This Week's [in]Security - Issue 266

Welcome to This Week’s [in]Security. PCI and payments: Skimmers. Payments: New breaches: Anonymous, DeFi, Ikea. New Ransomware, Major outages, Follow-ups & Fall-out. Privacy: Health Canada, Facial recognition. Laws & Regs - Canada: Copyright. US: ISPs, Insurance. World: India. Standards: NIST, definitions. Defense - Training & events: space-cybersecurity. Password day. Kill-switch. Tools: MFA. Vulnerabilities, Advisories: Patching: F5, Cisco. Other: mental health apps, AV bugs, uClibc IoT, DNS poisoning, No MFA? Vulnerability research: Zero-Knowledge. Crypto-research: Quantum crypto. Cybercrime: Trends: Event log malware, Doh! Crime & Enforcement: BEC impact. Nation States and mercenaries. false-flags, sanctions, Spain & Pegasus, China. espionage, Other. Other Risks: General: Airtags, deepfakes, web3. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. NATO. Quantum computing, Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Payment skimmers/malware/fraud:
  • Caramel credit card stealing service is growing in popularity https://www.bleepingcomputer.com/news/security/caramel-credit-card-stealing-service-is-growing-in-popularity/
• Other payment related:
  • Interchange Fees Catch Heat, and Are Defended, on Capitol Hill https://www.pymnts.com/credit-cards/2022/interchange-fees-catch-heat-and-are-defended-on-capitol-hill/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
  • Anonymous Leak 82GB of Police Emails Against Australia's Offshore Detention https://www.databreaches.net/anonymous-leak-82gb-of-police-emails-against-australias-offshore-detention/
  • Another Weekend Another Hack: DeFi Lender Fei Protocol Suffers $80M Security Breach https://www.databreaches.net/another-weekend-another-hack-defi-lender-fei-protocol-suffers-80m-security-breach/
  • Breast Cancer Support Organization Leaks Data Despite Multiple Notifications? https://www.databreaches.net/breast-cancer-support-organization-leaks-data-despite-multiple-notifications/
  • Thousands of Borrowers' Data Exposed from ENCollect Debt Collection Service https://thehackernews.com/2022/05/thousands-of-borrowers-data-exposed.html
  • Internal data breach discovered at Ikea Canada impacts 95,000 Canadians https://globalnews.ca/news/8812708/ikea-canada-internal-data-breach-95000-records/
  • University of Essex data breach being taken ‘very seriously' https://www.databreaches.net/university-of-essex-data-breach-being-taken-very-seriously/
  • Another school district notifies parent of Illuminate breach https://www.databreaches.net/another-school-district-notifies-parent-of-illuminate-breach/
• New Ransomware and "Incidents":
  • Conti, REvil, LockBit ransomware bugs exploited to block encryption https://www.databreaches.net/conti-revil-lockbit-ransomware-bugs-exploited-to-block-encryption/
  • Here's How The Lazarus Hackers Start Their Attacks https://packetstormsecurity.com/news/view/33419/Heres-How-The-Lazarus-Hackers-Start-Their-Attacks.html
  • VHD Ransomware Variant Linked to North Korean Cyber Army https://www.darkreading.com/threat-intelligence/new-ransomware-variant-linked-to-north-korean-cyber-army
  • Lockbit ransomware attack cripples parts of German library service https://www.databreaches.net/lockbit-ransomware-attack-cripples-parts-of-german-library-service/
  • Class cancelled at Kellogg Community College following ransomware attack https://www.databreaches.net/class-cancelled-at-kellogg-community-college-following-ransomware-attack/
• Major outages/downs:
  • 15.3 Million Request-Per-Second DDoS Attack https://www.schneier.com/blog/archives/2022/05/15-3-million-request-per-second-ddos-attack.html
• Follow-ups and fall-out:
  • GitHub Says Recent Attack Was Highly Targeted https://www.securityweek.com/github-says-recent-attack-was-highly-targeted
  • Health startup myNurse to shut down after data breach exposed health records https://www.databreaches.net/health-startup-mynurse-to-shut-down-after-data-breach-exposed-health-records/
  • Heroku Forces User Password Resets Following GitHub OAuth Token Theft https://thehackernews.com/2022/05/heroku-forces-user-password-resets.html
  • PayHere - 1,580,249 breached accounts https://haveibeenpwned.com/PwnedWebsites#PayHere

Privacy

Articles about privacy related news, risks, and trends.

• Health agency tracked Canadians' trips to liquor store via phones during pandemic https://nationalpost.com/news/canada/health-agency-tracked-canadians-trips-to-liquor-stores-pharmacies-via-phones-during-pandemic
• Canadians should be able to opt-out of government location tracking: ethics probe https://globalnews.ca/news/8809352/canada-location-tracking-ethics-probe/
• Police can't use facial ID technologies for mass surveillance: Canada's privacy watchdogs https://globalnews.ca/news/8803309/police-facial-recognition-canada-privacy-watchdogs/
• The Movement to Ban Government Use of Face Recognition https://www.eff.org/deeplinks/2022/05/movement-ban-government-use-face-recognition
• Digital Rights Updates with EFFector 34.3 https://www.eff.org/deeplinks/2022/05/digital-rights-updates-effector-343
• Privacy pathology: It's time for the users to gather a little data – evidence https://www.theregister.com/2022/05/03/opinion_column_privacy/
• Data Brokers Track Abortion Clinic Visits for Anyone to Buy https://www.wired.com/story/data-brokers-tracking-abortion-clinics-security-news

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
  • The Law Bytes Podcast, Episode 127: Lucie Guibault on Canada's Approach to Copyright Term Extension https://www.michaelgeist.ca/2022/05/law-bytes-podcast-episode-127/
• US:
  • Every ISP in the US Must Block These 3 Pirate Streaming Services https://www.wired.com/story/streaming-services-piracy-blocked-isps-united-states
  • Two States Enact Insurance Data Security Laws https://www.databreaches.net/two-states-enact-insurance-data-security-laws/
  • Update: U.S. v. Robert Purbeck aka “Lifelock” https://www.databreaches.net/update-u-s-v-robert-purbeck-aka-lifelock/
• World:
  • Germany Announces New Curbs on Meta's Power https://www.pymnts.com/news/regulation/2022/germany-announces-new-curbs-on-metas-power/
  • The EU Digital Markets Act Places New Obligations on “Gatekeeper” Platforms https://www.eff.org/deeplinks/2022/04/eu-digital-markets-act-places-new-obligations-gatekeeper-platforms
  • The EU Digital Markets Act's Interoperability Rule Addresses An Important Need, But Raises Difficult Security Problems for Encrypted Messaging https://www.eff.org/deeplinks/2022/04/eu-digital-markets-acts-interoperability-rule-addresses-important-need-raises
  • The EU's Copyright Directive Is Still About Filters, But EU's Top Court Limits Its Use https://www.eff.org/deeplinks/2022/05/eus-copyright-directive-still-about-filters-eus-top-court-limits-its-use
  • Apple Pay is anticompetitive, says EU in preliminary ruling https://www.theverge.com/2022/5/2/23048116/apple-pay-eu-antitrust-nfc-payment-wallet
  • India to introduce six-hour data breach notification rule https://www.databreaches.net/india-to-introduce-six-hour-data-breach-notification-rule/
  • Indian government makes user data collection mandatory for VPNs; Providers debate leaving country https://www.databreaches.net/indian-government-makes-user-data-collection-mandatory-for-vpns-providers-debate-leaving-country/
  • VPN Providers Threaten to Quit India Over New Data Law https://www.wired.com/story/india-vpn-data-law
  • Whistleblowers claim Facebook's chaotic Australia news ban was a negotiating tactic https://www.theverge.com/2022/5/6/23059684/facebook-australia-news-ban-internally-praised-overbroad-nonprofits-government-organizations
• Standards News:
  • NIST Releases Cybersecurity White Paper - Planning for a Zero Trust Architecture - https://csrc.nist.gov/publications/detail/white-paper/2022/05/06/planning-for-a-zero-trust-architecture/final
  • NIST SP 800-161r1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf
  • NISTIR 8320 Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases https://csrc.nist.gov/publications/detail/nistir/8320/final
  • The Importance of Defining Secure Code https://thehackernews.com/2022/05/the-importance-of-defining-secure-code.html

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
  • Space Cybersecurity Symposium III: Cybersecurity – Global and Applied Topics – June 16 10:00 am – 2:30 pm EDT https://www.nist.gov/news-events/events/2022/06/space-cybersecurity-symposium-iii-cybersecurity-global-and-applied-topics
• General:
  • This World Password Day consider ditching passwords altogether https://www.microsoft.com/security/blog/2022/05/05/this-world-password-day-consider-ditching-passwords-altogether/
  • Microsoft Releases Defender for SMBs https://www.darkreading.com/analytics/microsoft-releases-defender-for-smbs
  • Microsoft warns Exchange Online basic auth will be disabled https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-exchange-online-basic-auth-will-be-disabled/
  • Ridiculous Ransomware Kill Switch https://packetstormsecurity.com/news/view/33399/Ridiculous-Ransomware-Kill-Switch.html
• Methods, Techniques, Tools, and Products:
  • GitHub to Developers: Turn on 2FA or Lose Access https://www.darkreading.com/dr-tech/github-to-developers-turn-on-2fa-or-lose-access
  • How MFA Helps Retailers Fight Fraud https://www.pymnts.com/identity/2022/how-mfa-helps-retailers-fight-fraud/
  • Microsoft, Apple, and Google to support FIDO passwordless logins https://www.bleepingcomputer.com/news/security/microsoft-apple-and-google-to-support-fido-passwordless-logins/
  • Google to Add Passwordless Authentication Support to Android and Chrome https://thehackernews.com/2022/05/google-to-add-passwordless.html
  • Google Releases First Developer Preview of Privacy Sandbox on Android 13 https://thehackernews.com/2022/05/google-releases-first-developer-preview.html
  • Finding the Real "Last Patched" Day (Interim Version), (Tue, May 3rd) https://isc.sans.edu/diary/rss/28610

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
  • CISA Alert: Top 15 Routinely Exploited Vulnerabilities https://blog.qualys.com/vulnerabilities-threat-research/2022/05/06/cisa-alert-top-15-routinely-exploited-vulnerabilities
• Patching:
  • Exploits created for critical F5 BIG-IP flaw, install patch immediately https://www.bleepingcomputer.com/news/security/exploits-created-for-critical-f5-big-ip-flaw-install-patch-immediately/
  • F5 Warns BIG-IP Customers About 18 Serious Vulnerabilities https://www.securityweek.com/f5-informs-big-ip-customers-about-18-serious-vulnerabilities
  • Cisco fixes NFVIS bugs that help gain root and hijack hosts https://www.bleepingcomputer.com/news/security/cisco-fixes-nfvis-bugs-that-help-gain-root-and-hijack-hosts/
  • Google fixes actively exploited Android kernel vulnerability https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-android-kernel-vulnerability/
• Other Vulnerabilities:
  • A Third of Americans Use Easy-to-Guess Pet Passwords https://www.darkreading.com/operations/americans-easy-guess-pet-passwords
  • Mozilla finds mental health apps fail ‘spectacularly' at user security, data policies https://www.databreaches.net/mozilla-finds-mental-health-apps-fail-spectacularly-at-user-security-data-policies/
  • Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus https://thehackernews.com/2022/05/researchers-disclose-10-year-old.html
  • Aruba and Avaya network switches are vulnerable to RCE attacks https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/
  • TLS Flaws Leave Avaya, Aruba Switches Open to Complete Takeover https://www.darkreading.com/vulnerabilities-threats/tls-flaws-leave-avaya-aruba-switches-open-to-complete-takeover
  • Many IoT Devices Exposed to Attacks Due to Unpatched Flaw in uClibc Library https://www.securityweek.com/many-iot-devices-exposed-attacks-due-unpatched-flaw-uclibc-library
  • Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw https://arstechnica.com/information-technology/2022/05/gear-from-netgear-linksys-and-200-others-has-unpatched-dns-poisoning-flaw/
  • Cisco Issues Fresh Warning Over Counterfeit Switches https://www.securityweek.com/cisco-issues-fresh-warning-over-counterfeit-switches
  • (Seems unwise) SheetJS ditches npm registry over 2FA requirement and 'legal matters' https://www.bleepingcomputer.com/news/software/sheetjs-ditches-npm-registry-over-2fa-requirement-and-legal-matters/
  • Google Docs crashes on seeing "And. And. And. And. And." https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/
• Research on new vulnerabilities:
  • zk-Sherlock: Exposing Hardware Trojans in Zero-Knowledge, by Dimitris Mouris and Charles Gouert and Nektarios Georgios Tsoutsos https://eprint.iacr.org/2022/516
• Cryptography and Cryptographic Research:
  • Increasing entropy in our CSP nonces https://scotthelme.co.uk/increasing-entropy-in-our-csp-nonces/
  • Biden orders new quantum push to ensure encryption isn't cracked by rivals https://www.theregister.com/2022/05/05/us_quantum_initiatives/
  • US Gov Issues Security Memo on Quantum Computing Risks https://www.securityweek.com/us-gov-issues-security-memo-quantum-computing-risks

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
  • Attackers Use Event Logs to Hide Fileless Malware https://threatpost.com/attackers-use-event-logs-to-hide-fileless-malware/179484/
  • Early Warning Services Unveils Synthetic ID Fraud Tool https://www.pymnts.com/identity/2022/early-warning-services-unveils-synthetic-id-fraud-tool/
  • New Sophisticated Malware https://www.schneier.com/blog/archives/2022/05/new-sophisticated-malware.html
  • Phishing operation hits NHS email accounts to harvest Microsoft credentials https://www.theregister.com/2022/05/05/phishing_campaign_nhs/
  • AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
  • New Black Basta Ransomware Possibly Linked to Conti Group https://www.securityweek.com/new-black-basta-ransomware-possibly-linked-conti-group
  • New NetDooka malware spreads via poisoned search results https://www.bleepingcomputer.com/news/security/new-netdooka-malware-spreads-via-poisoned-search-results/
  • Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives https://thehackernews.com/2022/05/researchers-warn-of-raspberry-robin.html
  • Scammer Infects His Own Machine With Spyware, Reveals True Identity https://www.darkreading.com/attacks-breaches/scammer-infects-own-machine-reveals-true-identity
  • Ferrari subdomain hijacked to push fake Ferrari NFT collection https://www.bleepingcomputer.com/news/security/ferrari-subdomain-hijacked-to-push-fake-ferrari-nft-collection/
  • Please Ignore My Last 577 Tweets https://www.theatlantic.com/technology/archive/2022/05/moonbirds-nft-scam-twitter-hack/629745/
• Crime & Arrests, etc.:
  • FBI says business email compromise is a $43 billion scam https://www.bleepingcomputer.com/news/security/fbi-says-business-email-compromise-is-a-43-billion-scam/
  • Crypto Hackers Have Stolen More Than $370 Million In April Alone https://packetstormsecurity.com/news/view/33398/Crypto-Hackers-Have-Stolen-More-Than-370-Million-In-April-Alone.html
  • U.S. DoD tricked into paying $23.5 million to phishing actor https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/
  • London 'Crypto Muggers' Steal Phones From Digital Investors https://www.pymnts.com/cryptocurrency/2022/london-crypto-muggers-steal-phones-from-digital-investors/
• Nation State Actors:
  • Nobody Knows Where the Red Line Is for Cyberwarfare https://www.databreaches.net/nobody-knows-where-the-red-line-is-for-cyberwarfare/
  • False-flag cyberattacks a red line for nation-states, says Mandiant boss https://www.theregister.com/2022/05/07/false_flag_attacks/
  • U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions https://thehackernews.com/2022/05/us-sanctions-cryptocurrency-mixer.html
  • US offers $15 million reward for info on the Conti ransomware gang https://www.bleepingcomputer.com/news/security/us-offers-15-million-reward-for-info-on-the-conti-ransomware-gang/
  • Risky Business #664 -- The Spanish Prime Minister got Pegasus'd https://risky.biz/RB664
  • Spanish PM, defense minister latest Pegasus spyware victims https://www.theregister.com/2022/05/02/spain_pegasus_malware/
  • China-linked APT Caught Pilfering Treasure Trove of IP https://threatpost.com/china-linked-apt-caught-pilfering-treasure-trove-of-ip/179503/
  • Chinese "Override Panda" Hackers Resurface With New Espionage Attacks https://thehackernews.com/2022/05/chinese-override-panda-hackers.html
  • Chinese cyber-espionage group Moshen Dragon targets Asian telcos https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-moshen-dragon-targets-asian-telcos/
  • Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html
  • Other:

Other Security / Risk

Articles covering other types of risks.

• General:
  • AirTags are sending a new kind of false alarm, report says https://www.theverge.com/2022/5/6/23060113/airtags-safety-phantom-alerts-apple
  • Alberta's first public AI lab hopes to solve nagging government problems with data and innovation https://www.cbc.ca/news/canada/edmonton/alberta-s-first-public-ai-lab-hopes-to-solve-nagging-government-problems-with-data-and-innovation-1.6441415
  • Deepfakes Are a Growing Threat to Cybersecurity and Society: Europol https://www.securityweek.com/deepfakes-are-growing-threat-cybersecurity-and-society-europol
  • Will Web3 Follow in the Footsteps of the AI Hype Cycle? https://freedom-to-tinker.com/2022/05/04/will-web3-follow-in-the-footsteps-of-the-ai-hype-cycle/
  • Watch a swarm of drones autonomously track a human through a dense forest https://www.theverge.com/2022/5/5/23058160/drone-swarm-autonomous-navigation-dense-forest-person-tracking
  • CANs Reinvent LANs for an All-Local World https://threatpost.com/cans-reinvent-lans-for-an-all-local-world/179518/
  • Russia to Rent Tech-Savvy Prisoners to Corporate IT? https://krebsonsecurity.com/2022/05/russia-to-rent-tech-savvy-prisoners-to-corporate-it/
  • NVIDIA fined for failure to disclose cryptomining sales boost https://www.bleepingcomputer.com/news/technology/nvidia-fined-for-failure-to-disclose-cryptomining-sales-boost/
  • The Great Rage https://www.theatlantic.com/ideas/archive/2022/05/us-politics-threats-violence-harassment/629739/
• Health:
  • Covid: World's true pandemic death toll nearly 15 million, says WHO https://www.bbc.co.uk/news/health-61327778
  • America Is Starting to See What COVID Immunity Really Looks Like https://www.theatlantic.com/health/archive/2022/05/omicron-covid-transmission-herd-immunity/629758/
  • ‘Better Than Omicron' Is Still Pretty Bad https://www.theatlantic.com/health/archive/2022/05/omicron-us-covid-surge-meaning/629765/
  • 2 new Omicron subvariants behind recent COVID-19 spike in South Africa: WHO https://globalnews.ca/news/8808581/ba4-ba5-subvariants-omicron-covid-19-south-africa-who/
  • BA.4, BA.5 in Canada: What we know about the 2 new Omicron subvariants https://globalnews.ca/news/8817441/covid-omicron-subvariants-ba-4-ba-5-explainer/
  • Nose Spray Vaccines Could Quash COVID Virus Variants https://www.scientificamerican.com/article/nose-spray-vaccines-could-quash-covid-virus-variants/
  • A pig virus may have contributed to the death of first pig heart transplant patient https://www.theverge.com/2022/5/6/23060519/pig-virus-heart-transplant-xenotransplantation
  • Huge Study Identifies The 'Optimal' Amount of Sleep From Middle Age Onwards https://www.sciencealert.com/huge-study-of-uk-data-suggests-7-hours-sleep-in-middle-and-old-age-is-the-optimal-amount
  • Eight die in Iran after drinking homemade alcohol https://www.bbc.co.uk/news/world-middle-east-61306865
  • Astronauts Have Distinct Brain Changes Even Months After They Return to Earth https://www.sciencealert.com/veteran-astronauts-still-carry-the-effects-of-earlier-space-travel-on-their-brain-s-anatomy
• Safety:
  • Passenger taken into custody after opening emergency exit and walking on wing of plane while it was taxiing https://www.cnn.com/travel/article/united-airlines-passenger-walking-on-wing/index.html
  • A Virgin Atlantic flight had to turn around mid-air after one of the pilots was found to not have completed their training https://www.businessinsider.com/virgin-atlantic-flight-turn-around-pilot-incomplete-training-2022-5
  • Old Russian Rocket Motor Explodes in Orbit, Creating More Space Debris https://www.scientificamerican.com/article/old-russian-rocket-motor-explodes-in-orbit-creating-more-space-debris/
  • Body found in a barrel at Lake Mead is the tip of the iceberg. Forensic anthropologists are now recovering human remains following droughts, sea-level rise, and wildfires. https://www.businessinsider.com/forensic-anthropologists-on-the-front-lines-as-climate-change-worsens-2022-5
  • Drone carrying 11 handguns located in tree along St. Clair River: OPP https://globalnews.ca/news/8802746/drone-carrying-handguns-tree-st-clair-river/
• Environment:
  • Astonishing Heat Grips India and Pakistan https://www.scientificamerican.com/article/astonishing-heat-grips-india-and-pakistan/
  • Coastal Cities Are Drinking Themselves Underwater https://www.scientificamerican.com/article/coastal-cities-are-drinking-themselves-underwater1/
  • Water scarcity predicted to worsen in more than 80% of croplands globally this century https://scienmag.com/water-scarcity-predicted-to-worsen-in-more-than-80-of-croplands-globally-this-century/
  • Last summer's B.C., Alberta heat wave was among most extreme since 1960s, study shows https://www.cbc.ca/news/canada/edmonton/western-heat-wave-1.6442220
  • Understanding how sunscreens damage coral https://scienmag.com/understanding-how-sunscreens-damage-coral/
  • Those tiny contact lenses can create a big waste problem. Here's a way to focus on changing that https://www.cbc.ca/news/canada/london/contact-lenses-optometry-clinics-program-1.6439776
  • Turns Out All That Plastic Currently Sitting in US Landfills Is Worth BILLIONS of Dollars https://www.sciencealert.com/all-that-plastic-that-ends-up-in-landfill-is-worth-billions-scientists-say
  • Condors soar again over Northern California coastal redwoods https://www.cbc.ca/news/science/condors-success-story-1.6439887
  • Greenwashing warning for HSBC draws attention to environmental targets https://www.businessinsider.com/uk-regulators-accuse-hsbc-of-greenwashing-2022-5
• Disinformation and misinformation
  • Science has spoken: Tell the truth on Facebook or risk your reputation https://scienmag.com/science-has-spoken-tell-the-truth-on-facebook-or-risk-your-reputation/
  • Economy:
  • Why Europe will have to face the true cost of being in debt to China https://www.bbc.co.uk/news/world-europe-61276168
  • The Fed just made its first double-size rate hike in 22 years, and it's very likely more will follow, Powell says https://www.businessinsider.com/federal-reserve-interest-rate-hikes-double-sized-future-meetings-powell-2022-5
  • Dow craters 1,063 points for worst day in nearly 2 years as tech-stock weakness wipes out Fed rally https://markets.businessinsider.com/news/stocks/stock-market-news-dow-jones-plummets-worst-day-since-2020-2022-5
  • A wave of layoffs is sweeping the US. Here are firms that have announced cuts so far, from Peloton to Wells Fargo. https://www.businessinsider.com/layoffs-sweeping-the-us-these-are-the-companies-making-cuts-2022-5
  • More than 100 customers of N26, one of Europe's biggest online banks, say their accounts were suddenly closed — and some haven't gotten their money back https://www.businessinsider.com/n26-bank-europe-customers-account-closures-access-savings-2022-4
  • Cut-And-Paste Error Destroys $36M in Crypto, Eroding Trust in Blockchain https://www.pymnts.com/cryptocurrency/2022/cut-and-paste-error-destroys-36m-in-crypto-eroding-trust-in-blockchain/
  • Cryptocurrencies and NFTs Are a Buyer Beware Market https://www.scientificamerican.com/article/cryptocurrencies-and-nfts-are-a-buyer-beware-market/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
  • Russia's most advanced tank in service was obliterated by Ukraine just days after it was deployed, according to reports https://www.businessinsider.com/russias-most-advanced-tank-in-service-destroyed-after-days-reports-2022-5
  • Mariupol fighting: More evacuations from besieged city on Friday, UN says https://www.bbc.co.uk/news/world-europe-61342436
  • Russia reportedly shells Azovstal steel plant as Ukraine receives Mariupol evacuees https://globalnews.ca/news/8805240/ukraine-mariupol-azovstal-evacuations-russia-war/
  • Russian attacks on Ukraine's fuel depots mean critical shortages and an anxious public https://globalnews.ca/news/8812099/ukraine-fuel-shortage/
  • Moskva sinking: US gave intelligence that helped Ukraine sink Russian cruiser - reports https://www.bbc.co.uk/news/world-us-canada-61343044
  • U.S. intel helping Ukraine target, kill generals won't stop Russia, officials say https://globalnews.ca/news/8811404/ukraine-killing-russian-generals-u-s-intelligence-report-kremlin-response/
  • Russian troops' struggle to talk to each other in Ukraine reflects a problem that's only getting tougher for all militaries https://www.businessinsider.com/russian-troops-in-ukraine-face-military-communications-challenges-2022-5
  • Ukraine war: Russia must withdraw to pre-invasion position for a deal - Zelensky https://www.bbc.co.uk/news/world-europe-61359228
• Reaction and response:
  • Until Ukraine, Russia Lobbyists Successfully Blunted U.S. Sanctions After Foreign Adventurism https://theintercept.com/2022/05/07/russia-lobbying-sanctions-ukraine/
  • Is Nato's Nordic expansion a threat or boost to Europe? https://www.bbc.co.uk/news/world-europe-61369963
  • Sweden hasn't gone to war since Napoleon was alive, but Russia has it preparing for another one https://www.businessinsider.com/russia-ukraine-attack-causes-sweden-to-up-defenses-reconsider-nato-2022-5
  • China Not Happy With South Korea Joining NATO Cyber Defense Center https://www.securityweek.com/china-not-happy-south-korea-joining-nato-cyber-defense-center
  • US Cyber Command Team Helps Lithuania Protect Its Networks https://www.securityweek.com/us-cyber-command-team-helps-lithuania-protect-its-networks
  • UK bans Russia from using British services and takes aim at Kremlin troll factory, in swathe of new sanctions https://www.businessinsider.com/uk-bans-russia-british-services-kremlin-troll-factory-2022-5
  • Dutch and Swedish dockers refused to unload a tanker carrying Russian diesel because of 'international solidarity' over the Ukraine invasion, union leader says https://www.businessinsider.com/eu-dock-workers-refused-unload-russian-oil-tanker-netherlands-diesel-2022-5
  • A sanctioned Russian oligarch's $300 million superyacht has been seized by Fiji at the US' request https://www.businessinsider.com/300-million-superyacht-owned-by-russian-oligarch-seized-in-fiji-2022-5
  • Fiji says the US can seize a sanctioned Russian oligarch's superyacht https://www.businessinsider.com/sanctioned-russian-oligarch-superyacht-amadea-suleyman-kerimov-2022-5
  • Google Play now blocks paid app downloads, updates in Russia https://www.bleepingcomputer.com/news/google/google-play-now-blocks-paid-app-downloads-updates-in-russia/
• Sanctions & economic Impact:
  • 25M tonnes of trapped grain in Ukraine affecting global food prices: UN https://globalnews.ca/news/8814561/25m-tonnes-of-grain-trapped-ukraine-un/
  • Russian troops stole $5M worth of farm vehicles from a John Deere dealership, which remotely locked the thieves out of the equipment https://www.businessinsider.com/russian-troops-locked-out-of-stolen-john-deere-farm-equipment-2022-5
  • The EU is set to propose a Russian oil embargo, but Putin ally Hungary pushes back: 'It makes no sense' https://markets.businessinsider.com/news/commodities/putin-ally-hungary-veto-germany-eu-russian-oil-embargo-ukraine-2022-5
  • UK sanctions Russian microprocessor makers, banning them from ARM https://www.bleepingcomputer.com/news/technology/uk-sanctions-russian-microprocessor-makers-banning-them-from-arm/
  • EU divided over how to step away from Russian energy https://www.bbc.co.uk/news/business-61298791
  • Moscow stopped sending gas to Poland, but Italy and France are plugging the gap with rerouted Russian supplies, says Gazprom https://markets.businessinsider.com/news/commodities/russia-gas-halted-poland-italy-france-sent-supplies-gazprom-pipeline-2022-5
  • Oil and natural gas jump in Europe after EU unveils plans to phase out Russian crude within 6 months https://markets.businessinsider.com/news/commodities/oil-price-today-russia-ban-eu-brent-and-gas-imports-2022-5
  • Russia is still sliding towards a bond default in the coming weeks. It's up to the US Treasury whether it actually happens. https://markets.businessinsider.com/news/bonds/russia-bond-default-us-treasury-ofac-sanctions-ukraine-payments-debt-2022-5
  • The EU is going after Russia's global oil sales by cracking down on anyone from insurers to ship owners, report says https://markets.businessinsider.com/news/commodities/eu-oil-ban-russia-global-shipping-insurance-exports-tankers-2022-5
  • Putin threatens supply chains with counter-sanction order https://www.theregister.com/2022/05/04/russian_counter_sanctions/
  • India's top steelmaker will stop importing Russian coal due to 'uncertainties' created by Western sanctions on Moscow https://markets.businessinsider.com/news/commodities/tata-steel-stop-importing-russian-coal-western-sanctions-payment-concerns-2022-5
  • Information, Disinformation, and Propaganda:
  • Research exposes long-term failure of Russian propaganda in Ukraine's Donbas region https://scienmag.com/research-exposes-long-term-failure-of-russian-propaganda-in-ukraines-donbas-region/
• Cyber-attacks and the potential for cyber-war:
  • Russia hammered by pro-Ukrainian hackers following invasion https://arstechnica.com/information-technology/2022/05/russia-hammered-by-pro-ukrainian-hackers-following-invasion/
  • Ukraine's IT Army is disrupting Russia's alcohol distribution https://www.bleepingcomputer.com/news/security/ukraine-s-it-army-is-disrupting-russias-alcohol-distribution/
  • Data-Wiper Malware Surges As Ukraine Battles Ongoing Invasion https://packetstormsecurity.com/news/view/33393/Data-Wiper-Malware-Surges-As-Ukraine-Battles-Ongoing-Invasion.html
  • A Romanian, involved in the Russian cyber attacks of the last days on some Romanian sites has been arrested by UK police https://www.databreaches.net/a-romanian-involved-in-the-russian-cyber-attacks-of-the-last-days-on-some-romanian-sites-has-been-arrested-by-uk-police/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Quantum Innovation:
  • The quest for an ideal quantum bit https://scienmag.com/the-quest-for-an-ideal-quantum-bit/
  • Ultrafast all-optical random bit generator https://scienmag.com/ultrafast-all-optical-random-bit-generator/
  • Surprising symmetries for theoretical computer science https://scienmag.com/surprising-symmetries-for-theoretical-computer-science/
• Innovations & Inventions:
  • Rechargeable Molten Salt Battery Freezes Energy in Place for Long-Term Storage https://www.scientificamerican.com/article/rechargeable-molten-salt-battery-freezes-energy-in-place-for-long-term-storage/
  • They Did It! Rocket Lab Uses Copter to Catch (and Release) a Rocket https://www.universetoday.com/155706/they-did-it-rocket-lab-uses-copter-to-catch-and-release-a-rocket/
  • A Magnetic Bubble Could Protect Astronauts From Dangerous Space Radiation https://www.universetoday.com/155605/a-magnetic-bubble-could-protect-astronauts-from-dangerous-space-radiation/
• Other:
  • Nautilus - The record-breaking dive under the Arctic ice in 1958 https://www.bbc.com/future/article/20220503-the-record-breaking-dive-under-the-arctic-ice & the museum https://ussnautilus.org/
  • Giant 'Death Shadow' Dinosaur Found in Argentina Is Largest Megaraptor on Record https://www.sciencealert.com/death-shadow-megaraptor-has-just-been-unearthed-in-argentina
  • NASA Spacecraft Will Visit Apophis, Once Earth's Deadliest Asteroid Threat https://www.scientificamerican.com/article/nasa-spacecraft-will-visit-apophis-once-earth-rsquo-s-deadliest-asteroid-threat/
  • Hear the Weird Sounds of a Black Hole Singing https://www.nytimes.com/2022/05/07/science/space/astronomy-black-hole-sound.html
  • The Universe Could Start Shrinking 'Remarkably' Soon, Scientists Say https://www.sciencealert.com/the-universe-could-start-shrinking-remarkably-soon