent-t-mobile-breach.html
  • T-Mobile CEO: Hacker brute-forced his way through our network https://www.bleepingcomputer.com/news/security/t-mobile-ceo-hacker-brute-forced-his-way-through-our-network/
  • T-Mobile Sued Over Data Breach Affecting Millions of Customers https://www.securityweek.com/t-mobile-sued-over-data-breach-affecting-millions-customers
  • Poly Network confirms return of hacked funds https://www.databreaches.net/poly-network-confirms-return-of-hacked-funds/
  • SubaGames - 6,137,666 breached accounts https://haveibeenpwned.com/PwnedWebsites#SubaGames
  • Eatigo - 2,789,609 breached accounts https://haveibeenpwned.com/PwnedWebsites#Eatigo
  • Update on Eskenazi Health Cyber Incident https://www.databreaches.net/update-on-eskenazi-health-cyber-incident/

Privacy

Articles about privacy related news, risks, and trends.

• The tech industry is blowing millions of dollars to make work from home into a worker-surveillance dystopia https://www.businessinsider.com/tech-industry-facebook-making-work-from-home-worse-office-surveillance-2021-8
• Most US government agencies are using facial recognition https://www.theverge.com/2021/8/25/22641216/facial-recognition-gao-report-agency-dhs-cbp-fbi
• "Act natural!": Having a Private Chat on a Public Blockchain, by Thore Tiemann and Sebastian Berndt and Thomas Eisenbarth and Maciej Liskiewicz https://eprint.iacr.org/2021/1073

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • The Law Bytes Podcast, Episode 99: “They Just Seemed Not to Listen to Any of Us” – Cynthia Khoo on the Canadian Government's Online Harms Consultation https://www.michaelgeist.ca/2021/08/law-bytes-podcast-episode-99/
  • How to ensure Canada’s quantum computing strategy is a success https://policyoptions.irpp.org/magazines/august-2021/how-to-ensure-canadas-quantum-computing-strategy-is-a-success/

• US:

  • Millions of American workers are shackled by absurd non-compete agreements. Companies need to stop needlessly restricting workers. https://www.businessinsider.com/non-compete-clauses-harm-low-level-workers-lawyer-2021-8
  • Proofpoint Wins $14 Million In IP Theft Court Battle https://packetstormsecurity.com/news/view/32594/Proofpoint-Wins-14-Million-In-IP-Theft-Court-Battle.html
  • Little-Known Federal Software Can Trigger Revocation of Citizenship https://theintercept.com/2021/08/25/atlas-citizenship-denaturalization-homeland-security/

• World:

  • I turned on CSP and all I got was this crappy lawsuit! https://scotthelme.co.uk/i-turned-on-csp-and-all-i-got-was-this-crappy-lawsuit/
  • Australia's 'hacking' Bill passes the Senate after House made 60 amendments https://www.zdnet.com/article/australias-hacking-bill-passes-the-senate-after-house-made-60-amendments
  • China intends to ban US stock listings for tech companies with vast troves of sensitive user data, report says https://markets.businessinsider.com/news/stocks/china-ban-tech-companies-us-ipo-listings-sensitive-user-data-2021-8
  • Man Robbed of 16 Bitcoin Sues Young Thieves' Parents https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/

• Standards News:

  • NIST proposing a new publication identifier (PubID) syntax https://www.nist.gov/document/publication-identifier-proposal
  • NIST publishes NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline https://csrc.nist.gov/publications/detail/nistir/8259b/final
  • NIST Special Publication (SP) 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders https://csrc.nist.gov/publications/detail/sp/1800-13/final

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Upcoming Webinars, Virtual Events, and other training related:

  • NICE Symposium: A Coordinated Approach to Supply Chain Risks – November 16 https://niceconference.org/nice-symposium/
• Updates on our continued collaboration with NIST to secure the Software Supply Chain https://security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html
• Preventing your Cloud 'Secrets' from Public Exposure: An IDE plugin solution https://thehackernews.com/2021/08/preventing-your-cloud-secrets-from.html

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Kaseya patches Unitrends server zero-days, issues client mitigations https://www.bleepingcomputer.com/news/security/kaseya-patches-unitrends-server-zero-days-issues-client-mitigations/
• Hackers Could Up Medication Doses Through Infusion Pump Flaws https://www.wired.com/story/infusion-pump-hack-dose-increase
• Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html
• Interesting Windows Privilege Escalation Vulnerability https://www.schneier.com/blog/archives/2021/08/interesting-privilege-escalation-vulnerability.html
• Windows 10 Admin Rights Gobbled by Razer Devices https://threatpost.com/windows-10-admin-rights-razer-devices-mouse-peripherals/168855/
• Windows 10 KB5005932 fixes devices that can't install new updates https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5005932-fixes-devices-that-cant-install-new-updates/
• Windows 10 upgrades blocked by old CryptoPro CSP versions https://www.bleepingcomputer.com/news/microsoft/windows-10-upgrades-blocked-by-old-cryptopro-csp-versions/
• Critical F5 BIG-IP bug impacts customers in sensitive sectors https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-bug-impacts-customers-in-sensitive-sectors/
• Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns
• OpenSSL Vulnerability Can Be Exploited to Change Application Data https://www.securityweek.com/openssl-vulnerability-can-be-exploited-change-application-data
• Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day https://threatpost.com/pegasus-spyware-uses-iphone-zero-click-imessage-zero-day/168899/
• SNI Vulnerability Affects Some Security Products https://www.databreachtoday.com/sni-vulnerability-affects-some-security-products-a-17344
• Synology: Multiple products impacted by OpenSSL RCE vulnerability https://www.bleepingcomputer.com/news/security/synology-multiple-products-impacted-by-openssl-rce-vulnerability/
• Critical Vulnerability Exposed Azure Cosmos DBs for Months https://www.securityweek.com/critical-vulnerability-exposed-azure-cosmos-dbs-months
• Atlassian warns of critical Confluence flaw https://www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/
• Updated PRISM Backdoor Discovered https://www.databreachtoday.com/updated-prism-backdoor-discovered-a-17367
• Ethereum urges Go devs to fix severe chain-split vulnerability https://www.bleepingcomputer.com/news/security/ethereum-urges-go-devs-to-fix-severe-chain-split-vulnerability/
• Glowworm Attack: Optical TEMPEST Sound Recovery via a Device's Power Indicator LED, by Ben Nassi and Yaron Pirutin and Tomer Cohen Galor and Yuval Elovici and Boris Zadov https://eprint.iacr.org/2021/1064

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • CISA Details Additional Malware Targeting Pulse Secure Appliances https://www.securityweek.com/cisa-details-additional-malware-targeting-pulse-secure-appliances
  • New SideWalk Backdoor Targets U.S.-based Computer Retail Business https://thehackernews.com/2021/08/new-sidewalk-backdoor-targets-us-based.html
  • Botnet targets hundreds of thousands of devices using Realtek SDK https://www.bleepingcomputer.com/news/security/botnet-targets-hundreds-of-thousands-of-devices-using-realtek-sdk/
  • Look out for fake donation links for Afghanistan and Haiti relief https://www.businessinsider.com/how-to-avoid-donate-relief-scams-afghanistan-haiti-afghan-refugees-2021-8
  • Hacking group nicknamed SparklingGoblin is accused of stealing usernames and IP addresses from US computer retailer and Canadian schools https://www.databreaches.net/hacking-group-nicknamed-sparklinggoblin-is-accused-of-stealing-usernames-and-ip-addresses-from-us-computer-retailer-and-canadian-schools/
  • Widespread credential phishing campaign abuses open redirector links https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
  • PetitPotam Vulnerability Exploited in Ransomware Attacks https://www.securityweek.com/petitpotam-vulnerability-exploited-ransomware-attacks
  • Ransomware gang's script shows exactly the files they're after https://www.bleepingcomputer.com/news/security/ransomware-gangs-script-shows-exactly-the-files-theyre-after/
  • Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc https://thehackernews.com/2021/08/researchers-warn-of-4-new-ransomware.html

• Nation State Actors:

  • From Pearl to Pegasus: Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
  • Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions https://thehackernews.com/2021/08/researchers-uncover-fin8s-new-backdoor.html

• Crime & Arrests, etc.:

  • UK cyber security and cyber crime statistics (2021) https://www.comparitech.com/blog/information-security/uk-cyber-security-statistics/
  • Chinese auto-maker accused of altering data after fatal autonomous car accident https://www.theregister.com/2021/08/24/chinese_police_investigating_fatal_ev_accident/
  • Fake Apple rep amasses 620,000+ stolen iCloud pics, vids in hunt for images of nude women to trade https://www.theregister.com/2021/08/24/los_angeles_county_man_pretended/

Other Security / Risk

Articles covering other types of risks.

• Gartner releases its 2021 emerging tech hype cycle: Here's what's in and headed out https://www.zdnet.com/article/gartner-releases-its-2021-emerging-tech-hype-cycle-heres-whats-in-and-headed-out/
• Surveillance of the Internet Backbone https://www.schneier.com/blog/archives/2021/08/surveillance-of-the-internet-backbone.html
• Experts Warn of Dangers From Breach of Voter System Software https://www.securityweek.com/experts-warn-dangers-breach-voter-system-software
• Researchers Demonstrate AI Can Be Fooled https://www.databreachtoday.com/researchers-demonstrate-ai-be-fooled-a-17366
• Cyber Warfare May be Losing Its Advantage of Deniability https://www.securityweek.com/cyber-warfare-may-be-losing-its-advantage-deniability
• Why is there a chip shortage? https://www.bbc.co.uk/news/business-58230388
• The most popular posts on Facebook are plagiarized https://www.theverge.com/2021/8/27/22644126/the-most-popular-posts-on-facebook-are-plagiarized
• There may be (many) more SPF records than we might expect, (Wed, Aug 25th) https://isc.sans.edu/diary/rss/27786
• Windows 11 to only support one Intel 7th gen CPU, no AMD Zen CPUs https://www.bleepingcomputer.com/news/microsoft/windows-11-to-only-support-one-intel-7th-gen-cpu-no-amd-zen-cpus/
• A Bad Solar Storm Could Cause an 'Internet Apocalypse' https://www.wired.com/story/solar-storm-internet-apocalypse-undersea-cables
• Chicago Inspector General: Police Use ShotSpotter to Justify Illegal Stop-and-Frisks https://www.eff.org/deeplinks/2021/08/chicago-inspector-general-police-use-shotspotter-justify-illegal-stop-and-frisks
• Exam-Cheating Scandal: CREST Finds NCC Group Broke Rules https://www.databreachtoday.com/exam-cheating-scandal-crest-finds-ncc-group-broke-rules-a-17394

• Health, Safety & Environment:

  • Scientists Have Calculated The Probability of Another COVID-Level Pandemic Emerging https://www.sciencealert.com/stats-suggest-the-probability-of-a-covid-19-like-pandemic-is-about-2-in-any-given-year
  • Making 1 Simple Substitution For Table Salt Could Save Millions of Lives https://www.sciencealert.com/making-1-simple-substitution-for-table-salt-could-save-millions-of-lives-study-shows
  • An expert explains why you're exhausted by video calls and gives 3 simple tips to combat Zoom fatigue https://www.businessinsider.com/tips-on-how-to-avoid-zoom-fatigue-2021-8
  • What You Think of as 'Food Allergy' Might Be Something Else Instead. Here's Why https://www.sciencealert.com/nutritionist-debunks-these-food-allergy-and-intolerance-myths
  • TTC investigating video of man 'surfing' on outside of Line 2 subway train https://toronto.ctvnews.ca/ttc-investigating-video-of-man-surfing-on-outside-of-line-2-subway-train-1.5557495
  • A luxury high-rise in San Francisco is sinking even deeper, pausing a $100 million engineering plan to fix it https://www.businessinsider.com/san-francisco-sinking-millennium-tower-repair-construction-paused-2021-8
  • Toyota pauses self-driving 'e-Palette' service after one crashed into an Olympic athlete https://www.theverge.com/2021/8/27/22644496/toyota-epalette-autonomous-shuttle-crash-halt-olympics
  • The Technology to Reach Net Zero Carbon Emissions Isn't Ready for Prime Time, But ... https://www.scientificamerican.com/article/the-technology-to-reach-net-zero-carbon-emissions-isnt-ready-for-prime-time-but/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Doubling time for COVID-19 ICU patients in Ontario is 2-to-3 weeks, top doctor says https://globalnews.ca/news/8137550/covid-ontario-hospitals-icus-cases/
  • Ontario could hit 1,300 daily COVID-19 infections in three weeks, head of science table warns https://toronto.ctvnews.ca/ontario-could-hit-1-300-daily-covid-19-infections-in-three-weeks-head-of-science-table-warns-1.5558535
  • Ontario reports nearly 800 COVID-19 cases, 3 new deaths with 14 more following data cleanup https://globalnews.ca/news/8145830/ontario-covid-19-cases-august-27-coronavirus/
  • Alberta confirms 1,972 new COVID-19 cases, 5 deaths over 3 days https://globalnews.ca/news/8135158/alberta-covid-19-coronavirus-update-august-23/
  • 4,700 coronavirus cases have been traced to an outdoor music festival in southwest England. Officials say the mental-health benefits outweighed the risk. https://www.businessinsider.com/uk-music-festival-coronavirus-outbreak-officials-no-regrets-mental-health-2021-8
  • An unvaccinated teacher spread COVID-19 to 50% of students in a classroom after she took off a mask to read https://www.businessinsider.com/cdc-unvaccinated-teacher-spread-covid-to-50-of-classroom-2021-8
  • Up to 7,000 people who attended Ontario basketball tournament potentially exposed to COVID-19 https://toronto.ctvnews.ca/up-to-7-000-people-who-attended-ontario-basketball-tournament-potentially-exposed-to-covid-19-1.5558171
  • You aren't legally allowed to know which variant gave you COVID-19 in the US, even if it's Delta https://www.businessinsider.com/covid-patients-cant-know-which-variant-infected-them-delta-2021-8

• Guidance, Response, and Recovery:

  • Vaccine Refusers Don't Get to Dictate Terms Anymore https://www.theatlantic.com/ideas/archive/2021/08/vaccine-refusers-hesitancy-mandates-fda-delta/619918/
  • Ontario chamber of commerce issues guidance for businesses on proof-of-vax protocols https://toronto.ctvnews.ca/ontario-chamber-of-commerce-issues-guidance-for-businesses-on-proof-of-vax-protocols-1.5559654
  • Legal risk associated with requiring proof of COVID-19 vaccination is low: experts https://globalnews.ca/news/8147740/alberta-covid-vaccine-proof-law/
  • Peel Region to disclose location of events believed to be source of multiple COVID-19 cases https://toronto.ctvnews.ca/peel-region-to-disclose-location-of-events-believed-to-be-source-of-multiple-covid-19-cases-1.5560630
  • B.C. brings back mandatory masks in public indoor spaces for entire province https://globalnews.ca/news/8136927/mandatory-masks-public-indoors-mandate-bc/
  • B.C. to reveal details on proof-of-vaccination program on Monday https://globalnews.ca/news/8133780/bc-proof-vaccination-program/
  • Covid travel: Seven locations moved to Covid travel green list https://www.bbc.co.uk/news/uk-58348541
  • Oregon is the first state to bring back outdoor mask mandates for both vaccinated and unvaccinated people amid a sharp new rise in cases https://www.businessinsider.com/oregon-reimposing-outdoor-mask-mandates-including-for-vaccinated-2021-8
  • New Zealand locked down after a single COVID-19 infection - now, the outbreak has reached 148 cases, and a leading official says Delta raises 'big questions' about the country's plan to 'eliminate' the virus https://www.businessinsider.com/new-zealand-covid-strategy-lockdown-one-case-delta-2021-8
  • Delta Air Lines is requiring all employees to either get vaccinated or pay $200 more a month for health insurance https://www.businessinsider.com/delta-workers-need-vaccine-or-pay-200-extra-for-healthcare-2021-8

• Treatments, Testing, Triage, Trials, and things we Learned:

  • The CDC warned against taking ivermectin for COVID-19 after reports of tremors and disorientation from the deworming drug https://www.businessinsider.com/cdc-ivermectin-related-poison-control-calls-and-er-visits-2021-8

• Immunity and Vaccinations:

  • Pfizer's COVID-19 vaccine gets full FDA approval https://www.theverge.com/2021/8/23/22616546/pfizer-covid-vaccine-fda-approval-licensing
  • Things we learned:
  • COVID Vaccines Show No Signs of Harming Fertility or Sexual Function https://www.scientificamerican.com/article/covid-vaccines-show-no-signs-of-harming-fertility-or-sexual-function/

• Impact:

  • Rich countries' failure to vaccinate the world will do $2.3 trillion in economic damage, The Economist says https://www.businessinsider.com/slow-vaccination-cost-world-economy-trillions-gdp-economic-recovery-outlook-2021-8
  • Ontario COVID-19 science table member resigns, alleges that modelling data 'projects a grim fall' https://toronto.ctvnews.ca/ontario-covid-19-science-table-member-resigns-alleges-that-modelling-data-projects-a-grim-fall-1.5557510
  • A Florida health system is using refrigerated coolers because their morgues are full of patients who died from COVID-19 https://www.businessinsider.com/florida-hospitals-refrigerated-coolers-stories-bodies-morgues-are-full-2021-8
  • 75 doctors from multiple South Florida hospitals staged a walkout to protest a surge in unvaccinated COVID-19 patients https://www.businessinsider.com/florida-doctors-walkout-unvaccinated-patients-surge-2021-8

• Masks, anti-maskers, distancing, compliance, and repercussions:

  • Can the US crack down on fake vaccination cards? https://www.bbc.co.uk/news/business-58309026

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• You can learn a new language while you sleep, according to a study https://www.businessinsider.com/how-to-learn-a-new-language-in-your-sleep-according-to-scientists-2019-2
• DNA confirmed identity of engineer on HMS Erebus — and raises more questions in Franklin Expedition mystery https://www.cbc.ca/news/canada/erebus-terror-delay-research-john-gregory-identification-1.6140667
• 'Strange things out there': Inside Lake Ontario's 'Bermuda Triangle' https://globalnews.ca/news/8140913/lake-ontario-vortex-marysburgh-bermuda-triangle-zed-files/
• Newly Discovered Space Rock Loops The Sun Quicker Than Any Known Asteroid https://www.sciencealert.com/newly-discovered-space-rock-has-the-shortest-asteroid-year-in-the-solar-system
• Want to find Planet Nine? Here's a treasure map. https://www.syfy.com/syfywire/want-to-find-planet-nine-heres-a-treasure-map