Rookie Michael Ma leaves Conservative party for ‘steady, practical approach’ of Mark Carney’s government

Canada’s ruling Liberals have edged closer to a majority government after a Conservative lawmaker crossed the floor, in yet another blow to the struggling Tories.

Rookie lawmaker Michael Ma said late on Thursday that he had decided to leave the Conservative party, for “the steady, practical approach” of prime minister Mark Carney’s government, which he said would “deliver on the priorities I hear every day, including affordability and the economy”.

Continue reading...

© Photograph: Canadian Press/Shutterstock

© Photograph: Canadian Press/Shutterstock

© Photograph: Canadian Press/Shutterstock

Northern resident killer whales appear to use dolphins as ‘scouts’, in a surprising cooperative hunting strategy

Orcas and dolphins have been spotted for the first time working as a team to hunt salmon off the coast of British Columbia, according to a new study which suggests a cooperative relationship between the two predators.

The research, published on Thursday in the journal Scientific Reports, shows interactions between northern resident orcas (also known as killer whales) and Pacific white-sided dolphins are not just chance encounters while foraging.

Continue reading...

© Photograph: MMRU/Institute for the Oceans and Fisheries

© Photograph: MMRU/Institute for the Oceans and Fisheries

© Photograph: MMRU/Institute for the Oceans and Fisheries

Canada's Prime Minister Mark Carney has signed an agreement with Alberta's premier that will roll back certain climate rules to spur investment in energy production, while encouraging construction of a new oil pipeline to the West Coast. From a report: Under the agreement, which was signed on Thursday, the federal government will scrap a planned emissions cap on the oil and gas sector and drop rules on clean electricity in exchange for a commitment by Canada's top oil-producing province to strengthen industrial carbon pricing and support a carbon capture-and-storage project. The deal, which was hailed by the country's oil industry but panned by environmentalists, signaled a shift in Canada's energy policy in favour of fossil fuel development and is already creating tensions within Carney's minority government. Steven Guilbeault, who served as environment minister under Carney's predecessor Justin Trudeau, said he was quitting the cabinet over concerns that Canada's climate plan was being dismantled.

Read more of this story at Slashdot.

A geomagnetic storm made the aurora borealis visible across a swath of the United States again on Wednesday, illuminating the skies as far south as Arizona.

© Matterhorn Ski Paradise and Feratel/UGC, via Reuters

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.

On October 16, the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) imposed a $176,960,190 penalty on Xeltox Enterprises Ltd., more commonly known as the cryptocurrency payments platform Cryptomus.

FINTRAC found that Cryptomus failed to submit suspicious transaction reports in cases where there were reasonable grounds to suspect that they were related to the laundering of proceeds connected to trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion.

“Given that numerous violations in this case were connected to trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion, FINTRAC was compelled to take this unprecedented enforcement action,” said Sarah Paquet, director and CEO at the regulatory agency.

In December 2024, KrebsOnSecurity covered research by blockchain analyst and investigator Richard Sanders, who’d spent several months signing up for various cybercrime services, and then tracking where their customer funds go from there. The 122 services targeted in Sanders’s research all used Cryptomus, and included some of the more prominent businesses advertising on the cybercrime forums, such as:

-abuse-friendly or “bulletproof” hosting providers like anonvm[.]wtf, and PQHosting;
-sites selling aged email, financial, or social media accounts, such as verif[.]work and kopeechka[.]store;
-anonymity or “proxy” providers like crazyrdp[.]com and rdp[.]monster;
-anonymous SMS services, including anonsim[.]net and smsboss[.]pro.

Sanders found at least 56 cryptocurrency exchanges were using Cryptomus to process transactions, including financial entities with names like casher[.]su, grumbot[.]com, flymoney[.]biz, obama[.]ru and swop[.]is.

“These platforms were built for Russian speakers, and they each advertised the ability to anonymously swap one form of cryptocurrency for another,” the December 2024 story noted. “They also allowed the exchange of cryptocurrency for cash in accounts at some of Russia’s largest banks — nearly all of which are currently sanctioned by the United States and other western nations.”

Reached for comment on FINTRAC’s action, Sanders told KrebsOnSecurity he was surprised it took them so long.

“I have no idea why they don’t just sanction them or prosecute them,” Sanders said. “I’m not let down with the fine amount but it’s also just going to be the cost of doing business to them.”

The $173 million fine is a significant sum for FINTRAC, which imposed 23 such penalties last year totaling less than $26 million. But Sanders says FINTRAC still has much work to do in pursuing other shadowy money service businesses (MSBs) that are registered in Canada but are likely money laundering fronts for entities based in Russia and Iran.

In an investigation published in July 2024, CTV National News and the Investigative Journalism Foundation (IJF) documented dozens of cases across Canada where multiple MSBs are incorporated at the same address, often without the knowledge or consent of the location’s actual occupant.

Their inquiry found that the street address for Cryptomus parent Xeltox Enterprises was listed as the home of at least 76 foreign currency dealers, eight MSBs, and six cryptocurrency exchanges. At that address is a three-story building that used to be a bank and now houses a massage therapy clinic and a co-working space. But the news outlets found none of the MSBs or currency dealers were paying for services at that co-working space.

The reporters also found another collection of 97 MSBs clustered at an address for a commercial office suite in Ontario, even though there was no evidence any of these companies had ever arranged for any business services at that address.

A strong geomagnetic storm is expected to push the often-magical light display farther south than usual.

© Don Campbell/The Herald-Palladium, via Associated Press

Canadian cybersecurity officials are warning that hacktivists are increasingly targeting critical infrastructure in the country. In an October 29 alert, the Canadian Centre for Cyber Security described three recent attacks on internet-accessible industrial control systems (ICS). The alert doesn’t attribute the ICS attacks to any particular group, but Russia-linked hacktivists have been the dominant groups tampering with ICS controls in the last year, particularly since the emergence of Z-Pentest in the fall of 2024. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also warned about hackers tampering with ICS controls.

Canadian ICS Attacks Target Water, Energy, Agriculture

One of the ICS hacktivist incidents targeted a water facility, where hacktivists tampered with water pressure values, “resulting in degraded service for its community.” Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was tampered with to trigger false alarms. A third incident targeted a grain drying silo on a Canadian farm, where temperature and humidity levels were tampered with, “resulting in potentially unsafe conditions if not caught on time,” the alert said. “While individual organizations may not be direct targets of adversaries, they may become victims of opportunity as hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada's reputation,” the Cyber Centre alert said. Exposed ICS components that could be targeted include Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Supervisory Control and Data Acquisition (SCADA) systems, Safety Instrumented Systems (SIS), Building Management Systems (BMS), and Industrial Internet of Things (IIoT) devices, the alert said. “Unclear division of roles and responsibilities often creates gaps leaving critical systems unprotected,” Cyber Centre said. “Effective communication and collaboration are essential to ensuring safety and security.”

Recommended ICS Security Protections

Cyber Centre said provincial and territorial governments should coordinate with municipalities and organizations within their jurisdiction “to ensure all services are properly inventoried, documented, and protected. This is especially true for sectors where regulatory oversight does not cover cyber security, such as Water, Food, or Manufacturing.” Municipalities and organizations in turn should work with their service providers to make sure that managed services are implemented securely and maintained properly, with clearly defined requirements. Devices and services should be properly secured based on vendor recommendations and guidelines. The alert said organizations should conduct a comprehensive inventory of all internet-exposed ICS devices and “assess their necessity.” “Where possible, alternative solutions—such as Virtual Private Networks (VPNs) with two-factor authentication—should be implemented to avoid direct exposure to the internet,” the alert said. If that isn’t possible, enhanced monitoring and practices should be used, including active threat detection tools such as Intrusion Prevention Systems (IPS), routine penetration testing, and continuous vulnerability  management. Organizations should also regularly conduct tabletop exercises to evaluate their response capabilities and to define roles and responsibilities in the event of a cyber incident.

Since January 8, 2025, travelers from most countries, including the US, Australia, and Canada have to apply for an Electronic Travel Authorisation (ETA) for visa free travel to the UK.

You can apply for an Electronic Travel Authorisation using the ETA App, or via an online form.

When you apply for a UK ETA you have to pay an application fee of £10 ($13.50), provide your contact and passport details, a valid passport photo, and answer a set of questions about suitability.

But as often happens when new regulations take effect, scammers are quick to exploit unsuspecting travelers by charging inflated fees or collecting personal information.

There are some that will get you an actual ETA, but at exorbitant prices, and some that you’ll never hear from again after you have made a payment.

Some scammers will promise to charge extra for guiding you quickly through the process, such as in this example we saw.

But there is absolutely no need to do that. Most ETA applicants receive an automatic decision within minutes when applying through the official UK ETA app, according to the UK government. However, some applications may take up to three working days to be processed, so, it’s a good idea to apply at least a few days before travel.

If you have applied for an ETA through an unofficial channel, or you have doubts about the validity of your ETA, you can check using the “Check eTA status” tool on the official UK government website. You will need your eTA reference number (found in your confirmation email) and the details of the passport used for the application.

The UK is not the only country targeted in this type of scam. One phishing scam targeted Canadian ETA applicants using fake websites closely mimicking the official Government of Canada eTA application site. Victims were lured to apply for travel authorization, providing personal data such as full name, passport number, and more. They were then asked to pay CAD $100, far above the official CAD $7 fee, to obtain the authorization.

Some AI search aids—I’m looking at you Gemini—will tell you there is an online “Check eTA status tool” which is only true for Canada. There is no such thing for the UK.

And searching for that tool brought me to another site that charges overpriced rates for an ETA.

Regarding the UK, once your application is approved, your ETA is electronically linked to the passport you used in your application. You will receive an email confirmation and a 16-digit ETA reference number from UK Visas and Immigration (UKVI), usually within three working days of applying. There is no need to present any document besides your passport when entering the UK.

How to avoid ETA scams

The risks of applying for an ETA through other sites may vary and range from paying more than necessary to identity theft. Here are several tips to stay safe when applying for your ETA.

• Stick to the official .gov.uk site, or use the official ETA app to make your application.
• Be wary of websites charging significantly higher fees than official amounts.
• Avoid clicking on sponsored advertisements or top search results without verifying their legitimacy.
  
• Do not share personal or payment data on suspicious or unknown sites.
• When contacted by email or phone about ETAs or visas, verify the contact through official government sources.
• Use an up-to-date real-time security solution that includes web protection.

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Carney's cabinet asked to find 'ambitious savings' ahead of fall budget. "Ministers are being asked to reduce program spending by 7.5 per cent in the fiscal year that begins in April, followed by 10 per cent the year after and 15 per cent in 2028-29."