15 min read

This Week's [in]Security - Issue 271

CG Blogger : Jun 12, 2022 12:00:00 AM

Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields & Yuma Healthcare, Telegram, Palermo. Major outages. Privacy: Twitter, Bluetooth & Wi-Fi, Student spyware. Laws & Regs - Canada: CBSA phone searches, C-11, Crypto regs, Right to disconnect, cigarettes. US: right-to-repair, breach reporting. World: hacking-back, platform liability, message scanning. NSO in court, USB-C. Standards: HTTP RFCs, 5 NIST drafts. Defense - Cyber-skills, Tools & Techniques. Vulnerabilities - Zerodays, Follina, Apple CPUs, Dogwalk, DiagCab. Patching: Chrome, Gitlab. Other: Cloud middleware, U-Boot, Tesla, PyPl/keep. Crypto-research: SSH, Boomerang. Cybercrime - Trends: Follina, Conti, Symbiote, Cracked Ccleaner. Crime & Enforcement: Crypto-thefts, SSNDOB shutdown, 41 phishes. Nation States and mercenaries. Other Risks - General: AI, CitizenLab, Car insurance, Health, Safety, Environment, Disinformation, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

Control Gap's featured PCI FAQ's & articles (from time to time we will feature articles and FAQ's) :
- Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies https://www.controlgap.com/blog/non-compliance-lesson-no.-4-keep-your-head-in-the-cloud-when-adopting-new-technologies
PCI Related:
- PCI Acknowledges Danger in Client-Side Attacks, Signals Mitigation Needs to be a Priority https://sourcedefense.com/resources/pci-acknowledges-danger-in-client-side-attacks-signals-mitigation-needs-to-be-a-priority/
Payment skimmers/malware/fraud:
- Online gun shops in the US hacked to steal credit cards https://www.bleepingcomputer.com/news/security/online-gun-shops-in-the-us-hacked-to-steal-credit-cards/
Other payment related:
- Apple Complies With Dutch Regulators, Allows Other Payment Methods on Dating Apps https://www.pymnts.com/mobile-applications/2022/apple-complies-with-dutch-regulators-allows-other-payment-methods-on-dating-apps/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

New Breaches:

Since 2004, The Average American Has Had At Least 7 Data Breaches https://packetstormsecurity.com/news/view/33551/Since-2004-The-Average-American-Has-Had-At-Least-7-Data-Breaches.html
Shields Health Care Group data breach affects 2 million patients https://www.bleepingcomputer.com/news/security/shields-health-care-group-data-breach-affects-2-million-patients/
Yuma Regional Medical Center notifying approximately 700,000 patients of ransomware attack https://www.databreaches.net/yuma-regional-medical-center-notifying-approximately-700000-patients-of-ransomware-attack/
Telegram Reportedly Exposed User Data To Authorities https://www.databreaches.net/telegram-reportedly-exposed-user-data-to-authorities/
Personal Information of Over 30,000 Students Exposed in Unprotected Database https://www.securityweek.com/personal-information-over-30000-students-exposed-unprotected-database
Personal and sensitive files from Tehama County Social Services leaked on dark web. Have the victims been notified? https://www.databreaches.net/personal-and-sensitive-files-from-tehama-county-social-services-leaked-on-dark-web-have-the-victims-been-notified/
Leaking Student Data From US Campus App Found - But is It Real? https://www.databreaches.net/leaking-student-data-from-us-campus-app-found-but-is-it-real/

New Ransomware and "Incidents":

Paying Ransomware Paints Bigger Bullseye on Target's Back https://threatpost.com/paying-ransomware-bullseye-back/179915/
This is (One of Many Reasons) Why Districts Get Hit with Ransomware https://www.databreaches.net/this-is-one-of-many-reasons-why-districts-get-hit-with-ransomware/
Vice Society ransomware claims attack on Italian city of Palermo https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-italian-city-of-palermo/

Major outages/downs:

AAE-1 & SMW5 cable cuts impact millions of users across multiple countries https://blog.cloudflare.com/aae-1-smw5-cable-cuts/

Privacy

Articles about privacy related news, risks, and trends.

Twitter Used Two-Factor Login Details for Ad Targeting https://www.schneier.com/blog/archives/2022/06/twitter-used-two-factor-login-details-for-ad-targeting.html
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html
Wi-Fi probing exposes smartphone users to tracking, info leaks https://www.bleepingcomputer.com/news/security/wifi-probing-exposes-smartphone-users-to-tracking-info-leaks/
Mandatory Student Spyware Is Creating a Perfect Storm of Human Rights Abuses https://www.eff.org/deeplinks/2022/06/mandatory-student-spyware-creating-perfect-storm-human-rights-abuses

'A Mass Invasion of Privacy' but No Penalties for Tim Hortons https://ca.finance.yahoo.com/news/mass-invasion-privacy-no-penalties-151852739.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Canada:

The indefensible Liberal plan to search your phone on a whim https://nationalpost.com/opinion/sabrina-maddeaux-the-indefensible-liberal-plan-to-search-your-phone-on-a-whim
Defending the Indefensible: If Bill C-11 Won't Pass Until the Fall, Why is the Government Cutting Off Debate and Review Now? https://www.michaelgeist.ca/2022/06/defending-the-indefensible-if-bill-c-11-wont-pass-until-the-fall-why-is-the-government-cutting-off-debate-and-review-now/
The Bill C-11 Effect: "Any Video on TikTok That Uses Music Could be Subject to Regulation" https://www.michaelgeist.ca/2022/06/the-bill-c-11-effect/
The Law Bytes Podcast, Episode 129: Farhan Mohamed and Jeff Elgie on Why Canadian Independent News Publishers Want the Government to Fix the Online News Act https://www.michaelgeist.ca/2022/06/law-bytes-podcast-episode-129/
Why Heritage Minister Pablo Rodriguez's Bill C-11 Content Regulation Denials Ring Hollow https://www.michaelgeist.ca/2022/06/rodriguezcommittee/
Today in Crypto: Bank of Canada Official Urges Regulation; Bitcoin, Ether Plunge on Inflation News https://www.pymnts.com/cryptocurrency/2022/today-in-crypto-bank-of-canada-official-urges-regulation-bitcoin-ether-plunge-on-inflation-news/
Ontario's 'right to disconnect' law: Who qualifies and what are the loopholes? https://www.ctvnews.ca/business/ontario-s-right-to-disconnect-law-who-qualifies-and-what-are-the-loopholes-1.5936773
Canada mulls putting warnings on each cigarette https://www.bbc.co.uk/news/world-us-canada-61767386

When DRM Comes For Your Wheelchair https://www.eff.org/deeplinks/2022/06/when-drm-comes-your-wheelchair
Regulatory Rumblings Force Companies to Rethink their Ransomware Policies https://www.pymnts.com/cryptocurrency/2022/regulatory-rumblings-force-companies-to-rethink-their-ransomware-policies/
Pennsylvania lawmakers consider requiring government data breach notifications https://www.databreaches.net/pennsylvania-lawmakers-consider-requiring-government-data-breach-notifications/
Google has more reasons why it doesn't like antitrust law that affects Google https://www.theregister.com/2022/06/08/google_antitrust_legislation/
US gun control: Cross-party group of senators agree limited safety measures https://www.bbc.co.uk/news/world-us-canada-61777310

World:

Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to "Hack Back" When Critical Infrastructure & Services Attacked https://www.databreaches.net/defensive-cyber-attacks-declared-legal-by-uk-ag-path-cleared-to-hack-back-when-critical-infrastructure-services-attacked/
Platform Liability Trends Around the Globe: Moving Forward https://www.eff.org/deeplinks/2022/05/platform-liability-trends-around-globe-conclusions-and-recommendations-moving
The EU's New Message-Scanning Regulation Must Be Stopped https://www.eff.org/deeplinks/2022/06/eus-new-message-scanning-regulation-must-be-stopped
Spanish Court Calls CEO Of Israel's NSO Group To Testify In Spying Case https://packetstormsecurity.com/news/view/33532/Spanish-Court-Calls-CEO-Of-Israels-NSO-Group-To-Testify-In-Spying-Case.html
Speech-Related Offenses Should be Excluded from the Proposed UN Cybercrime Treaty https://www.eff.org/deeplinks/2022/06/speech-related-offenses-should-be-excluded-proposed-un-cybercrime-treaty
E.U. Rule Requires New Devices to Have USB-C Charging Ports by 2026 https://www.nytimes.com/2022/06/07/technology/eu-tablets-phones-usbc-chargers.html
USB-C will be mandatory for phones sold in the EU 'by autumn 2024' https://www.theverge.com/2022/6/7/23156361/european-union-usb-c-wired-charging-iphone-lightning-ewaste

Standards News:

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends https://blog.cloudflare.com/cloudflare-view-http3-usage/
Announcement of Proposal to Withdraw NIST Special Publication 800-107 Revision 1 open for public comment through July 30 https://csrc.nist.gov/News/2022/proposal-to-withdraw-sp-800-107-rev-1
NIST is releasing the final public draft of a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems open for public comment through July 8 https://csrc.nist.gov/publications/detail/sp/800-160/vol-1-rev-1/draft
NIST Releases Draft IR 8409: Measuring the Common Vulnerability Scoring System Base Score Equation open for public comment through July 29 https://csrc.nist.gov/publications/detail/nistir/8409/draft
NIST Requests Public Comments on FIPS 180-4, Secure Hash Standard (SHS) - sunsetting SHA-1 - open for public comment through September 9 https://csrc.nist.gov/news/2022/public-comments-requested-on-fips-180-4-shs
Using Business Impact Analysis to Inform Risk Prioritization and Response: NIST IR 8286D open for public comment through July 18 https://csrc.nist.gov/publications/detail/nistir/8286d/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

General:

Cybersecurity Courses Ramp Up Amid Shortage of Professionals https://www.securityweek.com/cybersecurity-courses-ramp-amid-shortage-professionals
4 Ways to Close the OT Cybersecurity Talent Gap https://www.securityweek.com/4-ways-close-ot-cybersecurity-talent-gap
Five Eyes alliance's top cop says techies are the future of law enforcement https://www.theregister.com/2022/06/09/five_eyes_chair_tech_talk/

Methods, Techniques, Tools, and Products:

Bringing External Attack Surface Management to the Masses with Bit Discovery https://www.tenable.com/blog/bringing-external-attack-surface-management-to-the-masses-with-bit-discovery
Introducing Qualys VMDR 2.0 https://blog.qualys.com/product-tech/2022/06/06/introducing-qualys-vmdr-2-0
Microsoft Defender now isolates hacked, unmanaged Windows devices https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-now-isolates-hacked-unmanaged-windows-devices/
MongoDB queryable structured encryption https://www.wired.com/story/mongodb-queryable-encryption-databases/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Zero-day and other recent vulnerability news:

Microsoft won't say if it will patch critical Windows "Follina/MSDT" vulnerability under exploit https://arstechnica.com/information-technology/2022/06/microsoft-wont-say-if-it-will-patch-critical-windows-vulnerability-under-exploit/
MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html
Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html
Two-year-old Windows DIAGCAB zero-day gets unofficial patches https://www.bleepingcomputer.com/news/security/two-year-old-windows-diagcab-zero-day-gets-unofficial-patches/

Patching:

Chrome 102 Update Patches High-Severity Vulnerabilities https://www.securityweek.com/chrome-102-update-patches-high-severity-vulnerabilities
Critical Account Takeover Vulnerability Patched in GitLab Enterprise Edition https://www.securityweek.com/critical-account-takeover-vulnerability-patched-gitlab-enterprise-edition

Other Vulnerabilities:

Aurora pays $6 mn bug bounty to ethical hacker https://www.databreaches.net/aurora-pays-6-mn-bug-bounty-to-ethical-hacker/
U.S. Water Utilities Prime Cyberattack Target, Experts https://threatpost.com/water-cyberattack-target/179935/
OMIGOD: Cloud providers still using secret middleware https://www.theregister.com/2022/06/11/in-brief-security/
Critical U-Boot Vulnerability Allows Rooting of Embedded Systems https://www.securityweek.com/critical-u-boot-vulnerability-allows-rooting-embedded-systems
Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors https://www.securityweek.com/vulnerabilities-hid-mercury-access-controllers-allow-hackers-unlock-doors
Hackers Can Steal Your Tesla by Creating Their Own Personal Keys https://www.wired.com/story/tesla-hack-personal-nfc-key-card/
PyPI package 'keep' mistakenly included a password stealer https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw https://threatpost.com/public-exploits-atlassian-confluence-flaw/179887/

Cryptography and Cryptographic Research:

Practical Privacy-Preserving Authentication for SSH https://eprint.iacr.org/2022/740
Revisiting Related-Key Boomerang attacks on AES using computer-aided tool https://eprint.iacr.org/2022/725
Truncated Boomerang Attacks and Application to AES-based Ciphers https://eprint.iacr.org/2022/701
Snowball: Another View on Side-Channel Key Recovery Tools https://eprint.iacr.org/2022/728
Secure Search on Multi-key Homomorphically Encrypted Data with Finite Fields https://eprint.iacr.org/2022/738

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Trends, Alerts, and Events (other than major breaches):

'Follina' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware https://www.securityweek.com/follina-vulnerability-exploited-deliver-qbot-asyncrat-other-malware
Qbot malware now uses Windows MSDT zero-day in phishing attacks https://www.databreaches.net/qbot-malware-now-uses-windows-msdt-zero-day-in-phishing-attacks/
Conti's Attack Against Costa Rica Sparks a New Ransomware Era https://www.wired.com/story/costa-rica-ransomware-conti/
How Phishing Groups Are Exploiting the Trend Toward Online Surfing at the Kitchen Table https://www.digitaltransactions.net/how-phishing-groups-are-exploiting-the-trend-toward-online-surfing-at-the-kitchen-table/
Novel techniques in never-before-seen Linux backdoor make it ultra stealthy https://arstechnica.com/information-technology/2022/06/novel-techniques-in-never-before-seen-linux-backdoor-make-it-ultra-stealthy/
Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html
10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users https://thehackernews.com/2022/06/10-most-prolific-banking-trojans.html
Emotet Banking Trojan Resurfaces, Skating Past Email Security https://www.darkreading.com/threat-intelligence/emotet-banking-trojan-resurfaces-email-security
Hello XD ransomware now drops a backdoor while encrypting https://www.bleepingcomputer.com/news/security/hello-xd-ransomware-now-drops-a-backdoor-while-encrypting/
New SVCReady malware loads from Word doc properties https://www.bleepingcomputer.com/news/security/new-svcready-malware-loads-from-word-doc-properties/
Poisoned CCleaner search results spread information-stealing malware https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/
Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html

Crime & Arrests, etc.:

Maiar Exchange Taken Offline After Hacker Steals $113m https://packetstormsecurity.com/news/view/33537/Maiar-Exchange-Taken-Offline-After-Hacker-Steals-113m.html
Osmosis Blockchain Taken Offline After Hacker Steals $5m https://packetstormsecurity.com/news/view/33536/Osmosis-Blockchain-Taken-Offline-After-Hacker-Steals-5m.html
Feds seize SSNDOB marketplace that listed personal data of 24 million people https://arstechnica.com/tech-policy/2022/06/feds-seize-ssndob-marketplace-that-listed-personal-data-of-24-million-people/
Microsoft seizes 41 domains tied to 'Iranian phishing ring' https://www.theregister.com/2022/06/07/microsoft_bohrium_domains/
SSNDOB Marketplace, A Series Of Websites That Listed More Than 20 Million Social Security Numbers For Sale, Seized And Dismantled In International Operation https://www.databreaches.net/ssndob-marketplace-a-series-of-websites-that-listed-more-than-20-million-social-security-numbers-for-sale-seized-and-dismantled-in-international-operation/
Vietnam arrests Taiwanese national amid banking security breach https://www.databreaches.net/vietnam-arrests-taiwanese-national-amid-banking-security-breach/
Accused Capital One Hacker Stands Trial for Fraud and Identity Theft https://www.nytimes.com/2022/06/08/technology/capital-one-hacker-trial.html
Long Story on the Accused CIA Vault 7 Leaker https://www.schneier.com/blog/archives/2022/06/long-story-on-the-accused-cia-vault-7-leaker.html
Two men arrested after trying to pull ATM out of Brandon store by truck: police https://globalnews.ca/news/8902158/brandon-manitoba-atm-theft-attempt/

Nation State Actors:

Follina Exploited by State-Sponsored Hackers https://threatpost.com/follina-exploited-by-state-sponsored-hackers/179890/
SCOTUS To Biden: Is NSO Group A Foreign Agent? https://packetstormsecurity.com/news/view/33527/SCOTUS-To-Biden-Is-NSO-Group-A-Foreign-Agent.html
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade https://www.bleepingcomputer.com/news/security/chinese-hacking-group-aoqin-dragon-quietly-spied-orgs-for-a-decade/
Chinese hackers exploited years-old software flaws to break into telecom giants https://www.technologyreview.com/2022/06/08/1053375/chinese-hackers-exploited-years-old-software-flaws-to-break-into-telecom-giants/
How China Hacked US Phone Networks https://www.wired.com/story/china-hacking-phone-network-security-roundup/
Iranian hackers target energy sector with new DNS backdoor https://www.bleepingcomputer.com/news/security/iranian-hackers-target-energy-sector-with-new-dns-backdoor/
Other:

Other Security / Risk

Articles covering other types of risks.

General:

Artificial General Intelligence Is Not as Imminent as You Might Think https://www.scientificamerican.com/article/artificial-general-intelligence-is-not-as-imminent-as-you-might-think1/
Did an AI Really Invent Its Own 'Secret Language'? Here's What We Know https://www.sciencealert.com/did-an-ai-really-invent-its-own-secret-language-here-s-what-we-know
CitizenLab June Newsletter https://mailchi.mp/citizenlab.ca/bing-censorship-the-future-of-democracy-and-digital-transnational-repression
AlphaBay Is Taking Over the Dark Web-Again https://www.wired.com/story/alphabay-dark-web-market-ranking/
Could rampant carjackings and auto theft lead to an increase in insurance premiums? https://toronto.ctvnews.ca/could-rampant-carjackings-and-auto-theft-lead-to-an-increase-in-insurance-premiums-1.5937046
Why Netflix isn't the Only One Bummed About Password Sharing https://www.bleepingcomputer.com/news/security/why-netflix-isnt-the-only-one-bummed-about-password-sharing/
KrebsOnSecurity in New Netflix Series on Cybercrime https://krebsonsecurity.com/2022/06/krebsonsecurity-in-new-netflix-series-on-cybercrime/
How a Saxophonist Tricked the KGB by Encrypting Secrets in Music https://www.wired.com/story/merryl-goldberg-music-encryption-ussr-phantom-orchestra/
How Margaret Thatcher's secret Brahms phone was invented https://www.bbc.co.uk/news/world-61712621

Health:

Going all the way: Scientists prove that inhaled vaccines offer better protection and immunity than nasal sprays https://scienmag.com/going-all-the-way-scientists-prove-that-inhaled-vaccines-offer-better-protection-and-immunity-than-nasal-sprays/
Scientists discover new molecule that kills hard-to-treat cancers https://scienmag.com/scientists-discover-new-molecule-that-kills-hard-to-treat-cancers/
Better Face Masks Are Possible: Here Are Some Winning Designs https://www.scientificamerican.com/article/better-face-masks-are-possible-here-are-some-winning-designs/
Canadian heading WHO's fight against monkeypox https://globalnews.ca/news/8914346/monkeypox-who-canada/
Mask mandates will lift on Toronto transit, but mayor hopes riders still use them https://toronto.ctvnews.ca/mask-mandates-will-lift-on-toronto-transit-but-mayor-hopes-riders-still-use-them-1.5939769
Where should I wear a mask now that the mandate is lifted? The new head of Ontario's science table shares his advice https://toronto.ctvnews.ca/where-should-i-wear-a-mask-now-that-the-mandate-is-lifted-the-new-head-of-ontario-s-science-table-shares-his-advice-1.5942881
Most comprehensive analysis of COVID-19 data reveals previously unattributed deaths https://scienmag.com/most-comprehensive-analysis-of-covid-19-data-reveals-previously-unattributed-deaths/
Popular US warm-weather tourist destinations including Miami, Honolulu, and San Juan are becoming coronavirus hotspots https://www.businessinsider.com/popular-tourist-destinations-miami-honolulu-san-juan-covid-hotspots-2022-6
How to Compare COVID Deaths for Vaccinated and Unvaccinated People https://www.scientificamerican.com/article/how-to-compare-covid-deaths-for-vaccinated-and-unvaccinated-people/
Ontario reports lowest COVID test positivity rate in nearly 6 months https://toronto.ctvnews.ca/ontario-reports-lowest-covid-test-positivity-rate-in-nearly-6-months-1.5937975
Study shows people with a high omega-3 DHA level in their blood are at 49% lower risk of Alzheimer's https://scienmag.com/study-shows-people-with-a-high-omega-3-dha-level-in-their-blood-are-at-49-lower-risk-of-alzheimers/
Pfizer COVID-19 vaccine appears effective for kids under 5: U.S. health officials https://globalnews.ca/news/8915625/pfizer-covid-vaccine-kids-us/
We Can't Keep Getting The Same Formula in COVID-19 Booster Shots, Says Immunologist https://www.sciencealert.com/we-can-t-keep-getting-the-same-formula-in-our-covid-19-booster-shots-says-immunologist
Updated Moderna COVID-19 vaccine boosts Omicron protection, company says https://globalnews.ca/news/8905089/moderna-covid-19-vaccine-omicron-booster/
Women Often 'Feel The Cold' More Than Men. This Could Be Why https://www.sciencealert.com/women-often-feel-the-cold-more-than-men-here-s-why-that-is

Safety:

How Safe Are Systems Like Tesla's Autopilot? No One Knows. https://www.nytimes.com/2022/06/08/technology/tesla-autopilot-safety-data.html
Toronto Police: How to deactivate Apple air tags from getting your car stolen https://www.youtube.com/watch?v=frO0Cp3MkeM
Woman pushed onto Toronto subway tracks was standing too close to platform edge, TTC says in response to lawsuit https://toronto.ctvnews.ca/woman-pushed-onto-toronto-subway-tracks-was-standing-too-close-to-platform-edge-ttc-says-1.5938625
Your Resistance Pauses Axon's Dangerous Drone Tasers https://www.eff.org/deeplinks/2022/06/your-resistance-pauses-axons-dangerous-drone-tasers
Iran removes nuclear watchdog's cameras after criticism https://www.bbc.co.uk/news/world-middle-east-61719196
Astronomers Just Practiced What Would Happen if a Potentially Dangerous Asteroid was Detected https://www.universetoday.com/156118/astronomers-just-practiced-what-would-happen-if-a-potentially-dangerous-asteroid-was-detected/

Environment:

Climate change a bigger threat than war, Fiji tells security summit https://www.bbc.co.uk/news/world-asia-61774473
Microplastics found in fresh Antarctic snow https://www.bbc.co.uk/news/science-environment-61739159
'Superworms' Eat--and Survive on--Polystyrene https://www.scientificamerican.com/article/superworms-eat-and-survive-on-polystyrene/
Japan Is Dropping a Gargantuan Turbine Into The Ocean to Harness 'Limitless' Energy https://www.sciencealert.com/japan-s-dropping-a-kaiju-sized-turbine-into-the-ocean-to-fish-for-limitless-energy
Huge deep-water area off N.S. declared a marine refuge https://www.cbc.ca/news/canada/nova-scotia/huge-area-off-ns-declared-marine-refuge-1.6481700

Disinformation and misinformation

Economy:
Is cyberinsurance for cyberattacks becoming harder to find and more costly? https://www.databreaches.net/is-cyberinsurance-for-cyberattacks-becoming-harder-to-find-and-more-costly/
How 'Trustless' Is Bitcoin, Really? https://www.nytimes.com/2022/06/06/science/bitcoin-nakamoto-blackburn-crypto.html

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

The war:

Ukraine war: Evidence shows widespread use of cluster munitions in Kharkiv https://www.bbc.co.uk/news/world-europe-61778433
Ukraine war: Another Russian general killed by Ukrainian forces - reports https://www.bbc.co.uk/news/world-europe-61702862
A Ukrainian teen and his father piloted their own drone to help the military pinpoint Russian tanks and trucks https://www.businessinsider.com/ukrainian-teen-drone-helped-military-target-russian-forces-2022-6
Is Russia exporting grain from Ukraine? https://www.bbc.co.uk/news/world-europe-61736179
Putin is 'preparing to starve much of the developing world' to win Russia's war in Ukraine, Yale historian says https://www.businessinsider.com/putin-preparing-to-starve-developing-world-ukraine-war-yale-historian-2022-6
A cholera outbreak could kill thousands of Ukrainians in Russian-occupied Mariupol, mayor warns https://www.businessinsider.com/ukraine-cholera-outbreak-could-kill-thousands-in-occupied-mariupol-2022-6
Ukraine war: Britons Aiden Aslin and Shaun Pinner sentenced to death https://www.bbc.co.uk/news/uk-61745556

Reaction and response:
Sanctions & economic Impact:

Russia's war on Ukraine has cost global companies $59 billion in losses amid sanctions and hasty exits https://markets.businessinsider.com/news/stocks/russia-war-sanctions-business-losses-corporations-ukraine-ibm-microsoft-2022-6
Information, Disinformation, and Propaganda:
Russian Ministry Website Appears Hacked https://packetstormsecurity.com/news/view/33523/Russian-Ministry-Website-Appears-Hacked.html

Cyber-attacks and the potential for cyber-war:

Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups https://www.theregister.com/2022/06/08/silverados_alperovitch_viasat_attack/
Russia Says West Risks Direct Military Clash Over Cyber Attacks https://packetstormsecurity.com/news/view/33543/Russia-Says-West-Risks-Direct-Military-Clash-Over-Cyber-Attacks.html
Russia, China warn US its cyber support of Ukraine has consequences https://www.theregister.com/2022/06/10/russia_china_usa_ukraine_cyberdefense/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

Innovations & Inventions:

A US Supercomputer Just Broke The Exascale Barrier, Ranking Fastest in The World https://www.sciencealert.com/us-supercomputer-is-ranked-fastest-in-the-world-after-breaking-exascale-barrier
Breaking the quadratic barrier: Quantum cryptanalysis of Milenage, telecommunications' cryptographic backbone https://eprint.iacr.org/2022/733
Electricity and data over-the-air: The simultaneous transmission of 5G and power https://scienmag.com/electricity-and-data-over-the-air-the-simultaneous-transmission-of-5g-and-power/
Can they make graphite from coal? OHIO researchers start by finding new carbon solid https://scienmag.com/can-they-make-graphite-from-coal-ohio-researchers-start-by-finding-new-carbon-solid/
Hopes for a new generation of electric hydrofoils - a tech with Canadian roots https://www.cbc.ca/radio/quirks/hopes-for-a-new-generation-of-electric-hydrofoils-a-tech-with-canadian-roots-1.6484335
The World's Largest Liquid-Mirror Telescope Comes Online https://www.universetoday.com/156246/the-worlds-largest-liquid-mirror-telescope-comes-online/
Google Cloud employee calculates pi to 100 trillion digits https://www.theverge.com/2022/6/10/23161647/google-cloud-processing-pi-calculation-100-trillion

Other:

Antarctica: Southern Ocean floor mapped in greatest ever detail https://www.bbc.co.uk/news/science-environment-61723806
The Length of a Day Oscillates Every 6 Years, And We May Finally Know Why https://www.sciencealert.com/an-oscillating-inner-core-could-be-changing-the-length-of-earth-s-days
Earth's Magnetic Poles Probably Won't Flip After All, Scientists Predict https://www.sciencealert.com/a-9-000-year-old-timeline-of-our-planet-s-magnetic-field-shows-why-we-shouldn-t-panic
Researchers Discovered a New Kind of Higgs Relative in The Unlikeliest of Places https://www.sciencealert.com/researchers-have-discovered-a-new-kind-of-higgs-relative-sitting-on-the-tabletop
James Webb Space Telescope hit by tiny meteoroid https://www.bbc.co.uk/news/science-environment-61744257
Hubble Pins Down the Mass of a Potential Free-Floating Black Hole That's 5,000 Light-Years Away https://www.universetoday.com/156261/hubble-pins-down-the-mass-of-a-potential-free-floating-black-hole-thats-5000-light-years-away/