This Week's [in]Security - Issue 280

Welcome to This Week’s [in]Security. PCI FAQs. Crypto-research: the PQC demo derby, more SIDH attacks. New breaches: Twillo, Cisco, Shanghai, ipay88, not AT&T(?), VNC, Zimbra, party poopers. New Ransomware: Finland, Bombardier. Outages: Google, MS365. Follow-ups: Twitter. Privacy: Facebook, GitHub, RCMP. Laws & Regs - Canada: Internet, ArriveCAN. US: Cyberattack reporting, AI patents. World: Big tech. NIST standards. Defense - Training & events: PQC Migration workshop, DEFCON & Blackhat. Tools & Techniques, better incident investigation, defending supply chains, Kali. Vulnerabilities - Advisories: UNRAR, broken advisories. Patching: errors, Windows data corruption, UEFI bypass. Significant: Round-up, dev pipelines. NPM and PyPl. Research: SQUIP, SGX, Starlink. Cybercrime - Trends: deepfakes, Scam-as-a-Service. Crime & Enforcement. Nation States and mercenaries. Other Risks - Cyber-insurance, critical-infrastructure, stolen algorithms. AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• New/Updated FAQs:
• The PCI SSC Website added a link to all the FAQ’s https://www.pcisecuritystandards.org/resources-overview/faqs/all/
• Control Gap's updated our list of FAQs to align with the refreshed PCI Web site https://www.controlgap.com/pci-frequently-asked-questions
• PCI Security Standards Council Announces 2022–2024 Global Executive Assessor Roundtable https://www.pcisecuritystandards.org/about_us/press_releases/pci-security-standards-council-announces-2022-2024-global-executive-assessor-roundtable/
• Payment skimmers/malware/fraud:
• How hackers are stealing credit cards from classifieds sites https://www.bleepingcomputer.com/news/security/how-hackers-are-stealing-credit-cards-from-classifieds-sites/
• Other payment related:
• Telus wants to add a 1.5% processing fee for credit card payments this fall https://globalnews.ca/news/9055717/telus-credit-card-processing-fee/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Don't be surprised if your organization suffers multiple cyberattacks https://www.theregister.com/2022/08/11/multiple_cyberattacks_sophos/
• Twilio customer data exposed after its staffers got phished https://www.theregister.com/2022/08/08/twilio_phishing_attack/
• Cloudflare: Someone tried to pull the Twilio phishing tactic on us too https://www.theregister.com/2022/08/10/cloudflare_twilio_phishing/
• Phishers who breached Twilio and fooled Cloudflare could easily get you, too https://arstechnica.com/information-technology/2022/08/phishers-breach-twilio-and-target-cloudflare-using-workers-home-numbers/
• Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen https://www.bleepingcomputer.com/news/security/cisco-hacked-by-yanluowang-ransomware-gang-28gb-allegedly-stolen/
• Hacker offers to sell data of 48.5M users of Shanghai's COVID app https://www.databreaches.net/hacker-offers-to-sell-data-of-48-5-mln-users-of-shanghais-covid-app/
• Online payment gateway iPay88 reports possible security breach https://www.malaymail.com/news/malaysia/2022/08/11/online-payment-gateway-ipay88-reports-possible-security-breach/22315
• It Might Be Our Data, But It's Not Our Breach https://krebsonsecurity.com/2022/08/it-might-be-our-data-but-its-not-our-breach/
• Ransomware potentially exposed 2,000 Ypsilanti-area utility customers' bank information https://www.databreaches.net/ransomware-potentially-exposed-2000-ypsilanti-area-utility-customers-bank-information/
• Over 9,000 VNC servers exposed online without a password https://www.bleepingcomputer.com/news/security/over-9-000-vnc-servers-exposed-online-without-a-password/
• Zimbra auth bypass bug exploited to breach over 1,000 servers https://www.bleepingcomputer.com/news/security/zimbra-auth-bypass-bug-exploited-to-breach-over-1-000-servers/
• Email marketing firm hacked to steal crypto-focused mailing lists https://www.bleepingcomputer.com/news/security/email-marketing-firm-hacked-to-steal-crypto-focused-mailing-lists/
• Update: Hackers issue ‘ransom demands' to NHS IT supplier: Fears MILLIONS of confidential patient records could be leaked after major cyber attack https://www.databreaches.net/update-hackers-issue-ransom-demands-to-nhs-it-supplier-fears-millions-of-confidential-patient-records-could-be-leaked-after-major-cyber-attack/
• Anonymous poop gifting site hacked, customers exposed https://www.bleepingcomputer.com/news/security/anonymous-poop-gifting-site-hacked-customers-exposed/
• New Ransomware and "Incidents":
• Ransomware gangs move to 'callback' social engineering attacks https://www.bleepingcomputer.com/news/security/ransomware-gangs-move-to-callback-social-engineering-attacks/
• Finland's parliament hit with cyberattack following US move to admit the country to NATO https://www.databreaches.net/finlands-parliament-hit-with-cyberattack-following-us-move-to-admit-the-country-to-nato/
• Cyberattack forces Ski-Doo maker BRP to suspend operations https://globalnews.ca/news/9047589/quebec-brp-skidoo-cyberattack/
• 7-Eleven Denmark confirms ransomware attack behind store closures https://www.bleepingcomputer.com/news/security/7-eleven-denmark-confirms-ransomware-attack-behind-store-closures/
• Argentinian health services plan hit by LockBit https://www.databreaches.net/argentinian-health-services-plan-hit-by-lockbit/
• Major outages/downs:
• Google outage: tech giant apologizes after software update causes search engine to go down https://www.theguardian.com/technology/2022/aug/09/google-outage-search-down
• Microsoft 365 outage triggered by Meraki firewall false positive https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-triggered-by-meraki-firewall-false-positive/
• Large power outage reported in Toronto's downtown core https://globalnews.ca/news/9053368/power-outage-toronto-downtown-core-august-11/
• Follow-ups and fall-out:
• Twitter - 6,682,453 breached accounts https://haveibeenpwned.com/PwnedWebsites#Twitter
• UK NHS service recovery may take a month after MSP ransomware attack https://www.bleepingcomputer.com/news/security/uk-nhs-service-recovery-may-take-a-month-after-msp-ransomware-attack/
• Ontario Cannabis Store capping pot shop orders, changing delivery window after partner's cyberattack https://globalnews.ca/news/9053258/ontario-cannabis-store-capping-orders-delivery-cyberattack/

Privacy

Articles about privacy related news, risks, and trends.

• Facebook's In-app Browser on iOS Tracks ‘Anything You Do on Any Website' https://threatpost.com/facebook-ios-tracks-anything/180395/
• GitHub's new privacy policy sparks backlash over tracking cookies https://www.bleepingcomputer.com/news/security/githubs-new-privacy-policy-sparks-backlash-over-tracking-cookies/
• Canada's former privacy watchdog ‘surprised' by RCMP spyware program https://globalnews.ca/news/9047721/former-privacy-watchdog-surprised-rcmp-spyware-program/
• RCMP has yet to turn over info on cellphone spyware program to privacy watchdog https://globalnews.ca/news/9044296/rcmp-cellphone-hacking-privacy/
• A Phone Carrier That Doesn't Track Your Browsing or Location https://www.wired.com/story/pretty-good-phone-privacy-android/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• The Law Bytes Podcast, Episode 138: John Lawford on the Legal, Regulatory and Policy Responses to the Rogers Outage https://www.michaelgeist.ca/2022/08/law-bytes-podcast-episode-138/
• Experts warn ArriveCAN app could be violating constitutionally protected rights https://globalnews.ca/news/9047177/experts-warn-arrivecan-app-could-be-violating-constitutionally-protected-rights/
• US:
• The SEC's cyberattack reporting rules are seeing fierce opposition. CISA is poised to do better. https://www.databreaches.net/the-secs-cyberattack-reporting-rules-are-seeing-fierce-opposition-cisa-is-poised-to-do-better/
• AI systems can't patent inventions, US federal circuit court confirms https://www.theverge.com/2022/8/8/23293353/ai-patent-legal-status-us-federal-circuit-court-rules-thaler-dabus
• Ex-CISA chief Krebs calls for US to get serious on security https://www.theregister.com/2022/08/10/krebs_black_hat/
• Ex-CIA security boss predicts coming crackdown on spyware https://www.theregister.com/2022/08/11/cia_security_boss_spyware/
• Is it Illegal to Scrape a Website for Content? https://www.imperva.com/blog/is-it-illegal-to-scrape-a-website-for-content/
• US treasury whips up sanctions for crypto mixer Tornado Cash https://www.theregister.com/2022/08/08/treasury_sanctions_tornado_cash_korea/
• USAA Must Face Lawsuit Over Driver's License Disclosures https://www.databreaches.net/usaa-must-face-lawsuit-over-drivers-license-disclosures/
• World:
• Google fined $60 million over Android location data collection https://www.bleepingcomputer.com/news/google/google-fined-60-million-over-android-location-data-collection/
• Will Europe Force a Facebook Blackout? https://www.wired.com/story/facebook-eu-us-data-transfers/
• German Regulators Consider Whether Microsoft Subject to Competition Rules https://www.pymnts.com/news/regulation/2022/german-regulators-consider-whether-microsoft-subject-to-competition-rules/
• Standards News:
• Zero Trust Architecture Preliminary Draft Practice Guide (Vol. C-D) open for public comment until September 9 https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture
• NIST requests comments on IR 8214B initial public draft: Notes on Threshold EdDSA/Schnorr Signatures open through October 24 https://csrc.nist.gov/publications/detail/nistir/8214B/draft

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• Registration is Now Open for the August NCCoE Learning Series Webinar: Preparing for the Migration to Post-Quantum Cryptography August 25, 2022 3:00PM - 3:45PM (ET) https://www.nccoe.nist.gov/get-involved/attend-events/nccoe-learning-series-webinar-preparing-migration-post-quantum
• Looking Back at 25 Years of Black Hat https://www.darkreading.com/edge-articles/looking-back-at-25-years-of-black-hat
• Hacking the Future at DEF CON 30 https://www.eff.org/deeplinks/2022/07/hacking-future-def-con-30
• Ukraine's cyber chief comes to Black Hat in surprise visit https://www.theregister.com/2022/08/13/in_brief_security_black_hat/
• General:
• Microsoft trumps Google for 2021-22 bug bounty payouts https://www.theregister.com/2022/08/12/microsoft_bug_bounty/
• Methods, Techniques, Tools, and Products:
• Security needs to learn from the aviation biz to avoid crashing https://www.theregister.com/2022/08/11/wheeler_black_hat/
• GitHub Moves to Guard Open Source Against Supply Chain Attacks https://www.wired.com/story/github-code-signing-sigstore/
• Meta is ever so slowly expanding its testing of end-to-end encryption https://arstechnica.com/information-technology/2022/08/meta-is-ever-so-slowly-expanding-its-testing-of-end-to-end-encryption/
• The Security Pros and Cons of Using Email Aliases https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/
• Microsoft tightens Edge security for less visited websites https://www.theregister.com/2022/08/08/microsoft_edge_security_browsing/
• Microsoft: Exchange ‘Extended Protection' needed to fully patch new bugs https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-extended-protection-needed-to-fully-patch-new-bugs/
• Opinion: Businesses should dump Windows for the Linux desktop https://www.theregister.com/2022/08/10/opinion_column_drop_windows_for_linux/
• Making Linux Kernel Exploit Cooking Harder https://security.googleblog.com/2022/08/making-linux-kernel-exploit-cooking.html
• Kali Linux 2022.3 adds 5 new tools, updates Linux kernel, more https://www.bleepingcomputer.com/news/security/kali-linux-20223-adds-5-new-tools-updates-linux-kernel-more/
• A Long-Awaited IoT Reverse Engineering Tool Is Finally Here https://www.wired.com/story/ofrak-iot-reverse-engineering-tool/
• How Hash-Based Safe Browsing Works in Google Chrome https://security.googleblog.com/2022/08/how-hash-based-safe-browsing-works-in.html
• HYAS Unveils New Tool for Continuous DNS Monitoring https://www.securityweek.com/hyas-unveils-new-tool-continuous-dns-monitoring

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems https://thehackernews.com/2022/08/cisa-issues-warning-on-active.html
• Patch Madness: Vendor Bug Advisories Are Broken, So Broken https://www.darkreading.com/risk/patch-madness-vendor-bug-advisories-broken
• Patching:
• Sloppy Software Patches Are a ‘Disturbing Trend' https://www.wired.com/story/software-patch-flaw-uptick-zdi/
• Microsoft's fix for 'data damage' risk hits PC performance https://www.theregister.com/2022/08/09/widows_data_damage/
• Windows devices with newest CPUs are susceptible to data damage https://www.bleepingcomputer.com/news/microsoft/windows-devices-with-newest-cpus-are-susceptible-to-data-damage/
• Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/
• Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass https://www.bleepingcomputer.com/news/security/microsoft-blocks-uefi-bootloaders-enabling-windows-secure-boot-bypass/
• Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders https://thehackernews.com/2022/08/researchers-uncover-uefi-secure-boot.html
• Zoom's latest update on Mac includes a fix for a dangerous security flaw https://www.theverge.com/2022/8/14/23305548/zoom-update-macos-fix-dangerous-security-flaw-hackers
• The Zoom installer let a researcher hack his way to root access on macOS https://www.theverge.com/2022/8/12/23303411/zoom-defcon-root-access-privilege-escalation-hack-patrick-wardle
• Significant:
• Control Gap Vulnerability Roundup: July 30th to August 5th https://www.controlgap.com/blog/vulnerability-roundup-july-29th-august-5th
• Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem https://www.darkreading.com/application-security/software-development-pipelines-cybercriminals-free-range-access-cloud-on-prem
• Google's bug bounty boss: Finding and patching vulns? 'Totally useless' - exploitability counts https://www.theregister.com/2022/08/10/google_bug_bounty_boss/
• Sounding the Alarm on Emergency Alert System Flaws https://krebsonsecurity.com/2022/08/sounding-the-alarm-on-emergency-alert-system-flaws/
• (ISC)² and F5 Examine OWASP'S “Top 10” Report on New Web Application Security Risks https://blog.isc2.org/isc2_blog/2022/08/owasps-top-10-report-on-new-web-application-security-risks.html
• Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader https://www.securityweek.com/adobe-patch-tuesday-code-execution-flaws-acrobat-reader
• Exploit Code Published for Critical VMware Security Flaw https://www.securityweek.com/exploit-code-published-critical-vmware-security-flaw
• The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
• Other Vulnerabilities:
• Boffins rate npm and PyPI package security and it's not good https://www.theregister.com/2022/08/11/npm_pypi_security/
• Facebook's Metaverse is Expanding the Attack Surface https://www.trendmicro.com/en_us/research/22/h/facebook-metaverse-attack-surface-security.html
• One of 5G's Biggest Features Is a Security Minefield https://www.wired.com/story/5g-api-flaws/
• Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attacks https://www.securityweek.com/palo-alto-networks-firewalls-targeted-reflected-amplified-ddos-attack
• And Here They Come Again: DNS Reflection Attacks, (Wed, Aug 10th) https://isc.sans.edu/diary/rss/28928
• Security Firm Finds Flaws in Indian Online Insurance Broker https://www.securityweek.com/security-firm-finds-flaws-indian-online-insurance-broker
• Research on new vulnerabilities:
• AMD Processors Expose Sensitive Data to New 'SQUIP' Attack https://www.securityweek.com/amd-processors-expose-sensitive-data-new-squip-attack
• SGX, Intel’s supposedly impregnable data fortress, has been breached yet again https://arstechnica.com/information-technology/2022/08/architectural-bug-in-some-intel-cpus-is-more-bad-news-for-sgx-users/
• Hacking Starlink https://www.schneier.com/blog/archives/2022/08/hacking-starlink.html
• A Taxonomy of Access Control https://www.schneier.com/blog/archives/2022/08/a-taxonomy-of-access-control.html
• Cryptography and Cryptographic Research:
• NIST's Post-Quantum Cryptography Standards https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html
• An attack on SIDH with arbitrary starting curve https://eprint.iacr.org/2022/1026
• Breaking SIDH in polynomial time https://eprint.iacr.org/2022/1038

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Malicious deepfakes used in attacks up 13% from last year, VMware finds https://www.theregister.com/2022/08/09/vmware_malware/
• Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown https://www.securityweek.com/number-ransomware-attacks-industrial-orgs-drops-following-conti-shutdown
• 10 Credential Stealing Python Libraries Found on PyPI Repository https://thehackernews.com/2022/08/10-credential-stealing-python-libraries.html
• Sonatype spots another PyPI package behaving badly https://www.theregister.com/2022/08/11/sonatype/
• Dark Utilities C2 service draws thousands of cyber criminals https://www.theregister.com/2022/08/08/dark_utilities_c2_service/
• Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore https://thehackernews.com/2022/08/researchers-uncover-classiscam-scam-as.html
• FBI: Zeppelin ransomware may encrypt devices multiple times in attacks https://www.bleepingcomputer.com/news/security/fbi-zeppelin-ransomware-may-encrypt-devices-multiple-times-in-attacks/
• Hackers install Dracarys Android malware using modified Signal app https://www.bleepingcomputer.com/news/security/hackers-install-dracarys-android-malware-using-modified-signal-app/
• Phishers Swim Around 2FA in Coinbase Account Heists https://threatpost.com/phishers-2fa-coinbase/180356/
• Open Redirect Flaws in American Express and Snapchat Exploited in Phishing Attacks https://www.securityweek.com/open-redirect-flaws-american-express-and-snapchat-exploited-phishing-attacks
• Crime & Arrests, etc.:
• Small-time cybercrime is about to explode — We aren't ready https://blog.talosintelligence.com/2022/08/smalltime-cybercrime.html
• US govt will pay you $10 million for info on Conti ransomware members https://www.bleepingcomputer.com/news/security/us-govt-will-pay-you-10-million-for-info-on-conti-ransomware-members/
• FTC Probes $200M Bitmark Crypto Hack https://www.pymnts.com/news/regulation/2022/ftc-probes-200m-bitmark-crypto-hack/
• Dutch Detain Suspected Developer Of Crypto Mixer Tornado Cash https://packetstormsecurity.com/news/view/33725/Dutch-Detain-Suspected-Developer-Of-Crypto-Mixer-Tornado-Cash.html
• People posing as City of Toronto workers attempting to enter homes, get personal info https://globalnews.ca/news/9050722/people-posing-as-city-of-toronto-workers/
• Police announce arrests in major cross-border gun and drug trafficking probe https://toronto.ctvnews.ca/police-announce-arrests-in-major-cross-border-gun-and-drug-trafficking-probe-1.6021193
• SIM Swapper Sentenced to 3 Years of Probation and Ordered to Pay Restitution After Pleading Guilty for Role in SIM Swap Scam Targeting at Least 40 People, Including New Orleans Resident https://www.databreaches.net/sim-swapper-sentenced-to-3-years-of-probation-and-ordered-to-pay-restitution-after-pleading-guilty-for-role-in-sim-swap-scam-targeting-at-least-40-people-including-new-orleans-resident/
• Three Defendants Sentenced In Fraud And Identity Theft Scam Targeting Customers Of Banks And Credit Unions https://www.databreaches.net/three-defendants-sentenced-in-fraud-and-identity-theft-scam-targeting-customers-of-banks-and-credit-unions/
• Early Results on DNA Evidence From Decades-Old Rape Cases Are Both Promising and Alarming https://www.propublica.org/article/dna-evidence-cold-cases-baltimore#1390894
• Nation State Actors:
• China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs https://www.theregister.com/2022/08/09/china_apt_kaspersky/
• Chinese scammers target kids with promise of extra gaming hours https://www.theregister.com/2022/08/09/china_minors_gaming/
• Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China https://www.securityweek.com/cyberspying-aimed-industrial-enterprises-russia-and-ukraine-linked-china
• Maui ransomware linked to North Korean group Andariel https://www.theregister.com/2022/08/10/maui_ransomware_andariel/
• Former Twitter Employee Found Guilty of Spying for Saudi Arabia https://thehackernews.com/2022/08/former-twitter-employee-found-guilty-of.html
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
• Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage https://www.darkreading.com/risk/cyber-insurance-fail-businesses-lack-ransomware-coverage
• The Biden Administration Must Designate Civilian Satellites Critical Infrastructure https://www.scientificamerican.com/article/the-biden-administration-must-designate-civilian-satellites-critical-infrastructure/
• Researchers Find Stolen Algorithms in Commercial Cybersecurity Products https://www.securityweek.com/researchers-find-stolen-algorithms-commercial-cybersecurity-products
• Compliance Certifications: Worth the Effort? https://www.darkreading.com/risk/compliance-certifications-worth-the-effort-
• Meta's chatbot says the company 'exploits people' https://www.bbc.co.uk/news/technology-62497674
• Gmail is now officially allowed to spam-proof politicians' emails https://www.theverge.com/2022/8/11/23301554/google-gmail-spam-filters-republicans-gop-trump
• Not Even the President Can Declassify Nuclear Secrets https://www.theatlantic.com/ideas/archive/2022/08/trump-fbi-raid-classified-nuclear-documents/671119/
• More human remains found as parched Lake Mead gives up 4th body https://globalnews.ca/news/9044103/lake-mead-human-remains-fourth-body/
• The End of Manual Transmission https://www.theatlantic.com/technology/archive/2022/08/stick-shift-manual-transmission-cars/671078/
• Artificial Intelligence and Machine Learning:
• AI may come to the rescue of future firefighters https://scienmag.com/ai-may-come-to-the-rescue-of-future-firefighters/
• Setting our heart-attack-predicting AI loose with “no-code” tools https://arstechnica.com/information-technology/2022/08/no-code-no-problem-part-two-setting-the-ai-loose-with-the-easy-button/
• Using AI (DALL-E 2) to recreate cereal brands and see how messed up it gets https://www.aiweirdness.com/ai-recreates-classic-cereals/
• Health:
• A Common 'Forever Chemical' Has Just Been Linked to Liver Cancer in Humans https://www.sciencealert.com/this-once-common-forever-chemical-has-just-been-linked-to-liver-cancer-in-humans
• Climate change can make most human diseases worse https://www.theverge.com/2022/8/8/23296943/climate-change-diseases-heat-mosquitoes-zika-covid
• New Langya virus detected in China. Here's what we know so far https://globalnews.ca/news/9050378/langya-virus-china/
• US doctor issues warning of many undiagnosed polio cases https://www.bbc.co.uk/news/health-62469534
• How does polio spread? What are the symptoms? Here's what we know https://globalnews.ca/news/9056478/polio-virus-explainer-aug-12/
• Ontario confident in monkeypox vaccine strategy, Moore says, but some seek expansion https://globalnews.ca/news/9044605/ontario-confident-in-monkeypox-vaccine-strategy-moore-says-but-some-seek-expansion/
• Australia Covid: Contact tracing app branded expensive 'failure' https://www.bbc.co.uk/news/world-australia-62496322
• More than a third of Canadian households got COVID-19 after restrictions lifted, poll finds https://globalnews.ca/news/9045299/covid19-infection-poll-canada-august-8/
• New test may predict COVID-19 immunity https://scienmag.com/new-test-may-predict-covid-19-immunity/
• Developing antivirals for pandemic-level viruses https://scienmag.com/developing-antivirals-for-pandemic-level-viruses/
• Scientists Revive Human Retinas after Death https://www.scientificamerican.com/article/scientists-revive-human-retinas-after-death/
• It Really Is in Your Head: Thinking Hard and Long Can Cause Brain Drain https://www.sciencealert.com/it-really-is-in-your-head-thinking-hard-and-long-can-cause-brain-drain
• Safety:
• WWII bomb found as waters recede in drought-stricken Italian river https://globalnews.ca/news/9044373/wwii-bomb-italy-drought-river-po/
• An open letter to the Tesla fan who wants to run over a kid to prove a point https://www.theverge.com/2022/8/12/23302850/tesla-full-self-driving-child-crash-open-letter
• Tesla's self-driving technology fails to detect children in the road, group claims https://www.theguardian.com/technology/2022/aug/09/tesla-self-driving-technology-safety-children
• Man pointed airsoft gun at guard outside Toronto's Chinese consulate: police https://toronto.ctvnews.ca/man-pointed-airsoft-gun-at-guard-outside-toronto-s-chinese-consulate-police-1.6024804
• Florida man watching beach sunrise killed after sand dune collapses on him https://globalnews.ca/news/9050158/florida-man-killed-sand-dune-collapses/
• Do You Really Need to Wait 30 Minutes After Eating to Go Swimming? https://www.mentalfloss.com/posts/can-you-swim-after-eating
• Aging condos in Ontario will need expensive repairs in the future, report finds https://toronto.ctvnews.ca/aging-condos-in-ontario-will-need-expensive-repairs-in-the-future-report-finds-1.6022378
• Environment:
• Glaciers in Switzerland melted so much that they revealed 2 long-lost bodies and a plane wreck from 1968 https://www.businessinsider.com/melting-glaciers-reveal-human-remains-plane-wreck-swiss-alps-2022-8
• Plastic makers ask court to reject Ottawa's plan to ban single use straws, cups https://globalnews.ca/news/9050651/plastics-makers-ottawa-ban-straws/
• Economy:
• What caused the Great Recession? Understanding the key factors that led to one of the worst economic downturns in US history https://www.businessinsider.com/personal-finance/what-caused-the-great-recession
• Chip Makers Expect Demand Slowdown to Expand Beyond PCs, Smartphones https://www.wsj.com/articles/chip-makers-brace-for-demand-slowdown-to-expand-beyond-pcs-smartphones-11660077302
• Hootsuite cutting 30% of staff in latest round of tech layoffs https://globalnews.ca/news/9047489/hootsuite-layoffs-canada-tech/
• Snap is planning to lay off employees https://www.theverge.com/2022/8/8/23297637/snap-snapchat-layoff-plans-weak-q2-earnings
• Metrolinx cancels GO Train trips amid staffing shortages https://toronto.ctvnews.ca/metrolinx-cancels-go-train-trips-amid-staffing-shortages-1.6018160
• Cost of terminating City of Hamilton employees over vaccine status could near $7.4 million, staff warn https://toronto.ctvnews.ca/cost-of-terminating-city-of-hamilton-employees-over-vaccine-status-could-near-7-4-million-staff-warn-1.6021859

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
  • Pentagon says Russia has suffered as many as 80,000 casualties in Ukraine and lost thousands of armored vehicles https://www.businessinsider.com/pentagon-russia-has-lost-thousands-of-armored-vehicles-in-ukraine-2022-8
  • At least 9 Russian warplanes destroyed in Crimea strikes, Ukraine says https://globalnews.ca/news/9049694/ukraine-russia-crimea-strikes/
  • Zaporizhzhia: Russia must exit Ukraine nuclear plant, says G7 https://www.bbc.co.uk/news/world-europe-62491055
  • Ukraine plant shelling could be 'much worse than Chernobyl' https://www.bbc.co.uk/news/world-europe-62526075
• Reaction and response:
  • Russian state-owned airline Aeroflot is stripping parts from working planes because of a spares shortage, report says https://www.businessinsider.com/aeroflot-russia-stripping-planes-spares-shortage-western-sanctions-ukraine-putin-2022-8
  • Russia suspends European oil exports through part of a major pipeline, boosting crude prices https://markets.businessinsider.com/news/commodities/russia-suspends-oil-exports-via-leg-of-key-druzhba-pipeline-2022-8
  • Russia halts US inspections of nuclear arsenal under New START treaty https://www.bbc.co.uk/news/world-europe-62466998
• Sanctions & economic Impact:
  • Tighter export controls on electronics could hamper Russia's war effort - report https://www.bbc.co.uk/news/world-europe-62464459
  • US gets warrant to seize a sanctioned Russian oligarch's airplane worth over $90 million and owned through 'series of shell companies' https://www.businessinsider.com/us-gets-warrant-seize-russian-oligarchs-over-90-million-airplane-2022-8
• Information, Disinformation, and Propaganda:
  • New Hacker Forum Takes Pro-Ukraine Stance https://threatpost.com/pro-ukraine-forum/180387/

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• MIT Researchers Propose Space Bubbles to Stop Climate Change https://www.universetoday.com/157073/mit-researchers-propose-space-bubbles-to-stop-climate-change/
• Man who built ISP instead of paying Comcast $50K expands to hundreds of homes https://arstechnica.com/tech-policy/2022/08/man-who-built-isp-instead-of-paying-comcast-50k-expands-to-hundreds-of-homes/
• Quatum Innovation.
• Should We Build Quantum Computers at All? https://www.aps.org/publications/apsnews/202209/build-quantum.cfm
• These Canadian startups are taking quantum computing mainstream https://www.cbc.ca/news/business/quantum-computers-canada-1.6546128
• Other:
• French free-diver breaks deep dive world record https://www.bbc.co.uk/news/world-62498785
• Halifax space program gets $485K to urge diverse young people to study the stars https://www.cbc.ca/news/canada/nova-scotia/halifax-space-program-gets-485k-to-urge-diverse-young-people-to-study-the-stars-1.6539694
• Why Betelgeuse Dimmed https://www.universetoday.com/157110/why-betelgeuse-dimmed/
• A step towards quantum gravity https://scienmag.com/a-step-towards-quantum-gravity/