Archive for July 7, 2026

Cybercriminals say they hacked Mount Royal University

Posted in Commentary with tags on July 7, 2026 by itnerd

Comparitech is reporting that a cybercriminal group called CMD Organization today took credit for a June 2026 cyber attack on Mount Royal University in Calgary, Alberta. CMD Organization today claimed responsibility for the breach on its data leak website. CMD says it stole 10 TB of data from MRU and is demanding a $1.9 million ransom within one week.  

Commenting on this is Rebecca Moody, Head of Data Research at Comparitech: 

“CMD Organization is a relatively new gang but it’s quickly gaining notoriety with some hefty ransom demands and crippling attacks. This case against MRU highlights just how devastating ransomware attacks on the education sector can be, both in the downtime caused through the encryption of systems and the theft of data. MRU hasn’t confirmed what, if any, data has been stolen in this attack, but CMD’s ransom of $1.9 million (nearly four times its average demand of $580,000) and the alleged theft of 10 TB suggest there could have been an extensive breach. As part of its proof pack, CMD uploaded various identity documents. 

As we await further updates from MRU, I’d strongly recommend that any employees and students (past and present) start monitoring their accounts for any unauthorized activity and be on high alert for any phishing messages, particularly those purporting to be from MRU.”

This is yet another group that I need to keep an eye on. The thing is, it’s one of many groups that I need to keep and eye on. Which means that if I have trouble, you have trouble. Thus your defences need to filter out most if not all cybercriminals out there.

Lightworks, Scotiabank, Sun Life and TELUS launch AI Consortium

Posted in Commentary with tags on July 7, 2026 by itnerd

Lightworks, Scotiabank, Sun Life and TELUS today announced the launch of the AI Consortium, a trailblazing model bringing together some of Canada’s largest and most regulated organizations to build and govern the critical infrastructure needed to implement artificial intelligence (AI) safely, responsibly and at enterprise scale.

Many of the core challenges large, regulated institutions face when implementing AI are shared, from integrating diverse standards, platforms and technologies to maintaining governance, oversight and operational control as AI use scales. The Consortium enables members to pool hands-on engineering, conduct deep research and align interests to jointly build and govern mission-critical AI control systems and intellectual property they would otherwise develop independently, with resulting IP deployed individually and available to members through perpetual-use and ownership rights.

The AI Consortium’s flagship program, the Agentic Control Plane (ACP), is already running in production in regulated environments. The ACP gives enterprises the visibility and control needed to manage Agentic AI at scale, across models, agents, users and inference pipelines. It helps support regulatory compliance, maintain operational control and currently processes more than two trillion tokens per month across member organizations.

Future Consortium projects, optional to each member, include:

  • AI Operations Center (AI-OC): providing enhanced technical and operational awareness across members to improve performance, resilience and cost management.
  • AI Token Exchange (AI-TX): aligning the interests and benefits of collective scale across members, simplifying and expanding access to sovereign AI factories, and delivering capabilities that may not be feasible or efficient for individual institutions to implement alone.

The launch reflects the growing need for coordinated approaches to AI adoption in complex, regulated environments. By bringing together major institutions from banking, telecommunications and insurance, the AI Consortium demonstrates how cross-industry collaboration can help translate AI innovation and safety into real-world technology outcomes while strengthening Canadian competitiveness. The Consortium is open to qualifying organizations ready to build the future of enterprise AI at comparable scale and complexity. To learn more, visit ai-consortium.com.

Nearly Half of Canadian Workers Feel Guilty Using AI at Work New Employment Hero Research Finds

Posted in Commentary with tags on July 7, 2026 by itnerd

Employment Hero has released new data pointing to a growing workplace paradox: AI is quickly becoming an essential skill, yet many Canadian workers continue to associate its use with guilt, uncertainty and even cheating.

Employment Hero’s newly released AI Paradox Report found that 43% of Canadian workers feel guilty using AI to produce work, rising to 56% among Gen Z workers.. Nearly four in ten (39%) believe using AI to complete parts of their job feels like cheating, while more than one-third (34%) admit hiding their AI use from their employer. Furthermore, almost half of businesses (45%) believe employees are using personal AI accounts at work – highlighting the growing challenge of “shadow AI.”

The findings suggest Canada’s AI challenge is no longer simply whether employees will adopt the technology. It is whether organizations can create workplace cultures where employees feel confident using AI openly, responsibly and effectively.

The research suggests the issue isn’t a lack of willingness to adopt AI – it’s a lack of confidence and support. Only 41% of Canadian workers believe their AI skills are sufficient for an AI-driven labour market, while 60% rate their AI competence as low to average. More than half (51%) say their employer does little or nothing to develop AI skills, leaving many workers to educate themselves. In fact, 58% have learned AI skills through social media.

The findings come as the federal government looks to improve AI literacy and adoption through its AI for All strategy, underscoring the role employers will need to play in helping workers build confidence and capability.

To help Canadian businesses turn AI guilt into AI confidence, Employment Hero has developed practical guidance for both employers and employees.

For employers:

  • Be clear about where AI is encouraged. Remove uncertainty by setting clear expectations around which tasks AI can support, where human judgement is essential and which tools employees are approved to use.
  • Normalize talking about AI. Encourage employees to openly discuss when and how they’ve used AI, making transparency part of everyday work rather than something to hide.
  • Invest in AI literacy. As AI becomes an essential workplace skill, give employees the training, guidance and policies they need to use it confidently, responsibly and securely.
  • Create room to experiment. Give employees opportunities to safely test AI on low-risk tasks so they can build confidence without compromising quality or sensitive information.
  • Position AI as a career skill. Frame AI as a capability that strengthens productivity and future employability, not as a shortcut or a replacement for human expertise.
  • Ask where AI fits into your role. Have conversations with your manager about when AI is appropriate, where additional review is needed and what responsible use looks like.
  • Be transparent about AI use. If AI helped shape a draft, brainstorm ideas or summarize information, explain how it supported your work to help build trust.
  • Always apply human judgement. Treat AI as a starting point rather than a finished product. Check facts, context and tone before sharing your work.
  • Protect confidential information. Only use approved AI tools and never upload sensitive customer, commercial or personal information into unauthorized platforms.
  • Keep building your AI skills. AI literacy is becoming an increasingly valuable career skill. Take advantage of training opportunities and continue developing your knowledge as the technology evolves.

As Canada accelerates its focus on AI adoption and workforce readiness, Employment Hero says businesses have an opportunity to ensure employees develop one of today’s most valuable workplace skills openly rather than in the shadows.

The CISA Using Mythos to Audit Government Software Leaves Door Open for Hackers

Posted in Commentary with tags on July 7, 2026 by itnerd

The CISA is using Anthropic’s AI model Mythos to audit government software, scanning ​government code repositories for bugs that could leave the door open for foreign spies and cybercriminals

More details here: https://www.reuters.com/world/us-cyber-agency-is-using-anthropics-mythos-audit-government-code-sources-say-2026-07-06/

Ensar Seker, CISO at threat intelligence company SOCRadar, provided the following comments:

“This is a significant shift in how governments approach secure software development. AI is moving beyond being a productivity tool and becoming a force multiplier for defensive security operations. If Mythos is consistently identifying vulnerabilities that traditional code reviews and static analysis miss, it demonstrates that frontier AI models can materially reduce the time between introducing a flaw and discovering it.

That said, organizations should resist the temptation to treat AI findings as authoritative. Large language models are excellent at prioritizing suspicious code paths and surfacing complex logic issues, but they still require experienced security engineers to validate findings, assess exploitability, and distinguish real vulnerabilities from false positives. AI should augment secure development practices, not replace them.

The broader implication is that the vulnerability discovery race is accelerating. The same AI capabilities helping defenders identify weaknesses are also becoming available to sophisticated threat actors. Governments and enterprises should assume both sides are using increasingly capable AI systems and adjust their remediation timelines accordingly. Finding vulnerabilities faster only improves security if organizations can also fix them faster.”

Again I get to say that organizations need to treat AI as a tool that they use in conjunction with old fashioned work by developers and not as an independent entity. If they don’t, bad things are guaranteed to happen.

Guest Post – Child’s play: Many adults guard their online lives with passwords they created as kids, study finds

Posted in Commentary with tags on July 7, 2026 by itnerd

A new study by NordPass reveals that many people are still clinging to passwords they created years ago, with some carrying childhood-era credentials well into their adult lives.

The research, conducted across eight countries (the US, Canada, the UK, Australia, France, Germany, Italy, and Spain), found that just over half (54%) of respondents have updated their longest-standing password within the past year. While around 15% have made a change in the last three years, and 8% did it three to five years ago, a stagnant minority remains: 4% are still using passwords created five to ten years ago, and up to 3% are using legacy credentials that are over a decade old. Most concerningly, around 6% of respondents globally admit they have never changed their oldest password at all.

“It’s a bit ironic: We’ve upgraded our phones and our lives, yet for many, a 15-year-old pet’s name or that ‘Summer2010’ password is still doing the heavy lifting for main email accounts or even retirement funds,” says Karolis Arbaciauskas, head of product at cybersecurity company NordPass and its parent organization Nord Security.

Old passwords rarely age well

In the study, Italy stands out as the country with the highest share of recent password changes (65%) and the lowest number of passwords that have not been changed in over a decade (1%) or at all (4%). Germany sits at the opposite end, with the lowest recent-change rate (47%) and one of the highest proportions of respondents clinging to legacy credentials. At least 3% of Germans are still using passwords older than a decade, while 6% have never updated their oldest password at all.

The US led on a different but equally worrying measure: 14% of respondents said they could not remember the last time they changed their oldest password, the highest rate among all countries surveyed. In most other countries, that figure hovered around 11%.

“I’m fairly certain most internet users know they should immediately change a password that has been compromised. So when people say they haven’t changed a password in years, either the password hasn’t been exposed, or they simply don’t know it has. I hate to be a bearer of bad news, but the second scenario is far more likely. Without tools to notify them when credentials appear in leaks or breaches, many users have passwords aging in the background while the risk grows,” says Arbaciauskas.

A habit that starts young — and sticks

Interestingly, the age-based demographic analysis subverts the usual stereotypes about “digital natives.” Although Gen Z is often presumed to have a good understanding of digital tools — and, by extension, cybersecurity — respondents aged 18-24 are the least likely to have changed their longest-standing password within the past year and the most likely to say they had never changed it at all.

In fact, the password change recency trend goes up with age, peaking with the 55-to-64 age group. Older users, especially Baby Boomers, appear more security-conscious in their maintenance behavior — they update passwords more actively, but are more likely to rely on memory or write passwords down. In other words, they put in the effort without following best practices.

“This study complements our annual Top 200 Passwords research, which found that Gen Z tends to choose simple passwords — often consisting of basic number sequences or internet trends,” says Arbaciauskas. “The high rates of Gen Z-ers saving passwords in browsers, combined with the fact they have the highest ‘never changed’ proportion, reveal that it’s a generation that is comfortable with digital tools but disengaged from basic credential hygiene.”

According to Arbaciauskas, the combination of vulnerable passwords and inconsistent storage habits creates a high-risk target for cybercriminals. Password managers can help bridge these security gaps by offering monitoring tools and real-time alerts whenever credentials appear in a breach.

Methodology

The quantitative research on password habits was conducted by Nord Security between March 26 and April 6, 2026, among 7,861 respondents aged 18-74 in Australia, Canada, France, Germany, Italy, Spain, the UK, and the US.

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to access passwords securely on desktops, mobile devices, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app. For more information: nordpass.com.

Yubico brings seamless NFC passkey authentication to Android users

Posted in Commentary with tags on July 7, 2026 by itnerd

Yubico has welcomed Google’s latest update to Google Play Services, which enables account authentication through NFC security keys that support CTAP2 on Android 9 and later. This gives Android users broader access to hardware-backed, phishing-resistant authentication through NFC-enabled FIDO2 security keys, including YubiKeys.

To support this shift, Yubico has announced the general availability of YubiKey Passkey Enabler, a dedicated Android Credential Provider designed to make passkey registration and authentication with YubiKeys more seamless across Android devices.

While passkeys are designed to eliminate many of the weaknesses associated with passwords and legacy multi-factor authentication, successful enterprise adoption depends on employees being able to use them easily and consistently across all their devices.

YubiKey Passkey Enabler is built on the Android Credential Manager Provider API and Yubico’s YubiKit SDK. The app bridges the gap between strong hardware-backed security and everyday usability by helping users complete passkey registration and authentication with fewer barriers.

For enterprise customers, the app can also be centrally deployed and configured using Mobile Device Management software. This allows IT teams to roll out a consistent, high-assurance authentication workflow across Android fleets without burdening end users with configuration.

Key features include:

  • Passkey configuration: The app guides the user to the appropriate Android settings to enable passkey providers and to update the preferred service to YubiKeys.
  • Always ask for PIN: When this option is enabled, the user is only required to tap the YubiKey once, instead of twice (once before and once after the PIN). This provides a nicer user experience.
  • Temporary PIN Support: When a user assumes ownership of a new YubiKey, they are sometimes required to change the PIN on the YubiKey when used for the first time. The app enables this to occur over USB or NFC.
  • PIN complexity: The app reads the PIN complexity configuration from the YubiKey firmware and provides guidance to the user.
  • Antenna hints: Each Android phone manufacturer places the NFC antenna in a different spot, so the antenna hint shows the user exactly where to place the YubiKey.
  • MDM / managed configuration: The Passkey Enabler app allows corporate IT administrators to deploy the correct configuration settings so that the end user can simply use YubiKeys.

The YubiKey Passkey Enabler supports passkey registration and authentication over USB and NFC interfaces. It enforces FIDO2 and CTAP2 standards, prioritising discoverable credentials and strong user verification. The app supports current YubiKeys, including the YubiKey 5 Series, Security Key Series, YubiKey 5C NFC Series, YubiKey 5 FIPS Series and YubiKey Bio Series.

Passkeys are designed to resist phishing and adversary-in-the-middle attacks by cryptographically binding each credential to the website’s origin. This means a passkey cannot be used on a lookalike or proxy site. The YubiKey Passkey Enabler helps enforce this protection by verifying the authenticating user before any signing occurs.

For browser-based requests, the app accepts requests only from trusted browsers and checks that the website’s origin matches the relying party ID. For native Android apps, the provider uses Digital Asset Links to confirm the calling app is authorised by the relying party. If verification fails, the request is rejected before any cryptographic operation is performed.

The YubiKey Passkey Enabler is available now for Android users and enterprise deployments.

Apple Music coming to more than two million Volvo cars, with up to three months free subscriptions

Posted in Commentary with tags on July 7, 2026 by itnerd

Volvo Cars is now starting to integrate Apple Music into more than two million Volvo cars via an over-the-air software update. The newly launched Volvo EX60 will also come with Apple Music natively integrated when the first customers receive their cars this summer.

o help new listeners get started, Volvo Cars is offering eligible customers up to three months of Apple Music for free, giving Volvo drivers plenty of time to discover new artists and find the soundtrack to their next journey​.

Drivers of the Volvo EX60, EX90 and ES90 can also enjoy Apple Music Spatial Audio, powered by Dolby Atmos technology and brought to life by the optional Bowers & Wilkins premium sound system, delivering an immersive experience that places the listeners at the centre of the sound, with music and vocals all around the cabin.

As one of the world’s largest music streaming services, Apple Music provides instant access to more than 100 million songs, ad-free. Whether it’s an energizing playlist for the morning commute or something more relaxed for a late-night drive, the music people love is there.

Customers can simply sign in with their Apple account and enjoy songs, playlists and live radio, all easily controlled by voice or touchscreen. New subscribers can quickly sign up and bring all their playlists and full library of music with them from other services. (Learn more about transferring your library here)

High-fidelity sound, perfected in EX60, EX90 and ES90
The Volvo EX60, EX90 and ES90 are quieter than any Volvo cars before them, thanks to state‑of‑the‑art soundproofing. Building on Volvo Cars’ heritage of premium in‑car audio experiences, these cars take sound quality to new heights. They are available with one of the most advanced in‑car audio systems ever developed, carefully calibrated to the car’s interior acoustics.

The optional Bowers & Wilkins sound system in the EX60, EX90 and ES90 delivers an exceptional music experience, with True Sound powered by high-performance speakers integrated throughout the cabin.

With Apple Music Spatial Audio powered by Dolby Atmos technology, Volvo drivers can experience music in immersive audio, transforming the car into a premium listening environment. Dolby Atmos brings a more natural, multi-dimensional sound experience that surrounds listeners with music and vocals in greater clarity and depth.

The small print

  • The software update is coming to the Volvo EX90, ES90, XC90, S90, V90, XC60, S60, V60, XC40, EX40 and EC40, from model year 2020 and onwards. Timing of availability may vary depending on car model.
  • Volvo customers of the above-mentioned car models who are new to Apple Music or are returning users, can enjoy up to three months of free Apple Music, valid until July 6, 2027. Eligible customers can redeem this offer in the Volvo Cars app. For further details, please refer to the customer support hub on Volvocars.com.
  • The Bowers & Wilkins sound system is available to choose when ordering selected Volvo car models.