This Week's [in]Security - Issue 270

Welcome to This Week’s [in]Security. PCI and payments: Payments: New breaches: Pegasus Airlines, ACY Securities, Elasticsearch Buckets. New Ransomware, Follow-ups & Fall-out: largest breaches. Privacy: Consumer Trust, Tim Hortons. Laws & Regs - Canada: C-18, C-11. US: ethical hacking, privacy bill, right to repair. World: Crypto-AML. Defense - Tools & Techniques, Vulnerabilities, Advisories: CISA & FDA. Zerodays, dangerous Follina/MSDT, Confluence, Horde, ICS Doh! Patching. Other: Bulletproof TLS, MySQL, web-scraping. Vulnerability research: remote touchscreen control. Crypto-research: Quantum, AES. Cybercrime: Trends: WordPress Plugins, scams. Crime & Enforcement: Disrupting DDoS. Nation States and mercenaries. Other. Other Risks: General: bias, scammers. Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• Other payment related:

• Contactless Card Shipments Broke Through the 2 Billion Barrier for the First Time in 2021 https://www.digitaltransactions.net/contactless-card-shipments-broke-through-the-2-billion-barrier-for-the-first-time-in-2021/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:

• Pegasus Airlines data breach exposes 6.5TB of flight and crew data https://www.databreaches.net/pegasus-airlines-data-breach-exposes-6-5tb-of-flight-and-crew-data/

• AU: Researcher finds ACY Securities leaking 60 GB of User Data https://www.databreaches.net/au-researcher-finds-acy-securities-leaking-60-gb-of-user-data/

• Adecco - 4,284,538 breached accounts https://haveibeenpwned.com/PwnedWebsites#Adecco

• 12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists https://www.darkreading.com/cloud/12k-misconfigured-elasticsearch-buckets-extortionists

• Icare sends private details of 193,000 workers to wrong employers https://www.databreaches.net/icare-sends-private-details-of-193000-workers-to-wrong-employers/

• Novartis says no sensitive data was compromised in cyberattack https://www.databreaches.net/novartis-says-no-sensitive-data-was-compromised-in-cyberattack/

• Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack https://www.databreaches.net/data-breach-at-australian-pension-provider-spirit-super-impacts-50k-victims-following-phishing-attack/

• Health P.E.I. alerts public of privacy breach after laptop stolen https://www.databreaches.net/health-p-e-i-alerts-public-of-privacy-breach-after-laptop-stolen/

• New Ransomware and "Incidents":

• Ransomware attack sends New Jersey county back to 1977 https://www.databreaches.net/ransomware-attack-sends-new-jersey-county-back-to-1977/

• Follow-ups and fall-out:

• Visual Capitalist: Visualizing The 50 Biggest Data Breaches From 2004–2021 https://www.visualcapitalist.com/cp/visualizing-the-50-biggest-data-breaches-from-2004-2021/

• Are victims of Netgain ransomware incident first being notified now? https://www.databreaches.net/are-victims-of-netgain-ransomware-incident-first-being-notified-now/

Privacy

Articles about privacy related news, risks, and trends.

• 23% of Consumers Say Theft of Personal Data Is No 1 Issue That Would Reduce Trust in Online Merchants https://www.pymnts.com/news/ecommerce/2022/23-pct-consumers-say-theft-of-personal-data-would-reduce-trust-in-online-merchants/

• Canadian government slams Tim Hortons for using its app to spy on customers https://www.theverge.com/2022/6/2/23151517/canada-privacy-commission-tim-hortons-app-data-location-tracking-investigation-results

• Was Tim Hortons' app improperly tracking users? Privacy commissioner to decide https://globalnews.ca/news/8884583/tim-hortons-app-privacy-commissioner-decision/

• Your Tim Hortons Coffee App Knew Where You Were at All Times https://www.wired.com/story/tim-hortons-coffee-app-location-data-tracking

• San Francisco Police Nailed for Violating Public Records Laws Regarding Face Recognition and Fusion Center Documents https://www.eff.org/deeplinks/2022/06/san-francisco-police-nailed-violating-public-records-laws-regarding-face

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:

• Google warns every MP, senator not to fast track Canadian online news bill https://globalnews.ca/news/8887074/canada-news-bill-c-18-google-letters/

• Bill C-11 and User Content at the Heritage Committee: The Gaslighting Continues https://www.michaelgeist.ca/2022/05/bill-c-11-and-user-content/

• Bell on Bill C-11: Limit Consumer Choice, Weaken Competition, and Legislate Access to Cheap U.S. Content https://www.michaelgeist.ca/2022/06/bell-on-bill-c-11/

• US:

• The United States Department of Justice Will no Longer Prosecute Ethical Hackers https://blog.isc2.org/isc2_blog/2022/06/us-will-no-longer-prosecute-ethical-hackers.html

• US Online Privacy Bill Gets Bipartisan Support https://www.pymnts.com/news/regulation/2022/us-online-privacy-bill-gets-bipartisan-support/

• New York state passes first-ever ‘right to repair' law for electronics https://www.theverge.com/2022/6/3/23153504/right-to-repair-new-york-state-law-ifixit-repairability-diy

• New York lawmakers pass a moratorium on Bitcoin mining https://www.theverge.com/2022/6/3/23151622/new-york-bitcoin-mining-moratorium-bill-state-senate

• California Privacy Bill Draft Sidesteps Key Personal Data Collection Issues https://www.pymnts.com/news/regulation/2022/california-privacy-bill-draft-sidesteps-key-personal-data-collection-issues/

• A victim of the April 12 Brooklyn subway shooting victim is suing the gunmaker Glock https://www.businessinsider.com/brooklyn-subway-shooting-victim-is-suing-the-gunmaker-glock-2022-6

• Buffalo shooting: Suspect charged with domestic terrorism https://www.bbc.co.uk/news/world-us-canada-61669403

• World:
• Crypto Faces New Restrictive AML Rules From EU Parliament Experts Say https://www.pymnts.com/cryptocurrency/2022/eu-parliament-likely-to-impose-restrictive-aml-rule-on-crypto-expert-says/

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:

• Microsoft collaborates with Tenable to support federal cybersecurity efforts https://www.microsoft.com/security/blog/2022/06/02/microsoft-collaborates-with-tenable-to-support-federal-cybersecurity-efforts/

• Methods, Techniques, Tools, and Products:

• Psychological Experiment Reveals The Best Ways to Get People to Cooperate With You https://www.sciencealert.com/psychological-experiment-reveals-the-best-ways-to-get-people-to-cooperate-with-you

• Aligning Your Password Policy enforcement with NIST Guidelines https://www.bleepingcomputer.com/news/security/aligning-your-password-policy-enforcement-with-nist-guidelines/

• Social Engineering Kill–Chain: Predicting, Minimizing & Disrupting Attack Verticals https://ahead.feedly.com/posts/social-engineering-kill-chain-predicting-minimizing-and-disrupting-attack-verticals

• Microsoft: Windows Autopatch now available for public preview https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-autopatch-now-available-for-public-preview/

• Windows 11 'Restore Apps' feature will make it easier to set up new PCs https://www.bleepingcomputer.com/news/microsoft/windows-11-restore-apps-feature-will-make-it-easier-to-set-up-new-pcs/

• Welcoming the Indonesian Government to Have I Been Pwned https://www.troyhunt.com/welcoming-the-indonesian-government-to-have-i-been-pwned/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:

• CISA Alert (AA22-152A): Karakurt Data Extortion Group https://www.databreaches.net/cisa-alert-aa22-152a-karakurt-data-extortion-group/

• CISA Warns of Critical Vulnerabilities in Illumina Genetic Analysis Devices https://www.securityweek.com/cisa-warns-critical-vulnerabilities-illumina-genetic-analysis-devices

• Zero-day and other recent vulnerability news:

• “Follina” – Critical Zero-Day Exploit for Microsoft Products https://www.controlgap.com/blog/microsoft-ms-msdt-execution-follina-critical-zero-day-exploit-for-microsoft-products

• Clever — and Exploitable — Windows Zero-Day in MSDT https://www.schneier.com/blog/archives/2022/06/clever-and-exploitable-windows-zero-day.html

• Code execution 0-day in Windows has been under active exploit for 7 weeks https://arstechnica.com/information-technology/2022/05/code-execution-0day-in-windows-has-been-under-active-exploit-for-7-weeks/

• CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild https://www.tenable.com/blog/cve-2022-30190-zero-click-zero-day-in-msdt-exploited-in-the-wild

• Windows MSDT zero-day now exploited by Chinese APT hackers https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-now-exploited-by-chinese-apt-hackers/

• An actively exploited Microsoft 0-day flaw still doesn't have a patch https://arstechnica.com/information-technology/2022/06/an-actively-exploited-microsoft-0day-flaw-still-doesnt-have-a-patch/

• Microsoft shares mitigation for Office Follina/MSDT zero-day exploited in attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/

• Windows MSDT zero-day vulnerability gets free unofficial patch https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/

• Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild https://thehackernews.com/2022/06/atlassian-releases-patch-for-confluence.html

• Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence https://www.theregister.com/2022/06/03/atlassian_confluence_critical_flaw_attacked/

• CVE-2022-26134: Zero-Day Vulnerability in Atlassian Confluence Server and Data Center Exploited in the Wild https://www.tenable.com/blog/cve-2022-26134-zero-day-vulnerability-in-atlassian-confluence-server-and-data-center-exploited

• Hacker free-for-all hammers servers not patched against Atlassian 0-day https://arstechnica.com/information-technology/2022/06/hacker-free-for-all-hammers-servers-not-patched-against-atlassian-0-day/

• New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html

• Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms https://www.securityweek.com/vendor-refuses-remove-backdoor-account-can-facilitate-attacks-industrial-firms

• Patching:

• You Need to Update iOS, Chrome, Windows, and Zoom ASAP https://www.wired.com/story/ios-chrome-android-windows-update-may-2022

• GitLab Issues Security Patch for Critical Account Takeover Vulnerability https://thehackernews.com/2022/06/gitlab-issues-security-patch-for.html

• Other Vulnerabilities:

• Australian digital driving licenses can be defaced in minutes https://www.theregister.com/2022/05/30/nsw_digital_drivers_licenses_hackable/

• Weekly Update 298, Ausie Drivers licenses and we all got pwned at MGM https://www.troyhunt.com/weekly-update-298/

• Bulletproof TLS#89 WordPress certificate transparency compromises, TLS security in IoT, EU vs end-to-end encryption, CAB code signing rules https://www.feistyduck.com/bulletproof-tls-newsletter/issue_89_certificate_transparency_data_is_used_to_compromise_wordpress_before_installation

• Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html

• Scanning Finds Over 3.6 Million Internet-Accessible MySQL Servers https://www.securityweek.com/scanning-finds-over-36-million-internet-accessible-mysql-servers

• Cyber Agency: Voting Software Vulnerable in Some States https://www.securityweek.com/cyber-agency-voting-software-vulnerable-some-states

• Security and Human Behavior (SHB) 2022 https://www.schneier.com/blog/archives/2022/05/security-and-human-behavior-shb-2022.html

• A new framework for web scraping data to ensure its validity for use in marketing studies https://scienmag.com/a-new-framework-for-web-scraping-data-to-ensure-its-validity-for-use-in-marketing-studies/

• Research on new vulnerabilities:

• What Counts as “Good Faith Security Research?” https://krebsonsecurity.com/2022/06/what-counts-as-good-faith-security-research/

• Remotely Controlling Touchscreens https://www.schneier.com/blog/archives/2022/06/remotely-controlling-touchscreens.html

• Sandbox Evasion... With Just a Filename!, (Fri, Jun 3rd) https://isc.sans.edu/diary/rss/28708

• Cryptography and Cryptographic Research:

• Quantum Analysis of AES https://eprint.iacr.org/2022/683

• Yet Another Algebraic Cryptanalysis of Small Scale Variants of AES https://eprint.iacr.org/2022/695

• On the Quantum Security of OCB https://eprint.iacr.org/2022/699

• Canadian company Xanadu achieves 'big leap forward' in quantum computer race https://www.theglobeandmail.com/business/article-canadian-company-xanadu-achieves-big-leap-forward-in-quantum-computer/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):

  • Apple blocked 1.6 millions apps from defrauding users in 2021 https://www.bleepingcomputer.com/news/security/apple-blocked-16-millions-apps-from-defrauding-users-in-2021/

  • Wray: FBI Blocked Planned Cyberattack on Children's Hospital https://www.securityweek.com/wray-fbi-blocked-planned-cyberattack-childrens-hospital

  • YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites https://thehackernews.com/2022/06/yoda-tool-found-47000-malicious.html

  • SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

  • SideWinder hackers plant fake Android VPN app in Google Play Store https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/

  • SMSFactory Android malware sneakily subscribes to premium services https://www.bleepingcomputer.com/news/security/smsfactory-android-malware-sneakily-subscribes-to-premium-services/

  • Telegram's blogging platform abused in phishing attacks https://www.bleepingcomputer.com/news/security/telegram-s-blogging-platform-abused-in-phishing-attacks/

  • WatchDog hacking group launches new Docker cryptojacking campaign https://www.bleepingcomputer.com/news/security/watchdog-hacking-group-launches-new-docker-cryptojacking-campaign/

  • Ransomware attacks need less than four days to encrypt systems https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/

  • Ransomware gang now hacks corporate websites to show ransom notes https://www.bleepingcomputer.com/news/security/ransomware-gang-now-hacks-corporate-websites-to-show-ransom-notes/

  • Hackers steal WhatsApp accounts using call forwarding trick https://www.bleepingcomputer.com/news/security/hackers-steal-whatsapp-accounts-using-call-forwarding-trick/

  • Microsoft disrupts Bohrium hackers' spear-phishing operation https://www.bleepingcomputer.com/news/security/microsoft-disrupts-bohrium-hackers-spear-phishing-operation/

  • New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html

  • Costa Rica May Be Pawn in Conti Ransomware Group's Bid to Rebrand, Evade Sanctions https://krebsonsecurity.com/2022/05/costa-rica-may-be-pawn-in-conti-ransomware-groups-bid-to-rebrand-evade-sanctions/

  • Conti spotted working on exploits for Intel Management Engine flaws https://www.theregister.com/2022/06/02/conti_rasomware_intel_firmware/

  • Cybercriminals Expand Attack Radius and Ransomware Pain Points https://threatpost.com/criminals-expand-attack-radius/179832/

  • Exposing POLONIUM activity and infrastructure targeting Israeli organizations https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/

  • FBI warns of Ukrainian charities impersonated to steal donations https://www.bleepingcomputer.com/news/security/fbi-warns-of-ukrainian-charities-impersonated-to-steal-donations/

  • Crypto scams conned thousands of people out of over $1 billion since 2021, the most of any type of currency, according to new FTC report https://www.businessinsider.com/crypto-scams-conned-thousands-collective-1-billion-ftc-2022-6

• Crime & Arrests, etc.:

  • 'Clipminer' Malware Actors Steal $1.7 Million Using Clipboard Hijacking https://www.darkreading.com/application-security/clipminer-malware-actors-steal-17-million-clipboard-hijacking

  • 3 men wanted after ATM stolen from Toronto business https://globalnews.ca/news/8886284/atm-stolen-jane-street-lambton-avenue/

  • Europol Announces Takedown of FluBot Mobile Spyware https://www.securityweek.com/europol-announces-takedown-flubot-mobile-spyware

  • FBI seizes domains used to sell stolen data, DDoS services https://www.bleepingcomputer.com/news/security/fbi-seizes-domains-used-to-sell-stolen-data-ddos-services/

  • Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

• Nation State Actors:

  • Dutch Used Pegasus Spyware on Most-Wanted Criminal: Report https://www.securityweek.com/dutch-used-pegasus-spyware-most-wanted-criminal-report

• Other:

  • Legit or Not? The Underground Company That Hacks iPhones For Ordinary Consumers https://packetstormsecurity.com/news/view/33508/The-Underground-Company-That-Hacks-iPhones-For-Ordinary-Consumers.html

  • What if ransomware evolved to hit IoT in the enterprise? https://www.theregister.com/2022/06/01/ransomware_iot_devices/

Other Security / Risk

Articles covering other types of risks.

• General:

  • In bias we trust? https://scienmag.com/in-bias-we-trust/

  • Good Luck Not Accidentally Hiring a North Korean Scammer https://www.wired.com/story/north-korean-it-scammer-alert

  • Transitioning to a Risk-based Approach to Cybersecurity https://blog.qualys.com/qualys-insights/2022/05/31/transitioning-to-a-risk-based-approach-to-cybersecurity

  • The Murena One shows exactly how hard it is to de-Google your smartphone https://www.theverge.com/2022/5/31/23144917/murena-one-smartphone-degoogle-android

  • Indian authorities issue conflicting advice about biometric ID card security https://www.theregister.com/2022/05/30/indian_authorities_conflicting_aadhaar_advice/

  • Podcast Episode: Wordle and the Web We Need https://www.eff.org/deeplinks/2022/05/podcast-episode-wordle-and-web-we-need

  • Schneier talk from 2020 The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists https://www.schneier.com/blog/archives/2022/06/me-on-public-interest-tech.html

  • A Chinese space center found a mysterious jamming device outside its base just weeks before a crewed rocket launch https://www.businessinsider.com/chinese-space-center-jammer-base-weeks-before-launch-2022-5

• Health:

  • Scientists May Have Found a Way to Inject Oxygen Into The Bloodstream Intravenously https://www.sciencealert.com/experimental-device-could-intravenously-deliver-oxygen-to-the-bloodstream

  • Woman receives 3D-printed ear made from her own cells https://www.theverge.com/2022/6/2/23151690/3d-printed-ear-transplant

  • US, Canadian regulators tie hepatitis cases to strawberries https://www.cp24.com/mobile/news/us-canadian-regulators-tie-hepatitis-cases-to-strawberries-1.5925124

  • Neural 'Poisonous Flowers' Could Be The Source of Alzheimer's Plaque, Says Study https://www.sciencealert.com/here-s-where-alzheimer-s-plaques-might-really-come-from

  • Proteins Involved in Alzheimer's Can 'Overcook' Cells Through Heat, Study Finds https://www.sciencealert.com/study-shows-how-alzheimer-s-causes-cells-to-overheat-and-fry-like-eggs

  • Monkeypox warnings 'went ignored,' and now world must brace for more outbreaks: scientists https://www.cbc.ca/news/health/monkeypox-warnings-ignored-outbreaks-1.6472148

  • Compared to COVID-19 PCR testing, dogs can detect infections with high sensitivity (97%), though lower specificity (91%) – even when patients are asymptomatic https://scienmag.com/compared-to-covid-19-pcr-testing-dogs-can-detect-infections-with-high-sensitivity-97-though-lower-specificity-91-even-when-patients-are-asymptomatic/

  • Mouth-to-mouth resuscitation during COVID-19 – study shows using a face mask works https://scienmag.com/mouth-to-mouth-resuscitation-during-covid-19-study-shows-using-a-face-mask-works/

  • Why Omicron Is About To Make Americans Act Immorally, Inappropriately https://www.forbes.com/sites/robertpearl/2022/05/31/why-omicron-is-about-to-make-americans-act-immorally-inappropriately/

  • COVID-19 border measures to stay until at least end of June: PHAC https://globalnews.ca/news/8882250/covid-19-border-measures-canada-phac/

• Safety:

  • 'Heart-stopping' video captures GO train nearly hitting 3 young people in Toronto https://www.cbc.ca/news/canada/toronto/go-train-nearly-hitting-three-young-people-milton-1.6470572

  • Over 750 Tesla owners in the U.S. have complained about cars braking for no reason https://globalnews.ca/news/8891636/over-750-tesla-car-complaints-in-u-s/

  • Canada's tornado warnings falling well short of targets, analysis finds https://www.cbc.ca/news/canada/saskatchewan/tornado-warning-accuracy-targets-1.6473664

  • The 'Wall of Wind' Can Blow Away Buildings at Category 5 Hurricane Strength https://www.scientificamerican.com/article/the-lsquo-wall-of-wind-rsquo-can-blow-away-buildings-at-category-5-hurricane-strength/

  • ‘Large bang' heard in London's Trafalgar Square as police detonate suspicious vehicle https://globalnews.ca/news/8893924/london-trafalgar-square-explosion/

  • Handgun sales exploding across B.C.'s Lower Mainland, gun store owner says https://globalnews.ca/news/8886298/handgun-sales-bc-gun-store-owner/

  • N.S. mass shooting probe hears of higher police education standards in other systems https://globalnews.ca/news/8886439/ns-shooting-inquiry-police-education/

  • Oklahoma hospital shooting: Four killed and multiple injured https://www.bbc.co.uk/news/world-us-canada-61669873

  • US shootings: Firm unveils plans for Taser-armed drones https://www.bbc.co.uk/news/world-us-canada-61685117

• Environment:

  • Plastic Recycling Doesn’t Work and Will Never Work https://www.theatlantic.com/ideas/archive/2022/05/single-use-plastic-chemical-recycling-disposal/661141/

  • CO2 Levels Are Now Comparable to What They Were 4 Million Years Ago, Says NOAA https://www.sciencealert.com/co2-levels-are-now-comparable-to-what-they-were-4-million-years-ago-says-noaa

• Economy:

  • Canada leaning toward new era of 1970s-style stagflation, economists say https://globalnews.ca/news/8886286/canada-1970s-stagflation-unemployment/

  • Remote, hybrid work dividing Canadian employees as many required on-site https://globalnews.ca/news/8897956/remote-hybrid-work-divisions-canada/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:

  • Russian missiles hit Kyiv as Putin warns West on weapons aid to Ukraine https://globalnews.ca/news/8895061/russian-strikes-kyiv-ukraine-war/

  • Ukraine war: Zelensky says Russia controls a fifth of Ukrainian territory https://www.bbc.co.uk/news/world-europe-61675915

  • Hundreds of Russian soldiers have deserted or refused to fight in Ukraine, compounding major losses in the war, report says https://www.businessinsider.com/hundreds-of-russian-soldiers-fled-refused-to-fight-ukraine-report-2022-6

  • Biden says the US will give Ukraine more advanced rocket systems but won't enable the country to 'strike beyond its borders' https://www.businessinsider.com/biden-us-give-ukraine-more-advanced-rocket-systems-2022-6

• Reaction and response:

  • Ukrainian refugees arrive in Gimli https://globalnews.ca/news/8894679/ukrainian-refugees-arrive-in-gimli/

  • US task force KleptoCapture targets a man providing superyachts to Russian oligarchs, report says https://www.businessinsider.com/kleptocapture-man-who-provides-superyachts-to-oligarchs-russia-2022-6

• Sanctions & economic Impact:

  • Russia's last-minute bond payment to avoid default still wasn't enough, triggering a failure-to-pay event, credit panel rules https://markets.businessinsider.com/news/bonds/russia-default-moscow-failure-to-pay-event-credit-panel-rules-2022-6

  • Germany is on the brink of recession due to energy security, and other parts of Europe could be close behind https://www.businessinsider.com/european-countries-facing-economic-turmoil-recessions-russia-cuts-gas-supply-2022-6

  • Russia is cutting off Denmark's supplies of natural gas as its invasion of Ukraine causes huge changes in global energy flows https://www.businessinsider.com/russia-denmark-natural-gas-supplies-gazprom-ukraine-war-putin-rubles-2022-6

  • Russia says it's cutting off its natural-gas supply to the Netherlands as the Dutch refuse to pay in rubles. Denmark could be next. https://www.businessinsider.com/russia-gazprom-cuts-natural-gas-supply-netherlands-denmark-ruble-payment-2022-5

  • Russia's Gazprom says it's cutting off some natural gas to Germany after Shell refused to pay for it in rubles https://www.businessinsider.com/russia-cut-natural-gas-to-germany-shell-refused-ruble-payment-2022-6

  • Russia could be suspended from OPEC's oil-output agreement. 4 experts lay out what that could mean for the price of oil and the wider energy market. https://markets.businessinsider.com/news/commodities/russia-opec-exclusion-production-quota-agreement-oil-price-supply-experts-2022-6

• Cyber-attacks and the potential for cyber-war:

  • The Limits of Cyber Operations in Wartime https://www.schneier.com/blog/archives/2022/05/the-limits-of-cyber-operations-in-wartime.html

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:

• 1.1 quintillion operations per second: US has world's fastest supercomputer https://arstechnica.com/information-technology/2022/05/1-1-quintillion-operations-per-second-us-has-worlds-fastest-supercomputer/

• Other:

• Historic Second World War Mosquito, a plywood fighter-bomber, is landing in Kelowna for D-Day anniversary https://globalnews.ca/news/8888273/ww2-historic-plane-kelowna-d-day/

• AI versus corporate logos https://www.aiweirdness.com/ai-versus-your-corporate-logo/

• Creepy Optical Illusion Makes It Look Like a Black Hole Is Coming to Get You https://www.sciencealert.com/new-optical-illusion-makes-you-feel-like-you-re-falling-into-a-black-hole

• The Weather Myth: Lost Women of Science Podcast, Season 2, Bonus Episode https://www.scientificamerican.com/article/the-weather-myth-lost-women-of-science-podcast-season-2-bonus-episode/

• Tired Adults May Learn Language like Children Do https://www.scientificamerican.com/article/tired-adults-may-learn-language-like-children-do/

• Chinese astronauts arrive at Tiangong space station to prepare for its completion https://www.theverge.com/2022/6/5/23155224/chinese-astronauts-arrive-tiangong-space-station-oversee-completion-tianhe

• 'Unsustainable': How Satellite Swarms Pose a Rising Threat to Astronomy https://www.scientificamerican.com/article/lsquo-unsustainable-rsquo-how-satellite-swarms-pose-a-rising-threat-to-astronomy/

• Killer Asteroids Are Hiding in Plain Sight. A New Tool Helps Spot Them. https://www.nytimes.com/2022/05/31/science/asteroids-algorithm-planetary-defense.html

• A Pulsar has Been Found Turning so Slowly Astronomers Didn't Even Think it was Possible: Once Every 76 Seconds https://www.universetoday.com/156096/a-pulsar-has-been-found-turning-so-slowly-astronomers-didnt-even-think-it-was-possible-once-every-76-seconds/

• The secret of the bulge: A gorgeous partially digested galaxy in the Milky Way's core https://www.syfy.com/syfy-wire/bad-astronomy-liller-1-looks-like-a-globular-cluster-but-may-once-have-been-a-galaxy

• Are supermassive black holes killing their host galaxies? https://www.syfy.com/syfy-wire/bad-astronomy-astronomers-link-supermassive-black-holes-reduced-star-birth