The Weekly New Rewire is a survey of cyber or adjacent news stories that I read this past week (or recently). Please leave a comment if you think I missed anything.

Editor Notes:

• I have completed the first rough draft of my dissertation (yay!). I will be entering a big editing phase over the next few weeks, so my availability may fluctuate over the coming weeks.

Leave a comment

Share

Canadian News

• Canadian researchers develop AI tool to fight online disinformation

  • Feels like a drop in the bucket of the overwhelming amount of AI contributing to disinformation, but the people behind this are good people, so I hope it succeeds.

• Leaked Email Suggests Ring Plans to Expand ‘Search Party’ Surveillance Beyond Dogs

  • “Search party” is an AI application that uses Ring Cameras to scan for lost pets. Emails now suggest that Ring has long term plans to not keep this to just pets. Ring cameras are growing in use in Canada, just as they are in the United States, and are essentially becoming private surveillance companies, not for households, but for themselves to eventually leverage for profit.

• HaveIBeenPwned Verifies Canada Goose Data Breach

  • Canada Goose customer data stolen from a third party (supply chain!). Compromised data includes partial credit card, IP, physical address, names, phone numbers, email addresses. Lots of data stolen here.

• Hackers claim Canada Goose breach but researchers reveal data is “several years old”

  • Sounds like a third-party was attacked, but still an attack and Canada Goose is gauging the impact.

• Some Nova Scotia Power customers aren’t paying because they don’t trust their bills

  • Nova Scotia Power’s customer base has lost a lot of trust in them following the cyberattack.

• Organized crime groups targeting police data across Canada, report says

  • One reason it is so difficult to govern cyberspace is that the state lacks a monopoly on violence, and private actors have the same capacity to infiltrate or access databases the state does not want them to access. Many cyber threat actors readily sell their services to organized crime, so law enforcement must respond and protect their systems accordingly.

• Québec has a new digital sovereignty plan. Will it work?

  • Quebec has committed $1.4 billion for digital projects to be developed in the province. Long story short, everyone loves to commit to digital sovereignty until it actually means making the tough decisions to cut out those that would put Canada’s digital sovereignty at risk. Current Quebec contracts with US corporations raise doubts on their actual commitment. Part of the trouble comes down to definitions of digital soverignty, which US corporations and governments use to ignore the actual issue and to continue business as usual with clear word play and legal definitions of what qualifies as “Canadian.” Hint: Being built in Canada is no longer enough because United States law dictates that it can force corporations in the United States to hand over data regardless of where it is in the world.

• IDMerit data breach: 1 billion records of personal data exposed in KYC data leak

  • Pretty massive supply chain attack. Unsure of the degree to which this affects Canada, but the degree to which IDMerit is used likely means Canadians are caught up with this.

• A cyberattack paralyzes the CHOC FM radio station in Portneuf

  • No matter how big or small, you are a target for ransomware.

• Canadian Defence Review has a nice survery of some of the top Canadian AI defence companies

  • These articles are often little more than free marketing, but take this as an introduction to the topic.

• DOD leaders warn AI, cryptocurrency ‘lowers the bar’ for cybercriminals

  • This is talking about the United States, but this is very much true globally. The barrier to entry was already relatively low, but AI/LLMs and cryptocurrency have made the barrier to entry simply getting around the weak controls of an LLM to tell you what to do.

• Ottawa plans major investment in non-profit launched by AI pioneer to build safe, trustworthy systems

  • I’m a heavy critic of Evan Solomon as AI Minister, butr this is a good move. I don’t know much about LawZero, but it has a big focus on security and trust, so I am a big proponent of this.

• Youth involved in terrorist activities of the 764 Network/The Com placed on Peace Bond by RCMP

  • The Com is one of the more heinous groups operating.

• MDA Space Launches 49North, a Canadian defence business delivering multi-domain and mission-critical capabilities

  • MDA Space is one of Canada’s top space capabilities firm, so this move is no surprise and I anticipate that they will have a lot of success.

• Tumbler Ridge shooter’s ChatGPT messages were flagged months before attack

  • “The Wall Street Journal reported Friday that employees at ChatGPT wanted law enforcement to be warned after the shooter’s posts about gun violence last June were flagged by OpenAI’s automatic review systems. Their concerns were rebuffed, the WSJ reported, quoting unnamed sources familiar with the matter.”

• Bell Cyber and Radware expand AI-driven, cloud-delivered security services to address evolving cyber threats

  • What’s the solution to more vulnerabilities and threats because of AI? Add more AI to the mix for the defenders.

• Micrologic Partners with Cohesity to Become the Leading Sovereign Cloud Data Protection Solution in Canada

  • Digital sovereignty is the it product to sell right now, so if you can develop and sell a capability that promotes digital sovereignty you’re in for a smooth ride.

• Anthropic announces Clause Code Security

  • Anthropic’s Claude LLM was already popular for programming and being used for code review for vulnerabilities and Claude has now developed a model specifically for this.

• TeamSpeak claims an ‘incredible surge of new users’ has maxed out its hosting capacity in multiple regions as many would-be voice chatters seek a Discord alternative

  • Feeling like the 2000s again! Can’t blame everyone for avoiding Discord following its announcement that it would require ID scans. Discord had a data leak last year, so raises doubts about their security.

• 2024 Canadian Defence, Aerospace, Marine and Cybersecurity Industries Survey Released

  • You have to actually request them, but I think I may request them and see if I can pull any interesting information from it.

• BC Invests in Quantum Computing Research

  • Functional quantum computing is still quite a way out, but the stepping stones to it will have major impacts.

• Horizontal Red Tape Reviews

  • The federal government wants to hear from you about regulations which may impede business activities.

• The House of Commons Public Safety and National Security committee will be doing a clause-by-clause consideration of Bill C-8

  • I largely haven’t covered Bill C-8 because of burnout from its predecessor, but this is one to keep an eye on. While it’s a good step forward, it does have its issues.

• Government of Canada launches CFP to establish Defence Innovations Secure Hubs for quantum and uncrewed system technologies

  • The Bureau of Research, Engineering, and Advanced Leadership in Innovation and Science (BOREALIS) is launching a CFP to establish secure hubs for quantum. A great difficulty in quantum is being able to interact with defence officials and the military, so this should be a big help in contributing to cross-sector discussion, innovation, and advancement.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL26-003 - Vulnerability affecting BeyondTrust - CVE-2026-1731

• Play Ransomware Targets Canadian Organization Makivik

  • Play ransomware claims to have targeted Makivvik, a Quebec Inuit organization.

• China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware

  • The federal government uses a lot of Dell equipment. I do not think RecoverPoint is used, or at least not common, but I would not be surprised if there is some limited exposure to this.

• Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

  • A really interesting botnet to watch out for on Android devices: “[deploys] components that click on ads inside a hidden container, hijack browser search settings, or deploy unwanted apps in pay-per-install schemes.”

• 0APT Bluff Campaign Evolves Into Potential Threat

  • Despite a lot of 0APT fake intrusions, they are in fact deploying an encryptor.

• AI platforms can be abused for stealthy malware communication

  • Not surprised at all. If you can get something to point anywhere, it will be used for C2.

• AI-augmented threat actor accesses FortiGate devices at scale

  • A closer look at how a threat actor used commercial AI to compromise 600 FortiGate devices in more than 55 countries.

• CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research and Op-Eds

Cyber Dimensions to the Defence Industrial Strategy

Alexander Rudolph

·

Feb 18

Read full story

Read my cyber review of the Defence Industrial Strategy. TL;DR: It will help a lot of Canada’s cyber industry, but there are gaps to overcome major hurdles regarding infrastructure and hyperscalers.

United States News

• CISA threat-hunting leader to depart for private sector role

  • CISA used to be one of the most respected cyber security organizations in the world. Now it’s a hollow shell.

• CISA and DHS Conducting Town Hall Meetings Regarding Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking

• Data breach at fintech firm Figure affects nearly 1 million accounts

• Mississippi Medical Center closes all clinics after ransomware attack

  • Hospitals often fight cybersecurity regulations, yet are some of the favourite targets for threat actors. They have closed all clinics and rescheduled many appointments, including surgeries.

• US cyber responses will be ‘linked to adversary actions’ and involve industry coordination, official says

  • US needs to impose ‘real costs’ on bad actors, State Department cyber official says

  • A lot of statements from US government about imposing costs on cyber threat actors and including industry in this response. Remains to be seen how or what this response will be or if it’s a lot of hot air.

• Increase in Malware Enabled ATM Jackpotting Incidents Across United States

  • FBI Flash report on the increase in ATM jackpotting malware.

European Union & United Kingdom News

• Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

  • The Baltic states tend to be on the forefront of addressing deception-based attacks in part due to being undering constant attack from Russian through information confrontation.

• Massive Wave of WhatsApp Takeover Attacks Targeting Armenian Users — What Happened

• Your Car Is Spying on You – and Israeli Firms Are Leading the Surveillance Race

• Dutch telco Odido suffers data breach exposing data of 6.2 million customers

  • Pretty significant breach.

• The State Duma passed a law allowing communications to be blocked at the request of the FSB, even if there is no security threat

  • Bureaucratic efficiency in Russia is passing laws that mean that your security services no longer have to lie to do what they were already doing.

• EU Parliament blocks AI tools over cyber, privacy fears

  • Blocked in large part because that such tools sent data to servers outside the control of the EU. This is what taking digital sovereignty seriously looks like.

• Ireland’s Data Protection Commission opens investigation into X (XIUC)

  • Ireland joining many other ethical countries by iniating an investigation into Twitter/X due to the profiting of of Grok’s use of deepfakes for nonconsensual sexual material and child sexual abuse material.

• Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant

  • Allegedly includes technical data.

• A Chinese hack exposes data of 5,000 Italian counterterrorism officers

  • A pretty major attack and intelligence win for China.

• Deutsche Bahn says cyberattack hit ticket and info systems

  • German rail operator is being hit with a significant DDoS attack that is described as coming in waves.

• EU Cyber Census 2025

  • EU Cyber Census tracks the implementation of the EU Policy on Cyber Defence. Full report is classified, but executive summary indicates EU members are all slowly developing their own cyber commands and cyber forces.

• Attackers breach France’s national bank account database

  • This is a pretty major attack, the first of its kind on a target of this type, as far as I know, in terms of accessing the country’s National Bank Accounts File (FICOBA), recording all bank accounts in the country. Depending on how much information the attacker accessed, this could be leveraged for all sorts of fraud and phishing.

Other International News

• Hackers target supporters of Iran protests in new espionage campaign

• Highly sensitive Australian court data accessed by foreign entity based in India

  • An Indian subcontractor that was hired by an Australian firm in breach of a contract accessed Australian court data.

• A Wave of Unexplained Bot Traffic Is Sweeping the Web

  • Traffic is linked to Lanzhou, China

• How Private Equity Debt Left a Leading VPN Open to Chinese Hackers

  • Chinese hackers breached Ivanti’s internal networks back in 2021.

• Advantest Responds to Cybersecurity Incident

  • Advantest makes semiconductor test equipment and is responding to ransomware attack.

• Fraudsters arrested in Nigeria following NCA intelligence sharing

  • Cambodia isn’t the only one with scam compounds. Nigeria is historically known for fraud (who remembers the Nigerian prince scams?), so it’s not a surprise the “compound” organizational concept is being globalized.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.