This Week's [in]Security - Issue 285

Welcome to This Week’s [in]Security. The PCI Community meeting, mobile app, training, collaboration, and updates. Uber breached again and this time its huge. FishPig/WordPress backdoor magecart skimmer. Significant vulnerabilities: Spell-Jacking, Tesla relay, and Teams. Twitter Whistleblower. Bell Canada ransomwared. Downs, Breach follow-ups. Privacy: US Customs data collection, eSIMs, Police DNA. Laws & Regs - Canada: Bill C-11 again, PIPEDA. US: China tech ban, vendor guarantees, liability. World: Tech fines. Standards. Defense - Training & events. Tools & Techniques. Zerodays, patching cloud, less open source. Crypto-research. Cybercrime - Trends, Crime & Enforcement, Nation States and mercenaries. Other Risks - Internet voting, great resignation data theft, AI, disinformation, health, safety, environment, economy. Russia v. Ukraine. Innovation and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• PCI Community Meeting - North America:
• PCI Security Standards Council Hosts North America Community Meeting https://www.pcisecuritystandards.org/about_us/press_releases/pci-security-standards-council-hosts-north-america-community-meeting/
• Dispatch from the NACM: Day 1 https://blog.pcisecuritystandards.org/dispatch-from-the-nacm-day-1
• Dispatch from the NACM: Day 2 https://blog.pcisecuritystandards.org/dispatch-from-the-nacm-day-2
• Dispatch from the NACM: Day 3 https://blog.pcisecuritystandards.org/dispatch-from-the-nacm-day-3
• PCI Updates:
• Introducing the New PCI SSC Mobile App https://blog.pcisecuritystandards.org/introducing-the-new-pci-ssc-mobile-app
• Bridge the Gap with Knowledge Training https://blog.pcisecuritystandards.org/bridge-the-gap-with-knowledge-training
• New Opportunities for Collaboration with the Council Coming in 2023 https://blog.pcisecuritystandards.org/new-opportunities-for-collaboration-with-the-council-coming-in-2023
• PCI DSS Quick Reference Guide https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Supporting%20Document/PCI_DSS-QRG-v4_0.pdf
• New Information Supplement: Guidance for Containers and Container Orchestration Tools https://blog.pcisecuritystandards.org/new-information-supplement-guidance-for-containers-and-container-orchestration-tools
• Containers and Container Orchestration Tools https://docs-prv.pcisecuritystandards.org/Guidance%20Document/Containers%20and%20Container%20Orchestration%20Tools/Guidance-for-Containers-and-Container-Ochestration-Tools-v1_0.pdf
• Card Production Summary of Changes https://docs-prv.pcisecuritystandards.org/Card%20Production/Supporting%20Document/PCI_Card_Production_v3.01_Summary_of_Changes_v2_to_v3.01.pdf
• Payment skimmers/malware/fraud:
• Breach of software maker FishPig used to backdoor as many as 200,000 servers https://arstechnica.com/information-technology/2022/09/breach-of-software-maker-used-to-backdoor-as-many-as-200000-servers/
• WordPress-powered sites backdoored after FishPig suffers supply chain attack https://www.theregister.com/2022/09/15/magento_wordpress_fishpig/
• Say Hello to Crazy Thin ‘Deep Insert' ATM Skimmers https://krebsonsecurity.com/2022/09/say-hello-to-crazy-thin-deep-insert-atm-skimmers/
• Other payment related:
• NCR To Split into Two Companies And Other Digital Transactions News briefs from 9/16/22 https://www.digitaltransactions.net/ncr-to-split-into-two-companies-and-other-digital-transactions-news-briefs-from-9-16-22/
• Report: Walmart, Target Urge Support for Credit Card Competition Bill https://www.pymnts.com/news/retail/2022/report-walmart-target-urge-support-for-credit-card-competition-bill/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Massive Data Breach at Uber https://www.schneier.com/blog/archives/2022/09/massive-data-breach-at-uber.html
• Uber Breach Looks Like It Compromised All Systems https://packetstormsecurity.com/news/view/33852/Uber-Breach-Looks-Like-It-Compromised-All-Systems.html
• Uber hacked, internal systems breached and vulnerability reports stolen https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/
• Uber's hack shows the stubborn power of social engineering https://www.theverge.com/2022/9/16/23356959/uber-hack-social-engineering-threats
• It's like a veritable fire sale on Indonesians' personal data https://www.databreaches.net/its-like-a-veritable-fire-sale-on-indonesians-personal-data/
• New York ambulance service discloses data breach after ransomware attack https://www.bleepingcomputer.com/news/security/new-york-ambulance-service-discloses-data-breach-after-ransomware-attack/
• U-Haul Says Customer Data Accessed Using Compromised Credentials https://www.securityweek.com/u-haul-says-customer-data-accessed-using-compromised-credentials
• GTA 6 source code and videos leaked after Rockstar Games hack https://www.bleepingcomputer.com/news/security/gta-6-source-code-and-videos-leaked-after-rockstar-games-hack/
• New Ransomware and "Incidents":
• Hive ransomware claims cyberattack on Bell Canada subsidiary Bell Technical Solutions (BTS) https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-cyberattack-on-bell-canada-subsidiary/
• Buenos Aires legislature announces ransomware attack https://www.databreaches.net/buenos-aires-legislature-announces-ransomware-attack/
• Major outages/downs:
• Zoom is down, users unable to sign in or join meetings https://www.bleepingcomputer.com/news/security/zoom-is-down-users-unable-to-sign-in-or-join-meetings/
• Akamai Sees Europe's Biggest DDoS Attack to Date https://www.securityweek.com/akamai-sees-europes-biggest-ddos-attack-date
• Follow-ups and fall-out:
• As Ex-Uber Executive Heads to Trial over past breach, the Security Community Reels https://www.nytimes.com/2022/09/06/technology/joe-sullivan-uber-security-trial-ciso.html
• IHG hack: 'Vindictive' couple deleted hotel chain data for fun https://www.bbc.co.uk/digihub/technology-62920470
• You Could Qualify for Money From Capital One's $190 Million Cyberattack Settlement. Find Out How https://www.cnet.com/personal-finance/see-if-you-qualify-for-money-from-capital-ones-190-million-data-breach-settlement/
• Hackers Had Access to LastPass's Development Systems for Four Days https://thehackernews.com/2022/09/hackers-had-access-to-lastpasss.html
• LastPass says hackers had internal access for four days https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-had-internal-access-for-four-days/
• Samsung denies SSNs in breach https://therecord.media/samsung-denies-social-security-numbers-involved-in-latest-breach/
• Recent data breach gets Samsung hit with a class action lawsuit https://www.androidauthority.com/samsung-class-action-3206865/
• Cisco: Yes, Yanluowang leaked our data. No, it's not serious https://www.theregister.com/2022/09/13/cisco_ransomware_data_leaked/
• Ambry Genetics Settles Class Action Lawsuit Over 2020 Data Breach for $12.3M https://www.databreaches.net/ambry-genetics-settles-class-action-lawsuit-over-2020-data-breach-for-12-3m/
• SN Servicing settles data breach litigation https://www.databreaches.net/sn-servicing-settles-data-breach-litigation/

Privacy

Articles about privacy related news, risks, and trends.

• US Customs stores duplicates of travelers' phone and laptop contents — including medical records, photos, and calendar appointments — without much oversight, report says https://www.businessinsider.com/us-customs-duplicates-phone-and-laptop-contents-of-travelers-wapo-2022-9
• The worst thing about the eSIM-only iPhone 14 https://www.zdnet.com/article/the-worst-thing-about-esim-only-iphone-14s/
• Sexual assault victim whose DNA was used to arrest her sues San Francisco https://www.bbc.co.uk/news/world-us-canada-62888892
• Boffins Build Microphone Safety Kit To Detect Eavesdroppers https://packetstormsecurity.com/news/view/33826/Boffins-Build-Microphone-Safety-Kit-To-Detect-Eavesdroppers.html

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Misleading on Bill C-11: Why Did the CRTC Sit on the Radio-Canada Decision For Nearly Eight Months? https://www.michaelgeist.ca/2022/09/misleading-on-bill-c-11-why-did-the-crtc-sit-on-the-radio-canada-decision-for-nearly-eight-months/
• The Bill C-11 Hearings Are Back, Part One: The Risks of Regulating User Content https://www.michaelgeist.ca/2022/09/the-bill-c-11-hearings-are-back-part-one-the-risks-of-regulating-user-content/
• The Bill C-11 Hearings Are Back, Part Two: The Risks to Canadian Creators https://www.michaelgeist.ca/2022/09/the-bill-c-11-hearings-are-back-part-two-the-risks-to-canadian-creators/
• The Bill C-11 Hearings Are Back, Part Three: The Risks of Higher Consumer Costs, Less Competition, and Little New Money for Film Production https://www.michaelgeist.ca/2022/09/the-bill-c-11-hearings-are-back-part-three-the-risks-of-higher-consumer-costs-less-competition-and-little-new-money-for-film-production/
• The Bill C-11 Hearings Are Back, Part Four: The Risks of a Trade Challenge and Tariff Retaliation https://www.michaelgeist.ca/2022/09/the-bill-c-11-hearings-are-back-part-four-the-risks-of-a-trade-challenge-and-tariff-retaliation/
• Guidance on inappropriate data practices: Interpretation and application of subsection 5(3) https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/consent/gd_53_201805/#s4
• US:
• Biden Issues New Order to Block Chinese Investment in Technology in the U.S. https://www.nytimes.com/2022/09/15/us/politics/biden-china-tech-executive-order.html
• Us bans tech firms from China https://www.bbc.com/news/62803224
• Lawmakers Grill TikTok Executive About Ties to China https://www.nytimes.com/2022/09/14/technology/tiktok-china-senate.html
• US Government Wants Security Guarantees From Software Vendors https://www.securityweek.com/us-government-wants-security-guarantees-software-vendors
• Federal Court holds nonprofit health center is immune from data breach class action https://www.databreaches.net/federal-court-holds-nonprofit-health-center-is-immune-from-data-breach-class-action/
• Members of Congress Urge FTC to Investigate Fog Data Science https://www.eff.org/deeplinks/2022/09/members-congress-urge-ftc-investigate-fog-data-science
• California's Newsom Signs Bill Requiring Social Media Firms' Transparency https://packetstormsecurity.com/news/view/33837/Californias-Newsom-Signs-Bill-Requiring-Social-Media-Firms-Transparency.html
• Internet service providers drop challenge of Maine’s privacy law https://www.pressherald.com/2022/09/06/internet-service-providers-drop-challenge-of-privacy-law/
• Credit Karma to pay $3M to users tricked by preapproved credit card https://www.npr.org/2022/09/06/1121246081/credit-karma-false-ftc-preapproved-credit-card
• Lawsuit After KeyBank Breach Heralds Changes In Liability https://packetstormsecurity.com/news/view/33831/Lawsuit-After-KeyBank-Breach-Heralds-Changes-In-Liability.html
• World:
• Amazon Antitrust Commitments ‘Appear Relevant' to EU Concerns https://www.pymnts.com/amazon/2022/amazon-antitrust-commitments-appear-relevant-to-eu-concerns/
• Google And Meta Fined Over $70m For Privacy Violations In Korea https://packetstormsecurity.com/news/view/33835/Google-And-Meta-Fined-Over-70m-For-Privacy-Violations-In-Korea.html
• Google loses appeal over illegal Android app bundling, EU reduces fine to €4.1 billion https://www.theverge.com/2022/9/14/23341207/google-eu-android-antitrust-fine-appeal-failed-4-billion
• A packed end to the UK's cyber summer: Government moves forward with telecoms cybersecurity proposals and consults on a Cyber Duty to Protect https://www.databreaches.net/a-packed-end-to-the-uks-cyber-summer-government-moves-forward-with-telecoms-cybersecurity-proposals-and-consults-on-a-cyber-duty-to-protect/
• EU Wants to Toughen Cybersecurity Rules for Smart Devices https://www.securityweek.com/eu-wants-toughen-cybersecurity-rules-smart-devices
• Binance CEO: EU's Proposed Crypto Reg 'Strict' https://www.pymnts.com/news/regulation/2022/binance-ceo-eus-proposed-crypto-reg-strict/
• Standards News:
• NIST published Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight: NIST IR 8286C https://content.govdelivery.com/accounts/USNIST/bulletins/32cc714
• US Agencies Publish Security Guidance on Implementing Open RAN Architecture https://www.securityweek.com/us-agencies-publish-security-guidance-implementing-open-ran-architecture
• Giving Big Corporations “Closed Generic” Top-Level Domain Names to Run as Private Kingdoms Is Still a Bad Idea https://www.eff.org/deeplinks/2022/09/giving-big-corporations-closed-generic-top-level-domain-names-run-private-kingdoms

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• Virtual Workshop on the End to End (E2E) Protocol Evaluation Process for Future Voting Systems Date/Time: October 6th – 7th, 1pm-5pm EDT https://content.govdelivery.com/accounts/USNIST/bulletins/32bda6d
• General:
• Google Completes Acquisition of Mandiant https://www.mandiant.com/company/press-releases/google-completes-mandiant-acquisition
• Methods, Techniques, Tools, and Products:
• EFF's “Cover Your Tracks” Will Detect Your Use of iOS 16's Lockdown Mode https://www.eff.org/deeplinks/2022/09/effs-cover-your-tracks-will-detect-your-use-ios-16s-lockdown-mode
• Risky Biz Soap Box: Haroon Meer on "sensitive command tokens" https://risky.biz/soapbox68

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Zero-day and other recent vulnerability news:
• Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs https://www.darkreading.com/vulnerabilities-threats/microsoft-quashes-actively-exploited-zero-day-wormable-critical-bugs
• WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin https://www.securityweek.com/wordpress-sites-hacked-zero-day-vulnerability-wpgateway-plugin
• Patching:
• A Quarter Of Cloud Breaches Caused By Unpatched Vulnerabilities https://packetstormsecurity.com/news/view/33843/A-Quarter-Of-Cloud-Breaches-Caused-By-Unpatched-Vulnerabilities.html
• CISA orders agencies to patch Windows, iOS bugs used in attacks https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-windows-ios-bugs-used-in-attacks/
• Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday https://krebsonsecurity.com/2022/09/wormable-flaw-0days-lead-sept-2022-patch-tuesday/
• OtheSignificant:
• Spell-Jacking: Google, Microsoft can get your passwords via web browser's spellcheck https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/
• Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs (that's pretty much everywhere) https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/
• Relay Attack against Teslas https://www.schneier.com/blog/archives/2022/09/relay-attack-against-teslas.html
• Other Vulnerabilities:
• Nearly one in two industry pros scaled back open source use over security fears https://www.theregister.com/2022/09/14/snakes_on_a_plan_anaconda/
• Microsoft: Windows 10 21H1 reaches end of service in December https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h1-reaches-end-of-service-in-december/
• CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild https://www.tenable.com/blog/cve-2022-40139-vulnerability-in-trend-micro-apex-one-exploited-in-the-wild
• Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks https://www.darkreading.com/attacks-breaches/popular-iot-cameras-patching-catastrophic-attacks
• Water Tank Management System Used Worldwide Has Unpatched Security Hole https://www.securityweek.com/water-tank-management-system-used-worldwide-has-unpatched-security-hole
• Cryptography and Cryptographic Research:
• Homomorphic Encryption on GPU https://eprint.iacr.org/2022/1222
• Hybrid Post-Quantum Signatures in Hardware Security Keys https://eprint.iacr.org/2022/1225
• On Squaring Modulo Mersenne Numbers https://eprint.iacr.org/2022/1197

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Bitdefender releases free decryptor for LockerGoga ransomware https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/
• Microsoft Edge's News Feed ads abused for tech support scams https://www.bleepingcomputer.com/news/security/microsoft-edge-s-news-feed-ads-abused-for-tech-support-scams/
• New malware bundle self-spreads through YouTube gaming videos https://www.bleepingcomputer.com/news/security/new-malware-bundle-self-spreads-through-youtube-gaming-videos/
• TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls https://www.darkreading.com/cloud/teamtnt-docker-containers-malicious-cloud-images
• Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies https://thehackernews.com/2022/09/hackers-targeting-weblogic-servers-and.html
• Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services https://thehackernews.com/2022/09/researchers-find-link-bw-privateloader.html
• Crime & Arrests, etc.:
• FBI: Hackers steal millions from healthcare payment processors https://www.bleepingcomputer.com/news/security/fbi-hackers-steal-millions-from-healthcare-payment-processors/
• FBI Seizes Stolen Cryptocurrencies https://www.schneier.com/blog/archives/2022/09/fbi-seizes-stolen-cryptocurrencies.html
• Iranians hacked US companies, sent ransom demands to printers, indictment says https://arstechnica.com/tech-policy/2022/09/iranians-hacked-us-companies-sent-ransom-demands-to-printers-indictment-says/
• Ex-Broadcom engineer asks for house arrest over IP theft https://www.theregister.com/2022/09/15/broadcom_engineer_ip_theft/
• U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks https://thehackernews.com/2022/09/us-charges-3-iranian-hackers-and.html
• Member of Roanoke-Area ATM Skimming Conspiracy Pleads Guilty https://www.databreaches.net/member-of-roanoke-area-atm-skimming-conspiracy-pleads-guilty/
• Tax fraud ring leader jailed for selling children's stolen identities https://www.databreaches.net/tax-fraud-ring-leader-jailed-for-selling-childrens-stolen-identities/
• Nation State Actors:
• US, UK, Canada and Australia Link Iranian Government Agency to Ransomware Attacks https://www.securityweek.com/us-uk-canada-and-australia-link-iranian-government-agency-ransomware-attacks
• Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks https://thehackernews.com/2022/09/webworm-hackers-using-modified-rats-in.html
• Lorenz ransomware breaches corporate network via phone systems https://www.bleepingcomputer.com/news/security/lorenz-ransomware-breaches-corporate-network-via-phone-systems/
• North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application https://thehackernews.com/2022/09/north-korean-hackers-spreading.html
• Gamaredon APT targets Ukrainian government agencies in new campaign http://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
• Is Internet Voting Secure? The Science and the Policy Battles https://freedom-to-tinker.com/2022/09/12/is-internet-voting-secure-the-science-and-the-policy-battles/
• The Great Resignation linked to a great data theft https://www.databreaches.net/the-great-resignation-linked-to-a-great-data-theft/
• 5 Ways to Mitigate Your New Insider Threats in the Great Resignation https://thehackernews.com/2022/09/5-ways-to-mitigate-your-new-insider.html
• Twitter vs Mudge:
• How Whistleblowers Navigate a Security Minefield https://www.wired.com/story/whistleblower-safety-mudge-twitter-senate-hearing/
• Whistle-Blower Peiter Zatko Says Twitter ‘Chose to Mislead' on Security https://www.nytimes.com/2022/09/13/technology/twitter-whistle-blower-security-flaws.html
• Key Takeaways From the Twitter Whistleblower's Testimony https://www.darkreading.com/edge-articles/key-takeaways-from-the-twitter-whistleblower-s-testimony
• The Twitter Whistleblower's Testimony Has Senators Out for Blood https://www.wired.com/story/peiter-mudge-zatko-twitter-senate-judiciary-testimony/
• Twitter's cybersecurity flaws pose national security risk, whistleblower tells Congress https://www.databreaches.net/twitters-cybersecurity-flaws-pose-national-security-risk-whistleblower-tells-congress/
• Whistleblower: China, India Had Agents Working for Twitter https://www.securityweek.com/whistleblower-china-india-had-agents-working-twitter
• Artifical Intelligence and Machine Learning:
• Have AI image generators assimilated your art? New tool lets you check https://arstechnica.com/information-technology/2022/09/have-ai-image-generators-assimilated-your-art-new-tool-lets-you-check/
• Flooded with AI-generated images, some art communities ban them completely https://arstechnica.com/information-technology/2022/09/flooded-with-ai-generated-images-some-art-communities-ban-them-completely/
• Researchers Say It'll Be Impossible to Control a Super-Intelligent AI https://www.sciencealert.com/researchers-say-itll-be-impossible-to-control-a-super-intelligent-ai
• Disinformation and misinformation
• Anti-vaxxers evaded social-media content bans by replacing the word 'vaccine' with a carrot emoji, BBC investigation finds https://www.businessinsider.com/bbc-antivaxxers-carrot-emoji-dodge-bans-social-media-2022-9
• Health:
• Current vaccine approach not enough to eradicate measles https://scienmag.com/current-vaccine-approach-not-enough-to-eradicate-measles/
• How human cells become Zika virus factories https://scienmag.com/how-human-cells-become-zika-virus-factories/
• Los Angeles Death May Be The First Confirmed Monkeypox Fatality in The US https://www.sciencealert.com/los-angeles-death-may-be-the-first-confirmed-monkeypox-fatality-in-the-us
• Getting sick from Covid knocked 500,000 workers out of the labor force, a new study says. It shows why labor shortages are still going strong. https://www.businessinsider.com/covid-illness-made-labor-force-shrink-reason-for-labor-shortage-2022-9
• Powerful New Antibody Neutralizes All Known COVID Variants https://scitechdaily.com/powerful-new-antibody-neutralizes-all-known-covid-variants/
• WHO strongly advises against antibody treatments for COVID-19 patients https://scienmag.com/who-strongly-advises-against-antibody-treatments-for-covid-19-patients/
• New test can ID patients at risk of severe COVID-19, study finds https://scienmag.com/new-test-can-id-patients-at-risk-of-severe-covid-19-study-finds/
• NIST Awards $700,000 to improve small, low-cost, wireless COVID sensor https://scienmag.com/nist-awards-700000-to-improve-small-low-cost-wireless-covid-sensor/
• Safety:
• CSPC Warns People to Stop Buying Male-to-Male Power Cords on Amazon https://gizmodo.com/cspc-amazon-warns-stop-buying-male-extension-cords-1849543775
• Halton police chief calls for action on guns coming from U.S. after Toronto-area shooting rampage https://globalnews.ca/news/9131475/halton-police-chief-u-s-guns-toronto-area-shootings/
• Reckless Hikers Plead Guilty to Charges – NH Fish and Game Department https://nhfishgame.com/2022/09/06/reckless-hikers-plead-guilty-to-charges/
• Another person bitten by coyote in Burlington; 7th unprovoked attack reported https://toronto.ctvnews.ca/another-person-bitten-by-coyote-in-burlington-7th-unprovoked-attack-reported-1.6073626
• Australian man killed by kangaroo he kept as pet, police say https://www.bbc.co.uk/news/world-australia-62884861
• Florida man loses his arm in alligator attack https://www.bbc.co.uk/news/world-us-canada-62815204
• Environment:
• What was left out of the founding myth of the green revolution? https://scienmag.com/what-was-left-out-of-the-founding-myth-of-the-green-revolution/
• Forests' carbon uptake will be compromised by climate change, leaf temperature study suggests https://scienmag.com/forests-carbon-uptake-will-be-compromised-by-climate-change-leaf-temperature-study-suggests/
• Here's How Climate Change Is Hurting the U.S. https://www.scientificamerican.com/article/heres-how-climate-change-is-hurting-the-u-s/
• The World Stands to Save Trillions of Dollars if We Just Quit Carbon Right https://www.sciencealert.com/the-world-stands-to-save-trillions-of-dollars-if-we-just-quit-carbon-right
• California drought: On patrol with the celebrity 'water police' https://www.bbc.co.uk/news/world-us-canada-62825522
• For the first time we can measure the thickness of Arctic sea ice all year round https://scienmag.com/for-the-first-time-we-can-measure-the-thickness-of-arctic-sea-ice-all-year-round/
• Are we missing a crucial component of sea-level rise? https://scienmag.com/are-we-missing-a-crucial-component-of-sea-level-rise/
• Mexican mangroves have been capturing carbon for 5,000 years https://scienmag.com/mexican-mangroves-have-been-capturing-carbon-for-5000-years/
• Thyme among almond trees: it mitigates climate change and increases the land's production https://scienmag.com/thyme-among-almond-trees-it-mitigates-climate-change-and-increases-the-lands-production/
• Physicists Reveal More Effective and Earth-Friendly Way To Clean Dishes https://scitechdaily.com/physicists-reveal-more-effective-and-earth-friendly-way-to-clean-dishes/
• Sick of buying a new Android phone every few years? Help is on the way https://www.techradar.com/news/sick-of-buying-a-new-android-phone-every-few-years-help-is-on-the-way
• Ethereum will use less energy now that it's proof-of-stake https://www.theverge.com/2022/9/15/23329037/ethereum-pos-pow-merge-miners-environment
• The Tonga Eruption Produced a 90-Meter Tsunami https://www.universetoday.com/157522/the-tonga-eruption-produced-a-90-meter-tsunami/
• Economy:
• Quiet Quitting Is a Fake Trend https://www.theatlantic.com/newsletters/archive/2022/09/quiet-quitting-trend-employee-disengagement/671436/
• British pound sinks to 37-year low against the dollar as retail sales crater, fueling fears about a UK recession https://markets.businessinsider.com/news/currencies/dollar-vs-pound-usd-gbp-retail-sales-inflation-federal-reserve-2022-9

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Ukraine war: What will Russia's losses mean for Putin? https://www.bbc.co.uk/news/world-europe-62879367
• Ukraine war: Biden warns Putin not to use tactical nuclear weapons https://www.bbc.co.uk/news/world-europe-62936643
• Ukraine war: We've retaken 6,000 sq km from Russia, says Zelensky https://www.bbc.co.uk/news/world-europe-62884668
• Dead Ukrainians found with clear signs of torture in territory recaptured from Russia, Ukraine officials say https://www.businessinsider.com/bodies-found-torture-signs-ukrainian-area-retaken-from-russia-officials-2022-9
• Ukraine war: Russian retreat exposes military weaknesses https://www.bbc.co.uk/news/world-europe-62914958
• HIMARS rockets have been a 'game changer' in Ukraine, and the US Army is now looking for ways to build up to 500 more https://www.businessinsider.com/us-army-looking-to-build-hundreds-more-himars-launchers-2022-9
• Ukraine war: Houses flooded after missiles hit major dam https://www.bbc.co.uk/news/world-europe-62910245
• Ukraine war: Power back on at huge nuclear plant in Zaporizhzhia https://www.bbc.co.uk/news/world-europe-62943902
• Reaction and response:
• Germany's takeover of Russian refineries frees the nation from dependence on Moscow, Chancellor Olaf Scholz says https://markets.businessinsider.com/news/commodities/german-takeover-russian-oil-refineries-freedom-dependence-moscow-olaf-scholz-2022-9
• Ukraine war: EU moves to cut peak electricity use by 5% https://www.bbc.co.uk/news/world-europe-62899940
• Russian energy exec found dead after ‘falling overboard' in latest mysterious death https://globalnews.ca/news/9125813/russian-energy-executive-ivan-pechorin-mysterious-death/
• Sanctions & economic Impact:
• Cyber-attacks and the potential for cyber-war:

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• New ice-shedding coating is 100x stronger than others https://scienmag.com/new-ice-shedding-coating-is-100x-stronger-than-others/
• Other:
• Blue Origin rocket malfunctions on trip to space https://www.bbc.co.uk/news/world-us-canada-62885026
• Fascinating Study Gives a Unique Glimpse Into How Dogs See The World https://www.sciencealert.com/fascinating-study-gives-a-unique-glimpse-into-how-dogs-see-the-world
• Photos: What it's like to go more than 300 feet underwater in your own personal submarine https://www.businessinsider.com/photos-personal-submarine-yacht-nemo-8-hours-underwater-2022-9
• Roku's Weird Al movie is ridiculous in the best possible ways https://www.theverge.com/23349435/weird-the-al-yankovic-story-review-roku-tiff-2022
• A new way to Discover Planets? Astronomers Detect an Exoplanet by Seeing its Trojan Belts https://www.universetoday.com/157651/a-new-way-to-discover-planets-astronomers-detect-an-exoplanet-by-seeing-its-trojan-belts/
• Can Astronomers Predict Which Stars Are About to Explode as Supernovae? https://www.universetoday.com/157639/can-astronomers-predict-which-stars-are-about-to-explode-as-supernovae/
• The Webb Image you've Been Waiting For: the Orion Nebula https://www.universetoday.com/157576/the-webb-image-youve-been-waiting-for-the-orion-nebula/