19 min read

This Week's [in]Security - Issue 287

CG Blogger : Oct 2, 2022 12:00:00 AM

[in]security

Welcome to This Week’s [in]Security. PCI SAQ updates, PA-DSS retirement, Debit, Virtual cards! New breaches: CBSA, Fast Company, CIA. Ransomware, Outages, & Follow-ups. Privacy. Laws & Regs - Canada: C-11, Quebec. US: Incident reporting, CA, NY, Patent Trolls, World: Australia, DORA, Standards: TLP2.0. Events, Defensive tools & techniques. Vulnerabilities - Zerodays, Patching, Significant: App security and geography, Roundup, Exchange, WhatsApp, Sophos, BitBucket, IoT, supply chain, Research: Trojan Source Analysis. Exploitation time, Cryptography. Cybercrime - Trends: BEC, MFA fatigue, Open Source, Jobs, Domains, Hyperjacking. Crime & Enforcement, Nation States and mercenaries. Other Risks - AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation: DART. 6-qubits, and more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

New/Updated Standards:

Updated 3.2.1 SAQ Instructions and Guidelines https://docs-prv.pcisecuritystandards.org/SAQ%20(Assessment)/Instructions%20%26%20Guidance/SAQ-InstrGuidelines-v3-2-1-r1.pdf
Assessors: Prepare for the Closure of PA-DSS https://blog.pcisecuritystandards.org/assessors-prepare-for-the-closure-of-pa-dss

Other payment related:

In a Payments Industry First, Usage of Debit Cards Tops That of Credit Cards https://www.digitaltransactions.net/in-a-payments-industry-first-usage-of-debit-cards-tops-that-of-credit-cards/
Get Set for a Virtual Card Tsunami, Juniper Research Says https://www.digitaltransactions.net/get-set-for-a-virtual-card-tsunami-juniper-research-says/
Elavon Launches a Platform for Contactless Payments in Mass Transit https://www.digitaltransactions.net/elavon-launches-a-platform-for-contactless-payments-in-mass-transit/
These Ontario cities have hidden $100 Canadian Tire bills. This is how to find them https://toronto.ctvnews.ca/these-ontario-cities-have-hidden-100-canadian-tire-bills-this-is-how-to-find-them-1.6086648
What Is The Role Of A CISO In Compliance? https://datexdatastealth.com/blog/what-is-the-role-of-a-ciso-in-compliance
Health worker photographed patient credit cards and went shopping with them, cops say https://www.databreaches.net/health-worker-photographed-patient-credit-cards-and-went-shopping-with-them-cops-say/

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

New Breaches:

Swachh City Platform Suffers Data Breach Leaking 16 Million User Records https://www.databreaches.net/swachh-city-platform-suffers-data-breach-leaking-16-million-user-records/
Data Breach at Canadian Border Agency Contractor Involved up to 1.38 Million Licence Plates https://www.databreaches.net/data-breach-at-canadian-border-agency-contractor-involved-up-to-1-38-million-licence-plates/
Fast Company CMS Hack Raises Security Questions https://www.darkreading.com/attacks-breaches/fast-company-cms-hack-raises-security-questions
Hacked Fast Company sends 'obscene and racist' alerts via Apple News https://www.theregister.com/2022/09/28/fast_company_hack_apple_news/
Hacker shares how they allegedly breached Fast Company's site https://www.bleepingcomputer.com/news/security/hacker-shares-how-they-allegedly-breached-fast-company-s-site/
Security Vulnerabilities in Covert CIA Websites https://www.schneier.com/blog/archives/2022/09/security-vulnerabilities-in-covert-cia-websites.html
The FBI says it caught an ex-NSA employee trying to sell top-secret intelligence documents https://www.theverge.com/2022/9/30/23380233/nsa-employee-fbi-selling-secrets-espionage-act-jareh-dalke
Mexico confirms hack of military records, president's health information https://www.databreaches.net/mexico-confirms-hack-of-military-records-presidents-health-information/
Eight Shangri-La hotels in Asia hit by data breach, potentially exposing guest information https://www.databreaches.net/eight-shangri-la-hotels-in-asia-hit-by-data-breach-potentially-exposing-guest-information/
Auth0 Finds No Breach Following Source Code Compromise https://www.securityweek.com/auth0-finds-no-breach-following-source-code-compromise
Auth0 warns that some source code repos may have been stolen https://www.bleepingcomputer.com/news/security/auth0-warns-that-some-source-code-repos-may-have-been-stolen/
Waterloo school board says some student info accessed by hackers during July cyberattack https://globalnews.ca/news/9165571/waterloo-school-board-student-info-accessed-hackers-july-cyberattack/

New Ransomware and "Incidents":

Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months - New Survey https://www.darkreading.com/attacks-breaches/ransomware-attacks-continue-increasing-20-of-all-reported-attacks-occurred-in-the-last-12-months---new-survey
46% of All Ransomware Attacks Happen in the United States, NordLocker Says https://www.digitaltransactions.net/46-of-all-ransomware-attacks-happen-in-the-united-states-nordlocker-says/
Leaked LockBit 3.0 builder used by ‘Bl00dy' ransomware gang in attacks https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/
Internet outage in Tucson area was due to cyber attack, Cox says https://www.databreaches.net/internet-outage-in-tucson-area-was-due-to-cyber-attack-cox-says/
Electricity Company of Ghana systems hacked with ransomware – Sources https://www.databreaches.net/electricity-company-of-ghana-systems-hacked-with-ransomware-sources/
Malaysian Telecom RedOne hit by DESORDEN https://www.databreaches.net/malaysian-telecom-redone-hit-by-desorden/

Major outages/downs:

MI5 Website Briefly Hit By Denial Of Service Attack https://packetstormsecurity.com/news/view/33895/MI5-Website-Briefly-Hit-By-Denial-Of-Service-Attack.html
Food delivery drone lands on power lines resulting in power outage for thousands https://www.theverge.com/2022/9/30/23380044/food-delivery-drone-knocks-out-power-australia-wing

Follow-ups and fall-out:

Breached American Airlines Email Accounts Abused for Phishing https://www.securityweek.com/breached-american-airlines-email-accounts-abused-phishing
Optus: How a massive data breach has exposed Australia https://www.bbc.co.uk/news/world-australia-63056838
Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach https://www.databreaches.net/optus-tells-former-virgin-mobile-and-gomo-customers-they-could-also-be-part-of-data-breach/
Lessons From the GitHub Cybersecurity Breach https://www.darkreading.com/dr-tech/lessons-from-the-github-cybersecurity-breach-protecting-the-most-sensitive-data
Robinhood data breach class action settlement https://www.databreaches.net/robinhood-data-breach-class-action-settlement/
Samsung Sued Over Recent Data Breaches https://www.securityweek.com/samsung-sued-over-recent-data-breaches
New changes allow Optus data leak victims to change licence numbers https://www.databreaches.net/new-changes-allow-optus-data-leak-victims-to-change-licence-numbers/

Privacy

Articles about privacy related news, risks, and trends.

Google's Perilous Plan for a Cloud Center in Saudi Arabia is an Irresponsible Threat to Human Rights https://www.eff.org/deeplinks/2022/09/googles-perilous-plan-cloud-center-saudi-arabia-irresponsible-threat-human-rights
Brave is about to solve one of the most frustrating problems with browsing the web - privacy cookies https://www.techradar.com/news/brave-is-about-to-solve-one-of-the-most-frustrating-problems-with-browsing-the-web
The unread Stasi Files https://scienmag.com/the-unread-stasi-files/

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

Canada:

Bill C-11 Goes Off The Rails Amid Charges of Witness Intimidation and Bullying by Government MPs https://www.michaelgeist.ca/2022/09/bill-c-11-goes-off-the-rails-amid-charges-of-witness-intimidation-and-bullying-by-government-mps/
Federal whistleblowers fear reprisal for reporting public service wrongdoings: report https://globalnews.ca/news/9169354/federal-whistleblowers-fear-reprisal-report/
How Well Do You Know Québec's Law 25 (formerly Bill 64)? https://datexdatastealth.com/blog/how-well-do-you-know-qu%C3%A9becs-law-25-formerly-bill-64
Canada's merger laws let companies ‘extinguish competitive threats,' new report says https://globalnews.ca/news/9169363/merger-laws-canada-competition/
New bill allows Canadian jurors to disclose trial info to mental health providers https://globalnews.ca/news/9163001/new-bill-canadian-jurors-mental-health-providers/

CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act https://www.databreaches.net/cisa-requests-public-comment-on-implementing-regulations-for-the-cyber-incident-reporting-for-critical-infrastructure-act/
Calif. Privacy Law Marks Sea Change for Retailers' eCommerce Strategies https://www.pymnts.com/news/retail/2022/calif-privacy-law-marks-sea-change-for-retailers-ecommerce-strategies/
Veto of California Crypto Law Cold Comfort for State's FinTech Sector https://www.pymnts.com/cryptocurrency/2022/california-crypto-law-veto-cold-comfort-states-fintech-sector/
Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation https://blog.qualys.com/vulnerabilities-threat-research/2022/09/27/prepare-your-organization-for-compliance-with-the-nydfs-cybersecurity-regulation
Is This the Beginning of the End of the Internet? https://www.theatlantic.com/ideas/archive/2022/09/netchoice-paxton-first-amendment-social-media-content-moderation/671574/
Victory! Court Unseals Records Showing Patent Troll's Shakedown Efforts https://www.eff.org/deeplinks/2022/09/victory-court-unseals-records-showing-patent-trolls-shakedown-efforts
Eight states sue crypto lender Nexo over security sales and misleading marketing https://www.theverge.com/2022/9/26/23373916/nexo-lawsuit-securities-regulation-new-york-attorney-general
What legal protections do revenge porn victims have at work in the US? https://www.theguardian.com/law/2022/sep/29/legal-protections-revenge-porn-victims-work-erick-adame

World:

Australia to overhaul privacy laws after massive data breach https://www.theverge.com/2022/9/26/23372868/australian-hack-disclosure-privacy-laws-optus-data-breach
The Countdown to DORA (Digital Operational Resilience Act) https://www.darkreading.com/risk/the-countdown-to-dora
Ban Government Use of Face Recognition In the UK https://www.eff.org/deeplinks/2022/09/ban-government-use-face-recognition-uk
Third fine imposed by Polish SA on the Surveyor General of Poland for failure to notify the personal data breach https://www.databreaches.net/third-fine-imposed-by-polish-sa-on-the-surveyor-general-of-poland-for-failure-to-notify-the-personal-data-breach/

Standards News:

CISA Issues Guidance on Transitioning to TLP (Traffic Light Protocol) 2.0 for sharing information https://www.securityweek.com/cisa-issues-guidance-transitioning-tlp-20

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

Educational events, webinars, courses, etc:

NIST/NICE Preparing for Careers in Cybersecurity and Privacy with Internships October 19, 2022 | 2:00-2:45 PM ET https://content.govdelivery.com/accounts/USNIST/bulletins/32e2cba
NIST/NICE Security Clearance Effective Practices and Solutions to Support Federal Cybersecurity Work October 25, 2022 | 1:30-3:00 PM EDT https://content.govdelivery.com/accounts/USNIST/bulletins/32f0abc

General:

When Will Cybersecurity Get Its Bloomberg Terminal? https://www.darkreading.com/dr-tech/when-will-cybersecurity-get-its-bloomberg-terminal-
Google to test disabling Chrome Manifest V2 extensions in June 2023 https://www.bleepingcomputer.com/news/security/google-to-test-disabling-chrome-manifest-v2-extensions-in-june-2023/
Microsoft to kill off old access rules in Exchange Online https://www.theregister.com/2022/09/28/microsoft_exchange_online_cars/
MITRE's FiGHT Focuses on 5G Networks https://www.darkreading.com/dr-tech/mitre-rolls-out-fight-to-protect-5g-networks
Weekly Update 315 https://www.troyhunt.com/weekly-update-315/
Announcing This Year's (ISC)2 Global Achievement Award Recipients - Part 2 https://blog.isc2.org/isc2_blog/2022/09/announcing-this-years-isc2-global-achievement-award-recipients-part-2.html

Methods, Techniques, Tools, and Products:

In 2023, Google can notify you if personal info pops up in search https://www.theverge.com/2022/9/28/23377208/google-results-about-you-notifications-personal-info
Brave browser to start blocking annoying cookie consent banners https://www.bleepingcomputer.com/news/security/brave-browser-to-start-blocking-annoying-cookie-consent-banners/
Cloudflare launches eSIM to secure mobile devices https://techcrunch.com/2022/09/26/cloudflare-launches-an-esim-to-secure-mobile-devices/
Announcing Turnstile, a user-friendly, privacy-preserving alternative to CAPTCHA https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Click Here! (safely): Automagical Browser Isolation for potentially unsafe links in email https://blog.cloudflare.com/safe-email-links/
Microsoft announces passwordless auth, SSO for Azure Virtual Desktop https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-passwordless-auth-sso-for-azure-virtual-desktop/
An expert guide to securing APIs https://www.theregister.com/2022/09/26/an_experts_guide_to_securing/
Google will help you find better results without tagging ‘Reddit' onto every search https://www.theverge.com/2022/9/28/23377358/google-search-reddit-discussions-forums-results

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

Zero-day and other recent vulnerability news:

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet https://www.darkreading.com/application-security/microsoft-confirms-exchange-zero-days-no-patch
Microsoft Says Fix For Two Exchange Zero Days On Accelerated Timeline https://packetstormsecurity.com/news/view/33902/Microsoft-Says-Fix-For-Two-Exchange-Zero-Days-On-Accelerated-Timeline.html
Microsoft confirms new Exchange zero-days are used in attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-new-exchange-zero-days-are-used-in-attacks/

Patching:

Matrix chat encryption sunk by five now-patched holes https://www.theregister.com/2022/09/28/matrix_encryption_flaws/
Serious vulnerabilities in Matrix’s end-to-end encryption have been patched https://arstechnica.com/information-technology/2022/09/matrix-patches-vulnerabilities-that-completely-subvert-e2ee-guarantees/

Other Significant:

Differences in App Security/Privacy Based on Country https://www.schneier.com/blog/archives/2022/09/differences-in-app-security-privacy-based-on-country.html
Control Gap Vulnerability Roundup: September 17th to September 23rd https://www.controlgap.com/blog/vulnerability-roundup-september-17th-september-23rd
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely https://thehackernews.com/2022/09/critical-whatsapp-bugs-could-have-let.html
Sophos fixes critical firewall hole exploited by miscreants https://www.theregister.com/2022/09/28/sophos_firewall_code_injection/
CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability https://thehackernews.com/2022/10/cisa-warns-of-hackers-exploiting.html
New Report on IoT Security https://www.schneier.com/blog/archives/2022/09/new-report-on-iot-security.html
With the Software Supply Chain, You Can't Secure What You Don't Measure https://www.darkreading.com/vulnerabilities-threats/with-the-software-supply-chain-you-can-t-secure-what-you-don-t-measure
Leaking Passwords through the Spellchecker https://www.schneier.com/blog/archives/2022/09/leaking-passwords-through-the-spellchecker.html

Other Vulnerabilities:

L2 Network Security Control Bypass Flaws Impact Multiple Cisco Products https://www.securityweek.com/l2-network-security-control-bypass-flaws-impact-multiple-cisco-products
XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data https://www.darkreading.com/attacks-breaches/xss-flaw-prevalent-media-imaging-tool-exposes-trove-patient-data
Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks https://www.bleepingcomputer.com/news/security/ethernet-vlan-stacking-flaws-let-hackers-launch-dos-mitm-attacks/
A Note on Reimplementing the Castryck-Decru Attack and Lessons Learned for SageMath https://eprint.iacr.org/2022/1283
EFF Urges FTC to Address Security and Privacy Problems in Daycare and Early Education Apps https://www.eff.org/press/releases/eff-urges-ftc-address-security-and-privacy-problems-daycare-and-early-education-apps

Research on new vulnerabilities:

Talking Trojan: Analyzing an Industry-Wide Disclosure https://www.lightbluetouchpaper.org/2022/09/28/talking-trojan/
Report Shows How Long It Takes Ethical Hackers to Execute Attacks https://www.securityweek.com/report-shows-how-long-it-takes-ethical-hackers-execute-attacks

Cryptography and Cryptographic Research:

Breaking RSA Generically is Equivalent to Factoring, with Preprocessing https://eprint.iacr.org/2022/1261
Typing High-Speed Cryptography against Spectre v1 https://eprint.iacr.org/2022/1270

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

Trends, Alerts, and Events (other than major breaches):

3 Reasons Why BEC Scams Work in Real Estate https://www.darkreading.com/edge-articles/3-reasons-why-bec-scams-work-in-real-estate-and-how-to-fight-back
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks https://www.securityweek.com/high-profile-hacks-show-effectiveness-mfa-fatigue-attacks
Microsoft: Lazarus hackers are weaponizing open-source software https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-are-weaponizing-open-source-software/
New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons https://thehackernews.com/2022/09/new-malware-campaign-targeting-job.html
Fake CISO Profiles on LinkedIn Target Fortune 500s https://krebsonsecurity.com/2022/09/fake-ciso-profiles-on-linkedin-target-fortune-500s/
Lazarus hackers drop macOS malware via Crypto.com job offers https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-macos-malware-via-cryptocom-job-offers/
The web's cruising at 13 million new and nefarious domain names a month https://www.theregister.com/2022/09/28/akamai_malicious_domains/
Mystery Hackers Are ‘Hyperjacking' Targets for Insidious Spying https://www.wired.com/story/hyperjacking-vmware-mandiant/
Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors https://www.securityweek.com/hackers-possibly-china-using-new-method-deploy-persistent-esxi-backdoors
Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware https://thehackernews.com/2022/09/cyber-criminals-using-quantum-builder.html
Hackers now sharing cracked Brute Ratel post-exploitation kit online https://www.bleepingcomputer.com/news/security/hackers-now-sharing-cracked-brute-ratel-post-exploitation-kit-online/
Never-before-seen malware has infected hundreds of Linux and Windows devices https://arstechnica.com/information-technology/2022/09/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices/
Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems https://thehackernews.com/2022/09/researchers-warn-of-new-go-based.html
Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html
Hackers Are Making DDoS Attacks Sneakier And Harder To Protect Against https://packetstormsecurity.com/news/view/33891/Hackers-Are-Making-DDoS-Attacks-Sneakier-And-Harder-To-Protect-Against.html
Cryptominers hijack $53 worth of system resources to earn $1 https://www.bleepingcomputer.com/news/security/cryptominers-hijack-53-worth-of-system-resources-to-earn-1/
How Underground Groups Use Stolen Identities and Deepfakes https://www.trendmicro.com/en_us/research/22/i/how-underground-groups-use-stolen-identities-and-deepfakes.html
Container Supply Chain Attacks Cash In on Cryptojacking https://www.darkreading.com/attacks-breaches/container-supply-chain-attacks-cashing-in-on-cryptojacking
IRS warns Americans of massive rise in SMS phishing attacks https://www.bleepingcomputer.com/news/security/irs-warns-americans-of-massive-rise-in-sms-phishing-attacks/

Crime & Arrests, etc.:

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence https://www.databreaches.net/dismantling-a-prolific-cybercriminal-empire-revil-arrests-and-reemergence/
British teenager, 18, denies creating computer virus that crashed hundreds of institutions when he was just 14 https://www.databreaches.net/british-teenager-18-denies-creating-computer-virus-that-crashed-hundreds-of-institutions-when-he-was-just-14/
Germany arrests hacker for stealing €4 million via phishing attacks https://www.bleepingcomputer.com/news/security/germany-arrests-hacker-for-stealing-4-million-via-phishing-attacks/
Mississauga man charged with $70,000 worth of thefts from 144 LCBO stores https://toronto.citynews.ca/2022/09/30/ontario-lcbo-thefts-man-arrested-mississauga/
Ukraine Arrests Cybercrime Group for Selling Data of 30 Million Accounts https://thehackernews.com/2022/09/ukraine-arrests-cybercrime-group-for.html
Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network https://www.databreaches.net/honolulu-man-pleads-guilty-to-sabotaging-former-employers-computer-network/

Nation State Actors:

Suspected Chinese hackers tampered with widely used customer chat program -researchers https://www.reuters.com/technology/exclusive-suspected-chinese-hackers-tampered-with-widely-used-canadian-chat-2022-09-30/
Microsoft Warns Of North Korean Crew Posing As LinkedIn Recruiters https://packetstormsecurity.com/news/view/33897/Microsoft-Warns-Of-North-Korean-Crew-Posing-As-LinkedIn-Recruiters.html
Lazarus hackers abuse Dell driver bug using new FudModule rootkit https://www.bleepingcomputer.com/news/security/lazarus-hackers-abuse-dell-driver-bug-using-new-fudmodule-rootkit/
Cyber Attacks Against Middle East Governments Hide Malware in Windows Logo https://thehackernews.com/2022/09/cyber-attacks-against-middle-east.html
Cold War Bugging of Soviet Facilities https://www.schneier.com/blog/archives/2022/09/cold-war-bugging-of-soviet-facilities.html
Other:

Other Security / Risk

Articles covering other types of risks.

General:

Bulletproof TLS Newsletter #93 – news from the world of TLS the impact of Peter Eckersley and more https://www.feistyduck.com/bulletproof-tls-newsletter/issue_93_in_memory_of_peter_eckersley
More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise
Canadians will continue to get spam calls for the foreseeable future https://mobilesyrup.com/2022/09/26/canadians-will-continue-to-get-spam-calls-for-the-foreseeable-future/
Ever suspected bankers could just use WhatsApp comms? $1.8b says you're right https://www.theregister.com/2022/09/28/shadow_it_hedge_funds_wall_street/
You probably don’t need to worry about public WiFi anymore https://www.washingtonpost.com/technology/2022/09/26/public-wifi-privacy/
Magnus Carlsen and Hans Niemann: Chess champion accuses opponent of cheating https://www.bbc.co.uk/news/world-63043023
After chess, cheating rows rock poker and fishing https://www.bbc.co.uk/news/world-us-canada-63108879
USB kills off SuperSpeed branding as it tries to simplify its ubiquitous connector https://www.theverge.com/2022/9/30/23378231/usb-rebranding-2022-logos-gbps-wattage-charging-transfer-speeds-simplification-usb4-superspeed
Edward Snowden granted Russian citizenship https://www.bbc.co.uk/news/world-europe-63036991

Artificial Intelligence and Machine Learning:

AI experts pan Tesla's humanoid robot reveal: ‘next level cringeworthy' https://globalnews.ca/news/9169403/tesla-robot-humanoid-optimus-elon-musk/

Disinformation and misinformation

Meta busts first Chinese campaign prodding US midterms https://www.theregister.com/2022/09/27/meta_chinese_campaign/
Meta dismantles massive Russian network spoofing Western news sites https://www.bleepingcomputer.com/news/security/meta-dismantles-massive-russian-network-spoofing-western-news-sites/

Health:

Tiny Robots Have Successfully Cleared Pneumonia From The Lungs of Mice https://www.sciencealert.com/tiny-robots-have-successfully-cleared-pneumonia-from-the-lungs-of-mice
‘Poisonous': how WhatsApp is exposing UK school children to bullying and harmful content https://www.theguardian.com/technology/2022/oct/01/poisonous-how-whatsapp-is-exposing-uk-school-children-to-bullying-and-harmful-content
New drug has potential to turn COVID-19 virus against itself https://scienmag.com/new-drug-has-potential-to-turn-covid-19-virus-against-itself/
New zika vaccine shows promise in animal models https://scienmag.com/new-zika-vaccine-shows-promise-in-animal-models/
Another monkey virus could be poised for spillover to humans https://scienmag.com/another-monkey-virus-could-be-poised-for-spillover-to-humans/
Canada has dropped COVID-19 travel restrictions, mask mandates https://globalnews.ca/news/9169335/canada-covid-19-travel-restriction/
What is Ebola and why is Uganda's outbreak so serious? https://www.bbc.co.uk/news/world-africa-63080543
New COVID-Like Virus in Russian Bats Shows Resistance to Vaccine Antibodies https://www.sciencealert.com/new-covid-like-virus-in-russian-bats-shows-resistance-to-vaccine-antibodies
The Government Is Racing to Put Your Toilet Under Surveillance--For a Good Reason https://www.scientificamerican.com/article/the-government-is-watching-your-poop-to-catch-the-next-pandemic/
Thousands without power in Atlantic Canada one week after Fiona blew across region https://globalnews.ca/news/9169710/fiona-power-outages-one-week/
Photos: The Aftermath of Hurricane Fiona in Eastern Canada https://www.theatlantic.com/photo/2022/09/photos-hurricane-fiona-canada/671557/
N.S. premier blasts telecom companies in wake of Fiona, calls on Ottawa to step in with regulation https://www.cbc.ca/news/canada/nova-scotia/premier-tim-houston-telecommunications-hurricane-fiona-1.6598450
Hydro One sending 30 power line workers to help storm ravaged Nova Scotia https://globalnews.ca/news/9158868/hydro-one-line-workers-nova-scotia-fiona/
In The Middle of a Powerful Hurricane, Tampa Bay Is Dry. Here's The Science. https://www.sciencealert.com/in-the-middle-of-a-powerful-hurricane-tampa-bay-is-dry-heres-the-science

Safety:

Hurricane Ian flooded some Florida hospitals — climate change puts even more at risk https://www.theverge.com/2022/9/30/23378754/hurricane-ian-hospital-flood-climate-change
Over 1,700 environment activists killed in decade - report https://www.bbc.co.uk/news/science-environment-63064471
Passengers on a plane that collided with another jet at Heathrow Airport were initially told there was only a 'technical issue' https://www.businessinsider.com/jet-collision-passengers-were-first-told-it-was-technical-issue-2022-10
Deorbiting satellites after missions https://www.engadget.com/satellite-de-orbit-five-years-fcc-092538937.html

Environment:

Bitcoin's Climate Impact Is Bigger Than Beef Farming – And It's Only Getting Worse https://www.sciencealert.com/bitcoins-climate-impact-is-bigger-than-beef-farming-and-its-only-getting-worse
Harvard researchers detect the first definitive proof of elusive sea level fingerprints https://scienmag.com/harvard-researchers-detect-the-first-definitive-proof-of-elusive-sea-level-fingerprints/
Under water: Is the real estate industry waking up to ‘climate risk'? https://globalnews.ca/news/9161858/real-estate-industry-climate-risk/
‘Shocking' erosion of sand dunes in Prince Edward Island National Park due to Fiona https://globalnews.ca/news/9159321/pei-sand-dunes-erosion-fiona/
Renewable energy company cuts down Canada forest https://www.bbc.co.uk/news/science-environment-63089348
Economy:
Iron Mountain CEO Says He's Been "Praying for Inflation" Because It's an Excuse to Jack Up Prices https://theintercept.com/2022/09/28/inflation-prices-investors-iron-mountain/
The pivot to remote work accounted for 60% of the US home-price surge, study says https://www.businessinsider.com/remote-work-raised-housing-prices-real-estate-market-federal-reserve-2022-9
Working From an Office Costs Employees Almost Twice as Much as Working From Home https://www.mentalfloss.com/posts/employees-save-money-working-from-home
Some sectors in Canada are seeing a wave of retirements. Burnout might be why https://globalnews.ca/news/9167282/retirement-burnout-employment-2022/
Teachers, Nurses, and Child-Care Workers Have Had Enough https://www.theatlantic.com/ideas/archive/2022/09/teachers-nurses-child-care-job-burnout-crisis/671563/
Gas prices in Metro Vancouver hit new record high at $2.399 a litre https://globalnews.ca/news/9164573/gas-prices-in-metro-vancouver-hit-new-record-high-at-2-399-a-litre/
NFT Sales Have Lost Nearly All Their Allure https://packetstormsecurity.com/news/view/33883/NFT-Sales-Have-Lost-Nearly-All-Their-Allure.html

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

The war:

Ukraine war: Russia completes land-grab as Kyiv's territory annexed https://www.bbc.co.uk/news/world-europe-63095436
Putin is facing a major humiliation as Ukrainian forces enter a key city in territory Russia has just annexed https://www.businessinsider.com/putin-will-look-stupid-if-a-key-city-in-annexed-donetsk-falls-defense-expert-2022-9
Putin's Newest Annexation Is Dire for Russia Too https://www.theatlantic.com/ideas/archive/2022/09/russia-annex-ukraine-putin/671607/
Ukraine war: Russian troops forced out of eastern town Lyman https://www.bbc.co.uk/news/world-europe-63102220
Ukrainian prisoners describe ‘torture facilities' used by Russian interrogators https://globalnews.ca/news/9161654/ukrainian-prisoners-describe-torture-facilities-used-by-russian-interrogators/
The CIA warned Germany weeks ago about a possible attack on the Nord Stream natural-gas pipelines, report says https://www.businessinsider.com/cia-warned-germany-attacks-nord-stream-pipelines-leak-sabotage-report-2022-9
The Nord Stream pipelines were likely attacked with remotely detonated explosives, says UK defense source: report https://www.businessinsider.com/nord-stream-pipelines-attacked-remote-explosives-uk-intelligence-2022-9
The Race to Find the Nord Stream Saboteurs https://www.wired.com/story/nord-stream-pipeline-sabotage-explosion-russia-gas/
Unidentified drones were spotted near offshore installations days before Nord Stream attack, according to letter from Norwegian energy security agency https://www.businessinsider.com/nord-stream-pipeline-attack-unidentified-drones-norway-offshore-energy-russia-2022-9
Hundreds of pounds of TNT were used to damage the Nord Stream pipelines, Sweden and Denmark tell the UN https://www.businessinsider.com/nord-stream-gas-leak-caused-hundreds-pounds-explosives-un-russia-2022-10
Leaking natural-gas from the damaged Nord Stream pipelines is erupting like geysers in the Baltic Sea, Danish military video shows https://www.businessinsider.com/video-nord-stream-pipeline-leak-natural-gas-geysers-baltic-sea-2022-9
Nord Stream: Ukraine accuses Russia of pipeline terror attack https://www.bbc.co.uk/news/world-europe-63044747

Reaction and response:

NATO threatens to retaliate against suspected Nord Stream sabotage, ratcheting up tension with Russia https://www.businessinsider.com/fourth-leak-found-nord-stream-pipeline-after-acts-sabotage-nato-2022-9
Russia's Nuclear Threats Are All Putin Has Left https://www.theatlantic.com/newsletters/archive/2022/09/russias-nuclear-threats/671571/
Ukraine applying for NATO membership in wake of Russian annexation https://globalnews.ca/news/9167531/ukraine-nato-russia-annexation/
Japan says Russia 'blindfolded and restrained' its consul in Vladivostok https://www.bbc.co.uk/news/world-asia-63043773
Russia's FSB detains, expels Japanese consul for alleged espionage https://globalnews.ca/news/9156396/russia-fsb-japanese-consul-espionage/
Canadians urged to leave Russia as dual citizens prone to Putin's draft, Ottawa warns https://globalnews.ca/news/9164507/russia-ukraine-draft-canada/
Russia readies to annex parts of Ukraine after ‘sham' referendums. What happens next? https://globalnews.ca/news/9157035/ukraine-referendum-russia-explainer/
Putin Didn't Think He Would Fool Anyone https://www.theatlantic.com/ideas/archive/2022/09/putin-russia-referendum-election-results-domestic-propaganda/671595/
Ukraine war: Zaporizhzhia nuclear plant chief detained by Russians - Kyiv https://www.bbc.co.uk/news/world-europe-63100673
Russian IT workers head overseas to avoid military mobilization despite assurances https://globalnews.ca/news/9161960/russian-it-workers-military-mobilisation/
Russians are paying up to $27,000 to escape the country on private jets after Putin's partial mobilization, report says https://www.businessinsider.com/russians-paying-27000-to-escape-country-on-private-jets-report-2022-9
The number of Russians fleeing the country to evade Putin's draft is bigger than the original invasion force, UK intel says https://www.businessinsider.com/number-of-russians-fleeing-draft-bigger-1st-invasion-force-uk-2022-9
U.S. and Russia Duel Over Leadership of U.N. Tech Group https://www.nytimes.com/2022/09/28/technology/us-russia-technology-united-nations.html
Russia demands answers after Apple kicks VK apps from App Store https://www.bleepingcomputer.com/news/apple/russia-demands-answers-after-apple-kicks-vk-apps-from-app-store/

Sanctions & economic Impact:

Canada slaps new sanctions on Russia after Putin annexes Ukrainian regions https://globalnews.ca/news/9167560/canada-sanctions-russia-ukraine-annexation/
Information, Disinformation, and Propaganda:
Russian campaign spent $100,000 on anti-Ukraine propaganda, Meta says https://www.theverge.com/2022/9/27/23374819/meta-russian-influence-ukraine-war-campaign-propaganda
Ukraine-Russia war: US army doctor and wife charged with Russia spying https://www.bbc.co.uk/news/world-us-canada-63079868

Cyber-attacks and the potential for cyber-war:

Ukraine warns Russia plans “massive cyberattacks” on its power grids https://arstechnica.com/information-technology/2022/09/ukraine-warns-russia-plans-massive-cyberattacks-on-its-power-grids/
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows https://www.securityweek.com/cyber-warfare-rife-ukraine-impact-stays-shadows

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

Innovations & Inventions:

Alberta student who fled Ukraine wins award for landmine-detecting drone https://globalnews.ca/news/9166526/alberta-student-war-ukraine-award-landmine-detecting-drone/
An all-electric passenger plane completed its first test flight https://www.theverge.com/2022/9/28/23377053/all-electric-passenger-plane-prototype-first-flight-washington
Princeton scientists identify key setback in achieving nuclear fusion in Tokamak magnetic containment https://interestingengineering.com/science/princeton-scientists-overcome-key-setback-in-achieving-nuclear-fusion
World's largest flow battery energy storage station connected to grid https://scienmag.com/worlds-largest-flow-battery-energy-storage-station-connected-to-grid/
Innovation to combat space debris – Chinese scientists introduce drag sail https://www.universetoday.com/157834/innovation-to-combat-space-debris-chinese-scientists-introduce-drag-sail/
NASA's DART Spacecraft Successfully Smacks a Space Rock--Now What? https://www.scientificamerican.com/article/nasas-dart-spacecraft-successfully-smacks-a-space-rock-now-what1/
This is the Last Thing DART saw as it Smashed Into its Asteroid Target https://www.universetoday.com/157794/this-is-the-last-thing-dart-saw-as-it-smashed-into-its-asteroid-target/
Watch a Nicely Stabilized Video of DART Flying Past Didymos and Slamming Into Dimorphos https://www.universetoday.com/157809/watch-a-nicely-stabilized-video-of-dart-flying-past-didymos-and-slamming-into-dimorphos/
DART Impact Seen by Hubble and Webb https://www.universetoday.com/157848/dart-impact-seen-by-hubble-and-webb/
MIT engineers build a battery-free, wireless underwater camera https://scienmag.com/mit-engineers-build-a-battery-free-wireless-underwater-camera/
NASA and SpaceX Will Study Low-Cost Plan to Give Hubble a Boost https://www.universetoday.com/157844/nasa-spacex-hubble-reboost/
AI Researcher discovers that Stable Diffusion can compress images better than JPEG but caveats … https://arstechnica.com/information-technology/2022/09/better-than-jpeg-researcher-discovers-that-stable-diffusion-can-compress-images/
If you still miss Google Reader, Substack has a new web-based RSS client https://www.theverge.com/2022/9/26/23372911/substack-reader-web-desktop-rss-client-google-reader

Quatum Innovation.

There's a New Quantum Computing Record: Control of a 6-Qubit Processor in Silicon https://www.sciencealert.com/theres-a-new-quantum-computing-record-control-of-a-6-qubit-processor-in-silicon

Other:

Finding the ship that sent out a warning to The Titanic https://scienmag.com/finding-the-ship-that-sent-out-a-warning-to-the-titanic/
We Might Have Underestimated The Size of The Asteroid Behind Earth's Largest Crater https://www.sciencealert.com/we-might-have-underestimated-the-size-of-the-asteroid-behind-earths-largest-crater
Scientists say we should prioritize a human mission to Venus before Mars https://interestingengineering.com/science/prioritize-human-mission-venus-before-mars
NASA's Dragonfly Helicopter Will be Exploring This Region of Titan https://www.universetoday.com/157847/nasas-dragonfly-helicopter-will-be-exploring-this-region-of-titan/
TESS Finds a Super-Earth and two Mini-Neptunes in a Single System https://www.universetoday.com/157775/tess-finds-a-super-earth-and-two-mini-neptunes-in-a-single-system/
Two “Super Mercury” Exoplanets Found in a Single System https://www.universetoday.com/157872/two-super-mercury-exoplanets-found-in-a-single-system/