Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Cybersecurity Hits Unions, Church, Staples, Canada 2023-12-04

Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news

Weekly CyberTip: Attend CyberToronto 2023!

The CyberToronto 2023 conference is being held December 6 from 10:00 a.m. to 4:00 p.m. ET. The fourth annual, all-virtual, all-free event focuses on the cybersecurity community in the Greater Toronto Area, featuring cyber expert speakers and networking opportunities for newcomers to the industry, students, and seasoned professionals alike. The event has no direct sponsor or vendor involvement, but is presented in partnership with Toronto-based community organizations ISC2 Toronto Chapter, OWASP Toronto Chapter, ASIS Toronto, and Leading Cyber Ladies Toronto. 

 

Event attendance qualifies participants for up to 6.5 ISC2 – formerly branded (ISC)2 – CPE credits. 

Dozens of U.S. credit unions affected by third-party ransomware incident

A cybersecurity incident at Maryland-based cloud service provider Ongoing Operations has caused service disruptions for approximately 60 credit unions in the United States. An isolated segment of the MSP’s network was affected by the incident, with teams now working “working around the clock to minimize service interruptions wherever possible and to ensure the safety of information stored on our systems,” according to the December 2 update on the incident. 

 

While the organization has not confirmed the nature of the attack, which was first identified on November 26, the Citrix Bleed vulnerability is widely believed to be involved in the breach. Exploits of Citrix Bleed – which was identified and patched on October 10 – have been behind a number of cyber incidents in recent weeks. Organizations using affected versions of customer-managed NetScaler ADC and NetScaler Gateway products are urged to patch as soon as possible. 

Anglican Church targeted in cyber attack

The office of General Synod of the Anglican Church has been targeted by cyber attackers who used a business email compromise (BEC) attack to steal funds from its bank account, according to November 25 statement from Archbishop Linda Nicholls, primate of the Anglican Church of Canada: “Hackers, possibly from abroad, executed a targeted attack of an employee’s email account using information available online.” All funds stolen have since been fully reimbursed by the financial institution, she added. 

 

Clare Burns, Chancellor of General Synod, has advised that no individual personal financial information was leaked or accessed in the attack. 

Staples systems back up after cyber incident

According to a statement (since removed) on Staples’ U.S. website home page, the office supply giant identified a cybersecurity risk on November 27, leading to a temporary disruption to backend processing, delivery capabilities, communications channels, and customer service lines as a result of their reaction to the risk. 

 

Multiple reports described an array of internal Staples operational issues in Canada and the United States as a result of the incident: staff were instructed not to use single-signon logins or answer phone calls, and could not access help desk applications, employee portals, print emails, etc. 

 

All stores remained open, and normal services were reportedly restored by November 30. Staples has not publicly disclosed the nature of the risk identified. 

  

13 Canadian federal departments and agencies using personal data extraction tools

According to a report by Radio-Canada, “tools capable of extracting personal data from phones or computers are being used by 13 federal departments and agencies,” in Canada. The tools involved can be used to recover and analyze data – including information that has been encrypted or password-protected – from computers, mobile devices, or even users’ cloud-based data in some cases. Information like texts, personal contacts, photos, travel history Internet search history, social media activity, and deleted content can be accessed by these tools. 

 

According to the report, the agency use of these investigative tools did not undergo a privacy impact assessment (PIA), as required by a directive from the Treasury Board of Canada Secretariat (TBS). PIAs are supposed to be conducted prior to any new activity that involves the collection or handling of personal information. They are an important exercise to be conducted in order to identify privacy risks inherent in handling personal and confidential data, and identify ways to mitigate or eliminate those risks. 

 

Public service organizations were quick to speak out about the revelation of the use of these tools, with the Public Service Alliance of Canada expressing concern and Jennifer Carr, president of the Professional Institute of the Public Service of Canada, saying: “We need to make sure that if our personal information is gathered, that we know about what information is gathered, how it’s being used and how it could be affected if there are others who were able to access that.” 

  

Feds briefing Canadian energy sector on cyber risk

According to a November 25 report in the Globe & Mail, federal security officials have been “briefing leaders of major energy and utility firms” on the risks of cyber threats to the energy sector. The report was based on a “newly disclosed Public Safety Canada memo [that] reveals a secret-level June meeting was part of a strategy to raise awareness among company executives about the dangers from malicious cyberactivity — reaching beyond the technical experts who already know about the risks.” 

 

According to the memo, the confidential briefings were co-hosted by Public Safety, Natural Resources Canada and the Communications Security Establishment (CSE), and suggests that Public Safety is exploring additional approaches to reach with industry, academia, and provinces and territories with important messages about cyber threats. 

 

The vision, as with the June briefing, “is to reach company executives, as opposed to only the technical experts who are already aware of the risks,” the memo adds. 

  

“Engaging with company executives is critical to embed security across the business ecosystem and ensure a collective approach to strengthening our cyber resilience.” 

  

NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Contact Us Today