This Week's [in]Security - Issue 236

Welcome to This Week’s [in]Security. PCI and payments: PTSv6.1, Interac & SecureKey, Non-compliance! Supply-Chain Backdoors: Big-Hacks: Syniverse (text messages), Everything Twitch, Pandora. New breaches: The Telegraph, BrewDog, Fantasy Football. New Ransomware: Confluence. Major outages: Facebook, Instagram, WhatsApp. Follow-ups & Fall-out. Privacy. Laws & Regs: Canada, US, World. Defense. Vulnerabilities, Zerodays: Apache. Other Vulnerabilities: Surveillance, Android, macOS, Reading CVE's. Air Gaps, Yamale, Honeywell, cams. Cybercrime. Trends: UEFI Bootkit2012, Spam, German stats. Nation States. Other Risks: Health, Safety & Environment. Covid-19: Spread, Curves, Waves, and Variants; Response; Immunity; Impact; Covid Ugly; Covid Compliance. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Request for Comments: PTS POI Modular Security Requirements v6.1 https://blog.pcisecuritystandards.org/request-for-comments-pts-poi-modular-security-requirements-v6-1
• Interac acquirers rights to SecureKey digital ID services https://www.msn.com/en-ca/money/topstories/interact-acquires-rights-to-securekey-digital-identification-services-in-canada/ar-AAP2mL1
• Non-Compliance Lesson No. 1: Wait until your assessment to validate scope https://controlgap.com/blog/Non-Compliance-Lesson-No-1

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• Major attacks, supply-chain compromises and widely used backdoors:

  • Data Breach Reports Rise as Supply Chain Attacks Surge https://www.databreachtoday.com/data-breach-reports-rise-as-supply-chain-attacks-surge-a-17701
  • Hackers May Have Had Access to Billions of Texts for Years, Global Telecom Company Admit https://www.databreaches.net/hackers-may-have-had-access-to-billions-of-texts-for-years-global-telecom-company-admit/
  • Largest mobile SMS routing firm discloses five-year-long breach https://www.bleepingcomputer.com/news/security/largest-mobile-sms-routing-firm-discloses-five-year-long-breach/
  • Syniverse Hack https://www.schneier.com/blog/archives/2021/10/synaverse-hack.html
  • Massive Twitch hack: Source code and payment reports leaked https://www.bleepingcomputer.com/news/security/massive-twitch-hack-source-code-and-payment-reports-leaked/
  • Twitch Data Breach Could Be 'Potentially Disastrous' https://www.nytimes.com/2021/10/06/technology/twitch-data-breach.html
  • Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration https://thehackernews.com/2021/10/twitch-suffers-massive-125gb-data-and.html
  • Twitch: No credentials or card numbers exposed in data breach https://www.bleepingcomputer.com/news/security/twitch-no-credentials-or-card-numbers-exposed-in-data-breach/
  • Pandora Papers: How leak is being reported around the world https://www.bbc.co.uk/news/world-58786291
  • Pandora Papers: 'This is a global network of which Canada is a hub' https://globalnews.ca/news/8243406/pandora-papers-canada-tax-haven/
  • Pandora Papers: World leaders deny wrongdoing after leaks https://www.bbc.co.uk/news/world-58791586

• New Breaches:

  • The Telegraph exposes 10 TB database with subscriber info https://www.bleepingcomputer.com/news/security/the-telegraph-exposes-10-tb-database-with-subscriber-info/
  • BrewDog exposed data of 200,000 shareholders for over a year https://www.zdnet.com/article/brewdog-exposed-data-of-200000-shareholders-for-over-a-year
  • Fantasy Football Hub - 66,479 breached accounts https://haveibeenpwned.com/PwnedWebsites#FantasyFootballHub
  • Republican Party of Texas - 72,596 breached accounts https://haveibeenpwned.com/PwnedWebsites#RepublicanPartyOfTexas

• New Ransomware and "Incidents":

  • New Atom Silo ransomware targets vulnerable Confluence servers https://www.bleepingcomputer.com/news/security/new-atom-silo-ransomware-targets-vulnerable-confluence-servers/

• Major outages/downs:

  • Facebook Is Down https://www.schneier.com/blog/archives/2021/10/facebook-is-down.html
  • What Happened to Facebook, Instagram, & WhatsApp? https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/
  • 70m people signed up for Telegram messaging app during Facebook's hours-long outage, founder says https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-outage-whatsapp-telegram-b1933042.html
  • Facebook, Instagram, and WhatsApp back online after BGP fix https://www.bleepingcomputer.com/news/technology/facebook-instagram-and-whatsapp-back-online-after-bgp-fix/

• Follow-ups and fall-out:

  • Threat actors sometimes name the wrong victims - so why are you just repeating their claims? https://www.databreaches.net/threat-actors-sometimes-name-the-wrong-victims-so-why-are-you-just-repeating-their-claims/
  • Hackers and Facebook: No Proof Data of 1.5 Billion Users is Being Sold https://www.nytimes.com/2021/10/05/technology/fb-hackers-data-sale.html

Privacy

Articles about privacy related news, risks, and trends.

• Sir Tim Berners-Lee and the BBC stage a very British coup to rescue our data from Facebook and friends https://www.theregister.com/2021/10/04/column_data_privacy/
• Google has a cunning plan to break your ad blocker (to make it better?!) https://www.techradar.com/news/google-has-a-cunning-plan-to-break-your-ad-blocker
• Why Some Stores Ask for Your ZIP Code-and Why You Shouldn't Share It https://www.mentalfloss.com/article/651005/why-stores-ask-for-your-zip-code

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

  • Why calls for 'right-to-repair' rules are revving up again for vehicles in Canada https://www.cbc.ca/news/business/right-to-repair-vehicles-canada-1.6198910
  • The Law Bytes Podcast, Episode 103: Privacy Reform Comes to Canada - Chantal Bernier on the Passage of Quebec's Bill 64 https://www.michaelgeist.ca/2021/10/law-bytes-podcast-episode-103/

• US:

  • K-12 Cybersecurity Act Signed into Law https://www.databreaches.net/k-12-cybersecurity-act-signed-into-law/
  • Risky Business #641 -- Lawsuit: Ransomware contributed to baby's death https://risky.biz/RB641
  • Southwest wins preliminary injunction against flight website Kiwi to stop it from posting the airline's fares https://www.businessinsider.com/southwest-airlines-wins-preliminary-injunction-kiwi-flight-website-cheap-tickets-2021-10
  • California Enacts Genetic Information Privacy Act https://epic.org/2021/10/california-enacts-genetic-info.html
  • Ransom Disclosure Act would give victims 48 hours to report payments https://www.bleepingcomputer.com/news/legal/ransom-disclosure-act-would-give-victims-48-hours-to-report-payments/
  • Senate Committee Hears Testimony of Facebook Whistleblower https://epic.org/2021/10/senate-committee-hears-testimo.html

• World:

  • GDPR Fines Hit More Than $1.1B in Q3 https://www.pymnts.com/news/regulation/2021/gdpr-fines-hit-more-than-1b-in-q3/
  • US Poised to Go After Contractors Who Don't Report Breaches https://www.securityweek.com/us-poised-go-after-contractors-who-dont-report-breaches
  • English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack https://www.databreaches.net/english-high-court-clarifies-appropriate-causes-of-action-in-data-claim-where-defendant-was-a-victim-of-third-party-cyber-attack/
  • Netherlands can use intelligence or armed forces to respond to ransomware attacks https://www.databreaches.net/netherlands-can-use-intelligence-or-armed-forces-to-respond-to-ransomware-attacks/
  • NFC Fine Looms for Apple, But Competitive Shifts Costly Over Long Run https://www.pymnts.com/antitrust/2021/nfc-fine-looms-for-apple-but-competitive-shifts-costly-over-long-run/
  • Security Breaches Underscore Questions on Open Banking's Data Liability https://www.pymnts.com/news/security-and-risk/2021/security-breaches-underscore-questions-on-open-bankings-data-liability/
  • China Fines Meituan $530 Million in Second Tech Antitrust Case https://www.nytimes.com/2021/10/08/technology/china-meituan-antitrust-fine.html

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• FCC Proposal Targets SIM Swapping, Port-Out Fraud https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/
• Arizona Launches Command Center to Combat Cyberattacks https://www.securityweek.com/arizona-launches-command-center-combat-cyberattacks
• Former Google Employees Launch Supply Chain Security Startup https://www.darkreading.com/application-security/fmr-google-employees-launch-supply-chain-security-startup
• How to Get Your Family to Actually Use a Password Manager https://www.wired.com/story/how-to-get-family-to-use-password-manager
• It's Time to Stop Paying for a VPN https://www.nytimes.com/2021/10/06/technology/personaltech/are-vpns-worth-it.html
• We're Smarter About Facebook Now https://www.nytimes.com/2021/10/07/technology/facebook-scandals.html
• Google to auto-enroll 150 million user accounts into 2FA https://www.bleepingcomputer.com/news/google/google-to-auto-enroll-150-million-user-accounts-into-2fa/
• Google Pledges $1 Million to Secure Open Source Program https://www.securityweek.com/google-pledges-1-million-secure-open-source-program
• Finding New Ways to Disrupt Ransomware Operations https://www.databreachtoday.com/interviews/finding-new-ways-to-disrupt-ransomware-operations-i-4970
• Let's Encrypt Root Expiration - Post-Mortem https://scotthelme.co.uk/lets-encrypt-root-expiration-post-mortem/
• Microsoft's 5 guiding principles for decentralized identities https://www.microsoft.com/security/blog/2021/10/06/microsofts-5-guiding-principles-for-decentralized-identities/
• Apple now requires all apps to make it easy for users to delete their accounts https://thehackernews.com/2021/10/apple-requires-devs-to-make-it-easy-for.html
• Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections https://blog.mozilla.org/security/2021/10/05/firefox-93-features-an-improved-smartblock-and-new-referrer-tracking-protections/
• Firefox 93 protects against Insecure Downloads https://blog.mozilla.org/security/2021/10/05/firefox-93-protects-against-insecure-downloads/
• Securing Connections: Disabling 3DES in Firefox 93 https://blog.mozilla.org/security/2021/10/05/securing-connections-disabling-3des-in-firefox-93/
• The New Paradigm for Work from Anywhere: Zero Trust Network Access (ZTNA) https://www.securityweek.com/new-paradigm-work-anywhere-zero-trust-network-access-ztna
• Taking 'Zero Data' Approach Lets Firms Control - and Find Value - In Sensitive Data https://www.pymnts.com/safety-and-security/2021/taking-zero-data-approach-lets-firms-control-and-find-value-in-sensitive-data/
• The NEW ICS418 Course: Step Up, Step Over, In Place - ICS Security Essentials for Managers https://www.sans.org/blog/the-new-ics418-course-step-up-step-over-in-place-ics-security-essentials-for-managers
• Announcing Access Temporary Authentication https://blog.cloudflare.com/announcing-access-temporary-authentication/
• Tools To Explore BGP Routes https://packetstormsecurity.com/news/view/32698/Tools-To-Explore-BGP-Routes.html
• Yubico Enables Biometric Logins With New YubiKey Bio Series https://www.securityweek.com/yubico-enables-biometric-logins-new-yubikey-bio-series

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day news:

  • Apache HTTP Server Project patches exploited zero-day vulnerability https://www.zdnet.com/article/apache-http-server-project-patches-exploited-zero-day-vulnerability
  • Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773) https://blog.cloudflare.com/helping-apache-servers-stay-safe-from-zero-day-path-traversal-attacks/

• Other Vulnerabilities:

  • A Blank Wall Can Show How Many People Are in a Room and What They're Doing https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/
  • Google Patches Over 50 Serious Vulnerabilities in Android https://www.securityweek.com/google-patches-over-50-serious-vulnerabilities-android
  • PoC Exploit Released for macOS Gatekeeper Bypass https://www.securityweek.com/poc-exploit-released-macos-gatekeeper-bypass
  • CVE Data Is Often Misinterpreted: Here's What to Look For https://www.darkreading.com/vulnerabilities-threats/cve-data-is-often-misinterpreted-here-s-what-to-look-for
  • Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html
  • Code Execution Bug Affects Yamale Python Package - Used by Over 200 Projects https://thehackernews.com/2021/10/code-execution-bug-affects-yamale.html
  • IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft https://threatpost.com/ip-surveillance-bugs-axis-rce-data-theft/175350/
  • Hackers Could Disrupt Industrial Processes via Flaws in Widely Used Honeywell DCS https://www.securityweek.com/hackers-could-disrupt-industrial-processes-flaws-widely-used-honeywell-dcs
  • Mozilla upgrades older Thunderbird clients to the latest version https://www.bleepingcomputer.com/news/software/mozilla-upgrades-older-thunderbird-clients-to-the-latest-version/
  • Unpatched Dahua cams vulnerable to unauthenticated remote access https://www.bleepingcomputer.com/news/security/unpatched-dahua-cams-vulnerable-to-unauthenticated-remote-access/
  • Anonymity of NIST PQC Round-3 KEMs https://eprint.iacr.org/2021/1323

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • ESPecter Bootkit Malware Haunts Victims with Persistent Espionage https://threatpost.com/especter-bootkit-malware-espionage/175366/
  • Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 https://thehackernews.com/2021/10/researchers-discover-uefi-bootkit.html
  • Hackers use stealthy ShellClient malware on aerospace, telco firms https://www.bleepingcomputer.com/news/security/hackers-use-stealthy-shellclient-malware-on-aerospace-telco-firms/
  • How Ransomware Attackers Hit Virtual Machine Hypervisors https://www.databreachtoday.com/how-ransomware-attackers-hit-virtual-machine-hypervisors-a-17675
  • New File-Locking Malware With No Known Decryptor Found https://www.databreachtoday.com/new-file-locking-malware-no-known-decryptor-found-a-17673
  • New Python ransomware targets virtual machines, ESXi hypervisors to encrypt disks https://www.zdnet.com/article/new-python-ransomware-targets-virtual-machines-esxi-hypervisor-to-encrypt-disks
  • Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies https://www.securityweek.com/aggressive-ransomware-group-fin12-moves-fast-targets-big-companies
  • No honor among thieves: One in five targets of FIN12 hacking group is in healthcare https://www.zdnet.com/article/no-honor-among-thieves-one-in-five-targets-of-fin12-hacking-group-is-involved-in-healthcare
  • The State of Spam in the US: Report and Statistics https://www.comparitech.com/blog/vpn-privacy/spam-statistics/
  • Actors Target Huawei Cloud Using Upgraded Linux Malware https://www.trendmicro.com/en_us/research/21/j/actors-target-huawei-cloud-using-upgraded-linux-malware-.html
  • Germany cyber security and cyber crime statistics (2020-2021) https://www.comparitech.com/blog/information-security/germany-cyber-security-statistics/
  • Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms https://thehackernews.com/2021/10/iranian-hackers-abuse-dropbox-in.html
  • Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems https://thehackernews.com/2021/10/researchers-warn-of-fontonlake-rootkit.html

• Nation State Actors:

  • Google warns 14,000 Gmail users targeted by Russian hackers https://www.bleepingcomputer.com/news/security/google-warns-14-000-gmail-users-targeted-by-russian-hackers/
  • Microsoft: Russia Behind 58% of Detected State-Backed Hacks https://www.securityweek.com/microsoft-russia-behind-58-detected-state-backed-hacks
  • Russian orgs heavily targeted by smaller tier ransomware gangs https://www.bleepingcomputer.com/news/security/russian-orgs-heavily-targeted-by-smaller-tier-ransomware-gangs/
  • Russian spies reportedly used SolarWinds hack to steal US counterintelligence details https://www.theregister.com/2021/10/07/solarwinds_russia_us_counterintelligence_details/
  • New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers https://thehackernews.com/2021/10/new-study-links-seemingly-disparate.html
  • Never mind Russia: Turkey and Vietnam are Microsoft's new state-backed hacker threats du jour https://www.theregister.com/2021/10/08/microsoft_digital_defence_report/
  • A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries https://thehackernews.com/2021/10/a-new-apt-hacking-group-targeting-fuel.html

• Crime & Arrests, etc.:

  • Ex-Army Contractor Sentenced to 12 Years for Fraud https://www.databreachtoday.com/ex-army-contractor-sentenced-to-12-years-for-fraud-a-17670
  • Fired IT admin revenge-hacks school by wiping data, changing passwords https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/
  • Ransomware operators behind hundreds of attacks arrested in Ukraine https://www.bleepingcomputer.com/news/security/ransomware-operators-behind-hundreds-of-attacks-arrested-in-ukraine/
  • Ukraine Busts 2 Suspects Tied to Major Ransomware Group https://www.databreachtoday.com/ukraine-busts-2-suspects-tied-to-major-ransomware-group-a-17667
  • Hacker arrested in France for theft of COVID-19 tests for 1.4 million Parisians https://www.databreaches.net/hacker-arrested-in-france-for-theft-of-covid-19-tests-for-1-4-million-parisians/
  • Vancouver woman pepper-sprayed by man in process of stealing her catalytic converter https://globalnews.ca/news/8253677/catalytic-converter-theft-vancouver-pepper-sprayed/

Other Security / Risk

Articles covering other types of risks.

• CISOs are not risk owners https://peterhgregory.wordpress.com/2021/10/08/cisos-are-not-risk-owners%ef%bf%bc/
• Loss of Intellectual Property, Customer Data Pose Greatest Business Risks https://www.darkreading.com/edge-threat-monitor/loss-of-intellectual-property-customer-data-pose-greatest-business-risks
• COTT GALLOWAY: Digital ads need a warning label like cigarettes, and their algorithms should be taxed https://www.businessinsider.com/scott-galloway-digital-fraud-advertisements-regulated-2021-10
• Canadian Companies Have Strong Cyber Security Protocols In Place, But Lag in Testing Their Effectiveness https://www.datex.ca/blog/canadian-companies-have-strong-cyber-security-protocols-in-place-but-lag-in-testing-their-effectiveness
• The Shortfalls of Mean Time Metrics in Cybersecurity https://thehackernews.com/2021/10/the-shortfalls-of-mean-time-metrics-in.html
• 71% of Security Pros Find Patching to be Complex and Time Consuming, Ivanti Study Confirms https://www.darkreading.com/vulnerabilities-threats/71-of-security-pros-find-patching-to-be-complex-and-time-consuming-ivanti-study-confirms
• Air gaps have been 'shattered', says new Indian policy on power sector security https://www.theregister.com/2021/10/08/india_power_sector_infosec_policy/
• Face Recognition Isn't Just Face Identification and Verification: It's Also Photo Clustering, Race Analysis, Real-time Tracking, and More https://www.eff.org/deeplinks/2021/10/face-recognition-isnt-just-face-identification-and-verification
• Face Recognition Technology: Commonly Used Terms https://www.eff.org/deeplinks/2021/10/face-recognition-technology-commonly-used-terms
• Facebook is reportedly holding off on new product launches that could hurt its reputation after a brutal few weeks https://www.businessinsider.com/facebook-slowing-new-product-launches-reputational-reviews-wsj-report-whistleblower-2021-10
• Firewalls? Pfft - it's no match for my mighty spares-bin PC https://www.theregister.com/2021/10/04/who_me/
• Cheating on Tests https://www.schneier.com/blog/archives/2021/10/cheating-on-tests.html
• Firefox's address bar has ads now, but you can disable them https://www.theverge.com/2021/10/7/22715179/firefox-suggest-search-ads-browser
• 'Fatberg' plugged up Moose Jaw sewage line, threatening half of city https://leaderpost.com/news/saskatchewan/fatberg-plugged-up-moose-jaw-sewage-line-threatening-half-of-city
• How to change your default browser in Windows 11 https://www.theverge.com/22714629/windows-11-microsoft-browser-edge-chrome-firefox
• Microsoft shares Windows 11 TPM check bypass for unsupported PCs https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-windows-11-tpm-check-bypass-for-unsupported-pcs/

• Health, Safety & Environment:

  • Historic go-ahead for malaria vaccine to protect African children https://www.bbc.co.uk/news/health-58810551?at_medium=RSS&at_campaign=KARANGA
  • McKinsey Never Told the FDA It Was Working for Opioid Makers While Also Working for the Agency https://www.propublica.org/article/mckinsey-never-told-the-fda-it-was-working-for-opioid-makers-while-also-working-for-the-agency#1129729
  • Researchers demonstrate vaccination approach in mice that could prevent future coronavirus outbreaks https://scienmag.com/researchers-demonstrate-vaccination-approach-in-mice-that-could-prevent-future-coronavirus-outbreaks/
  • Study of 6 Million Americans Finds No Significant Side Effects From mRNA Vaccines https://www.sciencealert.com/study-of-over-6-million-americans-finds-no-significant-side-effects-from-mrna-vaccines
  • Can I Get My Flu Shot and COVID Vaccine at the Same Time? https://www.mentalfloss.com/article/651085/flu-shot-covid-vaccine-same-time
  • A cousin of Viagra reduces obesity by stimulating cells to burn fat, study shows https://scienmag.com/a-cousin-of-viagra-reduces-obesity-by-stimulating-cells-to-burn-fat-study-shows/
  • SickKids sees surge in non-urgent ER visits as paediatricians refuse in-person checkups https://toronto.ctvnews.ca/sickkids-sees-surge-in-non-urgent-er-visits-as-paediatricians-refuse-in-person-checkups-1.5615739
  • Deadly Falls among the Elderly Are on the Rise https://www.scientificamerican.com/article/deadly-falls-among-the-elderly-are-on-the-rise/
  • Woman burned trying to save dog in US national park https://www.bbc.co.uk/news/world-us-canada-58836528?at_medium=RSS&at_campaign=KARANGA
  • Woman sentenced to four days in jail for staying too close to grizzly bears https://www.cnn.com/travel/article/yellowstone-bear-incident-woman-sentenced/index.html
  • Nuking an Asteroid to Prevent Armageddon Could Actually Work, Study Shows https://www.sciencealert.com/our-last-line-of-defence-against-an-asteroid-hit-actually-works-study-shows
  • Repairs to stop a 58-story San Francisco luxury building from sinking instead made it sink more https://www.businessinsider.com/repairs-to-stop-millennium-tower-sinking-made-it-sink-more-2021-10
  • A Grim 'Huge Extinction Event' Happened 30 Million Years Ago, And We Only Just Noticed https://www.sciencealert.com/a-mass-extinction-took-place-in-africa-30-million-years-ago-and-we-ve-only-just-noticed
  • Canadians are among the world's worst carbon emitters. Here's what we can do about it https://www.cbc.ca/news/science/how-canadians-can-cut-carbon-footprints-1.6202194
  • A supply-chain traffic jam of container ships off Southern California ports may have contributed to the massive oil spill https://www.businessinsider.com/how-supply-chain-issues-dominoed-into-massive-california-oil-spill-2021-10
  • Giant, Catastrophic Oil Spill in California Ranks as One of The Worst in Decades https://www.sciencealert.com/giant-catastrophic-oil-spill-in-california-ranks-as-one-of-the-worst-in-decades
  • Fat Bear Week: 480 Otis crowned chunkiest boy in Alaska https://www.bbc.co.uk/news/world-us-canada-58820070?at_medium=RSS&at_campaign=KARANGA
  • Google Bans Ads That Spread Climate Misinformation https://www.scientificamerican.com/article/google-bans-ads-that-spread-climate-misinformation/
  • Seal-mounted camera recovered after 3 years on N.S. ocean floor yields hours of video https://www.cbc.ca/news/canada/nova-scotia/seal-camera-lost-at-sea-retrieved-offshore-nova-scotia-1.6204068
  • This Rare, Otherworldly Squid Was Caught on Film on a Deep-Sea Dive https://www.sciencealert.com/this-rare-otherworldly-squid-was-caught-on-film-on-a-deep-sea-dive
  • NOAA Sailed a Drone into the Heart of Powerful Hurricane Sam https://www.scientificamerican.com/article/noaa-sailed-a-drone-into-the-heart-of-powerful-hurricane-sam/
  • Another rare orange lobster found in an Ontario grocery store heading to Toronto aquarium https://globalnews.ca/news/8252090/rare-orange-lobster-found-ontario-grocery-store/

COVID-19 updates.

COVID related articles. We have been following coronavirus risks since https://controlgap.com/blog/this-weeks-insecurity-issue-147.

• The spread, curves, spikes, waves, reinfection, and variant strains:

  • Delta variant 133% more deadly than original COVID strain: Canadian study https://globalnews.ca/news/8244271/delta-variant-covid-19-strain-canadian-study/
  • Ontario logs 476 new COVID-19 cases, 14 more deaths https://toronto.ctvnews.ca/ontario-logs-476-new-covid-19-cases-14-more-deaths-1.5613038
  • 4th wave of COVID-19 no longer growing, cases could decline in coming weeks: PHAC https://globalnews.ca/news/8253435/fourth-wave-covid19-decline-phac/
  • Russia shatters COVID-19 death record as surge persists, killing 968 in a single day https://globalnews.ca/news/8255711/new-russia-covid-death-record/

• Guidance, Response, and Recovery:

  • An at-home, rapid COVID test sold through Amazon, CVS, Target, and Walmart was recalled after a large number of false positives https://www.businessinsider.com/at-home-covid-test-recall-false-positives-amazon-cvs-target-2021-10
  • Number of COVID-19 vaccine exemptions being given out seems 'high,' Ontario medical officer says https://globalnews.ca/news/8245515/number-of-covid-vaccine-exemptions-seems-high-ontario-medical-officer/
  • One of Colorado's largest health systems is denying organ transplants to most unvaccinated people https://www.businessinsider.com/colorado-hospital-denying-organ-transplants-unvaccinated-2021-10
  • More COVID-19 vaccine mandates coming as U.S. summer surge in cases wanes: officials https://globalnews.ca/news/8247964/covid-vaccine-mandates-us/
  • Union files grievance over Toronto's plan to terminate unvaccinated workers https://toronto.ctvnews.ca/union-files-grievance-over-toronto-s-plan-to-terminate-unvaccinated-workers-1.5614895

• Immunity and Vaccinations:

  • AstraZeneca seeks U.S. emergency approval for COVID-19 prevention drug https://globalnews.ca/news/8243886/astrazeneca-u-s-emergency-approval-covid-19-prevention-drug/
  • Things we learned:
  • A Paper Linking COVID-19 Vaccines to High Risk of Myocarditis Has Been Withdrawn https://www.sciencealert.com/study-saying-covid-19-vaccines-cause-heart-inflammation-withdrawn-due-to-miscalculation

• Impact:

  • The Atlantic Daily: The Big Wait https://www.theatlantic.com/newsletters/archive/2021/10/why-global-supply-chains-are-so-messed/620346/
  • TTC prepares for possible worker shortage based on COVID vaccination status disclosure https://globalnews.ca/news/8253369/ttc-worker-shortage-possible-covid-vaccination-policy/

• More of the good, the bad, and the ugly:

  • Kingston, Ont., pub loses liquor licence for breaking pandemic rules https://www.cbc.ca/news/canada/ottawa/jakk-tuesdays-kingston-vaccine-liquor-license-1.6195118

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Amazon rainforest plant defied classification for 50 years https://www.science-atlas.com/news/this-unusual-plant-from-the-amazon-rainforest-has-baffled-scientists-for-50-years/
• Russian film team boldly shoot towards space station https://www.bbc.co.uk/news/world-europe-58804143?at_medium=RSS&at_campaign=KARANGA
• There are Many Metal-Rich Asteroids Nearby to Investigate https://www.universetoday.com/152853/there-are-many-metal-rich-asteroids-nearby-to-investigate/
• Swarm of Near-Earth Comets Linked to Recent Ice Giant Breakup https://www.discovermagazine.com/the-sciences/swarm-of-near-earth-comets-linked-to-recent-ice-giant-breakup
• This Object is Both an Asteroid and a Comet https://www.universetoday.com/152892/this-object-is-both-an-asteroid-and-a-comet/
• WASP-76b is hot enough to ionize your bones https://www.syfy.com/syfywire/wasp-76b-is-hot-enough-to-ionize-your-bones
• Astronomers May Have Discovered the First Known Planet to Orbit 3 Stars https://scitechdaily.com/astronomers-may-have-discovered-the-first-known-planet-to-orbit-3-stars/