Skip to content

Rapid Coverage of a World Gone Full Cyberpunk

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books
  • Home
  • #AxisOfEasy
  • #AxisOfEasy 284: Canada’s ‘Cybersecurity’ Bill Is A Dangerous Overreach

#AxisOfEasy 284: Canada’s ‘Cybersecurity’ Bill Is A Dangerous Overreach

February 7, 2023February 9, 2023 Mark E. Jeftovic

Weekly Axis Of Easy #284


Last Week’s Quote was “Happiness is not something you postpone for the future; it is something you design for the present,” was by Jim Rohn.  No one got it!

This Week’s Quote: “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.” By ???

THE RULES:  No searching up the answer, must be posted at the bottom of this post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of February 6th, 2023 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.
 
In this issue:
  • Canada’s ‘cybersecurity’ bill is a dangerous overreach
  • IT Pros Sound Alarm: ChatGPT Threat Looms Over Cybersecurity
  • Latest of 8 Cyberattacks on T-Mobile Wireless Carrier Exposes Customers’ Personal and Account Information
  • 2022 Proven to Be Ground-Breaking Year for DDoS Attacks on Russia


Elsewhere online:

  • Crash detection features on Apple’s iPhone causes false 911 calls at ski resorts
  • A security patch for Drupal is made available to address an Apigee Edge vulnerability
  • Security services have been bypassed and users directed to malicious sites using ClickFunnels
  • A security flaw was found in the Cisco IOx and F5 BIG-IP products
  • Jira software from Atlassian has been discovered to contain a serious authentication flaw
  • Columbia Journalism School report by former NYTimes Pulitzer winner finds ethical issues with “Russiagate” reporting

 

Canada’s ‘cybersecurity’ bill is a dangerous overreach

The Trudeau government has proposed a new bill that paves the way for the further erosion of digital rights of ordinary Canadians. Bill C-26 was first introduced and passed its first reading in June of 2022, following several other bills –specifically C-11, C-18, and C-36 – which would also threaten freedom of speech and freedom of the press. Bill C-26, often referred to as the cybersecurity bill in mainstream news proposes significant amendments to the Telecommunications Act, and is frighteningly open-ended in its wording.

Telecommunications providers can be ordered by the Governor in Council to completely cut off any user’s access to services or restrict their access to certain facilities. One of the amendments includes a non-disclosure provision that would shroud the Governor in the Council’s order in secrecy, meaning the person affected would not even be made aware of its existence. Such measures would deprive individuals of due process and leave them to the whims of unelected bureaucrats and political functionaries.

Federal public safety minister Marco Mendichino said that the legislation would “protect Canadian cybersecurity by strengthening the partnerships between the government and the telecommunications sector” but has already been met with criticism over transparency and accountability by opposition MPs. Several activists and civil society groups, such as the Canadian Civil Liberties Association, have also criticized the bill as authoritarian and expressed concerns over the broad freedoms it would grant to regulators and service providers.

In addition to jeopardizing privacy and due process, the bill would also permit the government to share citizens’ collected data with foreign governments and entities. This would have far-reaching consequences that most Canadians cannot even imagine.

Read: https://easydns.com/blog/2023/01/27/canadas-bill-c-26-yet-another-government-power-grab/

 

IT Pros Sound Alarm: ChatGPT Threat Looms Over Cybersecurity

Are we one year away from a devastating cyberattack credited to ChatGPT? According to a recent survey conducted by BlackBerry Limited, a shocking 51% of IT professionals believe so. The survey, which polled 1,500 IT decision-makers across North America, the UK, and Australia, exposed a perception that while ChatGPT is generally viewed as a tool for good, 74% acknowledge its potential to wreak havoc on cybersecurity with its ability to help hackers craft more believable phishing emails being the top concern (53%).

Shishir Singh, Chief Technology Officer of Cybersecurity at BlackBerry, explains that the technology will likely increase its influence in the cyber industry over time. He acknowledges that while there are many benefits to be gained from this advanced technology, its ramifications cannot be ignored. As the platform and the hackers’ experience mature, it will become more challenging to defend against without using AI in defense.

Hackers crafting more believable phishing emails, less experienced hackers sharpening their skills, and spreading misinformation were the top global concerns among IT professionals. But they need to be more active – a massive 82% of IT decision-makers plan to invest in AI-driven cybersecurity in the next two years, with 48% planning to do so by the end of 2023.

While IT directors are optimistic about ChatGPT’s potential to enhance cybersecurity for businesses, they also believe that governments are responsible for regulating advanced technologies. As for the competition between technology, research professionals, and cybercriminals, the consensus among the former is that they will come out on top. The consensus among technology and research professionals is that they will gain more from the capabilities of ChatGPT than cyber criminals. But as hackers continue to improve at using ChatGPT for malicious purposes, the fight for cybersecurity will only get more challenging.

Read: https://www.darkreading.com/attacks-breaches/chatgpt-may-already-be-used-in-nation-state-cyberattacks-say-it-decision-makers-in-blackberry-global-research

 

Latest of 8 Cyberattacks on T-Mobile Wireless Carrier Exposes Customers’ Personal and Account Information

The US wireless carrier T-Mobile is investigating a data breach with a third-party cyber security company. The breach leaked users’ personal and account information, but T-Mobile reported that customers’ banking and financial information remains safe. This is the eighth cyber security attack on the wireless carrier since 2018.

T-Mobile reported noticing signs of malicious activity on January 5th but claimed that the breach was stopped within 24 hours before any of the company’s internal systems could become compromised. However, in an SEC filing from January 19th, T-Mobile reported that hackers had been exfiltrating customer data through a vulnerable API breach since November 25th, 2022. Compromised data included basic customer information such as name, date of birth, billing address, email, phone number, and account numbers.

Dr. Ilia Kolochenko, Founder, CEO, and Chief Architect at ImmuniWeb commented on the matter as follows: “Unprotected APIs are rapidly becoming one of the primary sources of disastrous data breaches. The situation is aggravated by shadow IT that now encompasses not only the forgotten, abandoned, or undocumented APIs…but also the full spectrum of accidentally exposed APIs from test and pre-production environments…that have privileged access to sensitive corporate data.”

Meanwhile, T-Mobile has begun contacting the 37 million users potentially affected by the breach and has reported the incident to the concerned law enforcement agencies. The Federal Communications Commission (FCC) has also opened up an investigation into the matter, the latest in a string of data breaches that could have “significant costs” for the company.

The FCC probe may lead to another large settlement for compromised T-Mobile customers. In 2021, the carrier paid $350m to data breach victims while simultaneously investing $150m into cybersecurity and cyber defenses.

Read: https://www.cpomagazine.com/cyber-security/t-mobile-data-breach-hacker-accessed-personal-details-of-37-million-subscribers/

 

2022 Proven to Be Ground-Breaking Year for DDoS Attacks on Russia

Russia’s largest internet service provider (ISP), Rostelecom, stated in a recent report that 2022 had proven itself to be “a record-breaking (year for) DDoS attack(s).” The ISP report stated that Russia’s largest DDoS attack for 2022 was 760Gb/s—almost double the size of 2021’s top attack—while its longest attack lasted 2000 hours or three months. Rostelecom claims that the latest deluge of attacks comes in a bid to disrupt operations in light of Russia’s current invasion of Ukraine. It further stated that though most DDoS attacks use a “carpet bombing” method of targeting multiple IP addresses for a single organization in a short timeframe since Russia began its war with Ukraine, these attacks have steadily become more fine-tuned and sophisticated.

“Websites of Russian companies have become a key target for hackers. The latter actively used DDoS and web attacks to make online resources inaccessible to users, thus disrupting the work of companies and organizations and sowing panic in society,” Rostelecom said. The ISP further commented that many of these attacks could lead to hackers taking total control of an affected system and stealing users’ private data.

Both Russia and Ukraine have been using DDoS and other cyberattacks to gain an advantage over each other in light of the current war. The Ukrainian cyber effort has been bolstered by a volunteer global “IT army.” The Russian effort, meanwhile, has been supported by hacktivists loyal to the Kremlin. The largest and most effective of the latter’s attacks was a major DDoS campaign against US airports by the prolific Killnet group.

Read: https://www.infosecurity-magazine.com/news/recordbreaking-year-ddos-targeting/

 

Elsewhere Online:

 

Crash detection features on Apple’s iPhone causes false 911 calls at ski resorts
Read: https://www.zerohedge.com/technology/apples-crash-detection-feature-triggers-false-911-calls-ski-resorts

 

A security patch for Drupal is made available to address an Apigee Edge vulnerability.
Read: https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/drupal-releases-security-update-address-vulnerability-apigee-edge

 

Security services have been bypassed and users directed to malicious sites using ClickFunnels
Read: https://www.infosecurity-magazine.com/news/threat-actors-clickfunnels-bypass

 

A security flaw was found in the Cisco IOx and F5 BIG-IP products
Read: https://thehackernews.com/2023/02/new-high-severity-vulnerabilities.html

 

Jira software from Atlassian has been discovered to contain a serious authentication flaw
Read: https://thehackernews.com/2023/02/atlassians-jira-software-found.html


Columbia Journalism School report by former NYTimes Pulitzer winner finds ethical issues with “Russiagate” reporting
Read: https://www.cjr.org/special_report/trumped-up-press-versus-president-ed-note.php



Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:

  • January 30th, 2023: GoTo’s Data Breach Is Even Worse Than Previously Thought
  • January 23rd, 2023: California’s Unprecedented Data Breach Highlights Need For Privacy In Public Safety
  • January 16th,2023: Hackers Unleash Chaos: Danish Central Bank And Leading Private Bank Websites Under Siege
  • January 9th, 2023: New Quantum Cybersecurity Preparedness Act Aims To Protect Agencies Against Looming “Q-Day”
  • January 2nd, 2023: Malicious MasquerAds Lurks Under Top Google Search Results

 

 

 

 

 
#AxisOfEasyTagged: Apigee Edge, Atlassian, Bill C-11, Bill C-26, Bill C-36, CJS, Columbia Journalism School, Dr. Ilia Kolochenko, ImmuniWeb, Jira, Marco Mendichino, Rostelecom, Russia, Shishir Singh, T-Mobile

Post navigation

Prepare to Be Bled Dry by a Decade of Stagflation
Why People Move from Blue States: It’s Not Just High Taxes

Related Posts

#AxisOfEasy 395: Leaked Shopify Memo: Use AI Or Else

Leaked Shopify Memo: Use AI Or Else,
AI-Powered ‘AkiraBot’ Spams 80,000+ Small Business Sites with Fake SEO Offers,
WK Kellogg Breach Exposes Employee Data via Cleo Software Vulnerabilities, Linked to Clop Ransomware… this and more in AofE #395

#AxisOfEasy 161: Blame Canada: CenturyLink Outage Cascades Across Major Internet Providers

Sendgrid account hack leads to spike in spam levels, Police increasingly want access to smart speaker recordings,
Blame Canada: Centurylink outage cascades across major internet providers and more in #161

#AxisOfEasy 181: Stop What You’re Doing: Patch Sudo Now Edition

Sudo’s Baron Samedit flaw allows local privilege escalation,
Data breach impacts nearly entire population of Brazil,
Netwalker ransomware dark web seized, charges laid and more in Axis of Easy #181

4 thoughts on “#AxisOfEasy 284: Canada’s ‘Cybersecurity’ Bill Is A Dangerous Overreach”

  1. Charles H Smith says:
    February 7, 2023 at 6:11 pm

    The quote is from Buckminster Fuller

    Reply
  2. Olivier Dagenais says:
    February 7, 2023 at 6:23 pm

    My guess for this week‘s quote would be Elon Musk.

    Reply
  3. Russ Nelson says:
    February 7, 2023 at 9:21 pm

    Bucky Fuller

    Reply
  4. Jon says:
    February 7, 2023 at 10:40 pm

    Russ beat me. I think it’s Bucky Fuller, too.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Loading

Search Blog

Recent Posts

  • #AxisOfEasy 408: Scammers Are Ready To Strike As Amazon Prime Day Begins Tomorrow
  • Three Choices, None Good
  • The Cypherpunk Prophecy: How Early Internet Visionaries Predicted Our Digital Dystopia
  • Illiquid, Overvalued
  • #AxisOfEasy 407: Brazil Holds Tech Platforms Liable For User Content In Landmark Ruling
  • To Make America Great Again, Start Here
  • America’s "Healthcare" System Is Now a Structured Financial Skim/Scam
#AxisOfEasy is brought to you by.... easyDNS
Power & Freedom™ since 1998

Categories

  • #AxisOfEasy
  • Alt-Ctrl History
  • Cybersecurity
  • FreedomTech
  • FreeSpeech
  • Metaviews
  • Of Two Minds
  • Venture Crapital

Copyright © 2025 | Marvel Blog by Ascendoor | Powered by WordPress.

  • Channels
    • #AxisOfEasy
    • Metaviews
    • Of Two Minds
    • Venture Crapital
  • Podcast
  • Our Mission
  • Contributors
  • Books