databreachtoday.eu - Hackers breached a sensitive database containing office locations and personal details of elected officials and staff in Canada's House of Commons.
The breach targeting the House of Commons network occurred Friday and involved a database "containing information used to manage computers and mobile devices," according to an internal email obtained by CBC News. Hackers were able to "exploit a recent Microsoft vulnerability," the missive said.
The message did not name any nation-state or criminal group, and it remains unclear which database was compromised or if other sensitive data was accessed. Affected information includes names and titles, email addresses and device details including models, operating systems and telephone numbers.
Olivier Duhaime, spokesperson for the House of Commons' Office of the Speaker, told Information Security Media Group in an emailed statement Thursday that the "House of Commons is working closely with its national security partners to further investigate this matter." Duhaime declined to comment any further on the specifics of the investigation, citing "security reasons."
The Canadian Center for Cyber Security in July warned that it was aware of exploitation occurring inside the country of a zero-day exploit discovered in Microsoft SharePoint. The computing giant published an emergency patch described by Google Cloud's Mandiant consulting chief technology officer as "uniquely urgent and drastic" (see: SharePoint Zero-Days Exploited to Unleash Warlock Ransomware).
The U.S. Cybersecurity and Infrastructure Security Agency warned earlier this month that remote code execution flaw - publicly known as "ToolShell" - allows unauthenticated system access and authenticated access via network spoofing. The agency said attackers can gain full access to SharePoint content, including file systems and configurations.
"This isn't an 'apply the patch and you're done' situation," Mandiant Chief Technology Officer Charles Carmakal wrote on LinkedIn, urging organizations with SharePoint to "implement mitigations right away" and apply the patch.
Microsoft said in a July blog post that threat actors seeking initial access include Chinese nation-state hackers tracked as Linen Typhoon and Violet Typhoon, as well as possibly China-linked Storm-2603. Linen and Violet Typhoon have targeted intellectual property from government, defense, strategic planning and human rights organizations, along with higher education, media, financial and health sectors across the United States, Europe and Asia.
Linen typically conducts "drive-by compromises" using known exploits, while Violet "persistently scans for vulnerabilities in the exposed web infrastructure of target organizations."
cbc.ca - The insurance company did not cover any of the city’s claims totalling about $5 million. City staff say they've learned from their mistakes and are taking accountability for the cybersecurity breach.
Many City of Hamilton departments didn't have multi-factor authentication in place before cyber criminals launched a massive ransomware attack in February 2024, paralysing nearly all municipal services for weeks.
Multi-factor authentication, also sometimes in the form of two-step verification, is a widely used layer of extra security for users logging into a system like their email accounts. They're required to verify their identity using more than one method, such as entering a code texted to their phone.
It's been used by corporations and technology companies for years. Google, for example, launched its two-step log-in system in 2011.
While not the only reason the attackers were successful, the city's lack of multi-factor authentication was a "root cause" of the breach, as determined by the city's insurance company, said a staff report to the general issues committee Wednesday.
As a result, the insurance company did not cover any of the city's claims totalling about $5 million.
"This has been a test of our system and a test of our leadership," said Mayor Andrea Horwath at a news conference Wednesday. "We are not sweeping this under the rug. We are owning it, we're fixing it and we're learning from it."
The lack of multi-factor authentication, and no insurance coverage, was reported publicly for the first time this month.
The staff report said: "According to the policy, no coverage was available under the policy for any losses where the absence of MFA was the root cause of a cyber breach."
Solicitor Lisa Shields told councillors Wednesday that staff were aware of the multi-factor authentication requirement in their insurance policy in the fall of 2022 and began rolling out a pilot program the following year, but for only a few departments.
In early 2024, the city was preparing to fully implement multi-factor authentication, but then the ransomware attack took place on Feb. 25, said Cyrus Tehrani, acting chief information officer.
He told reporters that — contrary to what the insurance company found — the breach would've happened even with multi-factor authentication in place. The city also told CBC Hamilton in an email that it was a "highly sophisticated attack on an external, internet-facing server, gaining unauthorized access to the City of Hamilton systems."
Attackers demanded $18.5M in ransom
About 80 per cent of city systems were impacted and the attackers demanded the city pay $18.5 million to unlock it — a massive crisis and among the most significant in Canada, city manager Marnie Cluckie told councillors.
Based on advice from outside experts, the city decided not to pay the ransom and instead recover what it could and rebuild everything else. The police investigation is ongoing, Cluckie said.
To date, the city has spent $18.4 million and will continue to pay nearly $400,000 a month until November 2026 to rebuild its systems, said Mike Zegarac, general manager of finance.
nextgov.com - July 9, 2025 09:30 AM ET
Rogers is Canada’s top wireless provider and is among that nation’s core telecom firms mandated to comply with Canadian lawful access rules, which require them to share user data with investigators.
Canadian telecom and mass media provider Rogers Communications was identified as a firm ensnared by a major Chinese hacking group that has targeted dozens of communications firms worldwide, according to two people familiar with the matter.
The group, known as Salt Typhoon, was discovered inside a batch of American telecom operators last year and first brought to light by the Wall Street Journal in late September. The campaign likely began around two to three years ago and has expanded rapidly since.
It’s not immediately clear what data, assets or other information were pilfered from Rogers networks. The people spoke on the condition of anonymity because the matter is sensitive.
“These allegations are false. We were not compromised by Salt Typhoon and this has been verified by two independent cyber security firms. As part of ongoing work, we partner with government and industry to proactively monitor and investigate potential threats,” a company spokesperson said.
"It’s important to note that if the Cyber Centre is aware of cyber threat activity in Canada, we alert the organization and provide mitigation support, advice and guidance," a spokesperson for the Canadian Centre for Cyber Security said, noting that they do not comment on specific or alleged cyber incidents but pointing to advisories they have issued about the threat posed by Salt Typhoon.
"Through the Canadian Security Telecommunications Advisory Committee (CSTAC), the Cyber Centre and its government partners regularly and actively engage with Canadian telecommunications service providers and key equipment suppliers to help ensure the security of Canadian critical telecommunications infrastructure," they said.
Rogers is the country’s top wireless provider and boasts some 20 million subscribers across its various services, a company webpage says. Over 60% percent of Canadian households rely on its internet, it notes. It also has extensive contracts with Canada’s government.
Canada, like many countries with robust telecom networks, has laws that let federal investigators compel providers to turn over communications metadata on individuals suspected of criminal activity, hacking or espionage. Rogers is among those required to comply with these Canadian “lawful access” inquiries.
In 2023, the company disclosed data on some 162,000 customers to authorities under lawful access requests backed by warrants and government orders, a transparency report shows.
Salt Typhoon has gone after those same wiretap environments in the U.S., and likely abused those platforms when it directly targeted the communications of President Donald Trump and Vice President JD Vance during their run for the White House last year.
Last month, Canada’s cybersecurity agency released a bulletin warning that Salt Typhoon was targeting telecommunications firms in the country. “Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025,” says the bulletin, which doesn’t name the firm.
The agency identified a 2023 vulnerability in Cisco routers that was used as an access point into the unnamed Canadian provider. Cisco equipment that has not been patched with the latest security updates has provided the Chinese telecom hackers with a wide access point into various communications systems, according to earlier assessments.
That same 2023 vulnerability is detailed in a Cisco threat intelligence blog released in February.
April 28, 2025
HALIFAX, Nova Scotia--(BUSINESS WIRE)-- Emera Inc. and Nova Scotia Power today announced, on April 25, 2025 they discovered and are actively responding to a cybersecurity incident involving unauthorized access into certain parts of its Canadian network and servers supporting portions of its business applications.
Immediately following detection of the external threat, the companies activated their incident response and business continuity protocols, engaged leading third-party cybersecurity experts, and took actions to contain and isolate the affected servers and prevent further intrusion. Law enforcement officials have been notified.
There remains no disruption to any of our Canadian physical operations including at Nova Scotia Power’s generation, transmission and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia. There has been no impact to Emera’s U.S. or Caribbean utilities.
Emera will release its Q1 Financial Statements and Management Disclosure and Analysis on May 8, 2025, as planned. At this time, the incident is not expected to have a material impact on the financial performance of the business.
Our IT team is working diligently with cyber security experts to bring the affected portions of our IT system back online.
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.
Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate.
#Account #Canada #Car #Computer #Hacking #InfoSec #Japan #Security #Starlink #Subaru #Takeover #USA
“As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national security and intelligence community, the Government of Canada has ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s operations in Canada through the establishment of TikTok Technology Canada, Inc. The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners.
The Toronto Police Service is making the public aware of 10 arrests made and 108 charges laid in a major SIM swap fraud investigation dubbed Project Disrupt.
On Thursday, August 1, 2024, Detective David Coffey, from the Financial Crimes Unit, and Detective Constable Michael Gow, from the Coordinated Cyber Center (C3), held a news conference about Project Disrupt.
G7 is drafting a workaround to use frozen assets to rebuild Ukraine.
Message to current and former public service employees and members of the Canadian Armed Forces and Royal Canadian Mounted Police
The breach affecting more than 3.4 million people — including newborns and children — is one of the biggest MOVEit-related hacks of the year.
In a New Year's Eve apology, the LockBit ransomware gang has expressed regret for attacking Toronto's Hospital for Sick Children and sent a free decryptor so files can be unscrambled. According to Brett Callow, a B.C.-based threat analyst for Emsisoft, the gang posted a message on its site claiming the attack was the work of an affiliate and violated their rules.
Automation features make LockBit one of the more destructive pieces of ransomware.
Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit.
Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US.
The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks.
The Government of Canada has serious concerns about suppliers such as Huawei and ZTE who could be compelled to comply with extrajudicial directions from foreign governments in ways that would conflict with Canadian laws or would be detrimental to Canadian interests.
