Ed Dubrovsky appointed Managing Director of Cyber Breach Response by Cytelligence Inc.

Ed Dubrovsky, a 24-year veteran of information security, has been appointed Managing Director, Cyber Breach Response, by Cytelligence CEO Daniel Tobok.

Mr. Dubrovsky will manage Cytelligence’s cyber security teams assigned to respond to client emergencies, to deal with the range of cyber threat actors from independent hackers, to industrial spies, to organized crime rings, and state-sponsored threat actors. Read Mr. Dubrovsky’s bio here.

“Cyber security is now one of the top risks for all organizations. I believe that cyber security must be strategic, resilient, scalable, and cost-effective for organizations to achieve their business goals,” said Mr. Dubrovsky.

His areas of expertise include: incident response; strategic information security planning; securing enterprise infrastructure; application security; penetration and vulnerability testing; and research and education.

Cytelligence, the elite force of global cyber security, now employs over 60 cyber security experts including investigators, security specialists, forensic specialists, and ransomware specialists. Cytelligence also has a number of “white hat” hackers with very advanced cyber skills that help companies to proactively test their security using so-called “penetration testing.”

“Cyber security has exploded as a critical service, both as an emergency service and a proactive service for companies to secure their information and web infrastructure, for one very simple reason: the number of cyber criminals has exploded, too,” said Mr. Tobok.

“Ransomware and phishing are the attack vector of choice for cyber criminals. Ransomware is the perfect crime. It is anonymous, decentralized, digital, scalable, and uses cryptocurrency which is heavily encrypted,” said Mr. Tobok. Read his bio here.

The range of Cytelligence clients in critical industries includes:  financial institutions, including banks, brokerage, and insurance firms; law firms; oil & gas facilities; refineries & petrochemical industry; power generation and transmission; research and development; software and technology companies; telecommunications; airports, seaports, trucking and transportation hubs; defense & homeland security; and water utilities.

Cytelligence is headquartered in Toronto and serves clients in Canada, the U.S., and Europe.

SOURCE Cytelligence Inc.

Saskatchewan to allow victims to sue if intimate images shared without consent

By Jennifer Graham

THE CANADIAN PRESS

REGINA _ People who have had intimate images shared without their permission will be able to sue for compensation in Saskatchewan.

The provincial government said Wednesday that it plans to change its Privacy Act so that those victims can seek redress through small claims court.

“We want to have some protection for people whose intimate images have been used for revenge porn or sexting without the consent of the person who was in those images,” said Justice Minister Don Morgan.

The government said it has proven difficult to rely on the Criminal Code to deter cyberbullying through unauthorized sharing of intimate images because the burden of proof is so high.

Morgan said the legislative changes will define what an intimate image is and include a prohibition on circulating the image without consent. The amendments will also put a reverse onus on the defendant to prove that they had consent from the person in the picture to release the images, he said.

Victims would not have to wait for charges to be laid, he said.

“It’s not a criminal proceeding, it’s a civil proceeding, so they do not have to wait for a criminal conviction,” Morgan explained.

“This is a remedy that’s made available to the victim. The Crown may well pursue a criminal charge, so you could have one, the other or both.”

The measure was in the throne speech delivered Wednesday which details the government’s plan for the new session of the legislature.

The outline includes new organ donation measures whereby all deaths or imminent deaths in hospital critical-care units are referred to an organ donation group.

The government also plans to introduce legislation so that Saskatchewan Government Insurance can offer coverage to ride-hailing companies such as Uber. Premier Brad Wall said he wants to encourage municipalities to allow ride-booking services to reduce impaired driving.

“I do think we just need more options for Saskatchewan people. Obviously almost every major North America city is comfortable with respect to the safety that’s provided by the various ride-sharing platforms,” Wall said.

Saskatchewan has one of the highest rates of impaired driving in Canada. Statistics Canada says there were 683 police-reported impaired driving cases per 100,000 population in Saskatchewan in 2011. The Canadian average was 262.

Ray Orb, president of the Saskatchewan Association of Rural Municipalities, said he thinks ride hailing services might help lower drunk driving rates, especially in rural communities where there may not be taxi service for people to use after going to the local bar.

“I think actually it would. I think it’s an interesting concept. We’d sure like to look at it,” said Orb.

The government also plans to introduce legislation so that non-Catholic parents can continue to send their children to separate schools by invoking the notwithstanding clause of the Canadian charter.

A court ruling in April found that public funding of non-Catholic students in the Catholic school system is unconstitutional.

It prompted concern from parents that their children might have to switch schools and be educated in different communities in rural Saskatchewan. Wall said at the time that there could be greatly overpopulated public schools and empty or near-empty separate schools.

The province is appealing the decision, but Wall said the government will move sooner.

“We are indicating pretty clearly that in a proactive way we’re going to protect school choice in the province notwithstanding what happens through the court process,” he said.

Interim NDP Leader Nicole Sarauer said it could take years for the appeal to be heard and, potentially, a Supreme Court challenge.

Sarauer questioned why the government was rushing the legislation.

“We need to let that process first work its way through first, before we consider using the notwithstanding clause,” she said.

The government is also backtracking on a tax cut that was made in July. It says it will raise the corporate tax rate back to 12 per cent from 11.5 per cent.

The tax was lowered so that Saskatchewan’s rate matched other western provinces, but Wall has said that’s no longer necessary because British Columbia has increased its corporate rate.

Legislation that allows up to 49 per cent of a Crown corporation to be sold without it being considered privatization will also be repealed.

The throne speech was the last for Wall, who is retiring when his successor is chosen in January.

Sarauer suggested that’s why the government is making some of the changes outlined in the speech.

“This is clearly a throne speech that’s more about serving the premier’s legacy and protecting the premier’s legacy than it is about serving Saskatchewan people,” she said.

October is Cyber Security Awareness month

Aviva Canada

Did you know?

In 2016, Canadians lost $40 million to online scams. With identify theft and other online security breaches on the rise, consumers need to be aware of how to protect themselves.

What is identify theft?

Identity theft is when someone uses your personal information – like your credit card, Social Insurance Number or name – without your knowledge or consent, to commit fraud. Some common ID theft scams include creating false lines of credit and making purchases using a stolen bank account or credit card.

According to the Ontario Securities Commission, your identity is at risk when:

  • you enter your credit card information online on a non-secure website
  • you click on an email link from what looks like a legitimate bank or online shopping service (eg. PayPal) and enter your account information
  • your personal information (Social Insurance Card, credit card or bank card) are stolen
  • you give out your credit card’s three-digit security code over the phone to a scammer who claims to be from your financial institution
  • any time your personal information is available to others

Aviva’s Identity Theft coverage is now even better

Aviva has introduced an enhanced ID Theft coverage – offering customers even more peace of mind as they tap, swipe and click their way through life. As one of the most comprehensive on the market, it features widespread financial protection if your identity is compromised, including:

  • an increased limit of $40,000 per policy term for all ID theft expense claims
  • a $5,000 limit per policy term to cover any financial loss due to ID theft
  • 24/7 credit bureau monitoring and two credit bureau reports for six months after an ID theft claim
  • access to your own ID theft case worker to help you identify and restore your finances and personal information after an ID theft claim

Don’t let thieves get the upper hand – learn more here or contact an insurance broker to add Identity Theft coverage to your home insurance policy.

Equifax takes down customer service web page after reports of new hack

By David Hodges

THE CANADIAN PRESS

TORONTO _ Equifax Canada says its U.S. parent company’s website has temporarily taken down one of its customer services pages amid reports that another part of its website had been hacked.

Company spokesman Tom Carroll did not respond to direct questions about any potential breach to Equifax Canada’s website or the number of Canadian or American Equifax customers that may have been affected.

Carroll said in an emailed statement that, “We are aware of the situation identified on the equifax.com website in the credit report assistance link.”

“Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline,” his statement added.

“When it becomes available or we have more information to share, we will.”

The news comes as Equifax Inc. continues to deal with the aftermath of a cyber breach earlier this year which allowed the personal information of 145.5 million Americans, and 8,000 Canadians, to be accessed or stolen.

In the latest cybersecurity incident, hackers reportedly altered Equifax’s credit report assistance page so that it would send users malicious software disguised as Adobe Flash.

Since news of Equifax’s massive data breach broke last month, the company is facing investigations in Canada and the U.S., as well as at least two proposed class actions filed in Canada.

The massive data breach has also led to a number of high-profile departures at the Atlanta-based consumer credit reporting agency, including its chief executive, chief information officer and chief security officer.

In early October, Equifax revised the number of consumers potentially impacted in the breach bumping up the total in the U.S. to 145.5 million and reducing the number in Canada from an estimated 100,000 to 8,000.

For these Canadian consumers, Equifax says the information that may have been accessed includes name, address, social insurance number and, in “limited cases” credit card numbers.

On its website, Equifax’s Canadian division says it has not yet mailed out any notices and made clear it would not be making any unsolicited calls or emails about the issue.

In September, Equifax reported that its investigation had shown that hackers had unauthorized access to its files from May 13 to July 30. Equifax Canada said at the time it was working closely with its parent company Equifax Inc. and an unnamed, independent cybersecurity firm conducting the ongoing investigation.

The cyberattack occurred through a vulnerability in an open-source application framework it uses called Apache Struts. The United States Computer Readiness team detected and disclosed the vulnerability in March, and Equifax “took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure.”

How the cyberattack on Equifax unfolded and the fall out that followed

Months after hackers gained access to the personal data of millions of American, Canadian and U.K consumers through Equifax’s website, the company disclosed the massive cyberattack to the public.

It now faces multiple investigations and lawsuits in Canada and south of the border, while its shares have fallen more than 30 per cent in less than two weeks.

Here is a look at how one of the largest cyber attacks in history unfolded and the fall out that followed:

_ _ _ _

Early March: The United States Computer Emergency Readiness Team detects and discloses a vulnerability in Apache Struts, a widely-used web-application software product.

_ _ _ _

May 13 to July 30: Hackers have unauthorized access to Equifax Inc.’s files.

The company later says the hackers gained access through the vulnerability in Apache Struts, which supports Equifax’s online dispute portal web application.

_ _ _ _

July 29: Equifax’s security team observes suspicious network traffic on a U.S. online dispute portal web application. The company’s security team blocks the identified suspicious traffic.

The company says in later communication that it “acted immediately to stop the intrusion.”

_ _ _ _

July 30: The same team observes more suspicious activity and the company takes the affected web application offline.

_ _ _ _

Aug. 2: Equifax contacts cybersecurity firm Mandiant, which spends several weeks conducting a forensic review.

_ _ _ _

Sept. 7: Equifax publicly discloses the cyberattack for the first time, saying it may have compromised the personal data of up to 143 million Americans. The company adds an unspecified number of U.K and Canadian consumers also may have been impacted.

On a website for affected U.S. consumers, Equifax explains that the complex and time-consuming investigation is behind the delay between its discovery of the breach and disclosing it.

“As soon as we had enough information to begin notification, we took appropriate steps to do so,” the company says.

_ _ _ _

Sept. 12: An Ontario resident files a proposed class action in the province, seeking $550 million in damages from Equifax, according to Toronto-based law firm Sotos LLP. It is one of at least two proposed class action lawsuits filed in Canada against the credit monitoring company.

_ _ _ _

Sept. 14: The Federal Trade Commission says it is opening an investigation into the hack.

The chairmen of two congressional committees say in a letter to Equifax CEO Richard Smith that they are investigating the breach and ask for a slew of documents and a company briefing by Sept. 28.

_ _ _ _

Sept. 15: The Office of the Privacy Commissioner of Canada launches investigation into the breach.

Equifax says fewer than 400,000 U.K. consumers had some of their personal information compromised, but it was more limited in scope and unlikely to lead to identity theft.

The company says its chief information officer and chief security officer are retiring. Both are replaced with internal employees on an interim basis effective immediately.

_ _ _ _

Sept. 19: Equifax says about 100,000 Canadian consumers may have had their personal information and credit card details compromised in the cyber attack. The breached data may have included names, addresses, social insurance numbers and, in limited cases, credit card numbers.

Later that day, Equifax revealed that it also had a security breach earlier this year that involved a different part of the company than the one accessed in the larger hack.

The breach involved TALX, which is Equifax’s human resources and payroll service. The company said there’s no evidence that the TALX breach, which happened between March and April this year, and the wider breach are related.

____

Oct. 2: Equifax provides an update saying a completed review determined that personal information of approximately 8,000 Canadian consumers was impacted, down from its original estimate of 100,000.

However, it said the review added about 2.5 million Americans to the list of those affected by the massive cyberattack, bringing the total number of people in the U.S. potentially impacted to 145.5 million.

News and entertainment website Canoe.ca says data for one million users hacked

The Canadian Press

MONTREAL _ News and entertainment website Canoe.ca says some of its databases containing the personal information of about one million users from 1996 to 2008 has been hacked.

The company says the databases breached contained records including names, email addresses, mailing addresses and telephone numbers.

The information was provided by users for contests, forums, comments pages or the hosting of personal pages. Information collected after 2008 was not compromised.

Canoe.ca, which learned of the incident on Sept. 2, says there was no evidence that the compromised data contained financial information, such as credit card numbers or socialinsurance numbers.

The company says it has informed the RCMP, the Office of the Privacy Commissioner and the provincial privacy commissioners of the breach.

It said anyone worried about the data breach should call 1-833-370-2898.

Canoe.ca is operated by MediaQMI Inc. (TSX:TVA.B) and was owned by Sun Media Corp. before 2015.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest