Wednesday, November 25

Privacy & Cloud

Business, Canadian Centre for Cybersecurity, privacy, Privacy & Cloud, Security

Canada’s Top Cybersecurity Agency Names Four Countries As ‘Greatest Strategic Threats’

The Canadian Center for Cyber ​​Security has revealed that state-sponsored programs in China, Russia, Iran, and North Korea pose the greatest strategic threats. In its last annual report, the agency revealed that state sponsorship is generally the most sophisticated threat to Canadians. State-sponsored threat actors are motivated by economic, ideological, and geopolitical objectives. Its activities include cyber espionage, intellectual property theft, online influence operations and disruptive cyber attacks. Actors are likely to try to develop cyber capabilities to disrupt critical infrastructure, such as electricity supplies, to further their goals, according to the report. "We consider it highly unlikely, however, that cyber threat actors will intentionally seek to disrupt Canadi...
Business, Government, Navdeep Bains, privacy, Privacy & Cloud, Security

Proposed privacy bill promises transparency for Canadians and heavy penalties for organizations

Innovation Minister Navdeep Bains has presented the proposal Digital letter implementation law to modernize Canadian privacy laws. Bains pointed out at a press conference that the law will give Canadians greater control over their data and provide transparency on how companies handle personal information. The new legislation creates a new Consumer Privacy Protection Act, which eliminates the electronic documents section of the Personal Information Protection and Electronic Documents Act (PIPEDA). If the bill passes, companies could face fines of up to five percent of their revenue or $ 25 million, whichever is greater, for serious crimes. Bains declared that these would be the "strongest fines among the G7". The law gives the privacy commissioner powers to make orders, including th...
ai, Artificial Intelligence, Business, Daniel Therrien, Government, Privacy & Cloud, privacy commisioner, Security

Privacy watchdog calls for regulation of artificial intelligence to ensure privacy rights are protected

Canada's Privacy Commissioner has released key recommendations for regulating artificial intelligence. Commissioner Daniel Therrien has stated that while AI has the potential to help address many of today's pressing issues, Canadians' fundamental right to privacy must be respected. "Artificial intelligence holds great promise, but it must be implemented in a way that respects privacy, equality and other human rights," Therrien said in a statement. "A rights-based approach will support innovation and responsible development of artificial intelligence." The commissioner's office is calling for legislation that helps harness the benefits of technology while protecting privacy. “Uses of AI that are based on people's personal informa...
Business, Cadillac Fairview, privacy, Privacy & Cloud, Privacy Commissioner of Canada, Security

Cadillac Fairview collected millions of images from buyers without consent, privacy watchdog say

Cadillac Fairview collected images from five million buyers without consent, according to federal privacy commissioners, Alberta and BC. The commissioners 'investigation reveals that the commercial real estate company incorporated cameras into its digital information kiosks in 12 Canadian shopping malls and used facial recognition technology without customers' consent. The company claims that the goal behind the scenes was to analyze the age and gender of buyers and not to identify individuals. Cadillac Fairview says shoppers learned of the activity through stickers it had placed on the mall's entrance doors that referred to its privacy policy. However, the commissioners found this measure to be insufficient. "Commissioners foun...
Business, Chrome, Cybersecurity, Google, Privacy & Cloud, Security

Google fixes Chrome bug not following requests to delete Google site data

An iOS developer has discovered a Chrome bug that doesn't honor user requests to delete Google site data. When users ask Chrome to delete all cookies and site data every time they exit the browser, users expect the policy to apply to all websites. However, the bug has prevented Google and YouTube data from being deleted. IOS developer Jeff Johnson posted a blog post claiming that it found local storage data for Google.com and YouTube.com that was not removed even after restarting the browser. Register notes that the bug could allow the search giant to keep cookie-style data as site data and essentially have the ability to track users even when they believe they have deleted all of their cookies and site data. Google has acknowle...
Business, CIRA, COVID-19, Cybersecurity, Privacy & Cloud, Security

1 in 4 Canadian organizations say they faced COVID-19 themed cyberattacks: report

A quarter of Canadian organizations have been targeted by COVID-19 themed cyberattacks, according to the Internet Registration Authority of Canada (CIRA) latest report. Examples of COVID-19 themed cyberattacks include fake contact tracing apps and COVID-19 test result phishing campaigns. CIRA surveyed more than 500 Canadian IT security decision makers to learn more about how they are dealing with the rise in cyber attacks for their annual cybersecurity report. The report found that three out of 10 organizations reported an increase in attacks since the pandemic began, and just over half of the organizations have implemented new cybersecurity protections in response to the pandemic. Additionally, a quarter of organizations experienced a breach of customer ...
Business, medisys, Privacy & Cloud, Security, Telus

Telus-owned Medisys reveals data breach affecting 60,000 customers

Telus' healthcare provider Medisys has reported a data breach affecting the personal information of 60,000 customers. The company, which provides preventive health assessments and services, says it recovered the stolen personal information by paying a ransom, as reported by Global news. The breach has affected about five percent of Medisys clients. The personal information that was stolen could include names, contact information, provincial health numbers, and test results. The company says financial information and social security numbers were not exposed. Medisys says that public disclosure of personal information is low. She is currently communicating with customers who have been affected by the data breach and will provide them with free security...
Business, Cybersecurity, kpmg, Privacy & Cloud, Security

84 percent of Canadians are wary of interacting with organizations affected by a data breach: report

A new KPMG study reveals that 84 percent of Canadians would reconsider doing business with companies that have faced a data breach. The study also found that 90 percent of Canadians are "wary" of sharing their personal or financial information with any organization that has suffered a cyberattack or data breach. The COVID-19 pandemic has led to a surge in online shopping, with 54 percent of Canadians saying they buy more online. The survey notes that 84 percent of respondents are being "extremely careful" when shopping online for fear that their information will be hacked or stolen. Additionally, 54 percent of those surveyed said they had received "many more" suspicious emails in the past six months. “More than two-thirds (67 percent) of Canadians are more concerned now than ever about...
Business, Canada, College of Nurses of Ontario, Cybersecurity, Privacy & Cloud, Security

College of Nurses of Ontario investigates ‘cybersecurity incident’

The College of Nurses of Ontario (CNO), the province's regulatory body for nurses, has experienced a "cybersecurity incident." In a statement posted on their website., CNO says it is investigating the incident, but has not yet provided specific details. Therefore, although the scope of the breach remains unclear, it could have compromised the personal information of the nearly 200,000 members of the CNO. "The CNO is trying to determine whether personal information was compromised as a result of the incident," the university said in the statement. That being said, the university confirmed that the incident occurred on September 8, while the members were only informed on the morning of September 17. It is not clear why there was a period of almost 10 day...
Business, Data Breach, Instagram, Privacy & Cloud, Security, TikTok, youtube

Security investigator finds database with details of 235 million social media accounts

A security researcher has found a database containing data pulled from nearly 235 million social media accounts. Accounts include social media users from Instagram, TikTok, and YouTube. The database contains information including names, contact information, images, and statistics on followers. This type of practice is known as web scraping, which is when data is collected from web pages in an automated way, as described in The next web. Although web scraping is not illegal, popular social media platforms have prohibited this practice to protect user information. Several analytics companies use web scraping techniques to sell information from these types of databases to other companies. In this case, a researcher from Comparitec...
Business, cra, Privacy & Cloud, Security

CRA resumes online services after cyberattack

The Canada Revenue Agency has resumed all of its online services after previously disabling them after it was hit with a cyber attack on August 15. The passwords and usernames of thousands of users were "fraudulently acquired" and used to attempt to access Canadian government services during the cyberattack. Access to all online services resumed on Wednesday evening. The agency says it has implemented changes and modified its security systems to prevent another similar attack from occurring in the future. Users who were affected by the breach will receive a letter from the agency detailing the steps to restore their account and confirm their identity. The CRA also encourages users to update their accounts and use passwords that ...
Business, Privacy & Cloud, Security, Snapdragon

Researchers discover a Snapdragon flaw that puts Android phones at risk

Researchers in Check Point They have discovered security vulnerabilities affecting millions of Android phones through Qualcomm's Snapdragon chips. Security researchers found more than 400 code vulnerabilities in the chips' digital signal processors (DSPs). They have not disclosed specific details about the flaws to prevent bad actors from exploiting the vulnerabilities. However, Check Point notes that attackers can exploit vulnerabilities to record calls, steal data, install malware, and render devices unusable. The researchers describe that the phone vendors could not fix the problem on their own, as Qualcomm has to address it first. Qualcomm has acknowledged the vulnerabilities and said it has shared details with the brands a...