15 min read

This Week's [in]Security - Issue 280

CG Blogger : Aug 14, 2022 12:00:00 AM

[in]security

Welcome to This Week’s [in]Security. PCI FAQs. Crypto-research: the PQC demo derby, more SIDH attacks. New breaches: Twillo, Cisco, Shanghai, ipay88, not AT&T(?), VNC, Zimbra, party poopers. New Ransomware: Finland, Bombardier. Outages: Google, MS365. Follow-ups: Twitter. Privacy: Facebook, GitHub, RCMP. Laws & Regs - Canada: Internet, ArriveCAN. US: Cyberattack reporting, AI patents. World: Big tech. NIST standards. Defense - Training & events: PQC Migration workshop, DEFCON & Blackhat. Tools & Techniques, better incident investigation, defending supply chains, Kali. Vulnerabilities - Advisories: UNRAR, broken advisories. Patching: errors, Windows data corruption, UEFI bypass. Significant: Round-up, dev pipelines. NPM and PyPl. Research: SQUIP, SGX, Starlink. Cybercrime - Trends: deepfakes, Scam-as-a-Service. Crime & Enforcement. Nation States and mercenaries. Other Risks - Cyber-insurance, critical-infrastructure, stolen algorithms. AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

New/Updated FAQs:

The PCI SSC Website added a link to all the FAQ’s https://www.pcisecuritystandards.org/resources-overview/faqs/all/
Control Gap's updated our list of FAQs to align with the refreshed PCI Web site https://www.controlgap.com/pci-frequently-asked-questions
PCI Security Standards Council Announces 2022–2024 Global Executive Assessor Roundtable https://www.pcisecuritystandards.org/about_us/press_releases/pci-security-standards-council-announces-2022-2024-global-executive-assessor-roundtable/

Payment skimmers/malware/fraud:

How hackers are stealing credit cards from classifieds sites https://www.bleepingcomputer.com/news/security/how-hackers-are-stealing-credit-cards-from-classifieds-sites/

Other payment related:

Telus wants to add a 1.5% processing fee for credit card payments this fall https://globalnews.ca/news/9055717/telus-credit-card-processing-fee/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

New Breaches:

Don't be surprised if your organization suffers multiple cyberattacks https://www.theregister.com/2022/08/11/multiple_cyberattacks_sophos/
Twilio customer data exposed after its staffers got phished https://www.theregister.com/2022/08/08/twilio_phishing_attack/
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too https://www.theregister.com/2022/08/10/cloudflare_twilio_phishing/
Phishers who breached Twilio and fooled Cloudflare could easily get you, too https://arstechnica.com/information-technology/2022/08/phishers-breach-twilio-and-target-cloudflare-using-workers-home-numbers/
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen https://www.bleepingcomputer.com/news/security/cisco-hacked-by-yanluowang-ransomware-gang-28gb-allegedly-stolen/
Hacker offers to sell data of 48.5M users of Shanghai's COVID app https://www.databreaches.net/hacker-offers-to-sell-data-of-48-5-mln-users-of-shanghais-covid-app/
Online payment gateway iPay88 reports possible security breach https://www.malaymail.com/news/malaysia/2022/08/11/online-payment-gateway-ipay88-reports-possible-security-breach/22315
It Might Be Our Data, But It's Not Our Breach https://krebsonsecurity.com/2022/08/it-might-be-our-data-but-its-not-our-breach/
Ransomware potentially exposed 2,000 Ypsilanti-area utility customers' bank information https://www.databreaches.net/ransomware-potentially-exposed-2000-ypsilanti-area-utility-customers-bank-information/
Over 9,000 VNC servers exposed online without a password https://www.bleepingcomputer.com/news/security/over-9-000-vnc-servers-exposed-online-without-a-password/
Zimbra auth bypass bug exploited to breach over 1,000 servers https://www.bleepingcomputer.com/news/security/zimbra-auth-bypass-bug-exploited-to-breach-over-1-000-servers/
Email marketing firm hacked to steal crypto-focused mailing lists https://www.bleepingcomputer.com/news/security/email-marketing-firm-hacked-to-steal-crypto-focused-mailing-lists/
Update: Hackers issue ‘ransom demands' to NHS IT supplier: Fears MILLIONS of confidential patient records could be leaked after major cyber attack https://www.databreaches.net/update-hackers-issue-ransom-demands-to-nhs-it-supplier-fears-millions-of-confidential-patient-records-could-be-leaked-after-major-cyber-attack/
Anonymous poop gifting site hacked, customers exposed https://www.bleepingcomputer.com/news/security/anonymous-poop-gifting-site-hacked-customers-exposed/

New Ransomware and "Incidents":

Ransomware gangs move to 'callback' social engineering attacks https://www.bleepingcomputer.com/news/security/ransomware-gangs-move-to-callback-social-engineering-attacks/
Finland's parliament hit with cyberattack following US move to admit the country to NATO https://www.databreaches.net/finlands-parliament-hit-with-cyberattack-following-us-move-to-admit-the-country-to-nato/
Cyberattack forces Ski-Doo maker BRP to suspend operations https://globalnews.ca/news/9047589/quebec-brp-skidoo-cyberattack/
7-Eleven Denmark confirms ransomware attack behind store closures https://www.bleepingcomputer.com/news/security/7-eleven-denmark-confirms-ransomware-attack-behind-store-closures/
Argentinian health services plan hit by LockBit https://www.databreaches.net/argentinian-health-services-plan-hit-by-lockbit/

Major outages/downs:

Google outage: tech giant apologizes after software update causes search engine to go down https://www.theguardian.com/technology/2022/aug/09/google-outage-search-down
Microsoft 365 outage triggered by Meraki firewall false positive https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-triggered-by-meraki-firewall-false-positive/
Large power outage reported in Toronto's downtown core https://globalnews.ca/news/9053368/power-outage-toronto-downtown-core-august-11/

Follow-ups and fall-out:

Twitter - 6,682,453 breached accounts https://haveibeenpwned.com/PwnedWebsites#Twitter
UK NHS service recovery may take a month after MSP ransomware attack https://www.bleepingcomputer.com/news/security/uk-nhs-service-recovery-may-take-a-month-after-msp-ransomware-attack/
Ontario Cannabis Store capping pot shop orders, changing delivery window after partner's cyberattack https://globalnews.ca/news/9053258/ontario-cannabis-store-capping-orders-delivery-cyberattack/

Privacy

Articles about privacy related news, risks, and trends.

Facebook's In-app Browser on iOS Tracks ‘Anything You Do on Any Website' https://threatpost.com/facebook-ios-tracks-anything/180395/
GitHub's new privacy policy sparks backlash over tracking cookies https://www.bleepingcomputer.com/news/security/githubs-new-privacy-policy-sparks-backlash-over-tracking-cookies/
Canada's former privacy watchdog ‘surprised' by RCMP spyware program https://globalnews.ca/news/9047721/former-privacy-watchdog-surprised-rcmp-spyware-program/
RCMP has yet to turn over info on cellphone spyware program to privacy watchdog https://globalnews.ca/news/9044296/rcmp-cellphone-hacking-privacy/
A Phone Carrier That Doesn't Track Your Browsing or Location https://www.wired.com/story/pretty-good-phone-privacy-android/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Canada:

The Law Bytes Podcast, Episode 138: John Lawford on the Legal, Regulatory and Policy Responses to the Rogers Outage https://www.michaelgeist.ca/2022/08/law-bytes-podcast-episode-138/
Experts warn ArriveCAN app could be violating constitutionally protected rights https://globalnews.ca/news/9047177/experts-warn-arrivecan-app-could-be-violating-constitutionally-protected-rights/

The SEC's cyberattack reporting rules are seeing fierce opposition. CISA is poised to do better. https://www.databreaches.net/the-secs-cyberattack-reporting-rules-are-seeing-fierce-opposition-cisa-is-poised-to-do-better/
AI systems can't patent inventions, US federal circuit court confirms https://www.theverge.com/2022/8/8/23293353/ai-patent-legal-status-us-federal-circuit-court-rules-thaler-dabus
Ex-CISA chief Krebs calls for US to get serious on security https://www.theregister.com/2022/08/10/krebs_black_hat/
Ex-CIA security boss predicts coming crackdown on spyware https://www.theregister.com/2022/08/11/cia_security_boss_spyware/
Is it Illegal to Scrape a Website for Content? https://www.imperva.com/blog/is-it-illegal-to-scrape-a-website-for-content/
US treasury whips up sanctions for crypto mixer Tornado Cash https://www.theregister.com/2022/08/08/treasury_sanctions_tornado_cash_korea/
USAA Must Face Lawsuit Over Driver's License Disclosures https://www.databreaches.net/usaa-must-face-lawsuit-over-drivers-license-disclosures/

World:

Google fined $60 million over Android location data collection https://www.bleepingcomputer.com/news/google/google-fined-60-million-over-android-location-data-collection/
Will Europe Force a Facebook Blackout? https://www.wired.com/story/facebook-eu-us-data-transfers/
German Regulators Consider Whether Microsoft Subject to Competition Rules https://www.pymnts.com/news/regulation/2022/german-regulators-consider-whether-microsoft-subject-to-competition-rules/

Standards News:

Zero Trust Architecture Preliminary Draft Practice Guide (Vol. C-D) open for public comment until September 9 https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture
NIST requests comments on IR 8214B initial public draft: Notes on Threshold EdDSA/Schnorr Signatures open through October 24 https://csrc.nist.gov/publications/detail/nistir/8214B/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Educational events, webinars, courses, etc:

Registration is Now Open for the August NCCoE Learning Series Webinar: Preparing for the Migration to Post-Quantum Cryptography August 25, 2022 3:00PM - 3:45PM (ET) https://www.nccoe.nist.gov/get-involved/attend-events/nccoe-learning-series-webinar-preparing-migration-post-quantum
Looking Back at 25 Years of Black Hat https://www.darkreading.com/edge-articles/looking-back-at-25-years-of-black-hat
Hacking the Future at DEF CON 30 https://www.eff.org/deeplinks/2022/07/hacking-future-def-con-30
Ukraine's cyber chief comes to Black Hat in surprise visit https://www.theregister.com/2022/08/13/in_brief_security_black_hat/

General:

Microsoft trumps Google for 2021-22 bug bounty payouts https://www.theregister.com/2022/08/12/microsoft_bug_bounty/

Methods, Techniques, Tools, and Products:

Security needs to learn from the aviation biz to avoid crashing https://www.theregister.com/2022/08/11/wheeler_black_hat/
GitHub Moves to Guard Open Source Against Supply Chain Attacks https://www.wired.com/story/github-code-signing-sigstore/
Meta is ever so slowly expanding its testing of end-to-end encryption https://arstechnica.com/information-technology/2022/08/meta-is-ever-so-slowly-expanding-its-testing-of-end-to-end-encryption/
The Security Pros and Cons of Using Email Aliases https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/
Microsoft tightens Edge security for less visited websites https://www.theregister.com/2022/08/08/microsoft_edge_security_browsing/
Microsoft: Exchange ‘Extended Protection' needed to fully patch new bugs https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-extended-protection-needed-to-fully-patch-new-bugs/
Opinion: Businesses should dump Windows for the Linux desktop https://www.theregister.com/2022/08/10/opinion_column_drop_windows_for_linux/
Making Linux Kernel Exploit Cooking Harder https://security.googleblog.com/2022/08/making-linux-kernel-exploit-cooking.html
Kali Linux 2022.3 adds 5 new tools, updates Linux kernel, more https://www.bleepingcomputer.com/news/security/kali-linux-20223-adds-5-new-tools-updates-linux-kernel-more/
A Long-Awaited IoT Reverse Engineering Tool Is Finally Here https://www.wired.com/story/ofrak-iot-reverse-engineering-tool/
How Hash-Based Safe Browsing Works in Google Chrome https://security.googleblog.com/2022/08/how-hash-based-safe-browsing-works-in.html
HYAS Unveils New Tool for Continuous DNS Monitoring https://www.securityweek.com/hyas-unveils-new-tool-continuous-dns-monitoring

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Advisories:

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems https://thehackernews.com/2022/08/cisa-issues-warning-on-active.html
Patch Madness: Vendor Bug Advisories Are Broken, So Broken https://www.darkreading.com/risk/patch-madness-vendor-bug-advisories-broken

Patching:

Sloppy Software Patches Are a ‘Disturbing Trend' https://www.wired.com/story/software-patch-flaw-uptick-zdi/
Microsoft's fix for 'data damage' risk hits PC performance https://www.theregister.com/2022/08/09/widows_data_damage/
Windows devices with newest CPUs are susceptible to data damage https://www.bleepingcomputer.com/news/microsoft/windows-devices-with-newest-cpus-are-susceptible-to-data-damage/
Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/
Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass https://www.bleepingcomputer.com/news/security/microsoft-blocks-uefi-bootloaders-enabling-windows-secure-boot-bypass/
Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders https://thehackernews.com/2022/08/researchers-uncover-uefi-secure-boot.html
Zoom's latest update on Mac includes a fix for a dangerous security flaw https://www.theverge.com/2022/8/14/23305548/zoom-update-macos-fix-dangerous-security-flaw-hackers
The Zoom installer let a researcher hack his way to root access on macOS https://www.theverge.com/2022/8/12/23303411/zoom-defcon-root-access-privilege-escalation-hack-patrick-wardle

Significant:

Control Gap Vulnerability Roundup: July 30th to August 5th https://www.controlgap.com/blog/vulnerability-roundup-july-29th-august-5th
Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem https://www.darkreading.com/application-security/software-development-pipelines-cybercriminals-free-range-access-cloud-on-prem
Google's bug bounty boss: Finding and patching vulns? 'Totally useless' - exploitability counts https://www.theregister.com/2022/08/10/google_bug_bounty_boss/
Sounding the Alarm on Emergency Alert System Flaws https://krebsonsecurity.com/2022/08/sounding-the-alarm-on-emergency-alert-system-flaws/
(ISC)² and F5 Examine OWASP'S “Top 10” Report on New Web Application Security Risks https://blog.isc2.org/isc2_blog/2022/08/owasps-top-10-report-on-new-web-application-security-risks.html
Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader https://www.securityweek.com/adobe-patch-tuesday-code-execution-flaws-acrobat-reader
Exploit Code Published for Critical VMware Security Flaw https://www.securityweek.com/exploit-code-published-critical-vmware-security-flaw
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html

Other Vulnerabilities:

Boffins rate npm and PyPI package security and it's not good https://www.theregister.com/2022/08/11/npm_pypi_security/
Facebook's Metaverse is Expanding the Attack Surface https://www.trendmicro.com/en_us/research/22/h/facebook-metaverse-attack-surface-security.html
One of 5G's Biggest Features Is a Security Minefield https://www.wired.com/story/5g-api-flaws/
Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attacks https://www.securityweek.com/palo-alto-networks-firewalls-targeted-reflected-amplified-ddos-attack
And Here They Come Again: DNS Reflection Attacks, (Wed, Aug 10th) https://isc.sans.edu/diary/rss/28928
Security Firm Finds Flaws in Indian Online Insurance Broker https://www.securityweek.com/security-firm-finds-flaws-indian-online-insurance-broker

Research on new vulnerabilities:

AMD Processors Expose Sensitive Data to New 'SQUIP' Attack https://www.securityweek.com/amd-processors-expose-sensitive-data-new-squip-attack
SGX, Intel’s supposedly impregnable data fortress, has been breached yet again https://arstechnica.com/information-technology/2022/08/architectural-bug-in-some-intel-cpus-is-more-bad-news-for-sgx-users/
Hacking Starlink https://www.schneier.com/blog/archives/2022/08/hacking-starlink.html
A Taxonomy of Access Control https://www.schneier.com/blog/archives/2022/08/a-taxonomy-of-access-control.html

Cryptography and Cryptographic Research:

NIST's Post-Quantum Cryptography Standards https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html
An attack on SIDH with arbitrary starting curve https://eprint.iacr.org/2022/1026
Breaking SIDH in polynomial time https://eprint.iacr.org/2022/1038

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Trends, Alerts, and Events (other than major breaches):

Malicious deepfakes used in attacks up 13% from last year, VMware finds https://www.theregister.com/2022/08/09/vmware_malware/
Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown https://www.securityweek.com/number-ransomware-attacks-industrial-orgs-drops-following-conti-shutdown
10 Credential Stealing Python Libraries Found on PyPI Repository https://thehackernews.com/2022/08/10-credential-stealing-python-libraries.html
Sonatype spots another PyPI package behaving badly https://www.theregister.com/2022/08/11/sonatype/
Dark Utilities C2 service draws thousands of cyber criminals https://www.theregister.com/2022/08/08/dark_utilities_c2_service/
Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore https://thehackernews.com/2022/08/researchers-uncover-classiscam-scam-as.html
FBI: Zeppelin ransomware may encrypt devices multiple times in attacks https://www.bleepingcomputer.com/news/security/fbi-zeppelin-ransomware-may-encrypt-devices-multiple-times-in-attacks/
Hackers install Dracarys Android malware using modified Signal app https://www.bleepingcomputer.com/news/security/hackers-install-dracarys-android-malware-using-modified-signal-app/
Phishers Swim Around 2FA in Coinbase Account Heists https://threatpost.com/phishers-2fa-coinbase/180356/
Open Redirect Flaws in American Express and Snapchat Exploited in Phishing Attacks https://www.securityweek.com/open-redirect-flaws-american-express-and-snapchat-exploited-phishing-attacks

Crime & Arrests, etc.:

Small-time cybercrime is about to explode — We aren't ready https://blog.talosintelligence.com/2022/08/smalltime-cybercrime.html
US govt will pay you $10 million for info on Conti ransomware members https://www.bleepingcomputer.com/news/security/us-govt-will-pay-you-10-million-for-info-on-conti-ransomware-members/
FTC Probes $200M Bitmark Crypto Hack https://www.pymnts.com/news/regulation/2022/ftc-probes-200m-bitmark-crypto-hack/
Dutch Detain Suspected Developer Of Crypto Mixer Tornado Cash https://packetstormsecurity.com/news/view/33725/Dutch-Detain-Suspected-Developer-Of-Crypto-Mixer-Tornado-Cash.html
People posing as City of Toronto workers attempting to enter homes, get personal info https://globalnews.ca/news/9050722/people-posing-as-city-of-toronto-workers/
Police announce arrests in major cross-border gun and drug trafficking probe https://toronto.ctvnews.ca/police-announce-arrests-in-major-cross-border-gun-and-drug-trafficking-probe-1.6021193
SIM Swapper Sentenced to 3 Years of Probation and Ordered to Pay Restitution After Pleading Guilty for Role in SIM Swap Scam Targeting at Least 40 People, Including New Orleans Resident https://www.databreaches.net/sim-swapper-sentenced-to-3-years-of-probation-and-ordered-to-pay-restitution-after-pleading-guilty-for-role-in-sim-swap-scam-targeting-at-least-40-people-including-new-orleans-resident/
Three Defendants Sentenced In Fraud And Identity Theft Scam Targeting Customers Of Banks And Credit Unions https://www.databreaches.net/three-defendants-sentenced-in-fraud-and-identity-theft-scam-targeting-customers-of-banks-and-credit-unions/
Early Results on DNA Evidence From Decades-Old Rape Cases Are Both Promising and Alarming https://www.propublica.org/article/dna-evidence-cold-cases-baltimore#1390894

Nation State Actors:

China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs https://www.theregister.com/2022/08/09/china_apt_kaspersky/
Chinese scammers target kids with promise of extra gaming hours https://www.theregister.com/2022/08/09/china_minors_gaming/
Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China https://www.securityweek.com/cyberspying-aimed-industrial-enterprises-russia-and-ukraine-linked-china
Maui ransomware linked to North Korean group Andariel https://www.theregister.com/2022/08/10/maui_ransomware_andariel/
Former Twitter Employee Found Guilty of Spying for Saudi Arabia https://thehackernews.com/2022/08/former-twitter-employee-found-guilty-of.html
Other:

Other Security / Risk

Articles covering other types of risks.

General:

Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage https://www.darkreading.com/risk/cyber-insurance-fail-businesses-lack-ransomware-coverage
The Biden Administration Must Designate Civilian Satellites Critical Infrastructure https://www.scientificamerican.com/article/the-biden-administration-must-designate-civilian-satellites-critical-infrastructure/
Researchers Find Stolen Algorithms in Commercial Cybersecurity Products https://www.securityweek.com/researchers-find-stolen-algorithms-commercial-cybersecurity-products
Compliance Certifications: Worth the Effort? https://www.darkreading.com/risk/compliance-certifications-worth-the-effort-
Meta's chatbot says the company 'exploits people' https://www.bbc.co.uk/news/technology-62497674
Gmail is now officially allowed to spam-proof politicians' emails https://www.theverge.com/2022/8/11/23301554/google-gmail-spam-filters-republicans-gop-trump
Not Even the President Can Declassify Nuclear Secrets https://www.theatlantic.com/ideas/archive/2022/08/trump-fbi-raid-classified-nuclear-documents/671119/
More human remains found as parched Lake Mead gives up 4th body https://globalnews.ca/news/9044103/lake-mead-human-remains-fourth-body/
The End of Manual Transmission https://www.theatlantic.com/technology/archive/2022/08/stick-shift-manual-transmission-cars/671078/

Artificial Intelligence and Machine Learning:

AI may come to the rescue of future firefighters https://scienmag.com/ai-may-come-to-the-rescue-of-future-firefighters/
Setting our heart-attack-predicting AI loose with “no-code” tools https://arstechnica.com/information-technology/2022/08/no-code-no-problem-part-two-setting-the-ai-loose-with-the-easy-button/
Using AI (DALL-E 2) to recreate cereal brands and see how messed up it gets https://www.aiweirdness.com/ai-recreates-classic-cereals/

Health:

A Common 'Forever Chemical' Has Just Been Linked to Liver Cancer in Humans https://www.sciencealert.com/this-once-common-forever-chemical-has-just-been-linked-to-liver-cancer-in-humans
Climate change can make most human diseases worse https://www.theverge.com/2022/8/8/23296943/climate-change-diseases-heat-mosquitoes-zika-covid
New Langya virus detected in China. Here's what we know so far https://globalnews.ca/news/9050378/langya-virus-china/
US doctor issues warning of many undiagnosed polio cases https://www.bbc.co.uk/news/health-62469534
How does polio spread? What are the symptoms? Here's what we know https://globalnews.ca/news/9056478/polio-virus-explainer-aug-12/
Ontario confident in monkeypox vaccine strategy, Moore says, but some seek expansion https://globalnews.ca/news/9044605/ontario-confident-in-monkeypox-vaccine-strategy-moore-says-but-some-seek-expansion/
Australia Covid: Contact tracing app branded expensive 'failure' https://www.bbc.co.uk/news/world-australia-62496322
More than a third of Canadian households got COVID-19 after restrictions lifted, poll finds https://globalnews.ca/news/9045299/covid19-infection-poll-canada-august-8/
New test may predict COVID-19 immunity https://scienmag.com/new-test-may-predict-covid-19-immunity/
Developing antivirals for pandemic-level viruses https://scienmag.com/developing-antivirals-for-pandemic-level-viruses/
Scientists Revive Human Retinas after Death https://www.scientificamerican.com/article/scientists-revive-human-retinas-after-death/
It Really Is in Your Head: Thinking Hard and Long Can Cause Brain Drain https://www.sciencealert.com/it-really-is-in-your-head-thinking-hard-and-long-can-cause-brain-drain

Safety:

WWII bomb found as waters recede in drought-stricken Italian river https://globalnews.ca/news/9044373/wwii-bomb-italy-drought-river-po/
An open letter to the Tesla fan who wants to run over a kid to prove a point https://www.theverge.com/2022/8/12/23302850/tesla-full-self-driving-child-crash-open-letter
Tesla's self-driving technology fails to detect children in the road, group claims https://www.theguardian.com/technology/2022/aug/09/tesla-self-driving-technology-safety-children
Man pointed airsoft gun at guard outside Toronto's Chinese consulate: police https://toronto.ctvnews.ca/man-pointed-airsoft-gun-at-guard-outside-toronto-s-chinese-consulate-police-1.6024804
Florida man watching beach sunrise killed after sand dune collapses on him https://globalnews.ca/news/9050158/florida-man-killed-sand-dune-collapses/
Do You Really Need to Wait 30 Minutes After Eating to Go Swimming? https://www.mentalfloss.com/posts/can-you-swim-after-eating
Aging condos in Ontario will need expensive repairs in the future, report finds https://toronto.ctvnews.ca/aging-condos-in-ontario-will-need-expensive-repairs-in-the-future-report-finds-1.6022378

Environment:

Glaciers in Switzerland melted so much that they revealed 2 long-lost bodies and a plane wreck from 1968 https://www.businessinsider.com/melting-glaciers-reveal-human-remains-plane-wreck-swiss-alps-2022-8
Plastic makers ask court to reject Ottawa's plan to ban single use straws, cups https://globalnews.ca/news/9050651/plastics-makers-ottawa-ban-straws/
Economy:
What caused the Great Recession? Understanding the key factors that led to one of the worst economic downturns in US history https://www.businessinsider.com/personal-finance/what-caused-the-great-recession
Chip Makers Expect Demand Slowdown to Expand Beyond PCs, Smartphones https://www.wsj.com/articles/chip-makers-brace-for-demand-slowdown-to-expand-beyond-pcs-smartphones-11660077302
Hootsuite cutting 30% of staff in latest round of tech layoffs https://globalnews.ca/news/9047489/hootsuite-layoffs-canada-tech/
Snap is planning to lay off employees https://www.theverge.com/2022/8/8/23297637/snap-snapchat-layoff-plans-weak-q2-earnings
Metrolinx cancels GO Train trips amid staffing shortages https://toronto.ctvnews.ca/metrolinx-cancels-go-train-trips-amid-staffing-shortages-1.6018160
Cost of terminating City of Hamilton employees over vaccine status could near $7.4 million, staff warn https://toronto.ctvnews.ca/cost-of-terminating-city-of-hamilton-employees-over-vaccine-status-could-near-7-4-million-staff-warn-1.6021859

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

The war:
- Pentagon says Russia has suffered as many as 80,000 casualties in Ukraine and lost thousands of armored vehicles https://www.businessinsider.com/pentagon-russia-has-lost-thousands-of-armored-vehicles-in-ukraine-2022-8
- At least 9 Russian warplanes destroyed in Crimea strikes, Ukraine says https://globalnews.ca/news/9049694/ukraine-russia-crimea-strikes/
- Zaporizhzhia: Russia must exit Ukraine nuclear plant, says G7 https://www.bbc.co.uk/news/world-europe-62491055
- Ukraine plant shelling could be 'much worse than Chernobyl' https://www.bbc.co.uk/news/world-europe-62526075
Reaction and response:
- Russian state-owned airline Aeroflot is stripping parts from working planes because of a spares shortage, report says https://www.businessinsider.com/aeroflot-russia-stripping-planes-spares-shortage-western-sanctions-ukraine-putin-2022-8
- Russia suspends European oil exports through part of a major pipeline, boosting crude prices https://markets.businessinsider.com/news/commodities/russia-suspends-oil-exports-via-leg-of-key-druzhba-pipeline-2022-8
- Russia halts US inspections of nuclear arsenal under New START treaty https://www.bbc.co.uk/news/world-europe-62466998
Sanctions & economic Impact:
- Tighter export controls on electronics could hamper Russia's war effort - report https://www.bbc.co.uk/news/world-europe-62464459
- US gets warrant to seize a sanctioned Russian oligarch's airplane worth over $90 million and owned through 'series of shell companies' https://www.businessinsider.com/us-gets-warrant-seize-russian-oligarchs-over-90-million-airplane-2022-8
Information, Disinformation, and Propaganda:
- New Hacker Forum Takes Pro-Ukraine Stance https://threatpost.com/pro-ukraine-forum/180387/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

Innovations & Inventions:

MIT Researchers Propose Space Bubbles to Stop Climate Change https://www.universetoday.com/157073/mit-researchers-propose-space-bubbles-to-stop-climate-change/
Man who built ISP instead of paying Comcast $50K expands to hundreds of homes https://arstechnica.com/tech-policy/2022/08/man-who-built-isp-instead-of-paying-comcast-50k-expands-to-hundreds-of-homes/

Quatum Innovation.

Should We Build Quantum Computers at All? https://www.aps.org/publications/apsnews/202209/build-quantum.cfm
These Canadian startups are taking quantum computing mainstream https://www.cbc.ca/news/business/quantum-computers-canada-1.6546128

Other:

French free-diver breaks deep dive world record https://www.bbc.co.uk/news/world-62498785
Halifax space program gets $485K to urge diverse young people to study the stars https://www.cbc.ca/news/canada/nova-scotia/halifax-space-program-gets-485k-to-urge-diverse-young-people-to-study-the-stars-1.6539694
Why Betelgeuse Dimmed https://www.universetoday.com/157110/why-betelgeuse-dimmed/
A step towards quantum gravity https://scienmag.com/a-step-towards-quantum-gravity/