Archive for September 12, 2023

Visa Announces Appointment of Sam Fuda as Vice President, Head of Commercial and Money Movement

Posted in Commentary with tags on September 12, 2023 by itnerd

Visa Canada has announced that Sam Fuda will assume the role of Vice President, Head of Commercial and Money Movement (CMS), Canada succeeding Jim Filice.

In this role, Fuda will be responsible for leading the market strategy, product development and sales across money movement, commercial, real-time payments, and open banking. He will also be responsible for developing and building our external reputation for commercial and money movement, leading overall CMS performance for Canada including revenue, AANR, and further evolving the ecosystem. Prior Fuda was in the role of VP, Financial Partnerships for CIBC.

Fuda will become a member of the Canada Leadership Team along with the North America Commercial and Money Movement Solution teams. He will report directly to Yanilsa Gonzalez-Ore, SVP Visa Direct NA & Global Ecosystem, and have a dual report to Stacey Madge, SVP, President and Country Manager and Veronica Fernandez, SVP, Head of NA CMS.

Fuda has over 20 years of financial services experience with a particular focus in Payments. He is an analytical thinker and problem-solver with a strong ability to drive end-to-end growth strategies and has a proven record for driving results.  While he was responsible for leading Visa’s account team and overseeing the Canadian Imperial Bank of Commerce (CIBC) relationship, he developed expertise in Visa’s emerging money movement business and established CIBC as one of Visa’s critical relationships in the space.

Zoho Introduces Zoho Billing

Posted in Commentary with tags on September 12, 2023 by itnerd

Zoho today announced Zoho Billing, an expanded version of its current application Zoho Subscriptions. Zoho Billing is a multifaceted billing solution built specifically for growing businesses, allowing users the flexibility to experiment with pricing and the ability to go to market swiftly.

For the past decade, businesses of all sizes have been embracing subscription models, which introduced a number of challenges including managing recurring billing and tracking new metrics. Zoho Subscriptions was introduced to solve these challenges. Today, businesses are more flexible and experimental in their approach to billing – subscription-based businesses are exploring traditional sales methods, while companies that used to focus on one-time sales are considering tiered subscription plans. This necessitates a comprehensive billing solution that supports businesses with their constantly evolving strategies.

The expanded application boasts a user-friendly interface with versatile billing functionalities like estimates, retainer invoicing for advance payments, one-time or flat-fee billing, project billing, expense billing, and Quote-to-Cash (Q2C). Additionally, Zoho Billing offers subscription management capabilities like trial management, prorated billing, customer lifecycle management, retention, and revenue recovery. Businesses can also use features like consolidated billing, metered billing, online payment collection and record offline payments. Businesses selling mobile app subscriptions through app stores like Apple’s AppStore or Google Play store, can integrate their billing, maintaining unified backend across selling channels. 

Zoho Billing offers 13 country-specific editions including Canada [US/Mexico], that help businesses to be compliant with the regional tax regulations. Businesses outside of these countries can leverage the global version to configure the tax settings according to their local tax laws. Moreover, Zoho Billing offers 50+ reports, providing metrics on accounts receivable, cash inflow, recurring revenue and customer subscriptions.

Zoho Billing includes a feature-rich mobile application available for iOS and Android devices, making it easier for businesses to take care of their billing operations on the go.

The application seamlessly integrates with other Zoho apps like Zoho Books for accounting, and Zoho Inventory for inventory order management, Zoho CRM for customer relationship management, and Zoho Analytics for advanced analytics. Furthermore, it offers built-in integration with third party applications like Slack, Zendesk, and Dropbox to cater to different business needs, and sync billing data contextually. For advanced or custom needs, businesses can use APIs and Webhooks to connect with any other applications.

Pricing and Availability

Zoho Billing is available for use immediately, and offers four different plans for users to choose from: Standard plan $19/$15 (CA/US) monthly, Professional plan $49/$39 (CA/US) monthly, Premium plan $99/$79 (CA/US) monthly, and Elite plan $299/$ 239(CA/US) monthly, billed yearly.

Zoho Announces 36% YoY Upmarket Growth in Canada, And They Will Open Toronto and Montreal Data Centers in Q4

Posted in Commentary with tags on September 12, 2023 by itnerd

 Zoho Corporation today celebrates major momentum in Canada marked by a five-year CAGR of 36% for mid-sized enterprises. This year to date, Zoho’s overall Canadian customer base increased by 24%, with Zoho Workplace customers growing 32% over the same period. To further serve its Canadian customers locally, Zoho is opening two new data centers in Toronto and Montreal, both which will be operational by Q4 of this year. Additionally, Zoho is announcing the release of Zoho Billing, a new solution available as a Canadian edition, which is compliant with regional tax regulations.

Globally, Zoho surpassed 100 million users this month, thanks to the continued support of Canadian customers, as well as the dedicated effort of the company’s partner network, through which Zoho generates 40% of its revenue in the country.

Zoho Billing

Today marks the release of Zoho Billing, a new subscription billing and invoicing platform, available immediately, either as a global or Canadian edition, which is compliant with regional tax regulations. This multifaceted solution provides users the flexibility to experiment with pricing and the ability to go to market swiftly. Zoho Billing boasts a user-friendly interface with versatile billing functionalities, including estimates, retainer invoicing for advance payments, one-time or flat-fee billing, project billing, expense billing, and Quote-to-Cash (Q2C). Additionally, Zoho Billing offers subscription management capabilities such as trial management, prorated billing, customer lifecycle management and retention.

Canadian Data Centers

Beginning in Q4 of this year, Zoho will open two new data centers in Canada. Strategically located in Toronto and Montreal, Zoho’s new and existing Canadian customers will receive fast, reliable, and secure access to their data and business applications. Representing Zoho’s 13th and 14th globally, these data centers underscore the company’s commitment to user privacy and security, as well as its efforts to serve customers locally.

Pricing and Availability

Zoho Billing is available for use immediately, and offers four different plans for users to choose from: Standard plan $19/$15 (CA/US) monthly, Professional plan $49/$39 (CA/US) monthly, Premium plan $99/$79 (CA/US) monthly, and Elite plan $299/$ 239(CA/US) monthly, billed yearly.

MGM Resorts Pwned By Ransomware

Posted in Commentary with tags on September 12, 2023 by itnerd

If you’re trying to book a vacation at a MGM Resort, forget about it. They’ve been pwned by a ransomware attack:

The initial shutdown impacted nearly every aspect of the casino operator’s business. Reservation systems, booking systems, hotel electronic key card systems, and the casino floors were all apparently impacted by the outage.

The company’s email systems were also apparently taken down in response to the cybersecurity issue, and have not yet come back online.

The company said that as of Monday evening, their casino floors were back online. But the reservation systems that power their thousands of hotel rooms and the booking system that controls reservations for their restaurants are apparently still down, more than a day after the first reports of the incident began to circulate.

Sucks to be MGM. Chris Denbigh-White, the Chief Security Officer (CSO) for Next DLP had comment on this pwnage:

The recent cyber assault on MGM Resorts has sparked significant intrigue, albeit amid a veil of limited information. Considering the available intelligence and the trajectory of cyber threats this year, it strongly suggests ransomware is the probable perpetrator. 

Casinos, both repositories of substantial wealth and vast volumes of personal and financial data that harbor a minuscule appetite for operational downtime, render them exceptionally enticing prey for cyber-criminal syndicates on the hunt for financial gain.

Although specific details are lacking, the initial repercussions of this incident are far from unclear. MGM Resorts has instituted a sweeping shutdown of a substantial segment of its infrastructure. This episode accentuates the paramount role of visibility in crafting effective containment strategies. It compels businesses, irrespective of industry, to contemplate the depth to which they should be prepared to suspend or curtail their operations when confronted by such threats. MGM’s response, somewhat akin to a “nuclear” option, is poised to affect its near-term revenue-generating capabilities indisputably.

As MGM Resorts looks toward the eventual restoration of its services, the imperative of a meticulously delineated and rigorously tested system restoration process takes center stage. This process must ensure that when operations recommence, unwavering confidence prevails regarding the fortitude of system defenses. Following such an ordeal, a certain degree of paranoia will undoubtedly pervade as the systems are reactivated.

The MGM incident underscores a universal truth—namely, that the calculus of cyber risk knows no industry bounds. The profound implications of this breach reverberate well beyond the casino walls, resonating as a stark reminder to senior leadership teams across sectors that the pursuit of resilience, protection of data, and the preservation of digital trust are mandates of our digital age.

I would not at all be shocked if we see more attacks on those in the vacation/resort/casino business as those are targets who might be more likely to pay up as attacks like this are move devastating from a revenue perspective.

UPDATE: Ken Westin, Field CISO, Panther Labs add this:

While the details of the attack have not been provided, the response of shutting down the network, particularly bringing down games which are the lifeblood of a casino, tells me that we are dealing with a potential ransomware incident. The shutdown of such critical systems was probably done to stop the spread of malware through their environment. Ransomware groups commonly target not just one company, but entire industries once they identify a common vulnerability or misconfiguration.  This should be cause for alarm in the gaming industry, as these networks are tightly controlled with multiple layers of security, if a vulnerability was identified it could mean additional casinos will be hit that may share a vulnerable application or similar misconfiguration.

Steve Hahn, Executive VP, BullWall follows with this:

   “MGM isn’t publicly stating the nature of the attack, but looking at the endless stream of negative social media posts from their customers being locked out of their room, or entering rooms with other guests in them, ATMs and slot machines down, this really can’t be anything other than a Ransomware Attack. Ransomware Attacks are designed not just to encrypt data, but to propagate itself to other endpoints, servers, fileshares and even VMs and Domain Controllers. Once this happens wide scale outages begin across the victims IT and services. 

   “Ransomware is also nearly impossible to prevent from a focused and dedicated threat actor. Casinos have some of the largest attack surfaces out there. Every IoT device presents the threat actors with another attack vector. I spoke to a casino that was hit recently that had the attack initiate on a temperature sensor in a large aquarium on their property.

   “These types of properties should view these as a “when” not “if” event and look to how to contain an outbreak within milliseconds vs solely focusing on prevention. With a prevention only focus the threat actor only needs to get it right one time. Containment tools and a disaster response plan have to be seen as “table stakes” for casinos in the modern threat world.”

Finally Emily Phelps, Director, Cyware had this to say:

   “Cybersecurity is increasingly complex, in part, due to the interconnected way in which business now operates. It is more difficult to isolate an issue, leading to widespread impact. Even well-resourced enterprises deal with disparate tools, siloed teams and data, and delayed response. Cybersecurity must become more collaborative to get ahead of threats that interrupt business continuity.”

Netcraft Acquires FraudWatch 

Posted in Commentary on September 12, 2023 by itnerd

Netcraft, global leader in cybercrime detection, disruption, and takedowns, announced today the acquisition of FraudWatch, a leading Australian online brand protection provider focused on phishing, social media, brand infringement, and fake mobile apps.

Netcraft and FraudWatch together are committed to providing global organizations cutting-edge cybersecurity products and services. With its global threat feeds, automated attack detection, disruption, and takedown solutions, Netcraft’s innovations have enabled it to scale, taking down more than 15 million attacks and counting. FraudWatch’s managed online brand protection services are driven by its 24/7 Security Operations Center (SOC) in Melbourne using its PhishPortal platform. FraudWatch works alongside its customers across the world to protect against phishing, fraud, and cybercrime.

With this acquisition, Netcraft and FraudWatch will deliver high-quality, high-speed cybercrime detection and takedowns with even greater capabilities to new and existing customers. The company will further enhance support and services by combining its existing relationships with hosting providers, domain registrars, and social media platforms through the FraudWatch SOC alongside Netcraft’s API-based and commercial partnerships. Additionally, the acquisition will accelerate growth in North America and the Asia-Pacific region for the combined company.

Organizations today face a rapidly evolving threat landscape, and security teams must detect and respond to malicious attacks quickly and effectively. By bringing together their technology, expertise, and processes, the combined company can provide best-in-class service to its global customers with a global SOC team available to manage, escalate and deliver deep insights.

About Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks. Its mission is to detect and disrupt cybercrime at scale through constant innovation, extensive automation, and unique insight, delivering a safer online experience for everyone. Netcraft is the trusted cybersecurity partner for three of the largest companies, twelve of the largest banks, and governments of five of the largest economies in the world. Netcraft’s comprehensive threat feeds, early fraud detection capabilities, and swift automated takedowns are unparalleled in the industry, scaling to perform takedowns for nearly one-third of the world’s phishing sites, blocking more than 170 million malicious sites. For more information, visit

About FraudWatch

FraudWatch is a leading Online Brand Protection company; its 24x7x365 Security Operations Center (SOC) protects thousands of brands worldwide. Headquartered in Australia, FraudWatch provides solutions to help protect businesses from digital brand threats, including financial loss, brand damage, and online abuse. Combined with its technology, a team of security professionals works around the clock to provide online brand protection services. FraudWatch’s team tenaciously tracks and takes down phishing and malware sites, fake domains, impersonated social media profiles, and fraudulent mobile applications. Its fast takedown of these threats provides tangible financial benefits to global clients.

Sri Lankan Government Loses 3 Months Of Data After Ransomware Attack

Posted in Commentary with tags on September 12, 2023 by itnerd

The Information and Communication Technology Agency (ICTA) has confirmed that on August 26th, all Sri Lankan government emails have lost all their data from May 17 to August 26, 2023 after a massive ransomware attack.
One government staff said that their official email had been receiving suspicious links over the past few weeks and that someone may have clicked one, triggering the ransomware attack.

The system was restored within 12 hours of the attack and the backup was also brought back, but more than three months of storage for over 5000 email domains was missing.

ICTA has started daily offline backups and intends to upgrade the relevant application to the latest version. An upgrade to the email network had been planned since 2021 but was constrained by fund limitations and board decisions, ICTA CEO Mahesh Perera said.

Steve Hahn, Executive VP, BullWall had this comment:

   “Ransomware attacks typically seek to steal and encrypt your data. However, there’s no guarantee the attacker will leave your data behind, encrypted or otherwise. Whether you pay the threat actor or even restore from backups, on average companies will not retrieve all of their data.

   “A 2021 study by Veeam found that more than half of all data backups fail, losing Ideas, patents, customer orders and communications, legal information, plans and documents. In this case the failure was a failure to act. It’s critical to protect it all and modern RW targets those backups as well, with the potential to wipe out everything. Not a good thing when “restoring the system” does not include your data.”

The attitude of organizations who are trying to protect themselves against attacks like this have to be prevention first along with a recovery strategy. That way they are covered for any eventuality.


Massive DDoS Attack Abserved On ‘Influential’ US Financial Firm

Posted in Commentary with tags on September 12, 2023 by itnerd

Last week, Akamai claimed to have observed and thwarted a massive DDoS attack targeting one of its “largest and most influential”, American financial institution.

Usually, almost all the legitimate traffic to the company’s site comes from the U.S., but during the 2-minute attack there was 633.7 gigabits of traffic per second from all over the world, including Bulgaria, Brazil, China, India, Thailand, Russia, Ukraine, Vietnam, and Japan.

The attack went directly after their primary web landing page with a likely intent to disrupt their online banking, according to Akamai. The incident didn’t harm or disrupt services, but given the magnitude of the attack, the financial company would have faced severe disruptions to its vital web systems had it not been mitigated.

Since 2021, there has been an increase in the number of DDoS attacks against financial services and over the past year, more than 30% of the DDoS attacks detected by Akamai have been aimed at financial services.

“Financial institutions are a key pillar of an economy, and targeting such businesses often has a larger impact on the overall economy,” Akamai researchers said.

Emily Phelps, Director, Cyware had this comment:

   “While financial institutions should pay close attention to the escalating attacks aimed at banks, enterprises across all sectors should take notice and ensure they have appropriate protections in place. Threat actors are not loyal to hitting one particular industry if the opportunity presents itself elsewhere.

   As DDoS attacks grow in scale and frequency, organizations must adopt more proactive measures to safeguard against such threats. Enterprises should regularly evaluate their risks and vulnerabilities and stay updated on the latest DDoS tactic, updating their defenses accordingly.

Dave Ratner, CEO, HYAS had this follow up:

   “The attack highlights that a chain is only as strong as its weakest link — in this case, one user likely following a malicious link amongst the hundreds that were delivered. Even the smartest of professionals will occasionally make mistakes or be fooled. It has never been more clear that Protective DNS solutions, capable of catching that mistake when a user clicks on a nefarious link, are required as part of a depth-in-depth strategy.”

DDoS attacks are easy to carry out and are devastating in nature. Thus this should be added to the ever growing list of things that organizations need to protect themselves against.

Hayu Teams Up With Vidéotron To Bring Unlimited Reality TV On Demand To Québec

Posted in Commentary with tags on September 12, 2023 by itnerd

Today, NBCUniversal International Networks & Direct-to-Consumer and Videotron are thrilled to announce that Hayu – the all-reality subscription video-on-demand (SVOD) streaming service – will be available to Videotron customers.

Reality fans across Québec, who are looking to turn up the heat with the latest season of Love Island or sail away with the crew of Below Deck, can now do so with ease. Videotron customers will have access to over 300 series of top reality content directly through their Hayu subscription. The service offers extensive choice, including complete seasons of iconic shows, like Vanderpump Rules, in addition to fan-favourite franchises like The Real Housewives, Below Deck and Million Dollar Listing, as well as exclusive content like Watch What Happens Live with Andy Cohen.

The announcement of the platform’s latest partnership is another significant milestone for Hayu during its fifth year in-market. It also expands the extensive reach and accessibility of Hayu from coast to coast. Canadians can stream Hayu wherever they watch entertainment, across a full array of devices: mobile, tablet, laptop, connected TVs and selected consoles.

Hayu will be available to Videotron customers directly through their existing account, with the streaming service being accessible via Helix voice command on their Videotron remote. Those who are currently subscribed to Hayu can sync their subscriptions to enjoy a lean-back viewing experience of their favourite reality TV moments.

In multiple countries around the world, Hayu has distinguished itself as the must-have, all-reality streaming service. Fans of reality in Canada can subscribe for $6.99 (+applicable taxes) per month and try for free for seven days.

For further information, please visit: