Facebook

Top 5 Bug Bounty Programs to Watch in 2021

2/08/2021
Bug Bounty Programs

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the “Application Crowdtesting Services” category.


We have compiled the top 5 most promising bug bounty platforms for those of you who are looking to enhance your existing software testing arsenal with knowledge and expertise from international security researchers:


1. HackerOne


Being a unicorn backed by numerous reputable venture capitalists, HackerOne is probably the most well-known and recognized Bug Bounty brand in the world.


According to their most recent annual report, over 1,700 companies trust the HackerOne platform to augment their in-house application security testing capacities. The report likewise says that their security researchers earned approximately $40 million in bounties in 2019 alone and $82 million cumulatively.


HackerOne is also famous for hosting US government Bug Bounty programs, including the US Department of Defense and US Army vulnerability disclosure programs. Like some other commercial providers of Bug Bounties and Vulnerability Disclosure Programs (VDP), HackerOne now also offers penetration testing services stuffed with vetted security researchers from around the globe. HackerOne has a solid portfolio of security certifications, including ISO 27001 and FedRAMP authorization.


2. BugCrowd


Founded by cybersecurity expert Casey Ellis, BugCrowd is probably the most creative and inventive Bug Bounty platform. BugCrowd actively promotes not just the traditional crowd security testing services but also attack surface management and a broad spectrum of penetration testing services for IoT, API, and even network, staying ahead of their competitors on the rapidly growing crowd labor market.


BugCrowd also aptly advertises numerous Software Development Life Cycle (SDLC) integration capacities, making the DevSecOps workflow faster and easier for their wealthy clients.


BugCrowd is famous for hosting Bug Bounty programs for such industry giants as Amazon, VISA, and eBay, as well as the venerated (ISC)² cybersecurity education association. Many beginners in the security research are well familiar with BugCrowd thanks to the BugCrowd University, ongoing security webinars, and training BugCrowd smartly organizes both for their customers and researchers.


3. OpenBugBounty


The skyrocketing OpenBugBounty project is the only non-for-profit vulnerability disclosure and Bug Bounty platform on our list. Its Alexa rank says OpenBugBounty is about to surpass most of its commercial competitors successfully.


With over 1,200 active Bug Bounty programs, OpenBugBounty also permits coordinated disclosure of security issues on any website if the issue was detected by non-intrusive means. Bug Bounty program creation is totally free, and the website owners are not required to make monetary payments to the researchers – but are encouraged at least to thank the researchers and provide a public recommendation for their efforts.


OpenBugBounty hosts Bug Bounty programs for such companies as A1 Telekom Austria and Drupal, with over 20,000 security researchers and almost 800,000 security vulnerabilities submitted so far. The platform says its policies and disclosure processes are based on ISO 29147 standard.


OpenBugBounty also cooperates with national CERTs and law enforcement agencies by providing them with a free API to the platform while keeping vulnerability details confidential unless a researcher discloses his or her findings to the public.


4. SynAck


Backed by many renowned VC funds, including Intel Capital and Kleiner Perkins, SynAck was named “CNBC Disruptor” company four times in a row, from 2015 to 2019. SynAck stands atop commercial Bug Bounty platforms, also named in Gartner’s Top 25 Enterprise Software Startups.


Founded by Jay Kaplan and Mark Kuhr, security visionaries and reputable veterans of the US national security agencies, SynAck offers an elite team of thoroughly vetted cybersecurity researchers known as “Red Team” (SRT). According to SynAck, the SRT group is composed of security experts with verified backgrounds and credible industry experience.


SynAck successfully positions itself as the leader in trusted crowd security testing services by performing comprehensive due diligence on their Red Team and recording all their activities for future analysis or review. Finally, SynAck has successfully developed partnerships and technology alliances with the industry leaders, including Microsoft, AWS, and HPE, demonstrating strong potential for further growth.


5. YesWeHack


YesWeHack is the rising star of our rating for 2021. The only European Bug Bounty and vulnerability disclosure company, YesWeHack efficiently attracts EU-based companies whose main concern is strict privacy and data protection. Recently, YesWeHack announced a record 250% growth during 2020 in Asia, demonstrating that European startups are capable of scaling globally.


Similar to BugCrowd, YesWeHack is well prepared to invest in its human capital. Last year, it launched a training program to help Bug Bounty hunters hone their hacking skills with the YesWeHack DOJO platform. It features introductory courses and training challenges focused on specific security vulnerabilities and playgrounds.


With DOJO, security researchers from all over the world can improve their software security testing skills. Finally, YesWeHack persuasively demonstrates its capacity to attract reputable European customers such as the French OVH conglomerate.


Bug Bounties have started their transformation from pure crowd security testing to all-in-one cybersecurity platforms, offering classic penetration testing and a myriad of other services. Today, it is difficult to predict how successful their offering will be against traditional MSSPs and cybersecurity vendors; however, Bug Bounties certainly created a new market niche with powerful potential.


While the open and free OpenBugBounty project brings maturity into the business, as the open-sourced Linux did against Microsoft decades ago, later giving birth to a multi-billion Red Hat business.


This is an indicator that the Bug Bounty market is becoming bigger and more competitive while the newcomers are still joining the game. We may probably expect even more Venture Capital and M&A deals fostering further expansion of the crowd security market.

Top 5 Bug Bounty Programs to Watch in 2021 Top 5 Bug Bounty Programs to Watch in 2021 Reviewed by TechCO on 2/08/2021 Rating: 5

Is Sundial Growers Stock a Wise Investment?

2/08/2021

stock







Warren Buffet said that investing requires more temperament qualities than intellect ones. If we followed this advice, that would mean buying stocks because you are in the mood, not because you foresee their great potential to have good returns. Therefore, we will go with Peter Lynch’s advice that investing in stocks is not a science but an art. Choosing the right stocks to include in your portfolio is not always easy when you are bombarded with so much information about each company listed on the stock exchange. For this reason, let’s help you narrow your options by looking at a specific company: Sundial Growers. Now that Joe Biden is in office and there is hope for marijuana legalization, is Sundial Growers stock a wise investment? Most analysts do not think so, and here are a few reasons. Here’s Why You Should Hold Off Buying Sundial Growers Stock.


No Hope for Legalization of Cannabis in the United States


According to Investor Place, the more it became clear that Joe Biden was taking over from Donald Trump, the more the Sundial Growers stock keep climbing. It even got to 17 cents a share, which was an impressive increase of 175%. However, the article said that it was still too early to start counting your chicks. The stock was doing good because it was expected that once Biden became the President of the United States, there would be the legalization of cannabis since there is already the MORE (Marijuana Opportunity Reinvestment and Expungement Act awaiting to be passed. Unfortunately, those who were not keen on Biden’s speeches may have failed to notice that he supported having those arrested for marijuana offenses to have a clean slate. Biden avoided speaking publicly about the legalization, which makes up the first section of the MORE Act. Besides, with the Senate Majority leader having a lot of influence in passing such bills, it is unlikely that those who are hoping for marijuana legalization will get their wish. After all, the current majority leader has been very forthcoming about where he stands concerning the MORE Act. Therefore, even if the House of Representatives passed the bill, the President and the US Senate are not likely to support legalization and decriminalization.


Being Debt-Free Does Not Mean it is out of the Woods Yet


Additionally, since investing in a company with lots of debt is never advisable, Sundial Growers quickly took care of its debts. The CEO, Zach George, in December 2020, announced that unlike other cannabis companies with significant debt burdens, Sundial Growers had become debt-free. According to PR Newswire, he explained that after running out of cash and having to turn to debt to stay afloat, the company had finally gotten rid of $227 million in debts.


Unfortunately, even if being debt-free attracted lots of positive attention, stock market analysts still opined that it was yet to make a good impression for investors. Some investors still rushed to buy the stock causing an increase in the shares by 177%, but the company is not yet making any strides in the income statement. They did not hit target revenues but instead suffered a loss of $71.4 million in the third quarter, almost double the loss of $32.8 million experienced in the second quarter. Such poor performance led analysts to expect the fourth quarter to be much worse; they anticipated a 6% loss on the company shares. While becoming debt-free is commendable, Sundial Growers put its shareholder’s investment at risk by diluting the shares. The outstanding shares grew from 72.8 million to 206.7 million, meaning that the value of shares went down; no wonder the minimal increase is being viewed like the company’s saving grace.


Future is Hanging by a Thread


The future may be a mystery, but when you are investing in stocks, you want to have hope that the shares you are buying will be worth much more. Sundial Growers stock does not afford you that luxury. According to Forbes, besides the shares being on a downward spiral and the financial statements being very weak, the future of the company is hard to predict. While the first day of trading came with a decrease in the shares, which the CEO blamed on a scandal, it has gone from trading at $13 during the IPO to less than a dollar currently.







The below-a-dollar share price makes it a very poor choice to invest in. Hence you must be wary because it could be delisted from NASDAQ if it continues trading in cents. As per some sources, Sundial Growers has until June 26, 2021, to keep the share price above $1 for at least ten consecutive days. If it gets delisted and you have already accumulated its shares, you will have difficulty finding a buyer. Although you might be tempted to think that the future is bright for Sundial Growers given the recent surge, it is unfortunately temporary. According to the Motley Fool, Sundial Growers stock surged on February 3, 2021, because the Democratic Senate Majority leader and two other senators pledged support for the legalization of marijuana. They claimed its prohibition only inflicts harm, mainly on people of color.


As per the Motley Fool, if opportunities in the cannabis sector arise, Sundial Growers would use the $615 million unrestricted cash it has in its reserves to buy other cannabis companies. Such hope has led to the increase of the share, similar to what was experienced in GameStop. However, Sundial Growers stock is not anticipated to follow in the footstep of GameStop. The explanation is that GameStop stock soared because investors were shorting it, thinking it would fall before another surge. On the other hand, even if Sundial Growers stock was shorted, the outstanding shares are very modest to make a huge difference. Moreover, if it were to surge to high levels, it would be unsustainable; hence, do not be fooled by the current excitement.



Is Sundial Growers Stock a Wise Investment? Is Sundial Growers Stock a Wise Investment? Reviewed by TechCO on 2/08/2021 Rating: 5

View: Digital transformation has reformed the ‘traditional’ industries to smart industries

2/08/2021

There is hardly any aspect of life that hasn’t been affected by the Covid-19 pandemic. New technologies, inventions and well-organised tools are being developed every day. Digital transformation has occurred all around us. It impacted every business, reducing economic growth immensely.


The way countries handle foreign policy will change irreversibly in the future due to digital transformation. There would be one policy for the physical world and another for the digital one involving matters like data-sharing, digital currency and the virtual world. Imagine one country can export rice to another, but not any personal identifiable data.


Democratised or conservative data-sharing in the future will feature in election manifestos — how elected governments will deal with personal data, and what their privacy laws that directly impact citizen’s freedom could be. Decisions like national Bills will be augmented via algorithms and use of data. DNA base predictions will reduce false health alarms. It could also lead to better personalised treatment, and lower insurance and healthcare per-capita costs.


A decade ago, augmented reality (AR) was seen as a fad and was very expensive. Now, it’s commonly available in Instagram filters and navigation apps. Technology will soon mature from AR to augmented humans (AH) with the ease of 3D printing bionic limbs and their repair parts. AH will transform the way people with disabilities live their daily lives.


Digital transformation has reformed the ‘traditional’ industries to smart industries, whether artificial intelligence (AI) and car automation, or the mattress industry (where mattresses can make themselves warm or cold based on the ambient temperature). Wearables will, one day, become like tattoos, also being able to record health data like diabetes readings, cardiac health and body temperature.


So, it’s safe to believe that traditionally, digital transformation used for computer and internet technology will be used for more competent value creation. Computing technology, combined with easy-to-use user experiences, are chief driver of these changes. They bring in radical changes to the business world, as more users adopt digital experiences in their routines and lives. ‘Digital twin’ technology — generation or collection of digital data representing a physical object — is, for instance, revolutionary.


WhatsApp has announced plans to launch micro insurance and pension products soon. On the agricultural science front, there will be a major productivity surge, with new digital business models increasingly adopting hydroponic systems — growing plants and crops without soil and using mineral nutrient solutions in an aqueous solvent.


Telemedicine, AI-enabled medical devices and blockchain electronic health records are examples of digital transformation in healthcare. Telemedicine will transform care and may reduce hospitalisation, help increase in care and life expectancy. Care-giving will be remotely possible as more family members migrate and have access to evidence-based care. Both private and public sector programmes may lay a solid foundation for digital innovations. Meanwhile, increase in initiatives will create healthy competition. Ultimately, it will bring down digital cost and increase usage.


Specifically, government can build the digital infrastructure based on the requirements of the public sector. Creating noticeable competences and successful fiscal funds, it increases its innovation outputs, while improving public services.


(The writer is leader, global digital transformation, Abbott Laboratories, Chicago, US)

View: Digital transformation has reformed the ‘traditional’ industries to smart industries View: Digital transformation has reformed the ‘traditional’ industries to smart industries Reviewed by TechCO on 2/08/2021 Rating: 5

'Red packet' e-currency test planned in capital

2/08/2021

(China Daily) A lucky group of people in Beijing will receive a packet of 200 yuan ($31) apiece in digital currency from the municipal government on Wednesday for online and offline use during the upcoming Chinese Lunar New Year, a notice said on Saturday evening.


The initiative is part of the trial of the central bank’s digital currency, the e-CNY. Beijing will be the third city-after Shenzhen, Guangdong province, and Suzhou, Jiangsu province-to send the digital yuan to consumers for testing.


This time, the e-CNY issuance in Beijing is worth 10 million yuan, which will expand the trial on the whole to more than 100 million yuan.


People who receive the “red packet” after a random draw can use the e-CNY through certain apps or the digital wallets of designated stores and restaurants in Wangfujing, one of the famous business walking streets in China.


They can also use e-CNY online, via the app of the e-commerce platform JD, according to a notice from Beijing Local Financial Supervision and Administration.


The e-CNY in the Beijing trial can be used from Feb 10 to 17. Six banks are participating in the test-Industrial and Commercial Bank of China, Bank of China, Agricultural Bank of China, China Construction Bank, Bank of Communications and Postal Savings Bank of China.


China started large-scale, central bank digital currency pilot programs in 2019. Beijing also plans to expand e-CNY usage to the upcoming Winter Olympics in 2022. The 10 million yuan in red packets is one of the regular tests before the official launch, according to the local notice.


According to experts close to the People’s Bank of China’s digital currency institute, nine institutions-including State-owned big banks and e-commerce giants-have been designated by monetary authorities to develop digital wallets and related technology. To some extent, they are competitors in the digital currency payment service.


To win the competition, the digital wallet providers should connect the service with some specific spending scenarios, such as payment in bookstores or hotels. Through this, the winner would rely on a mature payment ecosystem.


One of the potential issues is that having different digital wallet operators could lead to data fragmentation or isolation of information, and the central bank may need to consider ways of controlling the trans-action costs, said Huang Yiping, deputy dean of the National School of Development at Peking University and chairman of China Finance 40 Forum’s Academic Committee.


The e-CNY’s debut will intensify competition among payment service providers and probably change the market structure in the sector, said Huang, who expected the digitalized renminbi to soon become Chinese people’s digital wallets, “hopefully this year”.


Globally, the COVID-19 pandemic may have further accelerated the pace of the digital revolution in many areas, and the digitalization process has also reached the financial system and even the design of money in many countries. In a survey by the Bank for International Settlements, 86 percent of 65 respondent central banks are doing some kind of research or experimentation of digital currencies.


In a recent speech, Agustin Carstens, general manager of the Bank for International Settlements, said: “If digital money is to exist, the central bank must play a pivotal role, guaranteeing the stability of value, ensuring the elasticity of the aggregate supply of such money, and overseeing the overall security of the system. Depending on their design,… (such systems) could upend our existing financial system. Different jurisdictions may pursue different avenues. This relates in part to different preferences regarding data privacy across different societies.”


Source: By Chen Jia | China Daily | Updated: 2021-02-08 07:25 

'Red packet' e-currency test planned in capital 'Red packet' e-currency test planned in capital Reviewed by TechCO on 2/08/2021 Rating: 5

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

2/08/2021
Iranian hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives.


Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten (or APT-C-50) and Infy, cybersecurity firm Check Point revealed new and recent evidence of their ongoing activities that involve the use of a revamped malware toolset as well as tricking unwitting users into downloading malicious software under the guise of popular apps.


“Both groups have conducted long-running cyberattacks and intrusive surveillance campaigns which target both individuals’ mobile devices and personal computers,” Check Point researchers said in a new analysis. “The operators of these campaigns are clearly active, responsive and constantly seeking new attack vectors and techniques to ensure the longevity of their operations.”


password auditor

Despite overlaps in the victims and the kind of information amassed, the two threat actors are considered to be independently operating from one another. But the “synergistic effect” created by using two different sets of attack vectors to strike the same targets cannot be overlooked, the researchers said.


Domestic Kitten Mimics a Tehran Restaurant App


Domestic Kitten, which has been active since 2016, has been known to target specific groups of individuals with malicious Android apps that collect sensitive information such as SMS messages, call logs, photos, videos, and location data on the device along with their voice recordings.


Spotting four active campaigns, the most recent of which began in November 2020 according to Check Point, the APT-C-50 actor has been found to leverage a wide variety of cover apps, counting VIPRE Mobile Security (a fake mobile security application), Exotic Flowers (a repackaged variant of a game available on Google Play), and Iranian Woman Ninja (a wallpaper app), to distribute a piece of malware called FurBall.



The latest November operation is no different, which takes advantage of a fake app for Mohsen Restaurant located in Tehran to achieve the same objective by luring victims into installing the app by multiple vectors — SMS messages with a link to download the malware, an Iranian blog that hosts the payload, and even shared via Telegram channels.


Prominent targets of the attack included 1,200 individuals located in Iran, the US, Great Britain, Pakistan, Afghanistan, Turkey, and Uzbekistan, the researchers said, with over 600 successful infections reported.


Once installed, FurBall grants itself wide permissions to execute the app every time automatically on device startup and proceeds to collect browser history, hardware information, files on the external SD card, and periodically exfiltrate videos, photos, and call records every 20 seconds.


It also monitors clipboard content, gains access to all notifications received by the device, and comes with capabilities to remotely execute commands issued from a command-and-control (C2) server to record audio, video, and phone calls.


Interestingly, FurBall appears to be based on a commercially available Spyware called KidLogger, implying the actors “either obtained the KidLogger source-code, or reverse-engineered a sample and stripped all extraneous parts, then added more capabilities.”


Infy Returns With New, Previously Unknown, Second-Stage Malware


First discovered in May 2016 by Palo Alto Networks, Infy’s (also called Prince of Persia) renewed activity in April 2020 marks a continuation of the group’s cyber operations that have targeted Iranian dissidents and diplomatic agencies across Europe for over a decade.


[embedded content]


While their surveillance efforts took a beating in June 2016 following a takedown operation by Palo Alto Networks to sinkhole the group’s C2 infrastructure, Infy resurfaced in August 2017 with anti-takeover techniques alongside a new Windows info-stealer called Foudre.


The group is also suggested to have ties to the Telecommunication Company of Iran after researchers Claudio Guarnieri and Collin Anderson disclosed evidence in July 2016 that a subset of the C2 domains redirecting to the sinkhole was blocked by DNS tampering and HTTP filtering, thus preventing access to the sinkhole.


Then in 2018, Intezer Labs found a new version of the Foudre malware, called version 8, that also contained an “unknown binary” — now named Tonnerre by Check Point that’s used to expand on the capabilities of the former.


“It seems that following a long downtime, the Iranian cyber attackers were able to regroup, fix previous issues and dramatically reinforce their OPSEC activities as well as the technical proficiency and abilities of their tools,” the researchers said.


As many as three versions of Foudre (20-22) have been uncovered since April 2020, with the new variants downloading Tonnerre 11 as the next-stage payload.


The attack chain commences by sending phishing emails containing lure documents written in Persian, that when closed, runs a malicious macro that drops and executes the Foudre backdoor, which then connects to the C2 server to download the Tonnerre implant.


Besides executing commands from the C2 server, recording sounds, and capturing screenshots, what makes Tonnerre stand out is its use of two sets of C2 servers — one to receive commands and download updates using HTTP and a second server to which the stolen data is exfiltrated via FTP.


At 56MB, Tonnerre’s unusual size is also likely to work in its favor and evade detection as many vendors ignore large files during malware scans, the researchers noted.


However, unlike Domestic Kitten, only a few dozen victims were found to be targeted in this attack, including those from Iraq, Azerbaijan, the U.K., Russia, Romania, Germany, Canada, Turkey, the U.S., Netherlands, and Sweden.


“The operators of these Iranian cyber espionage campaigns seem to be completely unaffected by any counter-activities done by others, even though they were revealed and even stopped in the past — they simply don’t stop,” said Yaniv Balmas, head of cyber research at Check Point.


“These campaign operators simply learn from the past, modify their tactics, and go on to wait for a while for the storm to pass to only go at it again. Furthermore, it’s worthy to note the sheer amount of resources the Iranian regime is willing to spend on exerting their control.”

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers Reviewed by TechCO on 2/08/2021 Rating: 5

Cover for gig workers: Amazon, others pledge Rs 500 crore to proposed social security fund

2/08/2021

NEW DELHI: More than a dozen companies including Amazon, Flipkart, Swiggy, Ola and Uber have committed about Rs 500 crore to the government’s proposed social security fund that will provide health insurance to one million gig workers, a top official told ET.


The labour ministry has finalised the scheme for gig workers under the Employees’ State Insurance Corporation, which will be announced alongside the rollout of the Social Security Code.


The initial commitments by the ecommerce platforms and ride aggregators are based on the options given to them under the Code, the official said.


“The above contribution is based on 1% of the revenue of the platforms,” the official said.


The Code had provided for contribution of 1-2% of revenue of the platform or 5% of the wages paid to the worker. However, it has been decided to peg it at 1% of revenue.


This will be topped up by a minuscule monthly contribution of up to Rs 100 from the gig worker. The government will, however, not make any monetary contribution. The platforms will be required to make an annual contribution by June 30 each year on a self-assessment basis.




g1


Companies will need to submit a form specifying the number of gig workers associated with them at the start of each financial year along with the preceding year’s annual turnover.


On their part, the gig workers will have to update particulars such as current address, job, period of engagement with the gig firm, skills, and mobile number on the portal specified by the government to avail of such benefits.


Gig workers covered under the scheme will be eligible for medical, maternity, disability and other benefits and would have access to ESIC hospitals. The labour ministry is ready with the rules under the four labour Codes, which will be notified soon, the official said.


Gig workers are a portable workforce that work with e-commerce platforms, taxi aggregators and food delivery firms, among others. However, the white-collar gig workforce, often referred to as freelance consultants, will not be part of the beneficiaries in the first year as the scheme.

Cover for gig workers: Amazon, others pledge Rs 500 crore to proposed social security fund Cover for gig workers: Amazon, others pledge Rs 500 crore to proposed social security fund Reviewed by TechCO on 2/08/2021 Rating: 5

How glaciers can burst and send floods downstream

2/08/2021

The floods that slammed into two hydroelectric plants and damaged villages in Uttarakhand were set off by a break on a Himalayan glacier upstream. Here’s a look at how glaciers and glacial lakes form and why they may sometimes break:


HOW GLACIERS AND GLACIAL LAKES FORM
Glaciers are found on every continent except Australia and some are hundreds of thousands of years old. A large cluster of glaciers are in the Himalayas, which are part of India’s long northern border. Sunday’s disaster occurred in the western part of the Himalayas.


Glaciers are made of layers of compressed snow that move or “flow” due to gravity and the softness of ice relative to rock. A glacier’s “tongue” can extend hundreds of kilometers (miles) from its high-altitude origins, and the end, or “snout,” can advance or retreat based on snow accumulating or melting.


“Ice may flow down mountain valleys, fan out across plains, or in some locations, spread out onto the sea,” according to the National Snow and Ice Data Center.


Proglacial lakes, formed after glaciers retreat, are often bound by sediment and boulder formations. Additional water or pressure, or structural weakness, can cause both natural and manmade dams to burst, sending a mass of floodwater surging down the rivers and streams fed by the glacier.


WHY DID THIS GLACIER BURST?
It’s not yet known what caused part of the Nanda Devi glacier to snoff Sunday morning, sending floodwater surging downstream toward power plants and villages in India’s northern state of Uttarakhand.


Seismic activity and a buildup of water pressure can cause glaciers to burst, but one particular concern is climate change. High temperatures coupled with less snowfall can accelerate melting, which causes water to rise to potentially dangerous levels.


“Most mountain glaciers around the world were much larger in the past and have been melting and shrinking dramatically due to climate change and global warming,” said Sarah Das, an associate scientist at Woods Hole Oceanographic Institute.


CAN SUCH DISASTERS BE PREDICTED?
Past deadly or highly destructive glacial floods have occurred in Peru and Nepal.


But the remote locations of glaciers and a lack of monitoring mean we don’t have a clear understanding of how often they occur and if they are increasing, Das said.


“Given the overall pattern of warming, glacier retreat, and increase in infrastructure projects, though, it seems natural to hypothesize that these events will occur more frequently and will become overall more destructive if measures are not taken to mitigate these risks,” said Das.


A number of imminent potentially deadly glacier burst and flood situations have been identified worldwide, including in the Himalayas and South American Andes.


But while monitoring is possible, the remoteness of most glaciers presents challenges.


“There are many glaciers and glacial dammed lakes across the Himalayas, but most are unmonitored,” Das said. “Many of these lakes are upstream of steep river valleys and have the potential to cause extreme flooding when they break. Where these floods reach inhabited regions and sensitive infrastructure, things will be catastrophic.”


A 2010 information page published by the International Centre for Integrated Mountain Development called for more glacier monitoring in the Hindu Kush Himalayas to better understand “the real degree of glacial lake instability.”


The region where the glacial burst occurred is prone to landslide and flash flooding, and environmentalists have cautioned against building in the region.

How glaciers can burst and send floods downstream How glaciers can burst and send floods downstream Reviewed by TechCO on 2/08/2021 Rating: 5
ads 728x90 B
Powered by Blogger.