14 min read

This Week's [in]Security - Issue 277

CG Blogger : Jul 24, 2022 12:00:00 AM

[in]security

Welcome to This Week’s [in]Security. PCI and payments: PCI updates: Compensating Controls vs Customized Approach. Skimmers, Scammers & Magecart. Payments: Cash. New breaches: Entrust, Twitter users, Okta, Alibaba. New Ransomware, Major outages: Rogers fallout. Follow-ups & Fall-out: $1.2B Didi fine, $350M T-Mobile fine, Zuckerberg. Privacy: tracking war, DHS. Laws & Regs - Canada: Copyright. US: Ransom bans, Anti-trust. Standards: NIST wearables, DevSecOps, HIPPA. Defense - Training & events: Cybersecurity Framework. Tools & Techniques: macro blocking, adversarial patches, microcode decryptor. Vulnerabilities: Roundup! GPS, Confluence, Cisco, supply chains. Patching. Other: ICS, Spectre, IoT, Other: Air-gap. Crypto-research. Cybercrime - Trends: Residential Proxies, WordPress, "Pig Butchering", Phished-in. Crime & Enforcement. Nation States and mercenaries. Other Risks - General: Google oops, Space-canucks. Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

PCI Updates:

PCI DSS v4.0: Compensating Controls vs Customized Approach https://blog.pcisecuritystandards.org/pci-dss-v4-0-compensating-controls-vs-customized-approach

Payment skimmers/malware/fraud:

Hackers steal 50,000 credit cards from 300 U.S. restaurants https://www.bleepingcomputer.com/news/security/hackers-steal-50-000-credit-cards-from-300-us-restaurants/
Scammers are trying a new credit card scheme. Here's how the call went https://toronto.ctvnews.ca/scammers-are-trying-a-new-credit-card-scheme-here-s-how-the-call-went-1.5992582

Other payment related:

Rogers outage shows need to keep cash in a digital world, experts say https://globalnews.ca/news/9000432/rogers-outage-keeping-cash/
Visa Changes Chargeback Dispute Program https://www.pymnts.com/visa/2022/visa-changes-chargeback-dispute-program/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

New Breaches:

Digital security giant Entrust breached by ransomware gang https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
Security Giant Entrust Breached – Hackers Stole Data From Internal Systems https://www.databreaches.net/security-giant-entrust-breached-hackers-stole-data-from-internal-systems/
Hacker selling Twitter account data of 5.4 million users for $30k https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/
Okta Exposes Passwords in Clear Text for Possible Theft https://www.darkreading.com/application-security/okta-exposes-passwords-clear-text-theft
Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography https://www.trendmicro.com/en_us/research/22/g/alibaba-oss-buckets-compromised-to-distribute-malicious-shell-sc.html
Neopets data breach exposes personal data of 69 million members https://www.bleepingcomputer.com/news/security/neopets-data-breach-exposes-personal-data-of-69-million-members/
Walmart-Controlled Flight Booking Service Suffers Data Leak https://packetstormsecurity.com/news/view/33644/Walmart-Controllled-Flight-Booking-Service-Suffers-Data-Leak.html
Anonymous mental health app Feelyou accidentally exposed 70,000 personal emails https://www.databreaches.net/anonymous-mental-health-app-feelyou-accidentally-exposed-70000-personal-emails/
RI: City of Newport advising past, current employees of potential data loss https://www.databreaches.net/ri-city-of-newport-advising-past-current-employees-of-potential-data-loss/

New Ransomware and "Incidents":

Ransomware attacks cost the US $159.4bn in downtime alone in 2021 https://www.comparitech.com/blog/information-security/us-ransomware-attacks-cost/
New Luna ransomware encrypts Windows, Linux, and ESXi systems https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/
Albanian government websites go dark after cyberattack https://www.theregister.com/2022/07/18/albania_down/
CRCSD Employee: District still dealing with effects from “Security Breach” https://www.databreaches.net/crcsd-employee-district-still-dealing-with-effects-from-security-breach/
The small Canadian town of St. Mary’s is being extorted by a global ransomware gang https://www.theverge.com/2022/7/22/23274372/st-marys-canada-lockbit-ransomware-cyber-incident

Major outages/downs:

Rogers says it couldn't have revived emergency services any faster during outage https://globalnews.ca/news/9010767/rogers-outage-could-not-revive-services-faster/
Rogers CEO outlines new protocols, steps to avoid future network outages https://globalnews.ca/news/9012281/rogers-ceo-network-outage-steps/
Rogers replaces chief technology officer in wake of nationwide outage https://globalnews.ca/news/9006061/rogers-chief-technology-officer/

Follow-ups and fall-out:

Financial data breaches accounted for 153.6 million leaked records from January 2018 to June 2022 https://www.comparitech.com/blog/vpn-privacy/financial-data-breaches/
China fines Didi $1.2bn over ‘egregious' data security violations https://www.databreaches.net/china-fines-didi-1-2bn-over-egregious-data-security-violations/
T-Mobile agrees to pay $350 million in data breach affecting 77 million users https://www.databreaches.net/t-mobile-agrees-to-pay-350-million-in-data-breach-affecting-77-million-users/
Zuckerberg to Testify Over Cambridge Analytica Data Breach https://www.databreaches.net/zuckerberg-to-testify-over-cambridge-analytica-data-breach/
Croatia's data protection regulator fines telecom €285,000 for insufficient security that facilitated data breach https://www.databreaches.net/croatias-data-protection-regulator-fines-telecom-e285000-for-insufficient-security-that-facilitated-data-breach/
Recent decisions by the Data Protection Commissioner of Singapore https://www.databreaches.net/recent-decisions-by-the-data-protection-commissioner-of-singapore/
37,800 people sent privacy breach notifications linked to Newfoundland and Labrador cyberattack https://www.databreaches.net/37800-people-sent-privacy-breach-notifications-linked-to-newfoundland-and-labrador-cyberattack/
PPCGeeks - 492,518 breached accounts https://haveibeenpwned.com/PwnedWebsites#PPCGeeks

Privacy

Articles about privacy related news, risks, and trends.

Facebook Is Now Encrypting Links to Prevent URL Stripping https://www.schneier.com/blog/archives/2022/07/facebook-is-now-encrypting-links-to-prevent-url-stripping.html
The DHS Bought a ‘Shocking Amount' of Phone-Tracking Data https://www.wired.com/story/dhs-surveillance-phone-tracking-data/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Canada:

Supreme Court of Canada on Copyright: “Copyright Law Does Not Exist Solely for the Benefit of Authors” https://www.michaelgeist.ca/2022/07/supreme-court-of-canada-on-copyright-copyright-law-does-not-exist-solely-for-the-benefit-of-authors/

Americans Deserve More Than The Current American Data Privacy Protection Act https://www.eff.org/deeplinks/2022/07/americans-deserve-more-current-american-data-privacy-protection-act
Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms https://www.databreaches.net/florida-follows-north-carolina-in-prohibiting-state-agencies-from-paying-ransoms/
Internal documents show Facebook and Google discussing platform strategies https://www.theverge.com/2022/7/19/23270400/facebook-google-amazon-apple-antitrust-house-judiciary-investigation-report
Amazon sues 10,000 Facebook Group admins for offering fake reviews https://www.theregister.com/2022/07/20/amazon_facebook_reviews/
A company called Meta is suing Meta for naming itself Meta https://www.theverge.com/2022/7/19/23270164/meta-augmented-reality-facebook-lawsuit
California Gov. Newsom signs gun law modeled after Texas' abortion ban: 'We're using Texas' perverse abortion law to actually save lives' https://www.businessinsider.com/gavin-newsom-signs-gun-law-modeled-after-texas-abortion-ban-2022-7

Standards News:

NIST Publishes Security Guidance for First Responder Mobile and Wearable Devices | NIST IR 8235 https://csrc.nist.gov/publications/detail/nistir/8235/final
NCCoE Releases Draft Project Description for DevSecOps available for comment through August 22 https://nccoe.nist.gov/
Implementing the HIPAA Security Rule: NIST Releases Draft NIST SP 800-66, Rev. 2 for Public Comment through September 21 https://csrc.nist.gov/publications/detail/sp/800-66/rev-2/draft
Information and Communications Technology (ICT) Risk Management in the Enterprise: Two Draft Special Publications available for comment through September 6 https://csrc.nist.gov/publications/detail/sp/800-221/draft
Protecting Controlled Unclassified Information: Pre-Draft Call for Comments on the CUI Series SP 800-171, SP 800-171A, SP 800-172, and SP 800-172A available for comment through September 16 https://csrc.nist.gov/publications/detail/sp/800-171/rev-3/draft
Comment Period Extended for NIST SP 1800-34, Validating the Integrity of Computing Devices https://www.nccoe.nist.gov/supply-chain-assurance

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Educational events, webinars, courses, etc:

Journey to the NIST Cybersecurity Framework (CSF) 2.0 First Workshop on August 17th 10:00 am–4:30 pm EDT https://www.nist.gov/news-events/events/2022/08/journey-nist-cybersecurity-framework-csf-20-workshop-1
A Primer on Client-side Security – PCI QSA Webinar https://info.sourcedefense.com/webinar/a-primer-on-client-side-security-pci-qsa-webinar-am

General:

(ISC)² Pledges 1 Million Certified in Cybersecurity https://blog.isc2.org/isc2_blog/2022/07/isc2-1-million-certified-in-cybersecurity.html

Methods, Techniques, Tools, and Products:

Can Encryption Key Intercepts Solve The Ransomware Epidemic? https://www.securityweek.com/can-encryption-key-intercepts-solve-ransomware-epidemic
Microsoft resumes default blocking of Office macros after updating docs https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-default-blocking-of-office-macros-after-updating-docs/
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks (2) https://freedom-to-tinker.com/2022/07/19/toward-trustworthy-machine-learning-an-example-in-defending-against-adversarial-patch-attacks-2/
DNS-over-HTTP/3 in Android https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says https://www.theregister.com/2022/07/20/intel-cpu-microcode/
Do Mac computers need antivirus protection? https://www.comparitech.com/blog/information-security/if-you-have-a-mac-do-you-need-antivirus-protection/
Enforcing Password History in Your Windows AD to Curb Password Reuse https://www.bleepingcomputer.com/news/security/enforcing-password-history-in-your-windows-ad-to-curb-password-reuse/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Advisories:

Control Gap Vulnerability Roundup: July 8th to 15th https://www.controlgap.com/blog/vulnerability-roundup-july-8th-15th
Critical Vulnerabilities in GPS Trackers https://www.schneier.com/blog/archives/2022/07/critical-vulnerabilities-in-gps-trackers.html
Atlassian: Confluence hardcoded password was leaked, patch now! https://www.bleepingcomputer.com/news/security/atlassian-confluence-hardcoded-password-was-leaked-patch-now/
Cisco fixes bug that lets attackers execute commands as root https://www.bleepingcomputer.com/news/security/cisco-fixes-bug-that-lets-attackers-execute-commands-as-root/
Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers https://thehackernews.com/2022/07/cisco-releases-patches-for-critical.html
Software Supply Chain Concerns Reach C-Suite https://www.darkreading.com/application-security/software-supply-chain-concerns-reach-c-suite

Patching:

Juniper Networks Patches Over 200 Third-Party Component Vulnerabilities https://www.securityweek.com/juniper-networks-patches-over-200-third-party-component-vulnerabilities
SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products https://thehackernews.com/2022/07/sonicwall-issues-patch-for-critical-bug.html
Microsoft's latest security patch troubles Windows 11 users https://www.theregister.com/2022/07/18/windows_11_patch_problems/

Other Vulnerabilities:

Hundreds of ICS Vulnerabilities Disclosed in First Half of 2022 https://www.securityweek.com/hundreds-ics-vulnerabilities-disclosed-first-half-2022
New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks https://thehackernews.com/2022/07/new-study-finds-most-enterprise-vendors.html
The New Weak Link in SaaS Security: Devices https://thehackernews.com/2022/07/the-new-weak-link-in-saas-security.html
At the edge, nobody can hear your IoT devices scream … https://www.theregister.com/2022/07/22/at_the_edge_nobody_can/
Code Execution and Other Vulnerabilities Patched in Drupal https://www.securityweek.com/code-execution-and-other-vulnerabilities-patched-drupal
WordPress Page Builder Plug-in Under Attack, Can't Be Patched https://www.darkreading.com/application-security/wordpress-page-builder-addons-under-attack-cant-be-patched
Netwrix Auditor Vulnerability Can Facilitate Attacks on Enterprises https://www.securityweek.com/netwrix-auditor-vulnerability-can-facilitate-attacks-enterprises

Research on new vulnerabilities:

New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html

Cryptography and Cryptographic Research:

DiSSECT: Distinguisher of Standard & Simulated Elliptic Curves via Traits https://eprint.iacr.org/2022/943
Searchable Encryption with randomized ciphertext and randomized keyword search https://eprint.iacr.org/2022/945
Molecular Encryption - ‘Pulling back the curtain' to reveal a molecular key to The Wizard of Oz https://scienmag.com/pulling-back-the-curtain-to-reveal-a-molecular-key-to-the-wizard-of-oz/

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Trends, Alerts, and Events (other than major breaches):

A Deep Dive Into the Residential Proxy Service ‘911' https://krebsonsecurity.com/2022/07/a-deep-dive-into-the-residential-proxy-service-911/
Exploit seller used Chrome exploit and 2 other 0-days to infect journalists https://arstechnica.com/information-technology/2022/07/exploit-seller-used-chrome-exploit-and-2-other-0-days-to-infect-journalists/
Cyber-attacks on Port of Los Angeles have doubled since pandemic https://www.bbc.co.uk/news/business-62260272
Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability https://thehackernews.com/2022/07/experts-notice-sudden-surge-in.html
Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms https://thehackernews.com/2022/07/hackers-use-evilnum-malware-to-target.html
New ‘Lightning Framework' Linux malware installs rootkits, backdoors https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/
New CloudMensis malware backdoors Macs to steal victims' data https://www.bleepingcomputer.com/news/security/new-cloudmensis-malware-backdoors-macs-to-steal-victims-data/
Malicious Android apps with 300K installs found on Google Play https://www.bleepingcomputer.com/news/security/malicious-android-apps-with-300k-installs-found-on-google-play/
Servers running Digium Phones VoiP software are getting backdoored https://arstechnica.com/information-technology/2022/07/servers-running-digium-phones-voip-software-are-getting-backdoored/
Massive Losses Define Epidemic of ‘Pig Butchering' https://krebsonsecurity.com/2022/07/massive-losses-define-epidemic-of-pig-butchering/
LinkedIn remains the most impersonated brand in phishing attacks https://www.bleepingcomputer.com/news/security/linkedin-remains-the-most-impersonated-brand-in-phishing-attacks/
FBI warns of fake cryptocurrency apps used to defraud investors https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-cryptocurrency-apps-used-to-defraud-investors/
Ontario woman warns about computer virus banking scam after losing $60,000 https://toronto.ctvnews.ca/ontario-woman-warns-about-computer-virus-banking-scam-after-losing-60-000-1.5994245

Crime & Arrests, etc.:

FBI recovers $500,000 healthcare orgs paid to Maui ransomware https://www.bleepingcomputer.com/news/security/fbi-recovers-500-000-healthcare-orgs-paid-to-maui-ransomware/
Romanian hacker faces US trial over virus-for-hire service https://www.theverge.com/2022/7/20/23271583/romanian-hacker-extradited-banking-malware-gozi-virus-paunescu

Nation State Actors:

Exploitation of Recent Chrome Zero-Day Linked to Israeli Spyware Company https://www.securityweek.com/exploitation-recent-chrome-zero-day-linked-israeli-spyware-company
US Disrupts North Korean Hackers That Targeted Hospitals https://www.securityweek.com/us-disrupts-north-korean-hackers-targeted-hospitals
NSO Group's Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders https://www.schneier.com/blog/archives/2022/07/nso-groups-pegasus-spyware-used-against-thailand-pro-democracy-activists-and-leaders.html
Belgium Says Chinese APTs Targeted Interior, Defense Ministries https://www.securityweek.com/belgium-says-chinese-apts-targeted-interior-defense-ministries

Other Security / Risk

Articles covering other types of risks.

General:

Bill for US telcos to bin Chinese kit blows out by $3 billion https://www.theregister.com/2022/07/18/scrp_shortfall/
Google blocks site of largest computing society for being ‘harmful' https://www.bleepingcomputer.com/news/security/google-blocks-site-of-largest-computing-society-for-being-harmful-/
Magical thinking about Ballot-Marking-Device contingency plans https://freedom-to-tinker.com/2022/07/21/magical-thinking-about-ballot-marking-device-contingency-plans/
The Unsolved Mystery Attack on Internet Cables in Paris https://www.wired.com/story/france-paris-internet-cable-cuts-attack/
RCAF to ‘protect Canadian interests in space' with new division https://globalnews.ca/news/9009389/rcaf-new-space-division/
Fire continues to burn on P.E.I.-N.S. ferry, crossings cancelled for rest of weekend https://globalnews.ca/news/9010795/pei-ns-ferry-fire-crossings-cancelled/

Health:

Food Expiration Dates Aren't Based on Science. Here's What You Can Do Instead https://www.sciencealert.com/food-expiration-dates-aren-t-based-on-science-here-s-what-you-can-do-instead
New York records 1st polio case in over a decade https://globalnews.ca/news/9006762/new-york-state-polio-case-confirmed/
WHO declares monkeypox a global health emergency https://globalnews.ca/news/9010837/who-monkeypox-global-health-emergency/
Canada confirms 681 monkeypox cases as WHO declares global health emergency https://globalnews.ca/news/9011383/canada-monkeypox-who-global-health-emergency/
COVID Virus May Tunnel through Nanotubes from Nose to Brain https://www.scientificamerican.com/article/covid-virus-may-tunnel-through-nanotubes-from-nose-to-brain/
Is COVID-19 testing needed at airports? Experts are divided https://globalnews.ca/news/9002936/covid-random-testing-airports-expert-reaction/
New key protection against COVID-19 found in saliva! https://scienmag.com/new-key-protection-against-covid-19-found-in-saliva/
Alzheimer's breakthrough: Genetic link to gut disorders confirmed https://scienmag.com/alzheimers-breakthrough-genetic-link-to-gut-disorders-confirmed/
UTMB study shows vaccine rapidly protects against lethal Lassa fever https://scienmag.com/utmb-study-shows-vaccine-rapidly-protects-against-lethal-lassa-fever/
Man's leg amputated after infection with flesh-eating bacteria in ocean https://www.accuweather.com/en/weather-news/mans-leg-amputated-after-infection-with-flesh-eating-bacteria-in-ocean/1221047
Stanford-Developed Millirobot Swims in Your Body and Delivers Medicine to Places That Need It https://scitechdaily.com/stanford-developed-millirobot-swims-in-your-body-and-delivers-medicine-to-places-that-need-it/

Safety:

Legalization of marijuana linked to increased traffic crashes, fatalities: Study https://scienmag.com/legalization-of-marijuana-linked-to-increased-traffic-crashes-fatalities-study/
3 hikers who went missing in northern Ontario located with help of ‘what3words' app https://globalnews.ca/news/9006869/missing-hikers-located-ontario-what3words/
28-year-old woman charged after carjacking on Gardiner Expressway: Toronto police https://globalnews.ca/news/8998710/gardiner-expressway-carjacking-toronto/
Chess robot breaks seven-year-old boy's finger during Moscow Open https://www.bbc.co.uk/news/world-europe-62286017
12 youths charged in string of ‘swarming-style' robberies across Vaughan https://globalnews.ca/news/9003063/youths-arrested-swarming-style-robberies-vaughan/
Victims pepper-sprayed during daytime ‘swarming robbery' near Canada's Wonderland: police https://globalnews.ca/news/9009412/victims-pepper-sprayed-vaughan-swarming-robbery/

Environment:

How Hot is Too Hot for the Human Body? https://www.scientificamerican.com/article/how-hot-is-too-hot-for-the-human-body1/
Google Cloud data center in London suffers 'cooling-related failure' as UK hits record-high temperatures https://www.businessinsider.com/google-cloud-data-center-london-outage-hottest-day-record-uk-2022-7
England Can't Take the Heat https://www.theatlantic.com/international/archive/2022/07/uk-europe-heatwave-temperature-record/670571/
Photos: The U.K. Reaches Its Highest Temperature Ever https://www.theatlantic.com/photo/2022/07/photos-uk-heatwave/670566/
Most of Ontario under heat warning with climatologist saying 'warmest part of summer has yet to come' https://toronto.ctvnews.ca/most-of-ontario-under-heat-warning-with-climatologist-saying-warmest-part-of-summer-has-yet-to-come-1.5992433
Nuclear power station shut downs will leave Ontario relying on gas to generate electricity https://globalnews.ca/news/8949102/nuclear-power-pickering-gas-environment-electricity-ontario-ford/
Canadian lakes getting warmer and shallower amid climate change: study https://globalnews.ca/news/9001153/canadian-lakes-climate-change/
‘Your gas guzzler kills': Environmental group says it deflated tires on Kitchener SUVs https://globalnews.ca/news/8997655/environmental-group-deflates-tires-suvs-kitchener/
Massive waves clear two-storey condo in Hawaii as huge swell rolls in https://globalnews.ca/news/8998350/massive-waves-hawaii-two-storey-condo/
Economy:
The Everything-Is-Weird Economy https://www.theatlantic.com/newsletters/archive/2022/07/us-economy-inflation-recession-employment/670543/
Bank of Canada interest rate hike is a ‘hammer to housing' market: BMO economist https://globalnews.ca/news/8998329/bank-of-canada-interest-rate-housing-market/
Eurozone raises interest rates for first time in 11 years https://www.bbc.co.uk/news/business-62240730
Where have all the workers gone? Don't blame COVID, economists say https://www.cbc.ca/news/canada/ottawa/ottawa-workers-covid-retirements-1.6529325
‘Bunch of Idiots': Crypto Pays Steep Price for Due Diligence Delinquency https://www.pymnts.com/cryptocurrency/2022/bunch-of-idiots-crypto-pays-steep-price-for-due-diligence-delinquency/
Towing fees in Mississauga to spike by hundreds of dollars https://toronto.ctvnews.ca/towing-fees-in-mississauga-to-spike-by-hundreds-of-dollars-1.5993842

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

The war:

Russia has only gained 'maybe 6 to 10 miles' of territory since war pivoted to eastern Ukraine, top US general says https://www.businessinsider.com/russia-territory-eastern-ukraine-war-few-miles-us-general-says-2022-7
Russia appears to have shot down one of its own jets in Ukraine just a few weeks after it was delivered https://www.businessinsider.com/russia-appears-to-shoot-down-own-new-su34m-in-ukraine-2022-7
Ukraine war: Kyiv's forces moving towards occupied Kherson - Zelensky https://www.bbc.co.uk/news/world-europe-62283196
Ukraine and Russia sign deal to allow grain exports from blockaded Black Sea ports amid growing fears of global food catastrophe https://www.businessinsider.com/ukraine-russia-reach-deal-allow-grain-exports-avoid-food-catastrophe-2022-7
Ukraine war: Explosions rock Ukrainian port hours after grain deal https://www.bbc.co.uk/news/world-europe-62276392

Reaction and response:

Russia replaces provocative head of its space agency, signs deal with NASA to share resources https://www.cbc.ca/news/world/russia-replaces-head-russia-space-agency-who-threatened-leave-iss-1.6521694

Sanctions & economic Impact:

Information, Disinformation, and Propaganda:
Russia's independent TV Rain channel back on air from abroad https://www.bbc.co.uk/news/world-europe-62216940
Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html
Pro-Russia authorities will ban Google in occupied regions of Ukraine https://www.theverge.com/2022/7/22/23274134/google-banned-occupied-ukraine-russia-war-donetsk-luhansk
Russia fines Google $365 million over YouTube videos containing ‘prohibited' content https://www.theverge.com/2022/7/18/23268978/google-russia-fine-360-million-youtube-videos-prohibited-content-ukraine-war

Cyber-attacks and the potential for cyber-war:

Google catches Turla hackers deploying Android malware in Ukraine https://www.bleepingcomputer.com/news/security/google-catches-turla-hackers-deploying-android-malware-in-ukraine/
Russia Creates Malware False-Flag App https://www.schneier.com/blog/archives/2022/07/russia-creates-malware-false-flag-app.html

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

Innovations & Inventions:

How Florence Nightingale Changed Data Visualization Forever https://www.scientificamerican.com/article/how-florence-nightingale-changed-data-visualization-forever/
Aerospace electrified by new technology https://www.bbc.co.uk/news/business-62120130
CAE to convert fleet to electric planes, and school future pilots in green aircraft https://globalnews.ca/news/9000790/cae-to-convert-fleet-to-electric-planes-and-school-future-pilots-in-green-aircraft/
Boom Supersonic has unveiled the latest design for its ultra-fast airliner that will be able to fly from New York to London in 3.5 hours — see the new Overture https://www.businessinsider.com/photos-boom-supersonic-updated-ultra-fast-aircraft-overture-2022-7

Quatum Innovation.

Computer Science Proof Unveils Unexpected Form of Entanglement https://www.quantamagazine.org/computer-science-proof-lifts-limits-on-quantum-entanglement-20220718/

Other:

A McDonald's and a Dairy Queen in Missouri are trading insults on their restaurant signs, and now other local businesses are joining in on the beef https://www.businessinsider.com/missouri-mcdonalds-dairy-queen-start-sign-war-insults-local-businesses-2022-7
Dogs Might Actually 'See' Through Smells, Brain Scans Suggest https://www.sciencealert.com/dogs-smell-is-tightly-linked-to-the-visual-parts-of-their-brain
How is Canada like Mars? Lost Hammer Spring shows us https://www.syfy.com/syfy-wire/bad-astronomy-lost-hammer-spring-in-canada-is-similar-to-mars
Two Spacecraft Could Work Together to Capture an Asteroid and Bring it Close to Earth for Mining https://www.universetoday.com/156729/two-spacecraft-could-work-together-to-capture-an-asteroid-and-bring-it-close-to-earth-for-mining/
‘Black hole police' discover a dormant black hole outside of the Milky Way galaxy https://scienmag.com/black-hole-police-discover-a-dormant-black-hole-outside-of-the-milky-way-galaxy/