This Week's [in]Security - Issue 294

Welcome to This Week’s [in]Security. PCI Mobile Payments, FAQs, Training, Magecart & fraud. More on the FTX and Twitter metldowns. New breaches: Woosh, Thales. New Ransomware: Vanuatu, Ontario EMS. Downs, Privacy: Spyware, Surveillance, Siri. Laws & Regs - Canada: C-11&18, Blocking online news. US: KOSA, Google, Autopilot. World: Digital Red Cross, Hack-back, Crypto AML. Standards: NIST on CVSS, Networks, Trustworthy Secure Systems, and three drafts, leap second. Defense - Resources. Tools & Techniques. Vulnerabilities - Patching: Windows, BitBucket. Significant: Roundup, PunyCode, SMS 2FA, F5. Also: Bulletproof TLS, infrastructure. Cybercrime - active campaigns, MFA-fatigue, crime & enforcement, nation states and mercenaries. Other Risks, Mastodon, AI, Disinformation, Health, Safety, Environment, Economy. Russia v. Ukraine. Innovation: Quantum, AI. And more.

PCI Compliance and Payments

News and announcements relating to Payment Security, PCI, Card Brands, Payments, Payment Malware and Fraud, and Payment Related Compliance.

• New PCI SSC Mobile Payment on COTS (MPoC) Solutions standards:
• Article https://blog.pcisecuritystandards.org/just-published-pci-mobile-payments-on-cots
• Standard and document library category https://blog.pcisecuritystandards.org/just-published-pci-mobile-payments-on-cots
• New and updated PCI FAQ’s
• FAQ #1562 Is a QSA Employee that designs, develops, or implements specific controls for a customer also permitted to assess those same controls? https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Is-a-QSA-Employee-that-designs-develops-or-implements-specific-controls-for-a-customer-also-permitted-to-assess-those-same-controls
• PCI Training schedule https://training.pcisecuritystandards.org/elearning-with-online-certification-exam
• Payment skimmers/malware/fraud:
• Magento stores targeted in massive surge of TrojanOrders attacks https://www.bleepingcomputer.com/news/security/magento-stores-targeted-in-massive-surge-of-trojanorders-attacks/
• Other payment related:
• Is Higher Fraud Risk an Unintended Consequence of Fed's New Debit Routing Rule? https://www.pymnts.com/fraud-prevention/2022/is-higher-fraud-risk-an-unintended-consequence-of-feds-new-debit-routing-rule/
• Cyber Monday Will Be the Most Fraudulent Day of the Season, Says SEON https://www.darkreading.com/vulnerabilities-threats/cyber-monday-will-be-the-most-fraudulent-day-of-the-season-says-seon

Breaches / Ransomware / Leaks

Covering breaches, leaks, data exposures, ransomware (as potential breach), and their fallout.

• New Breaches:
• Whoosh confirms data breach after hackers sell 7.2M user records https://www.bleepingcomputer.com/news/security/whoosh-confirms-data-breach-after-hackers-sell-72m-user-records/
• Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data https://www.securityweek.com/thales-denies-getting-hacked-ransomware-gang-releases-gigabytes-data
• U.K.: Suffolk police publish sensitive info of sexual assault victims online in data protection failure https://www.databreaches.net/u-k-suffolk-police-publish-sensitive-info-of-sexual-assault-victims-online-in-data-protection-failure/
• Booz Allen says former staffer downloaded employees’ personal data https://techcrunch.com/2022/11/18/booz-allen-employee-data-exposed/
• New York-Presbyterian Hospital discloses breach affecting 12,000 patients https://www.databreaches.net/new-york-presbyterian-hospital/
• New Ransomware and "Incidents":
• Vanuatu: Hackers strand Pacific island government for over a week https://www.bbc.co.uk/news/world-asia-63632129
• Patient software used by many Ontario paramedics hit by potential cyberattack https://globalnews.ca/news/9288442/patient-software-ontario-paramedics-cyberattack/
• Updating: Michigan school districts reopen after three-day closure due to ransomware attack https://www.databreaches.net/updating-michigan-school-districts-reopen-after-three-day-closure-due-to-ransomware-attack/
• Major outages/downs:
• Okta shares workaround for ongoing Microsoft 365 SSO outage https://www.bleepingcomputer.com/news/technology/okta-shares-workaround-for-ongoing-microsoft-365-sso-outage/
• Follow-ups and fall-out:
• Inside the turmoil at Sobeys-owned stores after ransomware attack https://www.cbc.ca/news/canada/nova-scotia/inside-turmoil-sobeys-ransomware-attack-1.6650636

Privacy

Articles about privacy related news, risks, and trends.

• Another Event-Related Spyware App https://www.schneier.com/blog/archives/2022/11/another-event-related-spyware-app.html
• The FBI Came Very Close To Deploying Spyware For Domestic Surveillance https://packetstormsecurity.com/news/view/34034/The-FBI-Came-Very-Close-To-Deploying-Spyware-For-Domestic-Surveillance.html
• EFF's Atlas of Surveillance Database Now Documents 10,000+ Police Tech Programs https://www.eff.org/deeplinks/2022/11/effs-atlas-surveillance-database-now-documents-10000-police-tech-programs
• Can anyone avoid CCTV surveillance? We ask an expert https://www.theguardian.com/lifeandstyle/2022/nov/18/can-anyone-avoid-cctv-surveillance-we-ask-an-expert
• How to stop Siri from reading text messages through your AirPods https://www.businessinsider.com/guides/tech/how-to-stop-siri-from-reading-messages-on-airpods

Laws, Regulations, Platforms, Standards, and Public Policy

News about laws, regulations, platform rules, and standards affecting security, privacy, technology, and public interest.

• Canada:
• Oops, He Did It Again: CRTC Chair Ian Scott Tries to Walk Back Bill C-11 Comments, But Officials Confirm Power to Regulate User Content is in the Bill https://www.michaelgeist.ca/2022/11/oops-he-did-again-crtc-chair-ian-scott-tries-to-walk-back-bill-c-11-comments-but-officials-confirm-power-to-regulate-user-content-is-in-the-bill/
• Clarifying the Clarification of the Clarification: Why Yet Another Upcoming “Clarification” from CRTC Chair Ian Scott Demonstrates the Risks of Bill C-11 and Government Interference https://www.michaelgeist.ca/2022/11/clarifying-the-clarification/
• The Law Bytes Podcast, Episode 146: Axel Bruns on What the Australian Experience Teaches About the Prospect of Facebook Blocking News Sharing in Response to Bill C-18 https://www.michaelgeist.ca/2022/11/law-bytes-podcast-episode-146/
• US:
• KOSA Would Let the Government Control What Young People See Online https://www.eff.org/deeplinks/2022/11/kosa-would-let-government-control-what-young-people-see-online
• District of Massachusetts Dismisses Data Breach Class Action for Lack of Injury https://www.databreaches.net/district-of-massachusetts-dismisses-data-breach-class-action-for-lack-of-injury/
• PA: Media's reporting on breach led to new state data breach law https://www.databreaches.net/pa-medias-reporting-on-breach-led-to-new-state-data-breach-law/
• Google will pay $391M to settle Android location tracking lawsuit https://www.bleepingcomputer.com/news/google/google-will-pay-391m-to-settle-android-location-tracking-lawsuit/
• Google wins lawsuit against alleged Russian botnet herders https://www.theregister.com/2022/11/17/google_botnet_default_judgment/
• Landmark trial involving Tesla autopilot weighs if ‘man or machine' at fault https://www.theguardian.com/technology/2022/nov/14/tesla-autopilot-landmark-case-man-v-machine
• World:
• A Digital Red Cross https://www.schneier.com/blog/archives/2022/11/a-digital-red-cross.html
• Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns https://www.darkreading.com/attacks-breaches/australia-hack-back-plan-against-cyberattackers-familiar-concerns
• The EU may ban banks and crypto providers from dealing in controversial privacy-enhancing coins under new anti-money-laundering plans https://markets.businessinsider.com/news/currencies/eu-cryptocurrency-privacy-enhancing-coins-banks-monero-zcash-proposal-europe-2022-11
• New AML Measures a ‘Tectonic Shift' in EU Approach to Combating Financial Crime https://www.pymnts.com/aml/2022/new-aml-measures-a-tectonic-shift-in-eu-approach-to-combating-financial-crime/
• Data sovereignty and compliance need help https://www.theregister.com/2022/11/15/data_sovereignty_and_compliance_need/
• Web Giants to Submit User Data as EU Law Comes Into Effect https://www.securityweek.com/web-giants-submit-user-data-eu-law-comes-effect
• New South Wales gets first state-based data breach notice scheme https://www.databreaches.net/new-south-wales-gets-first-state-based-data-breach-notice-scheme/
• German Antitrust Authority Expands Amazon Probe https://www.pymnts.com/amazon/2022/german-antitrust-authority-expands-amazon-probe/
• Instagram, Facebook, Twitter, YouTube suspended in Turkey after blast https://www.bleepingcomputer.com/news/security/instagram-facebook-twitter-youtube-suspended-in-turkey-after-blast/
• British government blocks takeover of Welsh semiconductor producer https://www.theguardian.com/technology/2022/nov/16/british-government-blocks-takeover-of-welsh-semiconductor-producer
• Standards News:
• NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation https://csrc.nist.gov/publications/detail/nistir/8409/final
• NIST has published Special Publication (SP) 800-215, Guide to a Secure Enterprise Network Landscape https://csrc.nist.gov/publications/detail/sp/800-215/final
• NIST has released a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems https://csrc.nist.gov/publications/detail/sp/800-160/vol-1-rev-1/final
• NIST has released a working draft of NIST Special Publication (SP) 800-55 Revision 2, Performance Measurement Guide for Information Security through February 13 https://csrc.nist.gov/publications/detail/sp/800-55/rev-2/draft
• NIST has released the third public draft of NIST Special Publication (SP) 800-188, De-Identifying Government Data Sets, for public comment through January 15 https://csrc.nist.gov/publications/detail/sp/800-188/draft
• The World Is Going to Lose The Leap Second. Here's Why https://www.sciencealert.com/the-world-is-going-to-lose-the-leap-second-heres-why

Defense / Techniques / Solutions

Covering developments and opportunities that may help improve security.

• Educational events, webinars, courses, etc:
• December NCCoE Learning Series Webinar: Cybersecurity for the Water and Wastewater Systems Sector December 8, 2022 2:00 p.m.-3:30 p.m. ET https://content.govdelivery.com/accounts/USNIST/bulletins/337e47d
• NIST Workshop on Performance Measurement Guide for Information Security will be held on December 13 https://www.nist.gov/news-events/events/2022/12/cybersecurity-measurement-workshop
• First Review of A Hacker's Mind https://www.schneier.com/blog/archives/2022/11/first-review-of-a-hackers-mind.html
• General:
• More Than 1,000 New Cybersecurity Apprentices Joined Workforce in Past 12 Months https://www.darkreading.com/endpoint/more-than-1-000-new-cybersecurity-apprentices-joined-workforce-in-past-12-months
• Risky Biz Soap Box: How to get your developers invested in security https://risky.biz/soapbox70
• Researchers Quietly Cracked Zeppelin Ransomware Keys https://krebsonsecurity.com/2022/11/researchers-quietly-cracked-zeppelin-ransomware-keys/
• Methods, Techniques, Tools, and Products:
• Google Ready to Roll Out Android Privacy Sandbox in Beta https://www.securityweek.com/google-ready-roll-out-android-privacy-sandbox-beta
• Microsoft contributes S2C2F to OpenSSF to improve supply chain security https://www.microsoft.com/en-us/security/blog/2022/11/16/microsoft-contributes-s2c2f-to-openssf-to-improve-supply-chain-security/
• DuckDuckGo's App Tracking Protection beta is now available to all Android users https://www.theverge.com/2022/11/16/23462053/duckduckgo-app-tracking-tool-beta-android-users
• GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming' https://www.theregister.com/2022/11/14/github_private_vulnerability_reporting/
• Palo Alto Networks Announces PAN-OS 11.0 Nova to Help Keep Organizations One Step Ahead of Zero-Day Threats https://www.darkreading.com/vulnerabilities-threats/palo-alto-networks-announces-pan-os-11-0-nova-to-help-keep-organizations-one-step-ahead-of-zero-day-threats
• Token tactics: How to prevent, detect, and respond to cloud token theft https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft/
• We're streamers now https://blog.trailofbits.com/2022/11/14/livestream-workshop-fuzzing-echidna-slither/

Bugs / Design Flaws / Vulnerabilities / Research

Articles about newly discovered vulnerabilities and research.

• Patching:
• Microsoft fixes Windows Kerberos auth issues in emergency updates https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-kerberos-auth-issues-in-emergency-updates/
• Atlassian fixes critical command injection bug in Bitbucket Server https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-command-injection-bug-in-bitbucket-server/
• Significant:
• Control Gap Vulnerability Roundup: November 5th to November 11th https://www.controlgap.com/blog/vulnerability-roundup-november-5th-november-11th
• Disneyland Malware Team: It's a Puny World After All https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/
• PunyCode was identfied as a risk in 2017 https://www.schneier.com/blog/archives/2017/04/faking_domain_n.html
• Twitter Two-Factor Authentication Has a Vulnerability – UPDATED https://www.inforisktoday.com/twitter-two-factor-authentication-has-vulnerability-a-20475
• Remote Code Execution Vulnerabilities Found in F5 Products https://www.securityweek.com/remote-code-execution-vulnerabilities-found-f5-products
• Successful Hack of Time-Triggered Ethernet https://www.schneier.com/blog/archives/2022/11/successful-hack-of-time-triggered-ethernet.html
• Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform https://thehackernews.com/2022/11/critical-rce-flaw-reported-in-spotifys.html
• Other Vulnerabilities:
• Bulletproof TLS Newsletter #94 OpenSSL fixes buffer overflows in certificate parsing and other TLS news https://www.feistyduck.com/bulletproof-tls-newsletter/issue_94_openssl_fixes_buffer_overflows_in_certificate_parsing
• Shocker: EV charging infrastructure is seriously insecure https://www.theregister.com/2022/11/15/ev_charging_infrastructure_sandia/
• Zendesk Vulnerability Could Have Given Hackers Access to Customer Data https://www.securityweek.com/zendesk-vulnerability-could-have-given-hackers-access-customer-data
• Aiphone Intercom System Vulnerability Allows Hackers to Open Doors https://www.securityweek.com/aiphone-intercom-system-vulnerability-allows-hackers-open-doors
• Stealing passwords from infosec Mastodon - without bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

Hacking / Malware / Cybercrime / Exploitation

News covering active trends, alerts, events.

• Trends, Alerts, and Events (other than major breaches):
• Alert (AA22-321A) #StopRansomware: Hive Ransomware https://www.databreaches.net/alert-aa22-321a-stopransomware-hive-ransomware/
• Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware https://thehackernews.com/2022/11/microsoft-warns-of-hackers-using-google.html
• MFA Fatigue attacks are putting your organization at risk https://www.bleepingcomputer.com/news/security/mfa-fatigue-attacks-are-putting-your-organization-at-risk/
• DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions https://www.darkreading.com/endpoint/dev-0569-ransomware-group-remarkably-innovative-microsoft-cautions
• Mass Email Extortion Campaign Claims Server Hack; Tries to Extort Troy Hunt https://www.databreaches.net/mass-email-extortion-campaign-claims-server-hack-tries-to-extort-troy-hunt/
• McAfee Fake Antivirus Phishing Campaign is Back!, (Sat, Nov 19th) https://isc.sans.edu/diary/rss/29264
• New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders https://thehackernews.com/2022/11/new-earth-longzhi-apt-targets-ukraine.html
• North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor https://thehackernews.com/2022/11/north-korean-hackers-targeting-europe.html
• Previously unidentified ARCrypter ransomware expands worldwide https://www.bleepingcomputer.com/news/security/previously-unidentified-arcrypter-ransomware-expands-worldwide/
• QBot phishing abuses Windows Control Panel EXE to infect devices https://www.bleepingcomputer.com/news/security/qbot-phishing-abuses-windows-control-panel-exe-to-infect-devices/
• Crime & Arrests, etc.:
• FBI: Hive ransomware extorted $100M from over 1,300 victims https://www.bleepingcomputer.com/news/security/fbi-hive-ransomware-extorted-100m-from-over-1-300-victims/
• Top Zeus Botnet Suspect “Tank” Arrested in Geneva https://krebsonsecurity.com/2022/11/top-zeus-botnet-suspect-tank-arrested-in-geneva/
• The Hunt for the Dark Web's Biggest Kingpin, Part 4: Face to Face https://www.wired.com/story/alphabay-series-part-4-face-to-face/
• U.S. charges Russian suspects with operating Z-Library e-Book site https://www.bleepingcomputer.com/news/security/us-charges-russian-suspects-with-operating-z-library-e-book-site/
• Meta Fires Employees and Contractors for Improperly Accessing Users' Accounts and Selling Them to Hackers https://www.databreaches.net/meta-fires-employees-and-contractors-for-improperly-accessing-users-accounts-and-selling-them-to-hackers/
• Nation State Actors:
• Russian Software Company Pretending to Be American https://www.schneier.com/blog/archives/2022/11/russian-software-company-pretending-to-be-american.html
• Canada police charge Hydro-Quebec employee with China espionage https://www.bbc.co.uk/news/world-us-canada-63631933
• Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign https://thehackernews.com/2022/11/chinese-hackers-using-42000-imposter.html
• Researchers Say China State-backed Hackers Breached a Digital Certificate Authority https://thehackernews.com/2022/11/researchers-say-china-state-backed.html
• Iranian cyberspies exploited Log4j to break into a US govt network https://www.theregister.com/2022/11/16/iranian_cyberspies_log4j/
• How North Korea became a mastermind of crypto cybercrime https://arstechnica.com/information-technology/2022/11/how-north-korea-became-a-mastermind-of-crypto-cyber-crime/
• Other:

Other Security / Risk

Articles covering other types of risks.

• General:
  • Over 12,000 Cyber Incidents at DoD Since 2015, But Incident Management Still Lacking https://www.securityweek.com/over-12000-cyber-incidents-dod-2015-incident-management-still-lacking
  • Why Everything in Tech Seems to Be Collapsing at Once https://www.theatlantic.com/newsletters/archive/2022/11/tech-industry-mass-layoffs-recession-twitter/672150/
  • Half of Quebec nursing students fail September licensing exam, probe launched https://globalnews.ca/news/9278800/quebec-nursing-exam-complaints-probe/
  • You've Almost Certainly Been Duped by a Bird https://www.theatlantic.com/science/archive/2022/11/vocal-sound-mimicry-birds-animals/672159/
• Twitter:
  • Why Elon Musk Is Blowing Up Twitter's Business https://www.theatlantic.com/ideas/archive/2022/11/elon-musk-twitter-advertising/672156/
  • Elon Musk abruptly shut down Twitter offices as workers resign en masse https://www.businessinsider.com/twitter-offices-shutting-down-after-elon-musk-ended-remote-work-2022-11
  • Less than half of Twitter's remaining employees signed up to work for Elon Musk's 'hardcore' vision, leaving leaders scrambling to persuade people to stay https://www.businessinsider.com/twitter-elon-musk-half-working-2022-11
  • Some older workers have fond memories of sleeping at the office, but the Elon Musk-style 84-hour workweek is falling flat with younger Americans https://www.businessinsider.com/elon-musk-workers-sleep-at-office-hardcore-culture-younger-americans-2022-11
  • Elon Musk ignored Twitter's internal warnings about his paid verification scheme https://www.theverge.com/2022/11/14/23459244/twitter-elon-musk-blue-verification-internal-warnings-ignored
  • Twitter verification chaos: U.S. public safety accounts urge caution after changes https://globalnews.ca/news/9292029/twitter-verification-chaos-u-s-public-safety-accounts/
  • Failures in Twitter's Two-Factor Authentication System https://www.schneier.com/blog/archives/2022/11/failures-in-twitters-two-factor-authentication-system.html
  • Users are uploading entire movies to Twitter – and many aren't being blocked https://www.businessinsider.com/users-uploading-movies-twitter-many-arent-being-blocked-2022-11
  • Astronomer in Twitter limbo over 'intimate' meteor https://www.bbc.co.uk/news/technology-63626769
  • Buying ads on Twitter is ‘high-risk' according to the world's biggest ad agency https://www.theverge.com/2022/11/14/23459254/twitter-high-risk-ads-groupm-advertisers-content-moderation
  • Leaving Twitter's Walled Garden for the Fedi-verse https://www.eff.org/deeplinks/2022/11/leaving-twitters-walled-garden
• Emerging technology, Artificial Intelligence and Machine Learning:
  • Why Meta’s latest large language “Galactica” model survived only three days online https://www.technologyreview.com/2022/11/18/1063487/meta-large-language-model-ai-only-survived-three-days-gpt-3-science/
  • GitHub Copilot Isn't Worth the Risk https://www.kolide.com/blog/github-copilot-isn-t-worth-the-risk
• Disinformation and misinformation
  • Canada must keep ‘eyes wide open' on Chinese interference: Champagne https://globalnews.ca/news/9282436/china-canada-foreign-interference-xi-champagne-trudeau/
• Health:
  • Are expired medications safe to consume? Here's what experts say https://globalnews.ca/news/9283897/expired-medication-safety-side-effects/
  • New Fentanyl Vaccine Eliminates The Drug's High, Rat Study Finds https://www.sciencealert.com/new-fentanyl-vaccine-eliminates-the-drugs-high-rat-study-finds
  • Ontario emergency departments told to prepare for ‘extreme surge' in demand https://globalnews.ca/news/9274843/ontario-health-care-emergency-department-moore-masks/
  • Rate of flu, RSV increase appears to be slowing down: Ontario health minister https://globalnews.ca/news/9286120/flu-rsv-rates-appears-slowing-ontario/
  • How to get messaging right on masks, vaccines as ‘triple threat' of viruses swirl https://globalnews.ca/news/9290488/messaging-masks-vaccines-covid-flu-rsv/
  • Moderna says its Omicron shots provide better protection than original COVID-19 jab https://globalnews.ca/news/9275700/moderna-omicron-shots-study/
  • Keeping indoor humidity levels at a “sweet spot” may reduce spread of COVID-19 https://scienmag.com/keeping-indoor-humidity-levels-at-a-sweet-spot-may-reduce-spread-of-covid-19/
• Safety:
  • Lithium-Ion Batteries in E-Bikes and Other Devices Pose Fire Risks https://www.nytimes.com/2022/11/14/us/lithium-ion-ebike-battery-fires.html
  • Netherlands to ban laughing gas from January https://www.bbc.co.uk/news/world-europe-63634557
  • ‘Paralyzing' snowstorm set to bury Buffalo, N.Y. under 3 feet of snow https://globalnews.ca/news/9282854/buffalo-snowstorm-forecast/
  • Two planes collide at Montreal Trudeau airport; no injuries reported https://globalnews.ca/news/9282919/planes-collide-montreal-trudeau-airport-american-airlines/
  • DHS - The 20-year boondoggle https://www.theverge.com/c/23374767/dhs-homeland-security-bureaucracy-20-years
  • MH17: Australia asks Russia to hand over three who downed airliner https://www.bbc.co.uk/news/world-europe-63673919
  • TSA Issues New Alert on What You Can't Carry Through Security https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
• Environment:
  • Air Pollution Cools Climate More Than We Thought, And It Isn't a Good Thing https://www.sciencealert.com/air-pollution-cools-climate-more-than-we-thought-and-it-isnt-a-good-thing
  • Dam safety: New study indicates probable maximum flood events will significantly increase over next 80 years https://scienmag.com/dam-safety-new-study-indicates-probable-maximum-flood-events-will-significantly-increase-over-next-80-years/
  • Why Scientists Got the Fast Pace of Arctic Warming Wrong https://www.scientificamerican.com/article/why-scientists-got-the-fast-pace-of-arctic-warming-wrong/
  • 2022 will hit a new record for climate pollution https://www.theverge.com/2022/11/15/23460162/climate-change-report-2022-global-carbon-dioxide-emissions-rise
  • 6 Years Later, Marine Life Still Hasn't Recovered From The Monstrous Ocean Heat Blob https://www.sciencealert.com/6-years-later-marine-life-still-hasnt-recovered-from-the-monstrous-ocean-heat-blob
  • Sperm whale found dead in Nova Scotia had swallowed 150 kg of fishing gear https://globalnews.ca/news/9290307/sperm-whale-found-dead-nova-scotia-fishing-gear/
• Economy:
  • Russia's war in Ukraine is the biggest culprit pulling the global economy into a downturn, IMF chief says https://markets.businessinsider.com/news/stocks/russia-war-ukraine-global-economy-downturn-imf-recession-inflation-2022-11
  • Since 2018, ransomware attacks on healthcare organizations have cost the world economy $92bn in downtime alone https://www.comparitech.com/blog/vpn-privacy/worldwide-healthcare-ransomware-attacks/
  • Amazon Is Said to Plan to Lay Off Approximately 10,000 Employees https://www.nytimes.com/2022/11/14/technology/amazon-layoffs.html
  • How Much Did Twitter's Verification Chaos Cost Insulin Maker Eli Lilly and Twitter Itself? https://gizmodo.com/twitter-eli-lilly-elon-musk-insulin-1849779323
  • What Would Asteroid Mining do to the World's Economy? https://www.universetoday.com/158611/what-would-asteroid-mining-do-to-the-worlds-economy/
• The FTX collapse:
  • FTX Could Owe More Than 1 Million Creditors https://www.nytimes.com/2022/11/15/technology/crypto-ftx-bankruptcy-creditors.html
  • FTX held just $900 million in easy-to-sell assets but $9 billion in liabilities the day before it imploded, report says https://markets.businessinsider.com/news/currencies/ftx-900-million-assets-against-9-billion-liabilities-cryptocurrency-2022-11
  • FTX's bankruptcy has set off a crypto bank run as panicked users withdraw over $8 billion from exchanges https://markets.businessinsider.com/news/currencies/ftx-bankruptcy-sam-bankman-fried-crypto-withdrawal-crisis-liquidity-lehman-2022-11
  • Investors have filed a lawsuit against FTX celeb endorsers like Tom Brady, Steph Curry, and Larry David https://www.businessinsider.com/lawsuit-hits-ftx-celeb-endorsers-like-tom-brady-steph-curry-2022-11
  • Report: DOJ Investigates FTX Collapse and Handling of Customer Funds https://www.pymnts.com/news/regulation/2022/department-of-justice-investigates-ftx-collapse-handling-customer-funds/
  • U.S. House Committee To Hold Hearing On Collapse Of FTX https://packetstormsecurity.com/news/view/34045/U.S.-House-Committee-To-Hold-Hearing-On-Collapse-Of-FTX.html
  • US crypto exchange Kraken freezes accounts owned by FTX and Alameda after talking to law enforcement https://markets.businessinsider.com/news/currencies/ftx-crypto-exchange-kraken-freezes-accounts-alameda-2022-11
  • Visa Ends FTX Debit Card Deal After ‘Unfortunate' Developments https://www.pymnts.com/partnerships/2022/visa-ends-ftx-debit-card-deal-after-unfortunate-developments/
  • Investors Pull Funds From Crypto.com After $400M Mishap https://www.pymnts.com/cryptocurrency/2022/investors-pull-funds-from-crypto-com-after-400m-mishap/
  • Swiss bankers warn: Three quarters of retail Bitcoin investors are in the red https://www.theregister.com/2022/11/16/bitcoin_investors_lose/

Russia v. Ukraine

News and announcements relating to Russia's invasion of Ukraine.

• The war:
• Kherson surrender ‘beginning of the end' for Russia's war in Ukraine: Zelenskyy https://globalnews.ca/news/9275644/kherson-russia-ukraine-zelenskyy/
• More than a dozen powerful explosions at a huge Russian-occupied nuclear power plant in south Ukraine, says IAEA https://www.businessinsider.com/ukraine-powerful-explosions-at-russian-held-zaporizhzhya-nuclear-plant-2022-11
• Ukraine war: Kyiv attacked as world leaders meet at G20 https://www.bbc.co.uk/news/world-europe-63638859
• Ukraine war: What happened in Poland missile blast? https://www.bbc.co.uk/news/63648958
• A Zambian student sent to prison in Russia wound up dead in Ukraine, suggesting Russia is conscripting prisoners from other nations to fight https://www.businessinsider.com/zambian-student-russian-prison-dead-ukraine-war-2022-11
• Traces of explosives found at Nord Stream pipelines, Sweden says https://globalnews.ca/news/9288921/nord-stream-pipelines-investigations/
• Reaction and response:
• G20 leaders to hold tough on Russia and urge end to Ukraine war https://globalnews.ca/news/9278615/g20-russia-ukraine-war/
• Ukraine war: All countries bordering Russia ‘endangered', Latvian military chief warns https://globalnews.ca/news/9292983/ukraine-war-countries-bordering-russia-endangered/
• Russian anger as UN calls for reparations over invasion of Ukraine https://www.bbc.co.uk/news/world-europe-63632819
• Ukraine war: US and Russian spy chiefs meet face-to-face in Turkey https://www.bbc.co.uk/news/world-63631100
• Ukraine war: Germany looks to renewables after Russian invasion https://www.bbc.co.uk/news/world-europe-63659825
• Sanctions & economic Impact:
• Russia's economy has finally fallen into recession, 8 months after it invaded Ukraine https://www.businessinsider.com/russia-gdp-economy-recession-8-months-after-ukraine-invasion-putin-2022-11
• Canada sanctions 23 Russians, announces $500M military aid package for Ukraine https://globalnews.ca/news/9275664/canada-sanctions-russia-ukraine-military-aid-trudeau/
• Canada sanctions Iranian drone makers amid Russian strikes in Ukraine https://globalnews.ca/news/9282442/canada-sanctions-iran-drones-russia-ukraine/
• Information, Disinformation, and Propaganda:
• Cyber-attacks and the potential for cyber-war:
• Ukraine's 'IT Army' Stops 1,300 Cyberattacks in 8 Months of War https://www.darkreading.com/endpoint/ukraine-it-army-stops-1300-cyberattacks-war

Off-Topic / Science & Tech / Lighter Side

A variety of scientific, technical, historical, and more light-hearted news.

• Innovations & Inventions:
• A navigation system with 10 centimeter accuracy https://scienmag.com/a-navigation-system-with-10-centimeter-accuracy/
• IBM quantum computer runs largest quantum program yet https://www.newscientist.com/article/2347546-ibm-quantum-computer-runs-largest-quantum-program-yet/
• Hungry for AI? New supercomputer contains 16 dinner-plate-size chips https://arstechnica.com/information-technology/2022/11/hungry-for-ai-new-supercomputer-contains-16-dinner-plate-size-chips/
• Nvidia and Microsoft team up to build massive AI cloud computer https://arstechnica.com/information-technology/2022/11/nvidia-and-microsoft-team-up-to-build-massive-ai-cloud-computer/
• MIT solved a century-old differential equation to break 'liquid' AI's computational bottleneck https://www.engadget.com/mit-century-old-differential-equation-liquid-ai-computational-bottleneck-160035555.html
• Other:
• Meteor over Ontario caught by 'global asteroid warning' startles some with loud bang https://toronto.ctvnews.ca/meteor-over-ontario-caught-by-global-asteroid-warning-startles-some-with-loud-bang-1.6160434
• Artemis I is On Its Way to the Moon https://www.universetoday.com/158654/artemis-i-is-on-its-way-to-the-moon/
• Scroll Through the Universe with This Cool Interactive Map https://www.universetoday.com/158735/scroll-through-the-universe-with-this-cool-interactive-map/