This Week's [in]Security - Issue 283

Welcome to This Week’s [in]Security. PCI updates: Customized Approach, PCI & IoT, PTS RFC, FAQs. Privacy: Fog Data Science location broker, drones. New breaches: Samsung, Chinese facial & license db, IRS, Vodafone, KeyBank. New Ransomware: Vmware, Montenegro. Outages: Cloudflare in Austria, Starlink. Follow-ups. Laws & Regs - Canada, US: Chip Exports, FTC Databroker lawsuit, Proctoring, online safety. World. PQC roadmap. Defense - Supply chains. Tools & Techniques. Vulnerabilities - Advisories, Zerodays: Chrome, iOS. Patching: WordPress. Significant: Roundup, Google & Apache, Krebs on Okta, TikTok. Crypto-research. Cybercrime - Active malware & scams. Crime & Enforcement: Violence as a Service. Nation States and mercenaries. Other Risks - Blockchain Domains, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Updates:
• PCI DSS v4.0: Is the Customized Approach Right For Your Organization? https://blog.pcisecuritystandards.org/pci-dss-v4-0-is-the-customized-approach-right-for-your-organization
• PCI Security Standards Council Bulletin: IoT Security in Payment Environments https://www.pcisecuritystandards.org/wp-content/uploads/2022/08/Bulletin-IoT-Security-and-Payments.pdf
• Request for Comments: PTS POI Modular Security Requirements v6.2 https://blog.pcisecuritystandards.org/request-for-comments-pts-poi-modular-security-requirements-v6-2
• New and updated FAQ’s
• #1444 https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Can-a-PFI-Company-perform-subsequent-PFI-investigations-for-the-same-entity
• #1453 https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/Can-a-PFI-Company-provide-QSA-services-to-an-entity-after-performing-a-PFI-investigation-for-that-entity
• SPoC Technical FAQs https://docs-prv.pcisecuritystandards.org/SPoC/Frequently%20Asked%20Questions%20(FAQ)/SPoC_Technical_FAQs_v1.9_.pdf
• Contactless Payments on COTS (CPoC™) Technical FAQs https://docs-prv.pcisecuritystandards.org/CPoC/Frequently%20Asked%20Questions%20(FAQ)/CPoC_Technical_FAQs-v1.3_.pdf

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• A huge Chinese database of faces and vehicle license plates spilled online https://www.databreaches.net/a-huge-chinese-database-of-faces-and-vehicle-license-plates-spilled-online/
• Samsung Admits Data Breach that Exposed Details of Some U.S. Customers https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html
• Samsung discloses data breach after July hack https://www.bleepingcomputer.com/news/security/samsung-discloses-data-breach-after-july-hack/
• IRS ‘mistakenly' posts names, contact numbers and financial information from 120,000 taxpayers' retirement accounts on its website thanks to human coding error https://www.databreaches.net/irs-mistakenly-posts-names-contact-numbers-and-financial-information-from-120000-taxpayers-retirement-accounts-on-its-website-thanks-to-human-coding-error/
• Data Leak Of 20 Mn Users? Vodafone Idea Says No https://www.databreaches.net/data-leak-of-20-mn-users-vodafone-idea-says-no/
• KeyBank: Hackers of third-party provider stole customer data https://www.databreaches.net/keybank-hackers-of-third-party-provider-stole-customer-data/
• Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials https://thehackernews.com/2022/09/over-1800-android-and-ios-apps-found.html
• Here's how 5 mobile banking apps put 300,000 users' digital fingerprints at risk https://www.theregister.com/2022/09/01/mobile_apps_leaked_biometrics/
• Russian streaming platform confirms data breach affecting 7.5M users https://www.bleepingcomputer.com/news/security/russian-streaming-platform-confirms-data-breach-affecting-75m-users/
• Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack https://www.securityweek.com/ransomware-gang-claims-customer-data-stolen-tap-air-portugal-hack
• India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information https://thehackernews.com/2022/08/indias-newest-airline-akasa-air-suffers.html
• Nelnet Servicing breach exposes data of 2.5M student loan accounts https://www.bleepingcomputer.com/news/security/nelnet-servicing-breach-exposes-data-of-25m-student-loan-accounts/
• Customer data from hundreds of Indonesian and Malaysian restaurants hacked by DESORDEN https://www.databreaches.net/customer-data-from-hundreds-of-indonesian-and-malaysian-restaurants-hacked-by-desorden/
• 2.5 Million Impacted by Data Breach at Nelnet Servicing https://www.securityweek.com/25-million-impacted-data-breach-nelnet-servicing
• CorrectHealth notifies employees of breach in 2021; makes changes https://www.databreaches.net/correcthealth-notifies-employees-of-breach-in-2021-makes-changes/
• Neopets says hackers had access to its systems for 18 months https://www.bleepingcomputer.com/news/security/neopets-says-hackers-had-access-to-its-systems-for-18-months/
• New Ransomware and "Incidents":
• CSIRT: Cyber Security Alert: Public Service Incident re: SERNAC VM encrypting ransonmware https://www.databreaches.net/csirt-cyber-security-alert-public-service-incident/
• Montenegro is the Victim of a Cyberattack https://www.schneier.com/blog/archives/2022/09/montenegro-is-the-victim-of-a-cyberattack.html
• Police ‘negotiating with hackers' who hit Paris hospital computer system https://www.databreaches.net/police-negotiating-with-hackers-who-hit-paris-hospital-computer-system/
• Leading library services firm Baker & Taylor hit by ransomware https://www.bleepingcomputer.com/news/security/leading-library-services-firm-baker-and-taylor-hit-by-ransomware/
• Major outages/downs:
• Pirate sites ban in Austria took down Cloudflare CDNs by mistake https://www.bleepingcomputer.com/news/security/pirate-sites-ban-in-austria-took-down-cloudflare-cdns-by-mistake/
• Starlink suffered a global outage overnight https://www.theverge.com/2022/8/30/23328514/starlink-outage-degraded-performance
• Follow-ups:
• Laptop at center of probe into massive 2017 phone data leak https://www.databreaches.net/laptop-at-centre-of-probe-into-massive-2017-phone-data-leak/
• START - 7,455,386 breached accounts https://haveibeenpwned.com/PwnedWebsites#Start
• Final Thoughts on Ubiquiti https://krebsonsecurity.com/2022/08/final-thoughts-on-ubiquiti/

Privacy

Articles about privacy related news, risks, and trends.

• What is Fog Data Science? Why is the Surveillance Company so Dangerous? https://www.eff.org/deeplinks/2022/06/what-fog-data-science-why-surveillance-company-so-dangerous
• Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police https://www.eff.org/deeplinks/2022/08/inside-fog-data-science-secretive-company-selling-mass-surveillance-local-police
• Fog Revealed: A Guided Tour of How Cops Can Browse Your Location Data https://www.eff.org/deeplinks/2022/08/fog-revealed-guided-tour-how-cops-can-browse-your-location-data
• How Law Enforcement Around the Country Buys Cell Phone Location Data Wholesale https://www.eff.org/deeplinks/2022/08/how-law-enforcement-around-country-buys-cell-phone-location-data-wholesale
• How Ad Tech Became Cop Spy Tech https://www.eff.org/deeplinks/2022/08/how-ad-tech-became-cop-spy-tech
• Fog Data Science Puts our Fourth Amendment Rights up for Sale https://www.eff.org/deeplinks/2022/08/fog-data-science-puts-our-fourth-amendment-rights-sale
• Over-the-Horizon Drones Line Up But Privacy Is Not In Sight https://www.eff.org/deeplinks/2022/08/over-horizon-drones-lineup-privacy-not-sight
• How to Buy and Use a Burner Phone https://www.wired.com/story/how-to-use-burner-phone/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• ICBC liable for data breach that led to arsons, shootings https://biv.com/article/2022/08/icbc-liable-data-breach-led-arsons-shootings
• Rogers outage relevant to Shaw takeover hearings, Competition Tribunal rules https://globalnews.ca/news/9092573/rogers-outage-shaw-takeover-deal-competition-tribunal/
• B.C. man ordered to pay $90,000 after posting negative online reviews https://globalnews.ca/news/9100177/bc-defamation-lawsuit-ruling-negative-yelp-google-reviews/
• US:
• US restricts sale of AI training chips to China https://www.theverge.com/2022/9/1/23332399/us-restricts-export-ai-training-chips-nvidia-amd-china
• US restricts sales of high-end Nvidia AI chips to China and Russia https://arstechnica.com/information-technology/2022/09/us-restricts-sales-of-high-end-nvidia-ai-chips-to-china-and-russia/
• FTC Sues Data Broker https://www.schneier.com/blog/archives/2022/08/ftc-sues-data-broker.html
• Test Proctoring Surveillance Scans ruled unconstitutional https://www.npr.org/2022/08/25/1119337956/test-proctoring-room-scans-unconstitutional-cleveland-state-university
• U.S. Rep. to Regulators, Crypto Firm: How Do You Deal With Fraud? https://www.pymnts.com/cryptocurrency/2022/u-s-rep-to-regulators-crypto-firm-how-do-you-deal-with-fraud/
• First-of-its-kind legislation will keep California's children safer while online https://www.theguardian.com/technology/2022/aug/30/california-protect-children-online-privacy
• California Approves Bill to Punish Doctors Who Spread False Information https://www.nytimes.com/2022/08/29/technology/california-doctors-covid-misinformation.html
• California AG looks ahead to other data privacy violations after $1.2 million Sephora fine https://therecord.media/california-ag-looks-ahead-to-other-data-privacy-violations-after-1-2-million-sephora-fine/
• Decisions on health data sharing should not be taken by politicians, citizen juries find https://www.theregister.com/2022/08/31/uk_health_data_share/
• Tesla slapped with class action lawsuit over phantom braking problem https://www.theverge.com/2022/8/30/23328836/tesla-phantom-braking-problem-class-action-lawsuit
• Hollywood's Insistence on New Draconian Copyright Rules Is Not About Protecting Artists https://www.eff.org/deeplinks/2022/09/hollywoods-insistence-new-draconian-copyright-rules-not-about-protecting-artists
• World:
• China orders tech companies to 'improve traceability' of users to control 'rumours and false information' https://www.theregister.com/2022/09/05/asia_in_brief/
• Australian Regulator Asks Big Tech to Detail Online Safety Practices https://www.pymnts.com/big-tech/2022/australian-regulator-asks-big-tech-to-detail-online-safety-practices/
• British Airways: A Case Study in GDPR Compliance Failure https://sourcedefense.com/resources/blog/british-airways-a-case-study-in-gdpr-compliance-failure/
• Norwegian parliament fined https://www.databreaches.net/norwegian-parliament-fined/
• Standards News:
• DHS’s Post_Quantum Cryptography page and roadmap https://www.dhs.gov/quantum

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• General:
• Announcing Google's Open Source Software Vulnerability Rewards Program https://security.googleblog.com/2023/08/Announcing-Googles-Open-Source-Software-Vulnerability-Rewards-Program%20.html
• Pwn2Own Offers $100,000 for Home Office Hacking Scenario https://www.securityweek.com/pwn2own-offers-100000-home-office-hacking-scenario
• NSA and CISA share tips to secure the software supply chain https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-tips-to-secure-the-software-supply-chain/
• (ISC)² Certified in Cybersecurity Entry-Level Certification Officially Launches! https://blog.isc2.org/isc2_blog/2022/08/isc2-certified-in-cybersecurity-entry-level-certification-officially-launches.html
• Methods, Techniques, Tools, and Products:
• Microsoft will disable Exchange Online basic auth next month https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-exchange-online-basic-auth-next-month/
• Galois Open Sources Tools for Finding Vulnerabilities in C, C++ Code https://www.securityweek.com/galois-open-sources-tools-finding-vulnerabilities-c-c-code
• An End-to-End Approach to Next-Gen Security for Web Applications & APIs https://blog.qualys.com/product-tech/2022/08/31/an-end-to-end-approach-to-next-gen-security-for-web-applications-apis

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Advisories:
• CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html
• Zero-day and other recent vulnerability news:
• Google Chrome emergency update fixes new zero-day used in attacks https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-new-zero-day-used-in-attacks/
• Apple backports fix for actively exploited iOS zero-day to older iPhones https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-actively-exploited-ios-zero-day-to-older-iphones/
• Patching:
• WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites https://www.securityweek.com/wordpress-602-patches-vulnerability-could-impact-millions-legacy-sites
• OtheSignificant:
• Control Gap Vulnerability Roundup: August 20th to August 26th https://www.controlgap.com/blog/vulnerability-roundup-august-20th-august-26th
• Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects https://www.darkreading.com/vulnerabilities-threats/code-injection-bugs-google-apache-open-source-github-projects
• How 1-Time Passcodes Became a Corporate Liability https://krebsonsecurity.com/2022/08/how-1-time-passcodes-became-a-corporate-liability/
• Okta Impersonation Technique Could be Utilized by Attackers https://www.securityweek.com/okta-impersonation-technique-could-be-utilized-attackers
• Microsoft Discover Severe ‘One-Click' Exploit for TikTok Android App https://thehackernews.com/2022/09/microsoft-discover-severe-one-click.html
• Other Vulnerabilities:
• Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams https://www.darkreading.com/iot/iot-bug-disclosure-security-teams
• Malicious Plugins Found on 25,000 WordPress Websites: Study https://www.securityweek.com/malicious-plugins-found-25000-wordpress-websites-study
• Introducing Qualys Threat Research Thursdays https://blog.qualys.com/vulnerabilities-threat-research/2022/09/01/introducing-qualys-threat-research-thursdays
• Chrome Bug Allows Webpages to Replace Clipboard Contents https://www.securityweek.com/chrome-bug-allows-webpages-replace-clipboard-contents
• Google Chrome bug lets sites write to clipboard without asking https://www.bleepingcomputer.com/news/security/google-chrome-bug-lets-sites-write-to-clipboard-without-asking/
• Microsoft Defender detecting Win32/Hive.ZY in Google Chrome, Electron apps https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-detecting-win32-hivezy-in-google-chrome-electron-apps/
• Invisible Formula Attacks against Mathematica https://eprint.iacr.org/2022/1110
• Hacker Discovers How To Remotely Pwn A Game Boy Using Pokemon Crystal After 22 Years https://packetstormsecurity.com/news/view/33796/Hacker-Discovers-How-To-Remotely-Pwn-A-Game-Boy-Using-Pokemon-Crystal-After-22-Years.html
• Cryptography and Cryptographic Research:
• A Note on Copy-Protection from Random Oracles https://eprint.iacr.org/2022/1109
• Practical Related-Key Forgery Attacks on the Full TinyJAMBU-192/256 https://eprint.iacr.org/2022/1122

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Dev backdoors own malware to steal data from other hackers https://www.bleepingcomputer.com/news/security/dev-backdoors-own-malware-to-steal-data-from-other-hackers/
• Infra Used in Cisco Hack Also Targeted Workforce Management Solution https://thehackernews.com/2022/09/infra-used-in-cisco-hack-also-targeted.html
• Malware dev open-sources CodeRAT after being exposed https://www.bleepingcomputer.com/news/security/malware-dev-open-sources-coderat-after-being-exposed/
• Clever Phishing Scam Uses Legitimate PayPal Messages https://www.schneier.com/blog/archives/2022/09/clever-phishing-scam-uses-legitimate-paypal-messages.html
• Credential Phishing Attack Targeted 16,000 Emails At Non-Profit Agency https://packetstormsecurity.com/news/view/33802/Credential-Phishing-Attack-Targeted-16-000-Emails-At-Non-Profit-Agency.html
• Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html
• Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software https://thehackernews.com/2022/08/nitrokod-crypto-miner-infected-over.html
• Thousands lured with blue badges in Instagram phishing attack https://www.bleepingcomputer.com/news/security/thousands-lured-with-blue-badges-in-instagram-phishing-attack/
• Actors behind PyPI supply chain attack have been active since late 2021 https://arstechnica.com/information-technology/2022/09/actors-behind-pypi-supply-chain-attack-have-been-active-since-late-2021/
• Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html
• Nearly 13,000 Canadians potentially victims of CERB fraud after hackers accessed CRA accounts in 2020 https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
• Got a text from a wrong number? It could be an attempt at 'pig butchering,' a crypto scam costing investors millions https://www.cnbc.com/2022/08/25/pig-butchering-crypto-scam-costing-investors-millions.html
• Crime & Arrests, etc.:
• Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire https://krebsonsecurity.com/2022/09/violence-as-a-service-brickings-firebombings-shootings-for-hire/
• Ukraine takes down cybercrime group hitting crypto fraud victims https://www.bleepingcomputer.com/news/security/ukraine-takes-down-cybercrime-group-hitting-crypto-fraud-victims/
• FBI: Hackers increasingly exploit DeFi bugs to steal cryptocurrency https://www.bleepingcomputer.com/news/security/fbi-hackers-increasingly-exploit-defi-bugs-to-steal-cryptocurrency/
• FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft https://www.databreaches.net/fbi-secret-service-join-kentucky-investigation-into-4-million-cybercrime-theft/
• Ex-NSA Trio Who Spied On Americans For UAE Now Banned From Arms Exports https://packetstormsecurity.com/news/view/33798/Ex-NSA-Trio-Who-Spied-On-Americans-For-UAE-Now-Banned-From-Arms-Exports.html
• Nation State Actors:
• HC3 Threat Profile: Evil Corp https://www.databreaches.net/hc3-threat-profile-evil-corp/
• Raspberry Robin Malware Connected to Russian Evil Corp Gang https://www.darkreading.com/threat-intelligence/raspberry-robin-malware-russian-evil-corp
• Cybercriminals Apparently Involved in Russia-Linked Attack on Montenegro Government https://www.securityweek.com/cybercriminals-apparently-involved-russia-linked-attack-montenegro-government
• China-linked APT40 gang targets wind farms, Australian government https://www.theregister.com/2022/08/31/chinanexus_apt40_targeting_australian_government/
• Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks https://thehackernews.com/2022/08/chinese-hackers-used-scanbox-framework.html

Other Security / Risk

Articles covering other types of risks.

• General:
• Microsoft calls blockchain domains ‘the next big threat’ and you might want to listen https://www.techradar.com/opinion/microsoft-calls-blockchain-domains-the-next-big-threat-and-you-might-want-to-listen
• Hackers caused a massive traffic jam in Moscow using a ride-hailing app https://www.theverge.com/2022/9/3/23335694/hackers-traffic-jam-russia-moscow-ride-hailing-app-yandex-taxi
• 3 Ways No-Code Developers Can Shoot Themselves in the Foot https://www.darkreading.com/dr-tech/3-ways-no-code-developers-can-shoot-themselves-in-the-foot
• Google Play to ban Android VPN apps from interfering with ads https://www.theregister.com/2022/08/30/google_play_vpn_rules_changed/
• The Realist's Weapon in the Fight for Democracy https://www.theatlantic.com/ideas/archive/2022/08/deposed-dictators-exile-democracy-authoritarianism/671262/
• Artificial Intelligence and Machine Learning:
• One Man's Dream of Fusing A.I. With Common Sense https://www.nytimes.com/2022/08/28/business/ai-artificial-intelligence-david-ferrucci.html
• French government uses AI to spot undeclared swimming pools — and tax them https://www.theverge.com/2022/8/30/23328442/france-ai-swimming-pool-tax-aerial-photos
• AI wins state fair art contest, annoys humans https://arstechnica.com/information-technology/2022/08/ai-wins-state-fair-art-contest-annoys-humans/
• Disinformation and misinformation
• Hackers Target Politicians With Fake News Website https://packetstormsecurity.com/news/view/33797/Hackers-Target-Politicians-With-Fake-News-Website.html
• Many Developed Countries View Online Misinformation as ‘Major Threat' https://www.nytimes.com/2022/08/31/technology/pew-misinformation-major-threat.html
• No, Californians are not moving to Texas in droves https://www.vice.com/en/article/jgpg4g/a-shocking-number-of-californians-are-moving-to-texas-unless-you-do-basic-math
• Health:
• Scientists discover compound found in trees has potential to kill drug-resistant bacteria https://scienmag.com/scientists-discover-compound-found-in-trees-has-potential-to-kill-drug-resistant-bacteria/
• Synthetic Milk Is Coming, And It Could Radically Shake Up Dairy https://www.sciencealert.com/synthetic-milk-is-coming-and-it-could-radically-shake-up-dairy
• A New Way to Measure Heat Risks for People https://www.scientificamerican.com/article/a-new-way-to-measure-heat-risks-for-people/
• FDA authorizes Pfizer's and Moderna's updated Covid booster shots https://ground.news/article/fda-authorizes-pfizers-and-modernas-updated-covid-booster-shots_dc70a2
• Omicron booster vaccine expected to arrive in Ontario next week, health minister says https://globalnews.ca/news/9100333/omicron-covid-booster-ontario/
• No need to isolate for 5 days if COVID-positive as long as symptoms improve: Ontario top doc https://globalnews.ca/news/9097529/no-need-to-isolate-for-5-days-covid-ontario-top-doc/
• 4 in 10 recent deaths linked to COVID-19 were actually caused by the virus: BCCDC https://globalnews.ca/news/9100614/bc-covid-update-september-1-2022/
• Safety:
• Officers warn about the dangers in your kid's back-to-school photos https://globalnews.ca/news/9095180/warning-dangers-kids-back-to-school-photos/
• Security firm Cloudflare drops Kiwi Farms website — known for hosting relentless online harassment campaigns — after a surge in 'credible threats' https://www.businessinsider.com/cloudflare-drops-kiwi-farms-website-after-surge-in-credible-threats-2022-9
• Why police are telling drivers with keyless entry to take extra precautions https://kitchener.ctvnews.ca/why-police-are-telling-drivers-with-keyless-entry-to-take-extra-precautions-1.6045936
• Calgary police seize stolen IDs likely intended for online gun purchases https://globalnews.ca/news/9100567/calgary-police-stolen-id-guns/
• Earthquake rocks Liechtenstein Parliament... during earthquake debate https://www.bbc.co.uk/news/world-europe-62758347
• Man killed by lions after climbing into zoo enclosure https://www.bbc.co.uk/news/world-africa-62712476
• Utility hole at site of Barrie crash that killed 6 becomes focus of investigation https://toronto.ctvnews.ca/utility-hole-at-site-of-barrie-crash-that-killed-6-becomes-focus-of-investigation-1.6050188
• Environment:
• Amid Heat Wave, California Asks Electric Vehicle Owners to Limit Charging https://www.nytimes.com/2022/09/01/us/california-heat-wave-flex-alert-ac-ev-charging.html
• California's power grid is struggling to cope with extreme heat https://www.theverge.com/2022/9/1/23332653/california-power-grid-heatwave-electricity-outages
• A Foot of Sea Level Rise From Greenland's Melting Ice May Already Be Locked in https://www.sciencealert.com/a-foot-of-sea-level-rise-from-greenlands-melting-ice-may-already-be-locked-in
• Much of The Great Pacific Garbage Patch's Plastic Comes From These 5 Countries https://www.sciencealert.com/much-of-the-great-pacific-garbage-patchs-plastic-comes-from-these-5-countries
• Over a quarter of items sold at Canada's dollar stores have toxic chemicals: report https://globalnews.ca/news/9097765/toxic-chemicals-dollar-stores-canada/
• Toxins in old toys an obstacle for circular economy https://scienmag.com/toxins-in-old-toys-an-obstacle-for-circular-economy/
• UK looks to Sweden for a solution to nuclear waste https://www.bbc.co.uk/news/business-62677534
• She stripped a river full of this pesky invasive plant — by hand https://www.cbc.ca/news/canada/hamilton/european-water-chestnut-welland-river-invasive-species-1.6566698
• Economy:
• Taiwan Is Caught in a Great Game Over Microchips https://www.nytimes.com/2022/08/29/technology/taiwan-chips.html
• Tech Companies Slowly Shift Production Away From China https://www.nytimes.com/2022/09/01/business/tech-companies-china.html
• Immigration rules must change to keep foreign students in Canada: RBC https://globalnews.ca/news/9099549/canada-immigration-rules-international-students/
• El Salvador Weekly: One Year on, Bitcoin-as-Legal-Tender Is on the Ropes https://www.pymnts.com/cryptocurrency/2022/el-salvador-weekly-one-year-on-bitcoin-as-legal-tender-is-on-the-ropes/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine war: Kherson in focus as counteroffensive against Russia begins https://globalnews.ca/news/9094050/ukraine-counteroffensive-russia-kherson/
• Ukraine is finally breaking through Russian front lines after weeks of stalemate, UK intelligence says https://www.businessinsider.com/ukraine-counteroffensive-pushing-russia-back-in-some-places-uk-intel-2022-8
• Ukraine is using fake rocket launchers made of wood to get Russia to waste its missiles on useless targets, report says https://www.businessinsider.com/ukraine-using-fake-wooden-rocket-launchers-russia-waste-missiles-report-2022-8
• For Putin and Russia, the mercenaries of the Wagner Group could be a recipe for disaster https://www.businessinsider.com/wagner-group-mercenaries-could-be-trouble-for-putin-and-russia-2022-8
• Reaction and response:
• The EU is sending millions of anti-radiation tablets to Ukraine to protect people from a potential accident caused by fighting at a nuclear power plant https://www.businessinsider.com/european-union-ukraine-anti-radiation-tablets-fearing-zaporizhzhia-nuclear-disaster-2022-8
• Zaporizhzhia nuclear plant: UN experts make first inspection https://www.bbc.co.uk/news/world-europe-62757024
• Russian oil oligarch dies 6 months after his firm criticized the Ukraine war. State media says he fell out of a hospital window. https://www.businessinsider.com/lukoil-oligarch-fell-fell-out-of-window-died-state-2022-9
• Sanctions & economic Impact:
• Gazprom cuts gas supplies to France as winter energy crisis looms https://globalnews.ca/news/9094063/gazprom-france-europe-energy-crisis/
• Germany and Denmark plan to invest $9 billion in an island of wind parks to replace Russian gas https://www.businessinsider.com/germany-denmark-plan-9-billion-wind-park-replace-russian-gas-2022-8
• Germany announces €65bn package to curb soaring energy costs https://www.bbc.co.uk/news/world-europe-62788447
• Information, Disinformation, and Propaganda:

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• Oxford Physicist Unloads on Quantum Computing Industry, Says It's Basically a Hype Bubble https://futurism.com/the-byte/oxford-physicist-unloads-quantum-computing
• Researchers Just Wirelessly Transmitted Power Over 98 Feet of Thin Air https://www.sciencealert.com/researchers-just-wirelessly-transmitted-power-over-98-feet-of-thin-air
• Crab and lobster shells could be used to make renewable batteries https://www.theguardian.com/science/2022/sep/01/crab-lobster-shells-could-used-make-renewable-batteries
• Clean Fuel Breakthrough Turns Water Into Hydrogen at Room Temperature https://www.sciencealert.com/clean-fuel-breakthrough-turns-water-into-hydrogen-at-room-temperature
• Other:
• The Return of La Tomatina https://www.theatlantic.com/photo/2022/08/photos-la-tomatina-2022/671303/
• Science Fiction was an Inspiration for Many Professional Astronomers https://www.universetoday.com/157351/science-fiction-was-an-inspiration-for-many-professional-astronomers/
• Mars InSight finds no ice to a depth of 300 meters below the surface https://www.syfy.com/syfy-wire/bad-astronomy-mars-insight-lander-finds-no-water-under-surface
• Problem Solved! Voyager 1 is no Longer Sending Home Garbled Data! https://www.universetoday.com/157378/problem-solved-voyager-1-is-no-longer-sending-home-garbled-data/
• JWST Takes Its First Image of an Exoplanet https://www.universetoday.com/157404/jwst-takes-its-first-image-of-an-exoplanet%ef%bf%bc/
• Hubble vs Webb: Check Out These 2 Amazing Images of The Same Galaxy https://www.sciencealert.com/hubble-vs-webb-check-out-these-2-amazing-images-of-the-same-galaxy