Sophisticated Fraud Network Drains Canadians Bank Accounts Through Fake Government Sites

Posted in Commentary with tags on January 29, 2026 by itnerd

CloudSEK’s Global Threat Intelligence team has just uncovered a massive, evolving fraud operation targeting Canadian citizens through highly sophisticated impersonations of government services, Canada Post, and Air Canada. This isn’t your typical phishing scam – it’s a coordinated, multi-layered attack that’s exploiting the trust Canadians place in their public institutions.

Here’s what makes this urgent:

  • 70+ fake domains impersonating canada.ca traffic portals discovered on shared infrastructur
  • Threat actors are selling ready-made phishing kits on dark web forums for as little as $200-$300
  • The operation targets every major Canadian province – BC (PayBC), Ontario (ServiceOntario), Quebec, and beyond
  • Victims are losing banking credentials, credit card data, and Interac e-Transfer access
  • The “PayTool” group has evolved from simple scams to mimicking entire government payment ecosystems

What’s particularly alarming is the sophistication: victims aren’t immediately asked for payment. Instead, they are walked through a “validation phase” requesting ticket numbers or booking references – building false trust before harvesting financial data through fake payment gateways that perfectly mimic legitimate processors.

The report reveals how this Phishing-as-a-Service model is democratizing fraud, with underground forums showing threat actors actively selling Ontario driver’s license phishing kits that claim to include “14 bank pages.”

This is a story with real public safety implications. As tax season approaches and travel increases, Canadians need to know how these scams operate and how to protect themselves.

Full technical report available here: https://www.cloudsek.com/blog/pivoting-from-paytool-tracking-various-frauds-and-e-crime-targeting-canada

Leave a comment »

Android AI apps leak Google secrets the most with hundreds already breached 

Posted in Commentary with tags on January 29, 2026 by itnerd

The Cybernews research team has analyzed 1.8 million Android apps on the Google Play Store and found that most AI apps leak an average of five secrets. Analyzed apps are leaking hardcoded secrets and cloud endpoints, putting users at risk or, in some cases, even potentially allowing attackers to empty their digital wallets.

Key research takeaways:

  • 72% of analyzed Android AI apps contained at least one hardcoded secret.
  • On average, an AI app leaks 5.1 secrets, and 81.14% of the detected secrets were related to Google Cloud Project identifiers, endpoints, and API keys.
  • 68% of the hardcoded secrets pertained to Google Cloud Project Identifiers and API Keys.
  • LLM API Keys were mostly secured, with mainly low-risk LLM API Keys found hardcoded.
  • An investigation found that hundreds of AI apps had already been breached. 
  • Leaky instances of Firebase and Google Cloud Storage have already exposed over 200 million files, totaling nearly 730TB of user data.
  • Android AI apps exhibit similar dangerous tendencies to hardcoded secrets found in iOS apps, as Cybernews investigated in 2025.

Secrets already exploited

Cybernews researchers identified 285 Firebase instances missing authentication entirely, leaving them openly accessible to anyone. Collectively, these databases leaked 1.1GB of user data.

The team is sure that the instances were already compromised. In 42% of cases, the researchers found a table explicitly named “poc,” shorthand for “proof of concept.”

Google secrets were leaked the most

More than 81% of all detected secrets were related to Google Cloud projects. In total, researchers identified 197,092 unique secrets, averaging 5.1 per app, of which just 0.96 were not connected to Google.

The second most common category of embedded identifiers belonged to Facebook, primarily app IDs and client tokens, which are frequently hardcoded for analytics, login, and advertising integrations.

Please find the full Cybernews research article here.

Leave a comment »

Team Cymru’s Voice of the Cybersecurity Strategist Report Is Out

Posted in Commentary with tags on January 29, 2026 by itnerd

Team Cymru, the trusted intelligence partner to the world’s most targeted organizations, today released its Voice of Cybersecurity Strategist Report, exposing a critical disconnect between security ambition and real-world execution. Despite increased investment, many organizations still operate with limited visibility of critical external attack surfaces and active threat infrastructure, leaving blind spots where risk actually materializes. The results reveal meaningful gaps between perceived readiness and operational capability, particularly around external visibility, threat intelligence, and AI-driven security priorities.

Key findings include:

  • 50% of security practitioners say they experienced a major security breach in the past year
  • 72% of those breached say their threat hunting program played a key role in preventing or mitigating the breach
  • Only 38% report comprehensive, real-time visibility into threats beyond the network perimeter (45% report “good” visibility)
  • AI-enabled threats are the top emerging concern (22%), ahead of ransomware (20%) and cloud service vulnerabilities (17%)
  • 45% cite insufficient real-time threat intelligence as their biggest external threat intelligence gap
  • 60% allocate 20% to 40% of their threat intelligence budget to external threat intelligence and monitoring, and 32% allocate more than 40%
  • The ability to leverage AI is the top evaluation criterion for threat intelligence investments (52%)
  • AI-enhanced threat detection and response is ranked the most critical security capability (61%)

The report underscores a growing “confidence versus capability” gap across modern security infrastructures protecting critical infrastructure, government agencies, and civilian-reliant business operations.. While most respondents believe they have “good” visibility into threats beyond their perimeter, only 38% say that visibility is comprehensive and real-time. That shortfall matters more as attacks accelerate and adversaries expand beyond traditional boundaries.

At the same time, AI is reshaping both sides of the fight. AI-enabled threats ranked as the top emerging concern among respondents (22%), narrowly outpacing ransomware (20%). In response, organizations are prioritizing AI in their security strategy, with 52% naming the ability to leverage AI as their top criterion when evaluating threat intelligence investments, and 61% ranking AI-enhanced threat detection and response as the most critical capability for an effective security program. Yet the report also suggests many programs are still constrained by foundational data and integration issues, with 45% citing insufficient real-time threat intelligence as their biggest gap, and 42% pointing to challenges integrating external threat data with internal tools.

Investment and operating models are shifting toward external, technology-driven defense. 92% of respondents allocate at least 20% of their threat intelligence budget to external threat intelligence and monitoring, including 32% who allocate more than 40%. When it comes to resourcing, 44% report a mostly technology-focused approach to balancing tools and people, signaling a push toward automation, orchestration, and integrated workflows to increase team efficiency.

Measuring value is increasingly tied to proactive outcomes. The primary metric respondents use to assess external threat intelligence effectiveness is spotting threats before they affect the organization (27%), followed closely by faster threat detection (26%). When communicating to boards and executive leadership, respondents most often cite the number of incidents prevented or detected (50%) and mean time to detect and respond (50%), reflecting a focus on tangible outcomes and operational speed.

The report also highlights why progress can stall. The biggest challenge to funding threat intelligence initiatives is a focus on compliance requirements over threat-driven investments (26%), followed by competing priorities within the security program (23%) and limited executive understanding of external threats (22%). Looking ahead, the top planned strategic shift over the next 12 to 24 months is increasing the efficiency of the existing security team (45%), alongside aligning with increasing regulatory compliance (40%) and consolidating threat intelligence suppliers (39%).

Methodology

Team Cymru surveyed 121 information security, cybersecurity, and risk management leaders responsible for setting cybersecurity strategy, approving security technology investments, and managing security budgets and resources. The survey was conducted online via Pollfish using organic sampling beginning April 17, 2025 capturing perspectives across multiple industries.

To download the full Voice of the Cybersecurity Strategist report, visit here.

Leave a comment »

Canada’s Cybersecurity Moment of Truth

Posted in Commentary with tags on January 28, 2026 by itnerd

At the NKST IAM Conference in Toronto today, the Canadian Cybersecurity Network released its State of Cybersecurity in Canada 2026 report, signalling a fundamental shift in how cyber risk must be understood nationwide. The report finds that cybersecurity can no longer be viewed solely as a technical issue. It has become a core economic and national stability imperative, with digital trust now underpinning financial systems, public services, and the country’s competitiveness.

The 2026 State of Cybersecurity Report shows Canada facing rising digital risk as AI automation and interconnected systems reshape how attacks occur and how trust breaks down. Cybersecurity is no longer an IT issue. It is a leadership resilience and economic competitiveness challenge that will define how Canada protects critical systems recovers from disruption and maintains confidence in the digital age.

The 2026 findings show that Canada remains resilient, supported by strong talent, world-class research institutions, and a growing cybersecurity ecosystem. However, the report also highlights uneven maturity across the economy, particularly among small and mid-sized organizations, operational technology environments, identity verification practices, and crisis readiness. With attacks increasingly targeting trust, identity, and human decision-making rather than infrastructure alone, these gaps now represent systemic risk.

A central theme of the report is the erosion of traditional trust signals. Deepfakes, voice cloning, and AI driven social engineering now enable attackers to convincingly impersonate executives, employees, and institutions. As identity becomes the most targeted attack surface, purely technical defenses are no longer adequate. Verification must increasingly occur at the moment of action, not after harm has already occurred.

The report also shows that cyber incidents have shifted from isolated security events to full-scale business crises. Regulatory scrutiny, media exposure, and financial fallout now unfold alongside technical response efforts. Yet many organizations remain unprepared to operate under this pressure, even when formal response plans exist on paper.

Another key finding is the growing convergence of cybersecurity, insurance, and governance. Cyber insurers are emerging as active participants in prevention, shaping baseline security expectations and elevating board-level accountability. This dynamic is raising national cyber hygiene standards while exposing maturity gaps that can no longer be ignored.

Looking ahead, the report identifies agentic artificial intelligence and post quantum cryptography as defining forces in the next phase of Canada’s cyber posture. Autonomous systems are accelerating both offensive and defensive activity, compressing decision timelines beyond human response. At the same time, data harvested today may be decrypted in the future if quantum readiness lags.

The cover image of the report reflects this moment. A forward-facing Canadian moose stands alert and resolute, symbolizing a nation that is grounded, strong, and prepared to defend its systems, economy, and public trust in an increasingly contested digital environment.

Alongside the national report, the Canadian Cybersecurity Network is launching CCN Insights, a new intelligence series focused on emerging risks shaping digital trust. The first release, When AI Acts: Securing Autonomous Systems at Machine Speed, examines how autonomous AI, deepfakes, and synthetic identity are redefining enterprise risk. It is being unveiled this week at the IAM Conference.

State of Cybersecurity in Canada 2026 is designed to provide boards, executives, policymakers, and security leaders with a clear assessment of where Canada stands today, and the priority actions required to strengthen national resilience in the years ahead. Get the report here.

Leave a comment »

ServiceNow Expands Enterprise AI Footprint with Panasonic Avionics and Anthropic 

Posted in Commentary with tags on January 28, 2026 by itnerd

ServiceNow today announced an expanded relationship with Panasonic Avionics Corporation, a global leader for in-flight engagement. Panasonic Avionics will replace siloed legacy systems with ServiceNow CRM and Now Assist, integrated with Aria Billing Cloud and Tenon Marketing Automation, to modernize and unify sales, service, marketing, and billing formore than 300 airlines worldwide with real-time customer insights and AI-driven workflows. With this expansion, the ServiceNow AI Platform powers Panasonic Avionics across its enterprise, supporting IT, customer service, engineering, and HR.

The challenge: legacy systems limited real-time visibility across 300+ airlines

Panasonic Avionics has consistently been at the forefront of aviation innovation, delivering in-flight engagement services such as high-speed internet, seatback and personal-device entertainment, on-demand TV, and interactive maps. As the business grew, the company needed a single platform to replace legacy, siloed CRM and billing systems.

The solution: ServiceNow connects sales, service, and billing on a single AI-powered platform

ServiceNow CRM’s AI agents, data, and workflows connect Panasonic Avionics’ customer operations to drive better experiences while helping cut costs. ServiceNow Sales and Order Management for Telecommunications, including Logik.ai from ServiceNow’s configure-price-quote (CPQ) capabilities, replaces legacy systems to accelerate deal configuration and speed the sales process from opportunity to order fulfillment. Now Assist, ServiceNow’s native AI experience, delivers AI-powered case resolution, proactive service recommendations, and self-service automation to help Panasonic Avionics address airline customer needs faster and improve operational efficiency.

Integrations with Aria Billing Cloud via the Aria Billing Studio for ServiceNow app, along with Tenon Marketing Automation, extend ServiceNow’s ability to provide complete lead-to-cash capabilities. By unifying pricing, billing, and marketing on the ServiceNow AI Platform, Panasonic Avionics gains a real-time, end-to-end view of customers and services. This enables faster sales response, streamlined service delivery, and AI-driven insights across the business.

Building on a long-standing partnership

In 2019 Panasonic Avionics implemented ServiceNow Customer Service Management to accelerate self-service, increase productivity, and speed up issue resolution. With the added CRM and Now Assist capabilities, ServiceNow has become the foundation of Panasonic Avionics’ enterprise platform, supporting the company across IT, HR, service, and engineering with plans to deliver additional AI-powered experiences.

Leave a comment »

Check Point Harmony Secure Access Service Edge Has A Critical Local Privilege Escalation Flaw

Posted in Commentary with tags on January 28, 2026 by itnerd

Researchers have uncovered a critical privilege-escalation vulnerability, in Check Point’s Harmony Secure Access Service Edge Windows client software, tracked as CVE-2025-9142, that enables hackers to write or delete files outside the certificate working directory that could compromise systems.

More info can be here: https://blog.amberwolf.com/blog/2026/january/advisory—check-point-harmony-local-privilege-escalation-cve-2025-9142/

Jim Routh, Chief Trust Officer at Saviynt, commented:

“This is an excellent example of the critical need for an enhanced PAM capability (specifically one that includes a continuous identity validation capability). Enterprises should include this in their mandatory requirements for upgrading their PAM capabilities. Privileged Access Management platforms designed for people to control access to other humans is fundamentally obsolete and insufficient for protecting against credential compromise, token compromise and the migration to agents in operation through MCP servers/gateways. It’s a different “ballgame” with different requirements for identity security to be part of the critical path toward responsible use of AI. It’s time to change our PAM requirements and this vulnerability is a reinforcement of this need for enterprises.” 

If you’re not familiar with PAM or Privileged Access Management, here’s a primer from Microsoft. And now would be a good time to have that discussion in order to keep your organization safe.

Leave a comment »

Today is Data Privacy Day

Posted in Commentary on January 28, 2026 by itnerd

Today is Data Privacy Day, an annual observance dedicated to raising awareness about the importance of protecting personal and sensitive information, helping organizations and individuals maintain trust and security in the digital age.

Privacy experts from Comparitech and Pixel Privacy have provided the following commentary on this subject. 

Brian Higgins, Security Specialist at Comparitech:

“A decade ago, Data Privacy wasn’t on anyone’s radar and ‘sharing’ was the norm. Fast forward past some really awful breaches on nation states, corporations and individuals and we find ourselves concerned and a little fearful that our privacy is at risk from criminals, unscrupulous platforms and businesses, and even the authorities who are supposed to protect and defend us. 

It’s more important than ever to take advantage of initiatives like Data Privacy Day as catalysts to encourage some personal data hygiene practices. Advocate multi-factor authentication on anything that will take it, check platform Privacy settings regularly, purge your online contacts and bin any you don’t recognize, get some mainstream Credit Monitoring if you can afford it and make sure you and those you care about know exactly what to do in a data crisis however big or small. 

Personal responsibility is the best defence these days because nobody else will do it for you. Your data is far too valuable financially, corporately or ideologically for anyone else to be relied upon to protect it for you.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“As another Data Privacy Day arrives, users need to understand that they need to take personal responsibility when it comes to their privacy. Do not rely on your country’s government to protect you with new rules and regulations; they are really not there to help you. Nor can users rely on the companies they deal with to keep their data private. We have seen thousands of data breached in recent years, exposing just how little organizations know about protecting their customers’ personal info. 

Stay private by using a VPN to hide your travels around the web. It’s no business but your own as to what you’re doing on the internet. 

Take advantage of services that remove your personal information from data brokers and people-finder services. (Manually contacting data brokers is time consuming, and considering there are thousands of these firms out there, it could quickly become your career if you don’t use a removal service.)

Think before you click on links or open attachments found in text messages and emails. Also think before turning over any kind of personal information to an outside party. Be sure to question such requests. Ask them why they need the info, what they’re going to do with the info, and who they’ll be sharing the info with.”

Leave a comment »

Fake dating app used as lure in spyware campaign targeting Pakistan: ESET

Posted in Commentary with tags on January 28, 2026 by itnerd

ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as a chat platform that allows users to initiate conversations operated via WhatsApp. Underneath the romance charade, the real purpose of the malicious app, which ESET named GhostChat, is exfiltration of the victim’s data. The same threat actor appears to be running a broader spy operation – including a ClickFix attack leading to the compromise of victims’ computers, and a WhatsApp device-linking attack gaining access to victims’ WhatsApp accounts – thus expanding the scope of surveillance. These related attacks used websites impersonating Pakistani governmental organizations as lures. Victims obtained GhostChat from unknown sources, and it requires manual installation; it was never available on Google Play, and Google Play Protect, which is enabled by default, protects against it.

The app uses the icon of a legitimate dating app but lacks the original app’s functionality and instead serves as a lure – and tool – for espionage on mobile devices. Once logged in, victims are presented with a selection of 14 female profiles; each profile is linked to a specific WhatsApp number with a Pakistani (+92) country code. The use of local numbers reinforces the illusion that the profiles are real individuals based in Pakistan, increasing the credibility of the scam. Upon entering the correct code, the app redirects the user to WhatsApp to initiate a conversation with the assigned number – presumably operated by the threat actor.

While the victim engages with the app, and even prior to logging in, GhostChat spyware has already begun running in the background, silently monitoring device activity and exfiltrating sensitive data to a C&C server. Beyond initial exfiltration, GhostChat engages in active espionage: It sets up a content observer to monitor newly created images and uploads them as they appear. Additionally, it schedules a periodic task that scans for new documents every five minutes, ensuring continual surveillance and data harvesting.

The campaign is also connected to broader infrastructure involving ClickFix-based malware delivery and WhatsApp account hijacking techniques. These operations leverage fake websites, impersonation of national authorities, and deceptive, QR-code-based device-linking to compromise both desktop and mobile platforms. ClickFix is a social engineering technique that tricks users into manually executing malicious code on their devices by following seemingly legitimate instructions.

In addition to desktop targeting via the ClickFix attack, a malicious domain was used in a mobile-focused operation aimed at WhatsApp users. Victims were lured into joining a supposed community – posing as a channel of the Pakistan Ministry of Defence – by scanning a QR code to link their Android device or iPhone to WhatsApp Web or Desktop. Known as GhostPairing, this technique allows an adversary to gain access to the victims’ chat history and contacts, acquiring the same level of visibility and control over the account as the owners, effectively compromising their private communications.

For a more detailed analysis of GhostChat, check out the latest ESET Research blog post, “Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan

Leave a comment »

New TELUS cross-border study reveals Canadians and Americans want companies to earn their trust in AI

Posted in Commentary with tags on January 28, 2026 by itnerd

‘Include our feedback as you build AI’ is the key message from American and Canadian respondents polled in TELUS’ latest cross-border study, AI Trust Atlas: Public perspectives on bridging the AI trust gap. With 85% of Canadians and 89% of Americans reporting that they are using AI, familiarity with the technology is growing – and so are calls for inclusion and engagement in how AI is designed and deployed.

The report captures perspectives from more than 11,000 Canadians and Americans, with special attention to historically underrepresented* communities, highlighting the importance of including a wide range of voices to build trustworthy AI. In strong majorities, respondents shared that their trust in companies that use AI is stronger when organizations review potential harms before release, explain AI use in plain language and actively listen to customer input on how AI is deployed.

Charting a course to trust in AI

Survey participants laid out actions companies that deploy AI technology can take to earn their confidence:

  • 69% of Canadians and 72% of Americans want companies to actively seek and listen to customer input before deploying AI
  • 76% of Canadians and 77% of Americans would trust companies more if they reviewed AI systems for potential harms before launching new tools
  • 73% of Canadians and 74% of Americans want companies to explain how they use AI in easy-to-understand terms
  • 90% in both countries believe AI should be regulated, demonstrating strong support for governance frameworks

Trust in AI is built through collaboration

The report concludes with actionable recommendations for government, industry and academia, providing a clear roadmap for implementation:

  • Strengthen AI literacy through education programs that help people understand and safely use AI
  • Embed diverse perspectives throughout AI development – from conception to deployment – to create more resilient, trusted systems that work equitably for all communities
  • Provide clear explanations and human oversight for critical AI decisions
  • Collaborate across sectors to create ethical standards that keep people safe while encouraging innovation

Global leadership in AI

TELUS established its leadership in human-centric technology, consistently evolving how it innovates to meet the changing needs and expectations of customers and communities:

  • In September 2025, TELUS opened Canada’s first Sovereign AI Factory — a secure, scalable and high-performance AI compute facility to support Canadian businesses and economy, and drive our nation’s AI future
  • In November 2025, the TELUS AI Factory was named Canada’s fastest and most powerful supercomputer by the prestigious TOP500 list, ranking 78th among the world’s 500 most powerful computing systems
  • TELUS’ generative AI (GenAI) customer support tool made history by becoming the first in the world to be internationally certified in Privacy by Design (ISO 31700-1)
  • It was the first telecom to sign a voluntary AI code of conduct introduced by the Canadian federal government, and has won several international awards for its work, including the Responsible AI Institute’s Outstanding Organization prize
  • TELUS participates in many international forums including speaking on UN AI for Good panels, NIST’s U.S. AI Safety Institute Consortium, and participating in the G7 Business delegation, while collaborating strategically with leading AI research institutes including Mila – Quebec Artificial Intelligence Institute, the Vector Institute and Alberta Machine Learning Institute (AMII)
  • TELUS was one of the first contributors to the Hiroshima AI Process Transparency Report and was featured as a case study in the Business at OECD report on AI skills and productivity
  • It also partnered with Indigenomics to launch IndigenomicsAI with TELUS’ Sovereign AI Factory to advance Indigenous economic growth

By prioritizing trust, TELUS aims to create a future where everyone can confidently embrace the benefits of technology. To read the full report, visit telus.com/ResponsibleAI.

Leave a comment »

Why Aren’t Apple And Google Acting To Remove Grok And X From Their App Stores?

Posted in Commentary with tags , , , on January 28, 2026 by itnerd

I have to wonder where are the backbones of Tim Cook and Sundar Pichai are. I say that because it has been weeks since the whole Grok allowing users to create objectionable content thing blew up. To recap:

To the last point, the EU is one of a number of governments who are up in arms about this. And rightfully so. Elon Musk has simply gone too far and he needs to be punished for his actions. And the best way to punish him is to pull his apps from the Apple App Store and from the Google Play Store. But that hasn’t happened and you have to wonder why. Is it because Apple and Google don’t want to pick a fight with Elon? Is it because Tim Cook and Sundar Pichai are cowards? Is it about the money that these companies make from their cut of the subscriptions to Grok and X? Who knows?

But I do know this. Section 1.1.4 of Apple’s review rules prohibit the sort of thing that Grok and X are doing at the moment. Ditto for Google Play. Given that, why aren’t these companies enforcing their own rules?

The fact is it’s beyond time for Apple and Google to stand up, grow a pair, and throw Elon’s apps off their respective app stores. Along with any other app that does this sort of thing. Because by not doing so, they are burning the trust that they have with consumers that their apps stores are safe places to get apps from down to the ground. Along with that, it also sends the message that rules are rules, except when they are not.

Apple and Google, you both need to do better. Now.

Leave a comment »

« Older Entries
Newer Entries »