The scene is epic, full of portent. A young woman clothed in white poses enigmatically in the photo’s foreground. Behind her is a vista of denuded mountain slopes and below, a blue pool of water at the bottom of a deep mining pit. Above, sombre grey clouds hang low. It is a picture of dark and light, foreboding and timelessness.

The photograph is the work of Taloi Havini, an artist from Bougainville in far eastern Papua New Guinea (PNG), who wants to draw the viewer into the history of her people and the extraordinary events which catapulted the remote Pacific island into the headlines 30 years ago.

In 1989, the Panguna copper mine, one of the world’s largest, located in the central mountains of Bougainville Island, became the centre of a David and Goliath struggle.

Outraged at the destruction of their traditional lands and inequity associated with the mine, Indigenous landowners rose up in arms against the majority owner, Rio Tinto, and the PNG government, its largest benefactors. The mining giant was forced to abandon the lucrative venture and the long civil war (1989-1998) which followed, while ending in triumph for the islanders, left deep human scars.

The photographic series, Blood Generation (2009), a collaboration between Havini, who was born eight years before war erupted, and award-winning Australian photographer, Stuart Miller, are powerful portraits of young people in Bougainville whose lives are profoundly affected by loss, but whose defiant poses also signal survival and resilience.

Nearly half of Bougainville’s population is under the age of 24 and many grew up without an education and in communities ravaged by conflict and uncertainty.

Blood Generation (Sami and the mine, 1- 3), 2009, digital print [Courtesy of Taloi Havini and Stuart Miller]

Havini’s family fled to Australia in 1990 where, as a young girl, her father, Moses, a prominent pro-independence advocate, gave her a cassette tape from a local Bougainville rock band.

“They had been making music under the military blockade and one of the songs was called Blood Generation. I used to listen to it and think about what my younger relatives were experiencing, how they couldn’t go to school but had to live under army control and how there was no contact with the outside world,” Havini told Al Jazeera. “Nineteen years later, it’s this generation whose vote contributed to the overwhelming response to full independence in the referendum last year.”

Historic vote

Bougainville, an autonomous region of about 300,000 people within PNG, has been back in the headlines over the past two years as the final stages of the 2001 peace agreement were implemented.

Last November, islanders voted overwhelmingly for independence in a referendum. Self-determination is a passionate issue, underlined this year when the region’s general election resulted in former rebel leader, Ishmael Toroama, being swept to power as Bougainville’s new president ahead of tough negotiations on the country’s future relationship with PNG.

For the artist, the political is also personal.

“Havini communicates and brings to the discussion table important and significant subjects that have impacted and continue to impact Bougainville and its people,” said Sana Balai, an Australian-based Pacific arts curator.

People celebrate in the central Bougainville town of Arawa in 1998 after rebels and the Papua New Guinea government signed a permanent ceasefire to end nine years of conflict in the territory [File: Reuters]

A man in Buka raises his hands as he prepares to vote in 2019’s historic referendum on independence from PNG [Post Courier via AP Photo]

Havini was born in Arawa, a town situated less than an hour by road from the Panguna mine, although her father’s clan lives on Buka Island in northern Bougainville. Her mother, Marilyn, is Australian and Havini subsequently studied art in Australia and now exhibits around the world.

Earlier this year, her first Australian solo exhibition at Sydney’s Artspace included the artwork, Reclamation (2020), which covered the gallery floor in soil. On its undulating surface, dramatic lighting threw long shadows over sentinel-like cane sculptures.

“The primary installation consisted of a ‘taluhu’, traditional architecture (the local Hako word for shelter and protection). The main concept was to build from the earth a ‘bottom-up’ approach using natural temporal materials, such as cane and betel-nut palm that we often use to form an arch-like support frame,” Havini explained. “Reclamation was meant to honour the outcome of our struggle for self-determination and celebrate the historic arrival of the referendum for Bougainville’s independence.”

The work explores notions of “reclaiming” land and culture, in this context from foreign control, dating from German colonisation in the 19th century, the Australian administration early in the 20th century and rule by PNG after 1975. Behind this history of resistance is the deep bond between Melanesians and their customary land, which, above all else, is the source of life, and sustenance, and the home of their ancestors.

Connection to the land

In accordance with her culture, Havini created Reclamation in consultation with her clan.

“With support of my village, chiefs, mother and aunties, I created a space under my house … where we discussed art, our history and our culture by incorporating clan motifs and designs into the shelter and standing sculptures.”

Reclamation, 2020, Materials Cane, wood, steel, soil. Artspace, Sydney. Courtesy of Taloi Havini [Photo: Zan Wimberley]

The tension between this world view and the profit-driven corporate mission to extract the region’s rich mineral resources, such as copper and gold, is an aspect of Havini’s multi-channel video installation, called Habitat (2018-2019).

It is a compelling work of moving images sourced from the national archives in Australia, news reporting of the civil war and Havini’s own family records, presenting local experiences of the Panguna mine’s controversial past.

“Because the Panguna mine threatened the existence of our healthy habitats, making vast areas uninhabitable due to toxic tailings and polluted freshwater river systems, the locals further protested and stopped the mine from operating after seeing all the wealth go to foreign interests,” Havini explained. “I was 10 years of age at the time, witnessing the tireless work of my activist parents who rallied at protests for international intervention for a peace process.”

Habitat also resonates with arts curator, Balai, who previously worked as an environmental analyst with Bougainville Copper, the mine’s operating company, and monitored the impact of the mine’s waste.

Her father worked with the government at the time, but like many other people in Bougainville, worried about being dispossessed where customary land is central to traditional Melanesian culture.

“Viewing Habitat, childhood memories of my father’s words came flooding back. When he returned home having witnessed protesting women or a woman chained herself to a machine, he held me tight and said through tears: ‘My daughter, I will never ever let anyone, especially outsiders take your land away from you and your sisters’,” she said.

Reclamation, 2020 (Construction) Materials Cane, wood, steel, soil. Buka, Bougainville [Photo courtesy of Taloi Havini]

Most people in Bougainville believe nationhood is the only way they can fully own their islands and destiny.

However, last year’s referendum was non-binding and the region’s future will be decided following high-level national talks, expected to begin in 2021.

Edward Wolfers, Professor Emeritus of Politics at Australia’s University of Wollongong, believes that “the details and costs of Bougainville’s transition are likely to be particularly contentious for committed PNG nationalists, as well as supporters of a separate independence for Bougainville, and specialists concerned with the need for particular training, resources and expertise”.

With little internal revenue and ongoing post-conflict reconstruction, any political transition could take years. But President Toroama remains bullish. In his inaugural speech on September 29, he sought to rally the people of Bougainville.

“Independence has been our dream since the days of our forefathers,” he said. “We have fought for it and won the war, but we have not yet won the battle!”

Taloi Havini’s next major exhibition is The Soul Expanding Ocean #1: Taloi Havini, hosted by the art and ocean advocacy organisation, TBA21-Academy, at Ocean Space in Venice, Italy (20 March-17 October 2021)

Habitat, 2018 – 2019. Materials: HD, colour, black & white, 5.1 surround sound, 10:33 mins Artspace, Sydney. Courtesy of Taloi Havini [Photo: Zan Wimberley]

New variants of the coronavirus have now been reported in at least 31 countries worldwide. One of these new strains named VUI-202012/01 was first reported in the United Kingdom on December 14 and is said to be up to 70 percent more transmissible than the previously dominant strain in the UK.

This means it is spreading faster in the UK, making the pandemic there even harder to control and increasing the risk it will also spread swiftly in other countries.

So far, there is no indication to believe the new mutation is any deadlier, or more likely to be able to evade vaccines or treatments.

The map and list below shows which countries have so far reported cases of the new strains of coronavirus.

Al Jazeera will update this list as more information becomes available (Updated December 31).

United Kingdom: December 14
South Africa: December 18
Australia: December 21
Netherlands: December 22
Denmark: December 23
Ireland: December 23
Israel: December 23
Italy: December 23
Germany: December 24
Iceland: December 24
Nigeria: December 24
Singapore: December 24
France: December 25
Japan: December 25
Lebanon: December 25
Canada: December 26
Spain: December 26
Sweden: December 26
Jordan: December 27
Portugal: December 27
Finland: December 28
Norway: December 28
South Korea: December 28
Chile: December 29
India: December 29
Pakistan: December 29
Switzerland: December 29
China: December 30
United Arab Emirates: December 30
United States: December 30
Malaysia: December 31

A growing split between outgoing President Donald Trump and Republicans in the United States Congress widened on Wednesday as the Senate moved closer to overriding a Trump veto and Republican leaders rejected his bid for $2,000 stimulus cheques for Americans.

In a one-two punch, the Senate voted overwhelmingly, 80 to 12, to begin reversing President Donald Trump’s veto of the US’s annual defence authorisation. The action set up a final vote to override Trump’s veto on New Year’s Day.

Meanwhile, Senate Republicans also broke with Trump by rejecting his proposal to increase forthcoming economic stimulus cheques to eligible US citizens from $600 to $2,000 a person.

Republican leader Mitch McConnell said on the Senate floor that a bill passed by the Democratic-controlled House of Representatives, which sought to meet fellow Republican Trump’s demands for bigger checques, “has no realistic path to quickly pass the Senate.”

“We just approved almost a trillion dollars in aid a few days ago,” he said.

Congress had passed a nearly $900bn COVID-19 relief bill earlier this month that included $600 cheques to individuals. Increasing those pay-outs to $2,000 would cost an estimated $464bn.

The defence authorisation bill which Trump sent back to Congress on December 23, provides a pay rise for US troops, sets Pentagon policies and defines major weapons system goals for the year ahead, among other provisions.

Trump had objected to several elements included in the legislation by members of Congress to limit his plans to redeploy US troops stationed overseas and require the Pentagon to remove the names of Confederate generals from military bases.

President Donald Trump is spending the holidays golfing in Florida [Marco Bello/Reuters]

It would be the first time in the four years of Trump’s presidency that Congress has reversed the president’s veto and would mark the end of this session of Congress just two days before a new Congress is to be sworn in on January 3.

Trump had signed the COVID-19 relief bill reluctantly, saying the $600 in direct aid to Americans suffering from unemployment, hunger and eviction during the pandemic was paltry.

McConnell suggested Republicans would be open to considering “smart targeted aid, not another firehose of borrowed money”.

The split among Republicans over the stimulus cheques holds potential political risk as two incumbent Republican US Senators in George battle for re-election against Democratic challengers.

Senators David Purdue and Kelly Loeffler, who had opposed higher payments, switched positions yesterday and joined Trump in advocating for the $2,000 cheques.

Senator Kelly Loeffler has backed Trump’s call for larger stimulus cheques [File: John Bazemore/AP Photo]

“The Senate Republicans risk throwing away two seats and control of the Senate,” said Newt Gingrich, a former Republican congressional leader, on Fox News.

He called on Senate Republicans to “get a grip and not try to play cute parliamentary games with the president’s $2,000 payment.”

But Republican Senator John Cornyn told reporters at the US Capitol that he thought it unlikely that Congress would act to increase the cheques given McConnell’s remarks, the Reuters news agency reported.

Asked if he expected Republicans to face political blow-back, Cornyn said, “No, not in any normal world,” noting that Congress had already approved trillions of dollars in relief for an economy battered by the pandemic.

Trump had ramped up pressure on fellow Republicans to back the bigger COVID-19 stimulus checks for struggling Americans in a series of tweets during recent days.

“$2000 ASAP!” Trump wrote on Twitter early on Wednesday. The tweet prompted one of Trump’s political adversaries, Senator Bernie Sanders, to needle Republicans by displaying the president’s words on a poster during debate on the Senate floor.

Bernie Sanders reading Trump tweets on the Senate floor.

There did not appear to be a break in the time-space continuum. https://t.co/JkDyxCK4uY

— Steven Dennis (@StevenTDennis) December 30, 2020

The House of Representatives overturned Trump’s defence bill veto by a wide margin on December 28.

Late on Tuesday, the Senate leader had introduced a bill that combined the $2,000 checks with provisions scrapping certain legal protections for social media companies and calling for a study of election security, a key issue for Trump.

The parliamentary manoeuvre looked designed to kill off prospects for all three issues.

On Tuesday the president attacked Republican leaders as “pathetic” and accused the party of having a “death wish” if it did not back raising the stimulus payments or scrap the legal protections for social media companies.

Congressional Republicans have largely stuck with Trump through four turbulent years, but the president is angry that they have not fully backed his claims of election fraud.

Cracks in Trump’s relationship with Republicans legislators began to show after McConnell, the top congressional Republican acknowledged Trump’s rival Joe Biden had won the 2020 presidential election.

President-elect Biden is scheduled to be inaugurated on January 20.

On December 2, teachers and public employees peacefully demonstrated in the city of Sulaymaniyah in the semi-autonomous Kurdistan Region of Iraq (KRI), demanding their long-overdue salaries. The Kurdistan Regional Government (KRG) has been unable to pay civil servants in full for months due to an ongoing financial crisis.

Instead of heeding their calls, the local authorities sent security forces to disperse the crowd. This angered the people and caused the protest to spill out of Sulaymaniyah into other towns in the region’s southeast. The ensuing crackdown resulted in the death of at least seven people, including a 13-year-old boy, as well as the injury of dozens and the arrest of hundreds.

The KRI has witnessed such violent scenes before. Since 2011, there have been demonstrations and crackdowns, as the main political parties in the region – the Kurdistan Democratic Party (KDP) and Patriotic Union of Kurdistan (PUK) – have continued to maintain a strong grip on power.

As in the past, the party leaders have accused Baghdad of withholding the KRG’s budget and causing financial difficulties. The truth, however, is that the current crisis has much more to do with decades of corruption and mismanagement of Kurdish resources by the two ruling parties. The Kurdish people know this very well and their disillusionment and anger are growing stronger by the day.

A year of state violence

The December protest was not the only one this year. Over the past 12 months, Kurds have taken to the streets over various socioeconomic grievances.

In January and February, even before the pandemic hit and damaged the Kurdish region’s economy even further, people staged a demonstration to demand better electricity provision and distribution of kerosene for heating in Sulaymaniyah, which is controlled by the PUK.

In May, a group of teachers and public employees called for a peaceful protest over unpaid salaries in the KDP-controlled city of Duhok. However, ahead of the scheduled event, security forces raided the homes of the organisers and blocked entry to the park where it was supposed to be held. Journalists were also arrested pre-emptively.

In August, truck drivers in Zakho, also in the KDP-controlled northwest, came out in protest against a KRG decision to allow Turkish truckers to continue to operate across the Turkish-Iraqi border. Security forces were immediately deployed to forcefully disperse the crowd and prevent any media coverage of it. The crackdown on the media was particularly harsh, with offices of the opposition-funded NRT channel shuttered in Dohuk and Erbil and several of its reporters being detained.

In the aftermath of the August protests, about 100 people, most of them activists and journalists, were detained, according to local media. Intimidation campaigns against opposition-minded youth, activists and media workers have continued over the past few months in both KDP and PUK-controlled areas.

Human rights organisations and press freedom watchdogs have sounded the alarm, with New York-based Human Rights Watch calling on the Kurdish authorities to “listen to critics, not arrest them”.

A corrupt system

While the unpaid salaries and inadequate provision of utilities were the trigger of this year’s wave of protests in the KRI, the roots of public discontent go much deeper. There is growing public anger at the current dysfunctional system in the Kurdish region, dominated by the Barzani family of the KDP and the Talabani family of the PUK.

Since the inception of the KRG in 1992, government institutions have been dominated by these two parties and debilitated by them. Government posts have been distributed along patronage network lines, making officials and governance processes dependent on the two parties. High-level posts are almost exclusively reserved for members of the Barzani and Talabani families and their loyalists.

This set-up has also undermined the electoral process and skewed it in favour of the KDP and PUK. The two parties have secured votes and loyalty by providing jobs within the civil service and by bribing tribal leaders. Each of them has separate Peshmerga forces that take orders only from the party leadership.

The KDP and PUK have also embezzled the region’s resources and used them to their own benefit, distributing lands to their members, supporters, relatives and friends and allocating lucrative projects to companies tied to the ruling elite.

The nepotism, corruption and mismanagement of the two ruling parties have stunted the growth of the Kurdish economy and made it almost entirely dependent on oil and gas. As much as 90 percent of government revenue comes from the sale of hydrocarbons while other sectors remain underdeveloped. Public infrastructure is also weak and poorly maintained, resulting in regular power outages and water shortages.

The vast clientelist networks of the ruling elite have bloated public expenditure to such an extent that under the present conditions – low oil prices and a budget dispute with Baghdad – the government can no longer afford to regularly pay civil servant wages. More than half the KRG’s revenue is spent on public expenditures, including public employees’ salaries, pensions and social support.

This and the limited economic opportunities available have deepened the social and economic disparities in the Kurdish region. Today, one-third of households earn $400 or less a month.

The new generation is bearing the brunt of this economic mismanagement. Although there is no reliable data on the current rate of youth unemployment, a 2018 survey found that more than 20 percent of the population aged between 18-34 who were unemployed in 2018 had lost hope in finding a job. This partly explains why the youth have been at the forefront of the recent protests and will remain the driving force in future ones.

Echo of the October protests

People in the KRI have protested over unpaid salaries, bad public services and corruption for years. But it seems the dynamics in the streets are changing.

What distinguishes these protests from the previous ones is their spontaneous and organic nature. They are not organised by opposition parties – as they have been in the past – and are mostly leaderless and dominated by the youth. They are quite similar in their aspirations to the protests that erupted in Baghdad and southern Iraq in October 2019.

Kurdish protesters have ignored KDP’s and PUK’s attempts to blame the central government for the current situation and insisted that the solution lies within the KRG. These protests show that there is an urgent need for the overhaul of the system – a demand frequently raised during protests since 2011.

The KRG in its current form is unlikely to embrace genuine political and economic reform, just as the political establishment in Baghdad is unable to fulfil the demands of the protesters. What is needed in the Kurdish region is a fundamental change of the political system that puts an end to the hegemony of two ruling families and their parties.

The Kurdish political elite has to understand that these protests are not just a small disturbance over unpaid salaries. And the usual solution – violence, arrests and intimidation – will not work in the long run.

It is increasingly clear that the young generation of Kurds refuses to live like their parents, on the empty promises of Kurdish politicians. It demands real change and it has the resilience and willingness to fight for it that previous generations may not have had.

The crackdown may have quelled the protests for now and this battle may have been lost, but the war for the future of the Kurdish region of Iraq continues.

The views expressed in this article are the author’s own and do not necessarily reflect Al Jazeera’s editorial stance.

United States President Donald Trump’s push for bigger $2,000 COVID-19 relief cheques stalled in the Senate on Tuesday as Republicans blocked a swift vote proposed by Democrats and split within their own ranks over whether to boost spending or defy the White House.

Senate Majority Leader Mitch McConnell threw up roadblocks to Trump’s request to increase the cheques from $600 for millions of Americans even as political pressure mounted.

A growing number of Republicans, including two senators in runoff elections on January 5 in Georgia, said they would support the larger amount.

Most Republican senators oppose the additional COVID-19 spending, which would cost the US government $484bn, even if they are also wary of bucking Trump who repeated his demand in a tweet: “$2000 for our great people, not $600!”

Following Trump’s lead, Republican Senators Josh Hawley and Marco Rubio, among the party’s potential 2024 presidential hopefuls, are pushing for the $2,000 cheques. “We’ve got the votes. Let’s vote today,” Hawley tweeted.

We’ve got the votes. Let’s vote today https://t.co/woFBHPMSjz

— Josh Hawley (@HawleyMO) December 29, 2020

Seeking to devise a way out of the political bind, McConnell offered to combine the president’s demand for bigger cheques with two proposals Trump wants that are non-starters for Democrats – content restrictions on technology companies such as Facebook or Twitter and the establishment of a commission to review Trump’s fraud claims in the presidential election.

“Senator McConnell knows how to make $2,000 survival checks reality and he knows how to kill them,” Senate Democratic leader Chuck Schumer said in a statement.

McConnell is “loading up the bipartisan House-passed” measure providing the $2,000 cheques “ with unrelated, partisan provisions that will do absolutely nothing to help struggling families across the country,” Schumer said.

The showdown has thrown Congress into a chaotic year-end session just days before new legislators are set to be sworn into office for the new year. And it is preventing action on another priority – overturning Trump’s veto on a sweeping annual defence policy bill.

The president’s last-minute push for bigger cheques divides Republicans, who are split between those who align with Trump’s populist instincts and those who adhere to what had been more traditional conservative views against government spending. Congress had settled on smaller $600 payments in a compromise over the big, year-end relief bill Trump reluctantly signed into law.

Now, liberal senators led by Bernie Sanders of Vermont who support the relief aid are blocking action on the defence bill until a vote can be taken on Trump’s demand for $2,000 for most Americans. “The working class of this country today faces more economic desperation than at any time since the Great Depression of the 1930s,” Sanders said in Senate remarks. “Working families need help now.”

Senate Minority Leader Senator Chuck Schumer of New York, walks on Capitol Hill in Washington [File: Susan Walsh/AP Photo]

The Republican blockade is causing turmoil for some as the virus crisis worsens and Trump amplifies his unexpected demands.

The two Republican senators from Georgia, David Perdue and Kelly Loeffler, announced Tuesday they support Trump’s plan for bigger cheques as they face Democrats Jon Ossoff and Raphael Warnock in runoff elections that will determine which party controls the Senate.

“I’m delighted to support the president,” said Perdue on broadcaster Fox News. Loeffler said in an interview on Fox that she, too, backs the boosted relief cheques.

Trump repeated his demand in a tweet ahead of Tuesday’s Senate session: ”$2000 for our great people, not $600!” Other Republicans panned the bigger cheques saying the nearly $484bn price tag was too high, the relief is not aimed those in need and Washington has already dispatched ample sums on COVID-19 aid.“We’ve spent $4 trillion on this problem,” said Republican Senator John Cornyn.

The US House of Representatives voted late Monday to approve Trump’s request for $2,000 cheques in a stunning turn of events. Just days before, during a brief Christmas Eve session, Republicans had blocked Trump’s sudden demand for bigger checks as he defiantly refused to sign the broader COVID-19 aid and year-end funding bill into law.

Trump spent days fuming from his private club in Florida, where he is spending the holidays and millions of Americans saw jobless aid lapse as the nation risked a federal government shutdown.

Economists said a $600 cheque will help, but that it is a far cry from the spending power that a $2,000 cheque would provide for the economy. “It will make a big difference whether it’s $600 versus $2,000,” said Ryan Sweet, an economist with Moody’s.

Followed by a staffer with a bag, Senate Majority Leader Mitch McConnell leaves the Capitol for the day [Jacquelyn Martin/AP Photo]

The outlook now, however, is that McConnell will set up votes ahead on both the House-passed measure supporting Trump’s $2,000 cheques as well as his own new version linking it with the tech company reforms and the presidential election review. That would be a process that likely ensures neither bill will pass.

Time is running out for resolution of the issue. A new Congress is set to be sworn in Sunday. The $600 checks are set to be delivered, along with other aid, among the largest rescue packages of its kind.

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website.

The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google’s Vulnerability Reward Program.

Many of Google’s products, including Google Docs, come with a “Send feedback” or “Help Docs improve” option that allows users to send feedback along with an option to include a screenshot — something that’s automatically loaded to highlight specific issues.

But instead of having to duplicate the same functionality across its services, the feedback feature is deployed in Google’s main website (“www.google.com”) and integrated to other domains via an iframe element that loads the pop-up’s content from “feedback.googleusercontent.com.”

This also means that whenever a screenshot of the Google Docs window is included, rendering the image necessitates the transmission of RGB values of every pixel to the parent domain (www.google.com), which then redirects those RGB values to the feedback’s domain, which ultimately constructs the image and sends it back in Base64 encoded format.

Sreeram, however, identified a bug in the manner these messages were passed to “feedback.googleusercontent.com,” thus allowing an attacker to modify the frame to an arbitrary, external website, and in turn, steal and hijack Google Docs screenshots which were meant to be uploaded to Google’s servers.

Notably, the flaw stems from a lack of X-Frame-Options header in the Google Docs domain, which made it possible to change the target origin of the message and exploit the cross-origin communication between the page and the frame contained in it.

While the attack requires some form of user interaction — i.e. clicking the “Send feedback” button — an exploit could easily leverage this weakness to capture the URL of the uploaded screenshot and exfiltrate it to a malicious site.

This can be achieved by embedding a Google Docs file in an iFrame on a rogue website and hijacking the feedback pop-up frame to redirect the contents to a domain of the attacker’s choice.

Failing to provide a target origin during cross-origin communication raises security concerns in that it discloses the data that’s sent to any website.

“Always specify an exact target origin, not *, when you use postMessage to send data to other windows,” Mozilla documentation states. “A malicious site can change the location of the window without your knowledge, and therefore it can intercept the data sent using postMessage.”

Palestinian NGO said the increase in virus cases among Israeli jailers is the ‘first source of transmission’ to prisoners.

Israeli prison authorities have closed down the Ramon prison after detecting several coronavirus infections among prisoners and guards, according to the Palestinian Prisoner Society (PPS).

There was no comment from Israeli authorities but the PPS said on Sunday that the closure was “a serious indication of a possible wide outbreak of the pandemic among the detainees”.

The NGO added that prison authorities would be conducting coronavirus tests on prisoners.

Ramon prison is divided into seven cells and holds 360 Palestinian prisoners.

The PPS said the increase in cases among the Israeli jailers is “the first source of transmission of the virus to the prisoners”.

Last week, Israel launched its vaccination campaign but on Saturday, its Public Security Minister Amir Ohana said providing prisoners with coronavirus vaccines was not a “priority”.

His comments were condemned by Hassan Abed Rabbo, media spokesman for the Palestinian Prisoners’ Affairs body, who said Ohana’s decision was “racist” and another “crime added to the long list against the prisoners”.

Abed Rabbo said the “Israeli occupation government is fully responsible for the health and lives of the prisoners, and for not taking real measures to protect them from the outbreak of the coronavirus”.

Since April, some 140 Palestinian prisoners have been infected with COVID-19, the majority in the Gilboa prison in the north which has also been shut down.

Israel is holding approximately 4,400 Palestinians, including 41 women and 170 children as well as 380 individuals being held without charge or trial under its administrative detention policy.

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020.

Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank. Also included in the list is an Indian banking firm ICICI Bank.

AutoHotkey is an open-source custom scripting language for Microsoft Windows aimed at providing easy hotkeys for macro-creation and software automation that allows users to automate repetitive tasks in any Windows application.

The multi-stage infection chain commences with a malware-laced Excel file that’s embedded with a Visual Basic for Applications (VBA) AutoOpen macro, which is subsequently used to drop and execute the downloader client script (“adb.ahk”) via a legitimate portable AHK script compiler executable (“adb.exe”).

The downloader client script is also responsible for achieving persistence, profiling victims, and downloading and running additional AHK scripts from command-and-control (C&C) servers located in the US, the Netherlands, and Sweden.

What makes this malware different is that instead of receiving commands directly from the C&C server, it downloads and executes AHK scripts to accomplish different tasks.

“By doing this, the attacker can decide to upload a specific script to achieve customized tasks for each user or group of users,” Trend Micro researchers said in an analysis. “This also prevents the main components from being revealed publicly, specifically to other researchers or to sandboxes.”

Chief among them is a credential stealer that targets various browsers such as Google Chrome, Opera, Microsoft Edge, and more. Once installed, the stealer also attempts to download an SQLite module (“sqlite3.dll”) on the infected machine, using it to perform SQL queries against the SQLite databases within browsers’ app folders.

In the final step, the stealer collects and decrypts credentials from browsers and exfiltrates the information to the C&C server in plaintext via an HTTP POST request.

Noting that the malware components are “well organized at the code level,” the researchers suggest the inclusion of usage instructions (written in Russian) could imply a “hack-for-hire” group that’s behind the attack chain’s creation and is offering it to others as a service.

“By using a scripting language that lacks a built-in compiler within a victim’s operating system, loading malicious components to achieve various tasks separately, and changing the C&C server frequently, the attacker has been able to hide their intention from sandboxes,” the researchers concluded.

Adam Coy, a 17-year veteran, was fired from the Columbus, Ohio police force after shooting Andre Hill, a Black man.

A white Ohio police officer in the United States was fired on Monday after bodycam footage showed him fatally shooting 47-year-old Andre Hill – a Black man who was holding a cellphone – and refusing to administer first aid for several minutes.

Columbus police officer Adam Coy was fired hours after a hearing was held to determine his employment, Columbus Public Safety Director Ned Pettus Jr said in a statement.

“The actions of Adam Coy do not live up to the oath of a Columbus Police officer, or the standards we, and the community, demand of our officers,” the statement read. “The shooting of Andre Hill is a tragedy for all who loved him in addition to the community and our Division of Police.”

Coy, a 17-year member of the force remains under criminal investigation for last week’s shooting. He was relieved of duty, ordered to turn in his gun and badge, and stripped of police powers last week.

The decision came after Pettus concluded a hearing to determine whether the actions taken by Coy in the moments before and after the fatal shooting of Hill on Tuesday were justified.

The public safety director upheld the recommendation of Police Chief Thomas Quinlan, who made a video statement Christmas Eve, saying he had seen enough to recommend Coy be terminated.

Columbus Police Chief Thomas Quinlan speaks about his recommendation on the termination of Officer Adam Coy [File: City of Columbus/via Reuters]

Quinlan expedited the investigation and bypassed procedure to file two departmental charges alleging critical misconduct against Coy in the death of Hill.

“This is what accountability looks like. The evidence provided solid rationale for termination,” Quinlan said after Coy’s termination on Monday afternoon. “Mr Coy will now have to answer to the state investigators for the death of Andre Hill.”

Members of the local Fraternal Order of Police attended the hearing on behalf of Coy, who was not in attendance, according to a statement from Pettus’ office.

“Officer Coy was given the opportunity today to come and participate,” Brian Steel, vice president of the police union, told reporters on Monday. He elected not to participate. I do not know why … I would have liked to have him here, but it’s his decision.”

A protester holds a placard outside the home where Andre Hill, 47, was killed in Columbus, Ohio [Megan Jelinger/Reuters]

Coy and another officer responded to a neighbour’s non-emergency call after 1am (06:00 GMT) on Tuesday, December 22, about a car in front of his house in the city’s northwest side that had been running, then shut off, then turned back on, according to a copy of the call released on Wednesday.

Mayor Andrew Ginther said it remains unclear if that car had anything to do with Hill.

Police bodycam footage showed Hill emerging from a garage and holding up a cellphone in his left hand seconds before he was fatally shot by Coy. There is no audio because the officer had not activated the body camera; an automatic “look back” feature captured the shooting without audio.

An investigation is also being conducted into the other officers who responded to the call that ended in Hill being shot, who Quinlan said also appear to have either failed to activate their body cameras or to render Hill aid.

Officers must activate their body cameras as soon as they are dispatched to a crucial incident such as a shooting, robbery or burglary, under departmental policy. Quinlan said any others who violated department protocols will be held accountable.

This is #AndreHill.

Andre was shot and killed by @ColumbusPolice, who were responding to a noise complaint.

Andre was holding a cell phone.

A human being, shot within 10 seconds.

How do we reform a system that repeatedly conditions for and condones this?#BlackLivesMatter pic.twitter.com/3LomoPBkue

— Be A King (@BerniceKing) December 27, 2020

Although Coy was dispatched on a non-emergency call, the call became an enforcement action when the officer interacted with Hill because that was separate from the original call, said police department spokesperson Sergeant James Fuqua.

In addition to an internal police investigation, Ohio Attorney General Dave Yost was appointed a special prosecutor in the death of Hill on Thursday.

There is also an investigation under the state’s criminal investigations unit, under Yost, with assistance from the US attorney’s office and the FBI’s Civil Rights Division.

Almost 7.5 million cast their vote to choose a successor to President Issoufou.

Vote counting has begun in Niger after an election that could lead to the country’s first peaceful transition of power since its independence from France 60 years ago.

Almost 7.5 million people cast their vote on Sunday to choose a successor to President Mahamadou Issoufou who is stepping down after two five-year terms leading the country of 23 million.

Results are expected within five days and it could take two weeks for them to be ratified by the constitutional court.

A winner will need 50 percent of the vote plus one to avoid a runoff, otherwise, a second round involving the top two candidates takes place in February.

Hama Amadou, who finished as a runner-up in the last election, was barred from running because of a criminal conviction, leaving the opposition without an obvious figurehead until last week, when his party called on its supporters to turn out for Mahamane Ousmane, who was president from 1993 to 1996.

‘A success’

Elections were held amid security concerns.

Al Jazeera’s Ahmed Idris, reporting from the capital Niamey, said: “It was widely anticipated that there would have been violence during these elections, but so far the number of attacks or incidents recorded has been minimal.”

He added that “officials believed it has been a tremendous success for Niger, a country sandwiched between violent groups in the north, west and south of the country”.

In recent years, Niger has been plagued by deadly attacks by armed groups in neighbouring countries such as Mali and Burkina Faso.

Earlier this month, 27 people died in an attack claimed by Boko Haram.

But security is not the only concern for the people in Niger.

The country’s economy has been hit hard by the coronavirus pandemic with a fall in the price of its top export uranium.

It has also suffered due to the closure of the border with Nigeria, a key gateway for the import of essential goods.

“Every time, I do this [vote] as a duty to our country,” Hussaini Adam, who has voted in every election since independence, told Al Jazeera.

“But I also expect our leaders to fix our problems.”

Christmas day explosion wounded three people and damaged dozens of businesses, including an AT&T switching centre.

Nashville Police have said Anthony Quinn Warner is under investigation in connection with the Christmas Day bombing that rocked the US city of Nashville.

Metro Nashville Police Department Spokesman Don Aaron confirmed Warner’s identity on Sunday.

Federal and state investigators are trying to determine who set off a bomb inside a recreational vehicle on Friday morning, injuring three people and damaging more than 40 businesses.

They are also working to identify human remains found at the scene.

Nashville Chief of Police John Drake speaks at a news conference in Nashville, Tennessee [Mark Humphrey/AP Photo]

Meanwhile, local media reported on Sunday that FBI agents investigating the explosion visited a real estate agency where Warner had worked on computers.

Steve Fridrich, owner of Fridrich & Clark Realty in Nashville’s Green Hills neighbourhood, told the Tennessean newspaper he spoke with the agents late on Saturday about Warner, 63, after the company told the FBI he had worked there.

According to public records, Warner had lived at a home in Antioch, southeast of Nashville, that was searched on Saturday by FBI and US Bureau of Alcohol, Tobacco, Firearms and Explosives officials following the huge Christmas Day blast.

Federal agents have said they are following up on more than 500 leads, and are working to identify what appear to be human remains found in the wreckage.

The explosion in the heart of the US country music capital wounded three people and damaged more than 40 businesses including an AT&T switching centre, disrupting mobile, internet and TV services across central Tennessee and parts of four other states.

Fridrich said that for four or five years Warner had come into the office roughly once a month to provide computer consulting services, until this month when Warner told the company in an email that he would no longer be working for them. He gave no reason, according to Fridrich.

“He seemed very personable to us – this is quite out of character, I think,” Fridrich told the newspaper.

FBI and ATF agents search the basement of a home in Nashville, Tennessee [Mark Humphrey/AP Photo]

At a news conference on Sunday, five Nashville police officers who were on the scene early on Friday recalled the dramatic moments before the explosion, as they scrambled to evacuate homes and buildings and called for a bomb squad, which was en route when the motor home blew up.

Officers had heard music and an automated announcement coming from the RV warning them about the impending explosion as they sprang into action, requesting access codes for buildings and trying to shepherd as many residents to safety as possible.

“I was thrown forward, knocked to the ground,” officer Brenna Hosey told reporters about the moment of the explosion. “But I was able to catch myself, I was fine.”

The officers, who were initially responding to reports of gunfire in the area, have been hailed as heroes by city leaders.

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites.

The suspects used stolen personal credentials to commit further cyber and fraud offences, the UK National Crime Agency (NCA) said.

Of the 21 arrested — all men aged between 18 and 38 — nine have been detained on suspicion of Computer Misuse Act offences, nine for Fraud offences, and three are under investigation for both. The NCA also seized over £41,000 in bitcoin from the arrested individuals.

Earlier this January, the US Federal Bureau of Investigation (FBI), the NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland jointly seized the domain of WeLeakInfo.com.

Launched in 2017, the service provided its users a search engine to access the personal information illegally obtained from over 10,000 data breaches and containing over 12 billion indexed stolen credentials, including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts.

On top of that, WeLeakInfo offered subscription plans, allowing unlimited searches and access to the results of these data breaches during the subscription period that lasted anywhere from one day ($2), one week ($7), one month ($25), or three months ($70).

The cheap subscriptions made the website accessible to even entry-level, apprentice-type hackers, letting them get hold of a huge cache of data for as little as $2 a day, and in turn, use those stolen passwords to mount credential stuffing attacks.

Following the domain’s seizure in January, two 22-year-old men, one in the Netherlands and another in Northern Ireland, were arrested in connection with running the site. WeLeakInfo’s Twitter handle has since gone quiet.

NCA said besides being customers of the website, some of the arrested men had also purchased other cybercrime tools such as remote access Trojans (RATs) and crypters, with three other subjects found to be in possession of indecent images of children.

“Cyber criminals rely on the fact that people duplicate passwords on multiple sites and data breaches create the opportunity for fraudsters to exploit that,” NCA’s Paul Creffield said. “Password hygiene is therefore extremely important.”

Health care workers, the elderly and leading politicians got some of the first shots across the bloc to reassure the public that the vaccinations are safe.

Europe has launched an enormous COVID vaccination drive, with elderly patients and medics lining up to take the first shots in hopes of seeing off the pandemic that has crippled economies and claimed more than 1.7 million lives worldwide.

The region of 450 million people has secured contracts with a range of suppliers for more than two billion vaccine doses and has set a goal for all adults to be inoculated during 2021.

“It didn’t hurt at all,” said Mihaela Anghel, a nurse at the Matei Bals Institute in Bucharest who was the first person to get the vaccine in Romania.

“Open your eyes and take the vaccine.”

In Rome, Italy, five doctors and nurses wearing white scrubs sat in a semi-circle at the Spallanzani infectious diseases hospital to receive their doses.

“The message is one of hope, trust and an invitation to share this choice,” said one of the recipients, Dr Maria Rosaria Capobianchi, who heads the virology laboratory at Spallanzani and was part of the team that isolated the virus in early February.

“There is no reason to be concerned.”

Domenico Arcuri, extraordinary commissioner for the epidemic, said it was significant that Italy’s first vaccine doses were administered at Spallanzani, where a Chinese couple visiting from Wuhan tested positive in January and became Italy’s first confirmed cases.

World War II veteran Emilie Repikova receives a dose of the Pfizer-BioNTech vaccine at Military University Hospital  in Prague [David W Cerny/Reuters]

The numbers vaccinated in the initial days with the Pfizer-BioNTech jab are largely symbolic and it will be months before enough people are considered protected to envisage a return to normal from the pandemic.

Meanwhile, the first cases of a new virus variant that has been spreading rapidly around London and southern England have now been detected in France and Spain.

The new variant has caused European countries, the United States and China to put new restrictions on travel for people from Britain.

Germany’s BioNTech has said it is confident that its coronavirus vaccine works against the new UK variant, but added that further studies are needed to be completely certain.

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments.

According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from a security flaw (CVE-2020-10148) that could allow a remote attacker to execute unauthenticated API commands, thus resulting in a compromise of the SolarWinds instance.

“The authentication of the API can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request to the API, which could allow an attacker to execute unauthenticated API commands,” the advisory states.

“In particular, if an attacker appends a PathInfo parameter of ‘WebResource.adx,’ ‘ScriptResource.adx,’ ‘i18n.ashx,’ or ‘Skipi18n’ to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.”

SolarWinds, in an update to its security advisory on December 24, had stated malicious software could be deployed through the exploitation of a vulnerability in the Orion Platform. But exact details of the flaw remained unclear until now.

In the past week, Microsoft disclosed that a second threat actor might have been abusing SolarWinds’ Orion software to drop an additional piece of malware called SUPERNOVA on target systems.

It was also corroborated by cybersecurity firms Palo Alto Networks’ Unit 42 threat intelligence team and GuidePoint Security, both of whom described it as a .NET web shell implemented by modifying an “app_web_logoimagehandler.ashx.b6031896.dll” module of the SolarWinds Orion application.

While the legitimate purpose of the DLL is to return the logo image configured by a user to other components of the Orion web application via an HTTP API, the malicious additions allow it to receive remote commands from an attacker-controlled server and execute them in-memory in the context of the server user.

“SUPERNOVA is novel and potent due to its in-memory execution, sophistication in its parameters and execution and flexibility by implementing a full programmatic API to the .NET runtime,” Unit 42 researchers noted.

The SUPERNOVA web shell is said to be dropped by an unidentified third-party different from the SUNBURST actors (tracked as “UNC2452”) due to the aforementioned DLL not being digitally signed, unlike the SUNBURST DLL.

The development comes as government agencies and cybersecurity experts are working to understand the full consequences of the hack and piece together the global intrusion campaign that has potentially ensnared 18,000 of SolarWinds’ customers.

FireEye, which was the first company to uncover the SUNBURST implant, said in an analysis that the actors behind the espionage operation routinely removed their tools, including the backdoors, once legitimate remote access was achieved — implying a high degree of technical sophistication and attention to operational security.

Evidence unearthed by ReversingLabs and Microsoft had revealed that key building blocks for the SolarWinds hack were put in place as early as October 2019 when the attackers laced a routine software update with innocuous modifications to blend in with the original code and later made malicious changes that allowed them to launch further attacks against its customers and to steal data.

To address the authentication bypass vulnerability, it’s recommended that users update to the relevant versions of the SolarWinds Orion Platform:

• 2019.4 HF 6 (released December 14, 2020)
• 2020.2.1 HF 2 (released December 15, 2020)
• 2019.2 SUPERNOVA Patch (released December 23, 2020)
• 2018.4 SUPERNOVA Patch (released December 23, 2020)
• 2018.2 SUPERNOVA Patch (released December 23, 2020)

For customers who have already upgraded to the 2020.2.1 HF 2 or 2019.4 HF 6 versions, it’s worth noting that both the SUNBURST and SUPERNOVA vulnerabilities have been addressed, and no further action is required.

United States President-elect Joe Biden is urging Donald Trump to sign into law an $892bn COVID-19 funding and relief bill that would provide much-needed support to Americans hit hard by the virus and an economic downturn caused by the pandemic.

In a written statement, Biden, who is set to take office on January 20, accused Trump of an “abdication of responsibility” that could have “devastating consequences”.

“It is the day after Christmas, and millions of families don’t know if they’ll be able to make ends meet because of President Donald Trump’s refusal to sign an economic relief bill approved by Congress with an overwhelming and bipartisan majority,” Biden said.

“This bill is critical. It needs to be signed into law now.”

Trump’s refusal to sign the COVID-19 relief legislation, which passed in the US Congress this week after months of partisan wrangling, has created concerns for millions of Americans who are set to lose special unemployment benefits at midnight Saturday.

The coronavirus support, attached to $1.4 trillion government funding legislation that passed in the House and Senate this week, includes a one-time $600 payment to US citizens and extends some pandemic unemployment benefits and financial supports.

The US has reported more than 18.7 million cases of COVID-19 since the crisis began and more than 330,000 deaths linked to the virus, according to a tally from the Johns Hopkins University – the highest totals in the world.

“It’s a chess game and we are pawns,” Lanetris Haines, a self-employed single mother of three in South Bend, Indiana, who stands to lose her $129 weekly jobless benefit, told The Associated Press news agency.

Earl McCarthy, a father of four who lives in the US state of Georgia, said he has been relying on unemployment since he lost his sales job and will be left with no income by the second week of January if Trump does not sign the bill.

“The entire experience was horrifying,” McCarthy, who is receiving about $350 a week in unemployment insurance, told the AP.

“For me, I shudder to think if I had not saved anything or had an emergency fund through those five months, where would we have been?” he said.

‘Measly $600’

Trump has said the one-time payment to Americans included in the legislation is too low.

“I simply want to get our great people $2000, rather than the measly $600 that is now in the bill,” Trump tweeted on Saturday morning.

He has not said yet whether he intends to veto the legislation, and he could still sign it in the coming days.

I simply want to get our great people $2000, rather than the measly $600 that is now in the bill. Also, stop the billions of dollars in “pork”.

— Donald J. Trump (@realDonaldTrump) December 26, 2020

Democrats on Thursday sought to increase the payments to the $2,000 per person that Trump requested, but the president’s fellow Republicans, who oppose the higher amount, blocked the effort.

The Democratic-controlled House of Representatives plans to vote on legislation this week that would provide one-time, $2,000 checks to individuals.

But special unemployment aid is expected to lapse on Saturday due to the delays in signing the COVID-19 relief legislation into law, US media outlets said, affecting as many as 14 million Americans.

The COVID relief bill would allow people to collect unemployment benefits until March and revive supplemental benefits for millions of people, the New York Times reported.

A partial government shutdown will begin on Tuesday unless Congress can agree to a stop-gap government funding bill before then.

This abdication of responsibility has devastating consequences. This bill is critical. It needs to be signed into law now.

US President-elect Joe Biden

Republican legislator French Hill of Arkansas, who sits on the House Financial Services Committee, told Fox on Saturday that he hoped Trump would sign the bill immediately.

“I wish he had made that pitch for $2,000 as vociferously over the last three weeks as after the bill was passed. It might have given us more leverage to get a slightly higher payment,” Hill said.

At this point, he added, “it’s going to be extraordinarily hard to get that payment through the Senate and the House.”

Announcement comes after authorities in France and Lebanon also confirm cases of the UK variant.

Four cases of a coronavirus variant that recently emerged in the United Kingdom and is believed to be particularly infectious, have been confirmed in Madrid, the regional government has said.

All four cases, the first detected in Spain, involved people who recently arrived from the UK, the Madrid regional government’s deputy health chief Antonio Zapatero told a news conference on Saturday.

“The patients are not seriously ill, we know that this strain is more transmissible, but it does not cause more serious illness,” he said. “There is no need for alarm.”

There are another three suspected cases of the coronavirus variant but the results of tests will only be available on Tuesday or Wednesday, Zapatero said.

On Friday, authorities in Lebanon and France also confirmed cases of the new variant.

Since Tuesday, Madrid has banned all entries from the UK except for Spanish nationals and residents.

The news comes as the Spanish government is expected to receive 4.5 million Pfizer vaccine doses over the next 12 weeks, enough to vaccinate some 2.2 million people, according to the ministry.

The government expects to have between 15 million and 20 million people of its population of 47 million vaccinated against the virus by June.

Travels banned

The new strain of the virus, which experts fear is more contagious, has prompted more than 50 countries to impose travel restrictions on the UK.

The US on Thursday said it will require all passengers arriving from the UK to present a negative COVID-19 test for entry, while China suspended all flights from Britain over the new strain.

Other countries that have suspended travel for Britons include France, Germany, Italy, the Netherlands, Austria, Ireland, Belgium, Canada, India, Pakistan, Poland, Spain, Switzerland, Sweden, Russia and Jordan.

In the Gulf, Saudi Arabia, Kuwait and Oman closed their borders completely.

Authorities in France, following a snap 48-hour travel ban this week, reopened its borders to the UK – partly to allow French citizens to return home, as well as to relieve the massive build-up of freight goods – but had introduced a testing policy.

The opposition is calling for PM Nikol Pashinyan’s resignation over his handling of the Nagorno-Karabakh conflict with Azerbaijan.

Armenian Prime Minister Nikol Pashinyan has backed the prospect of early parliamentary elections next year, after huge protests over his handling of the Nagorno-Karabakh conflict with Azerbaijan.

Pashinyan wrote on Facebook on Friday that he was inviting parliamentary and interested, non-parliamentary powers to talks on the subject, though he did not name an exact date for them.

“I am not hanging on to the prime minister’s seat,” he said, though he added that he was ready to continue leading “if the people reaffirm their trust in these difficult times”.

Pashinyan has been under heavy pressure since the end of fighting between Armenia and Azerbaijan in the Nagorno-Karabakh region. The opposition is calling for his resignation, holding him responsible for the defeat against Azerbaijan.

Since the peace deal between the two neighbours was signed on November 10, Armenia’s opposition politicians and their supporters have been demanding that Pashinyan step down.

The accord saw Azerbaijan reclaim control over large parts of Nagorno-Karabakh and surrounding areas that it had lost in the early 1990s.

The Russia-brokered agreement ended 44 days of fierce fighting in which the Azerbaijani army routed Armenian forces.

Pashinyan has defended the peace deal as a painful but necessary move to prevent Azerbaijan from overrunning the entire Nagorno-Karabakh region.

He argued on Friday that his critics lack broad public support for their demand.

“There is only one way to get answers to these questions: by holding early parliamentary elections,” Pashinyan wrote on Facebook.

Police on Thursday arrested at least 77 people following clashes when thousands of protesters converged in capital Yerevan and surrounded the heavily guarded government building.

Opposition supporters on Friday continued blocking streets in the Armenian capital and engaged in occasional scuffles with police.

Nagorno-Karabakh lies within Azerbaijan but was under the control of ethnic Armenian forces backed by Armenia since a war there ended in 1994.

Fighting broke out in the region on September 27 this year and lasted until November 9. In total, more than 4,600 people died on both sides – most of them soldiers. On the Armenian side alone, 60 civilians were killed.

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company’s email.

The hacking endeavor was reported to the company by Microsoft’s Threat Intelligence Center on December 15, which identified a third-party reseller’s Microsoft Azure account to be making “abnormal calls” to Microsoft cloud APIs during a 17-hour period several months ago.

The undisclosed affected reseller’s Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.

Although there was an attempt by unidentified threat actors to read email, it was ultimately foiled as the firm does not use Microsoft’s Office 365 email service, CrowdStrike said.

The incident comes in the wake of the supply chain attack of SolarWinds revealed earlier this month, resulting in the deployment of a covert backdoor (aka “Sunburst”) via malicious updates of a network monitoring software called SolarWinds Orion.

Since the disclosure, Microsoft, Cisco, VMware, Intel, NVIDIA, and a number of US government agencies have confirmed finding tainted Orion installations in their environments.

The development comes a week after the Windows maker, itself a SolarWinds customer, denied hackers had infiltrated its production systems to stage further attacks against its users and found evidence of a separate hacking group abusing Orion software to install a separate backdoor called “Supernova.”

It also coincides with a new report from The Washington Post today, which alleges Russian government hackers have breached Microsoft cloud customers and stolen emails from at least one private-sector company by taking advantage of a Microsoft reseller that manages cloud-access services.

We have reached out to Microsoft, and we will update the story if we hear back.

CrowdStrike has also released CrowdStrike Reporting Tool for Azure (CRT), a free tool that aims to help organizations review excessive permissions in their Azure Active Directory or Office 365 environments and help determine configuration weaknesses.

In addition, the US Cybersecurity Infrastructure and Security Agency (CISA) has separately created a similar open-source utility called Sparrow to help detect possible compromised accounts and applications in Azure or Office 365 environments.

“The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors,” CISA said.

For its part, SolarWinds has updated its security advisory, urging customers to update Orion Platform software to version 2020.2.1 HF 2 or 2019.4 HF 6 to mitigate the risks associated with Sunburst and Supernova vulnerabilities.

Election, which was set to take place in August, was delayed because of the pandemic, as new date is set amid fresh violence.

Ethiopia will hold a parliamentary election on June 5, 2021, its National Electoral Board has said on Friday, after postponing the vote from August this year because of the COVID-19 pandemic.

The chairman of the winning party becomes prime minister.

News of the vote comes as Ethiopia, Africa’s second-most populous nation, wrestles with outbreaks of deadly violence.

On Thursday, the military killed 42 armed men accused of taking part in a massacre in the western Benishangul-Gumuz region.

Prime Minister Abiy Ahmed said he was sending forces to Benishangul-Gumuz, which borders Sudan, the day after unidentified attackers torched homes and killed more than 100 people in a village there.

The region is home to several ethnic groups.

In recent years, people from the neighbouring Amhara region have started moving into the area, prompting some ethnic Gumuz to complain that fertile land is being taken away from them, experts say.

Ethiopia has a federal system comprising 10 regions with the freedom to set some taxes, run security forces and pass laws.

Ahmed took office in 2018 and accelerated democratic and economic reforms that have loosened the state’s iron grip on regional rivalries.

But he is now under pressure to contain the violence gripping his nation.

State-run Ethiopian News Agency reported that five senior officials, including a state minister of the federal government, have been arrested in connection with security issues in Benishangul-Gumuz.

The development came as Ethiopia’s military also battles a rebellious force in the separate northern Tigray region, with a mass deployment of troops that has raised fears of a security vacuum in other areas.

The war, believed to have killed thousands, has sent more than 45,000 refugees into Sudan, displaced many more within Tigray, and worsened suffering in a region where 600,000 people were already dependent on food aid even before the conflict began.

Ethiopia is also experiencing unrest in the Oromia region and faces long-running security threats from Somali fighters along its porous eastern border.

Officials say Moderna vaccine will be distributed to remote, isolated communities in northern Canada.

Canada has received its first shipment of Moderna Inc’s COVID-19 vaccines, Prime Minister Justin Trudeau said Thursday, as the country urged people to limit their contacts during the Christmas and New Year’s holidays.

Trudeau said the first shipment of Moderna vaccines is part of the 168,000 doses that Canada expects to receive before the end of December.

“These are part of the 168,000 doses we’ll be getting before the end of the month, and part of the 40 million doses we’re guaranteed from Moderna overall,” he tweeted.

Health Canada on Wednesday approved the Moderna vaccine for use in Canada, saying it had met the agency’s “stringent safety, efficacy and quality requirements”.

The first doses of Moderna’s COVID-19 vaccine have arrived in Canada. These are part of the 168,000 doses we’ll be getting before the end of the month, and part of the 40 million doses we’re guaranteed from Moderna overall. pic.twitter.com/eKhQ6v8xSA

— Justin Trudeau (@JustinTrudeau) December 24, 2020

Canada is the second country to approve the Moderna vaccine, after the United States’ Food and Drug Administration (FDA) on December 18 approved it for emergency use.

Moderna’s COVID-19 shot is the second approved in Canada after the Pfizer-BioNTech vaccine, which is already being administered to healthcare workers and long-term care home residents in several provinces.

Unlike the Pfizer-BioNTech vaccine, the Moderna vaccine does not have to be kept at ultra-low freezing temperatures, and Canadian officials said they plan to send it to more remote areas of the country.

“The different storage and handling requirements of the Moderna COVID-19 vaccine mean that it can be distributed to isolated and remote communities, including the territories,” Health Canada said this week.

Anita Anand, Canada’s minister of public services and procurement, tweeted Thursday that the first Moderna shipment “will be the first #COVID19 vaccine deployed in Canada’s North”.

1/ Just one day after Health Canada approval, I am pleased to be on hand as the Moderna vaccine arrives in 🇨🇦! This is the first shipment of a total 40M doses that our gov’t has procured from Moderna and will be the first #COVID19 vaccine deployed in Canada’s North. pic.twitter.com/b1TR9mFbXG

— Anita Anand (@AnitaOakville) December 24, 2020

The health and social services minister for Yukon, one of Canada’s northern territories, said in a statement Wednesday that the Moderna vaccine approval was “exciting news Yukoners have been waiting for”.

Pauline Frost said Yukon expects to receive an initial shipment of 7,200 doses of the vaccine to inoculate 3,600 people with two shots. As of Thursday morning, the territory had no active cases of COVID-19.

“Yukon will receive enough doses to vaccinate 75 percent of the eligible adult population in early 2021,” said Frost, adding that long-term care residents and staff would receive the vaccine first.

Canada is battling a surge in COVID-19 cases and hospitalisations across the country.

On Thursday, the most populous province, Ontario, reported 2,447 new COVID-19 infections – its highest single-day tally since the start of the pandemic – and 49 additional deaths linked to the novel coronavirus.

Health officials in neighbouring Quebec also reported a single-day high with 2,349 new cases, as well as 46 more deaths.

Both the Quebec and Ontario governments are preparing to put new restrictions in place in the coming days as part of their efforts to stem the spread of the virus.