Posted in Commentary with tags Equifax on October 27, 2025 by itnerd
Canadians are facing a flood of scam attempts, with one in three reporting fraudulent job or CRA-related texts in the past three months alone, according to new research from Equifax Canada.
The Equifax Cybersecurity Survey, reveals a growing preparedness gap in what to do in cases of scams or fraud. Nearly two-thirds of Canadians surveyed say they would contact the police if their identity was stolen, and half would reach out to a credit bureau. Of those surveyed, 79 per cent stated they would contact their bank, however nine per cent admit they wouldn’t know what to do at all.
One in four Canadians surveyed also reported receiving scam emails, while a further 13 per cent admit to clicking on a fraudulent link, and six per cent say they have already had their identity stolen.
The survey also shows a near-universal sense of risk with 97 per cent of those surveyed saying that protecting themselves online is important, and 93 per cent report that protecting their family online is important:
82 per centworry about children being taken advantage of online.
75 per cent worry about their information being hacked from their personal computer.
71 per cent worry about someone using technology to trick them into giving away personal information.
61 per cent worry about someone impersonating them on social media.
Protecting yourself and your family The best defence against scams is educating yourself and being cautious.
Verify everything: Independently verify unsolicited requests. Government agencies/banks will never ask for personal info via email/text, or demand gift cards/cryptocurrency. For businesses, go directly to their official website if an account issue is suspected.
Don’t be pressured: Legitimate organizations allow time for verification.
Build a shield: Use strong passwords and logins, secure your Wi-Fi and be careful what you share.
Educate yourself: Stay informed about current scams.
Equifax surveys over the past decade illustrate how fraud and scam threats have evolved. In 2015, just over half of Canadians (53 per cent) felt vulnerable to identity theft. By 2023, more than eight in ten (81 per cent) said they did. Today, nearly all Canadians place importance on protecting themselves (97 per cent) with the threat of fraud increasingly immediate and direct, arriving on the devices Canadians use every day.
Scam exposure is widespread: 31 per cent of Canadians surveyed received fraudulent job texts and 29 per cent received CRA or banking scam texts in the last three months.
Risky links: 13 per cent surveyed had clicked a scam link, and 15 per cent had received romance scam messages on social media.
Top protections Canadians want: With fraud and scams on the rise, 31 per cent of Canadians surveyed think they need to do more to protect themselves online. When thinking of online security tools, respondents cited the following tools as most important: secure VPN and anti-virus software, password managers, credit monitoring, parental controls, and social media and dark web monitoring.
*The Equifax Cybersecurity Survey was conducted online by Leger between September 19 and 22, 2025, with a nationally representative sample of 1,521 Canadians. For comparative purposes, a probability sample of this size would yield a margin of error of ±2.5 per cent, 19 times out of 20.
The Safety Detectives team has discovered an unprotected database containing approximately 7,000 records linked to DomeWatch, the U.S. House Democrats’ official online resume bank.
The exposed data included names, email addresses, phone numbers, security clearance levels, political affiliations, congressional experience, and more.
Among the records, 469 individuals were listed with “top secret” federal security clearance, and over 4,000 indicated prior congressional experience.
This kind of exposure poses significant privacy and security risks, including potential identity theft, phishing, and social engineering targeting individuals connected to U.S. government operations.
The Media Trust have some insights in regards to the increase in cybercrime activity during the government shutdown. Showing that the government shutdown is having an effect that I bet nobody planned for.
Specifically, the researchers at The Media Trust have observed cybercrime activities for the past couple of weeks since the threat of a government shutdown through to two weeks into the shutdown.
The company’s malware desk is projecting more than 555M cyberattacks on the US Federal government in the month of October. This is an 85% increase over the month prior.
They observed a spike in malware activity at the end of September as the threat of a federal shutdown was being projected in the media. (see chart)
The day of the shutdown (October 1st) researchers saw a significant increase in phishing attacks. More than 90% of the attacks against the Federal government from the end of September through today have been phishing attacks. (see chart)
October is now trending toward being the second-highest month of 2025 for cyberattacks on the Federal Government.
The top US Federal government agencies that have seen the most cyberattacks through the Federal Government shutdown (see chart) include, in order:
Posted in Commentary with tags GM on October 24, 2025 by itnerd
Well, I guess that GM vehicles will be off my list when it is time to buy my next time. I say that because I just read this article from The Verge where GM is going to phase out Android Auto and Apple CarPlay in ALL of their vehicles. You might recall that GM started doing this in their EVs some time ago. And that was met with a fair amount of backlash. But clearly that backlash has not deterred them.
Here’s what was said by GM’s CEO Mary Barra:
Let me ask you the second part of that question again, because, again, we’re talking so much about the future, and I understand the argument about the future you’re making, but you still have the smartphone projection in the gas cars. Why is it still in the gas cars?
A lot of it depends on when you do an update to that vehicle. When you look at the fact that we have over 40 models across our portfolio, you don’t just do this and they all update. As we move forward with each new vehicle and major new vehicle launch, I think you’re going to see us consistent on that. We made a decision to prioritize our EV vehicles during this timeframe, and as we go forward, we’ll continue across the portfolio.
So we should expect new gas cars will not have smartphone projection?
As we get to a major rollout, I think that’s the right expectation. Yes.
What GM is going to do is to use Android Automotive. Not to be confused with Android Auto. The former can be best described as a full operating system for cars that GM basically controls. And by control, I mean that they can make money off of it. The thing is, I just recently reviewed a Ford Expedition and it uses Android Automotive complete with Android Auto and Apple CarPlay. And Ford went out of their way to emphasize that while they want Ford owners to use their system, they do not want to remove choice from Ford owners. And I did press them on that and they stood firm on that, even going to the point of walking up to line to call out GM for being the opposite of Ford without actually doing so. Ford has clearly read the room and made the right call because so many people are used to Android Auto and Apple CarPlay that by removing the, Ford would risk alienating their loyal customers.
Now at the start of this article I said that GM would be off my list of vehicles to buy should I need a new car. GM isn’t reading the room here. And given how many cars they sell, this can easily come back to bite them. After all, they aren’t Tesla who can get away with not having Android Auto and Apple CarPlay in their cars. They might want to keep that in mind and reconsider their life choices accordingly.
Qatar Airways has unveiled a first-of-its-kind global partnership with GRAMMY-Award winning artist, entrepreneur, and cultural visionary Swizz Beatz, founder of the prestigious art collective The Dean Collection. Together, they introduced The Qatar Airways “Creative 100,” a bold new platform celebrating and connecting the world’s most influential and inspiring creatives shaping global culture today.
The announcement took place during Art Basel Paris, where Qatar Airways serves as a Premium Partner, marking the beginning of a multi-year collaboration that unites art, travel, and innovation under one creative movement.
A global movement for creativity, each year, the “Creative 100” will spotlight 100 visionaries whose work transcends borders and inspires progress across art, design, music, fashion, sport, and technology.
The first creatives announced are: Black Coffee, the GRAMMY-Award winning South African DJ and producer; Miles Chamley-Watson, Olympic fencing champion and style innovator; Kristian Teär, CEO of Danish high-end electronics company Bang & Olufsen; Yoon Ahn, American fashion designer, co-founder of AMBUSH; Jewelry Director for Dior Homme; and Flavio Manzoni, Ferrari’s Chief Design Officer.
From the world of art, honorees include Kennedy Yanko, a sculptor known for fusing salvaged metal with paint skin, and Patrick Eugene, a visual artist whose work explores identity, culture, and the human experience.
A flagship gala will be held in Doha in February 2026 during Art Basel Doha, where the first inductees will be officially honored and the full list of the “Creative 100” revealed. Throughout the year, the initiative will activate at Art Basel’s global events in Paris, Miami, Hong Kong, and Basel, transforming Qatar Airways’ worldwide network into a cultural bridge connecting creative communities across continents.
A Transformational Partnership This collaboration marks the first time an airline has partnered directly with a global artist and creative entrepreneur to develop a long-term cultural platform. Through this partnership, Qatar Airways and Swizz Beatz will reimagine how creativity travels, transforming global movement into cultural exchange and storytelling that inspires.
Key experiences will include:
Flagship galas and cultural activations hosted by Qatar Airways and The Dean Collection in Doha and at Art Basel events worldwide.
Collaborative projects across art, music, design, and sport that include limited-edition merchandise to creative in-flight experiences and special aircraft liveries.
Exclusive access for Qatar Airways Privilege Club members to attend private masterclasses, cultural events, and behind-the-scenes sessions with inductees.
A Digital Home for Global Creativity Qatar Airways will also debut a dedicated digital hub for The “Creative 100,” featuring films, interviews, podcasts, and curated city guides shaped by the voices of these global creators. The interactive platform will span six content pillars: Art & Design, Music & Performance, Fashion & Style, Film & Entertainment, Sport & Influence, and Innovation & Ideas spotlighting the people and places fueling creative progress worldwide.
Users will be able to explore a rotating map of inductees’ home cities and inspirations, along with artist profiles, imagery, short films, and personal travel stories. Exclusive Privilege Club member content will include extended interviews, masterclasses, and event invitations.
The partnership will lend its impact to the Qatar Airways passenger journey through bespoke merchandise and immersive onboard experiences. As the first expression of creativity from the Qatar Airways “Creative 100,” the two collaborative forces revealed renderings of a special-edition Formula 1® livery, celebrating the airline’s role as Global Airline Partner. An additional livery commemorating Qatar Airways’ partnership with the FIFA World Cup 2026™ will be revealed at a later stage.
Surfshark has launched a new feature called the web content blocker that focuses on safeguarding every household when browsing online. It allows you to filter various websites based on categories provided, lock them using 2FA (Two-factor Authentication), and help protect family members from potential online threats caused by curiosity or carelessness.
Unlike traditional tracking applications, the web content blocker helps you protect family members from seeing malicious content and websites — without snooping on their browsing activity or monitoring the actual websites they visit. With this new feature, you can filter various websites by category and lock specific content across all family mobile devices.
To extend this protection to your household, install and open the Surfshark app on the device you’d like to add, log in using the same account, enable Web content blocker, and lock with 2FA if needed. Then, under the Web content blocker feature on the Surfshark website app, you can find the Your devices section, where you can select content categories and ensure a safe online environment for your loved ones.
The web content blocker is now available on Android and iOS platforms for Surfshark One or One+ plan users — more platforms are coming soon.
Additionally, Surfshark announces that its server count has surpassed 4,500. Over the years, Surfshark has continually upgraded its server network to enhance performance and reliability, and this figure reflects its growth.
Posted in Commentary with tags OpenAI on October 24, 2025 by itnerd
Recently, researchers uncovered that OpenAI’s newly launched Atlas browser is vulnerable to indirect prompt injection, allowing malicious web pages to embed hidden commands that the browser’s AI agent may follow. The flaw is also observed in other AI-powered browsers like Comet and Fellou, according to Brave Software and highlights a systemic security risk where AI models treat untrusted web content as valid instructions, potentially exposing sensitive data and compromising user sessions.
The CTO of DryRun Security, Ken Johnson had this to say:
“In corporate environments, I would not allow Comet, Atlas, or any AI-powered browser on company devices at this time. Browser security is already difficult even for the companies that make them, and robust privacy controls require immense care. AI is new to both fronts. Granting these tools unprecedented access to personal and corporate data, combined with the inherent risks of AI systems and existing security concerns, is a time bomb.”
Many companies have restrictions on how AI can be used. If your organization hasn’t looked at this, now would be a good time to do so. Because the risk of having sensitive data leak out to the outside world is to great to ignore.
Posted in Commentary with tags ESET on October 24, 2025 by itnerd
ESET researchers have recently observed a new instance of Operation DreamJob — a campaign that ESET tracks under the umbrella of North Korea-aligned Lazarus group — in which several European companies active in the defense industry were targeted. Some of these are heavily involved in the unmanned aerial vehicle (UAV / drones) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its drone program. The in-the-wild attacks successively targeted three companies active in the defense sector in Central and Southeastern Europe. Initial access was almost certainly achieved via social engineering. The main payload deployed to the targets was ScoringMathTea, a remote-access trojan (RAT) that offers the attackers full control over the compromised machine. The suspected primary goal of the attackers was exfiltration of proprietary information and manufacturing know-how.
In Operation DreamJob, the dominant theme of social engineering is a lucrative, but faux, job offer served with a side of malware: The target usually receives a decoy document with a job description and a trojanized PDF reader to open it. ESET Research attributes this activity with a high level of confidence to Lazarus, particularly because of its campaigns related to Operation DreamJob, and because the targeted sectors, located in Europe, align with the targets of the previous instances of Operation DreamJob (aerospace, defense, engineering).
The three targeted organizations manufacture different types of military equipment (or parts thereof), many of which are currently deployed in Ukraine as a result of European countries’ military assistance. At the time of Operation DreamJob’s observed activity, North Korean soldiers were deployed in Russia, reportedly to help Moscow repel Ukraine’s offensive in the Kursk region. It is thus possible that Operation DreamJob was interested in collecting sensitive information on some Western-made weapons systems currently employed in the Russia-Ukraine war. More generally, these entities are involved in the production of types of materiel that North Korea also manufactures domestically, and for which it might be hoping to perfect its own designs and processes. The interest in UAV-related know-how is notable, as it echoes recent media reports indicating that Pyongyang is investing heavily in domestic drone manufacturing capabilities. North Korea has relied heavily on reverse engineering and intellectual property theft to develop its domestic UAV capabilities.
Generally, Lazarus attackers are highly active and deploy their backdoors against multiple targets. This frequent use exposes these tools and enables their detection. As a countermeasure, the group’s tools are preceded in the execution chain by a series of droppers, loaders, and simple downloaders. The attackers decided to incorporate their malicious loading routines into open-source projects available on GitHub.
The main payload, ScoringMathTea, is a complex RAT that supports around 40 commands. Its first appearance can be traced back to VirusTotal submissions from Portugal and Germany in October 2022, where its dropper posed as an Airbus-themed job offer lure. The implemented functionality is the usual required by Lazarus: manipulation of files and processes, exchanging the configuration, collecting the victim’s system info, opening a TCP connection, and executing local commands or new payloads downloaded from the C&C server. Regarding ESET telemetry, ScoringMathTea was seen in attacks against an Indian technology company in January 2023, a Polish defense company in March 2023, a British industrial automation company in October 2023, and an Italian aerospace company in September 2025. It seems that it is one of the flagship payloads for Operation DreamJob campaigns.
The group’s most significant evolution is the introduction of new libraries designed for DLL proxying and the selection of new open-source projects to trojanize for improved evasion. “For nearly three years, Lazarus has maintained a consistent modus operandi, deploying its preferred main payload, ScoringMathTea, and using similar methods to trojanize open-source applications. This predictable, yet effective, strategy delivers sufficient polymorphism to evade security detection, even if it is insufficient to mask the group’s identity and obscure the attribution process,” concludes Kálnai.
The Lazarus group (also known as HIDDEN COBRA) is an APT group linked to North Korea that has been active since at least 2009. It is responsible for high-profile incidents. The diversity, number, and eccentricity in implementation of Lazarus campaigns define this group, as well as the fact that it performs all three pillars of cybercriminal activities: cyberespionage, cybersabotage, and pursuit of financial gain.
Operation DreamJob is a codename for Lazarus campaigns that rely primarily on social engineering, specifically using fake job offers for prestigious or high-profile positions (the “dream job” lure). Targets are predominantly in the aerospace and defense sectors, followed by engineering and technology companies, and the media and entertainment sector.
For a more detailed analysis of the latest Lazarus DreamJob campaign against the UAV sector, check out the latest ESET Research blogpost “Gotta fly: Lazarus targets the UAV sector” on WeLiveSecurity.com.
Posted in Commentary with tags Hacked on October 23, 2025 by itnerd
Researchers have uncovered a new privacy risk with Shadow Escape that exploits the Model Context Protocol (MCP) businesses use to connect to LLMs. The attack enables hackers to steal volumes of data such as Social Security Numbers, medical records, and business information that use AI assistants without the user ever clicking a suspicious link or making a mistake.
Roger Grimes, CISO Advisor at KnowBe4, provided the following comments:
“I’m familiar with at least one other similar attack involving another, more popular AI tool, that the research plans to publicly release soon after practicing responsible disclosure with the vendor. They seem to be coming out of the woodwork so to speak. This zero-click attack is just going to be one of thousands coming out over the next few years. These initial reports are just the beginning stages of what promises to be years and years of new types of exploits. That’s because AI and the way they interact with other AIs and humans are just starting to be discovered and explored. The sheer amount of ways that any AI can interact with something else makes it far harder, if not impossible, for the vendor or a cyber defender to test before the AI is released.
“We didn’t do a great job at testing non-AI, more deterministic software and systems, to make sure they didn’t have vulnerabilities. Heck, we had over 40K separate publicly announced vulnerabilities last year and we are on our way to having over 47K this year. Non-deterministic AIs with the ability to have thousands of different types of interactions is just going to make that number explode. We are just now opening pandora’s box, and we are definitely not going to like what we see. I thought stuff was complex in the past. We will think of the past decades of vulnerabilities as the “good times” before AI everywhere arrived. It’s getting ready to be very stormy.”
Organizations need to look at the use of AI by their employees. They need to ensure that they are using only company approved AI tools and making sure that anything that connects to an LLM is secure. Otherwise, they are wide open to this sort of attack.
Posted in Commentary with tags Hacked on October 23, 2025 by itnerd
Hackers are actively exploiting a critical vulnerability (CVE-2025-54236, CVSS 9.1) in Adobe Commerce and Magento Open Source, known as SessionReaper. The flaw, stemming from improper input validation, allows attackers to bypass security features and potentially take over customer accounts via the Commerce REST API. Although Adobe released a hotfix on September 9, exploitation began after the patch was leaked early, and only 38% of affected sites have applied the fix. Sansec has observed roughly 250 attacks already, with exploitation expected to escalate rapidly following the public release of technical details by Searchlight Cyber. Adobe has confirmed the vulnerability is now being exploited in the wild.
Dale Hoak, CISO, RegScale had this to say:
“The rapid exploitation of SessionReaper underscores how compliance and security controls must operate continuously, not periodically. Many organizations treat patch management and vulnerability response as checklist items, but real resilience comes from continuous monitoring of control drift and evidence of remediation. When technical writeups go public, automation and compliance-as-code can make the difference between being patched in hours versus weeks.”
We are now in an age of patch everything ASAP before the bad guys try to pwn you. This illustrates how bad things have become and why things need to change ASAP.
One in Three Canadians Targeted by Scam Texts in Just Three Months: Equifax
Posted in Commentary with tags Equifax on October 27, 2025 by itnerdCanadians are facing a flood of scam attempts, with one in three reporting fraudulent job or CRA-related texts in the past three months alone, according to new research from Equifax Canada.
The Equifax Cybersecurity Survey, reveals a growing preparedness gap in what to do in cases of scams or fraud. Nearly two-thirds of Canadians surveyed say they would contact the police if their identity was stolen, and half would reach out to a credit bureau. Of those surveyed, 79 per cent stated they would contact their bank, however nine per cent admit they wouldn’t know what to do at all.
One in four Canadians surveyed also reported receiving scam emails, while a further 13 per cent admit to clicking on a fraudulent link, and six per cent say they have already had their identity stolen.
The survey also shows a near-universal sense of risk with 97 per cent of those surveyed saying that protecting themselves online is important, and 93 per cent report that protecting their family online is important:
Protecting yourself and your family
The best defence against scams is educating yourself and being cautious.
Equifax surveys over the past decade illustrate how fraud and scam threats have evolved. In 2015, just over half of Canadians (53 per cent) felt vulnerable to identity theft. By 2023, more than eight in ten (81 per cent) said they did. Today, nearly all Canadians place importance on protecting themselves (97 per cent) with the threat of fraud increasingly immediate and direct, arriving on the devices Canadians use every day.
*The Equifax Cybersecurity Survey was conducted online by Leger between September 19 and 22, 2025, with a nationally representative sample of 1,521 Canadians. For comparative purposes, a probability sample of this size would yield a margin of error of ±2.5 per cent, 19 times out of 20.
Leave a comment »