Chris Herborth

Compliance won’t stop hackers; operations will. In 60 days, make Canada’s Baseline Controls actually work: identity‑first SIEM, immutable backups, and real‑world IR. Read our opinionated plan & get actionable checklists. 👇 Full article link in the comments. #cyberprotection #cybersecurity #SIEM

1

1 Comment

🚀 Exciting News! Our AutoC tool has been officially accepted also to Black Hat Canada 🍁🇨🇦(SecTor) 2025 🎉 It will be available on-demand through the official Black Hat application. For those who haven’t seen it yet, AutoC is an open-source automation tool designed to extract and analyze Indicators of Compromise (IoCs) from cyber reports and blogs, making threat intelligence faster and more actionable. 👉 Check out this short demo video to see AutoC in action (attached to this post) 🔗 You can explore and download AutoC from our GitHub: https://lnkd.in/dmQtfaSg Proud to see AutoC gaining recognition across multiple conferences this year, and looking forward to sharing more with the community! #CyberSecurity #ThreatIntelligence #BlackHat #AutoC #OpenSource Bar Haim

29

3 Comments

Toronto organizations need penetration testing that reflects how attacks actually happen. CyberSpective delivers expert-led penetration testing services for Toronto businesses, combining manual testing, clear risk context, and actionable remediation. 👉 Read more here: https://lnkd.in/gpjWaKkP #PenetrationTesting #Cybersecurity #TorontoBusinesses #CyberSpective

4

Our head of offensive security will be presenting an interesting discussion focusing on our work to responsibly and safely integrate AI and automation into our process. If you’re in Toronto, definitely check it out.

7

False positives flood SecOps and IAM when every log is treated the same. Introducing Cribl Guard - a solution that helps teams tune observability data at the source, so identity tools get the context they need without the noise. Explore how Cribl improves security signal quality: layer8solutions.ca/cribl #NetworkSecurity #AISecurity #SecOps #Observability

5

We are super excited to announce the first OWASP Saskatoon event! We will be meeting on November 5th, at the Andgo Systems offices. Our event will feature two speakers with a focus on AI. Our first speaker, Tyler Dewald is one of the co-founders of OWASP Saskatoon. His day job focuses on application security and he will be speaking about Model Context Protocol (MCP). Read more about the talk below. As AI adoption accelerates across enterprises, the Model Context Protocol (MCP) is quickly becoming the standard for how LLM systems interact with external tools and resources—but with this innovation comes significant security challenges for SOC managers and security professionals. This session takes a practical look at how this emerging standard operates and gives actionable intelligence on potential security blindspots in your organization's defences. We'll examine real-world attack scenarios where familiar threats find new pathways through MCP implementations, from credential harvesting and arbitrary code execution to the more insidious "rug pull" attacks and context poisoning unique to this protocol. You will walk away knowing more about the threats your company faces and how you can build an actionable security strategy for defending your organization. Our second speaker on the evening is Gavin Klondike. Gavin is the principal security consultant at GlitchSecure. His talk will focus on the OWASP® Foundation Top Ten for LLMs. Read more about his talk below. Learn to build AI applications with enhanced security, implementing best practices for secure and responsible AI development. In this session, Gavin will walk through the OWASP Top 10 for Large Language Model (LLM) applications — and cover the most critical security risks associated with AI systems. As the author of two of the OWASP top 10, he’ll share lessons from his work in penetration testing, practical ways these risks show up in real-world environments, and strategies to mitigate them. A big thank you to both of our speakers, and Andgo Systems for hosting the event. You can register at Meetup https://lnkd.in/gfjrCWN3 . You can find more information about OWASP Saskatoon at https://lnkd.in/gGjY--YR

12

This afternoon Laure MILLET, CSL's VP Research, spoke at BSides Vancouver about using eliminative argumentation (EA) to reason about cybersecurity assurance. A key idea in the presentation was using "defeaters" (sources of doubt) to drive critical thinking about cybersecurity. Our commercial tool, Socrates - Assurance Case Editor, can be used to perform EA-style analysis and streamline compliance activities. Checkout our website or reach out to Laure to learn more. https://lnkd.in/geta9QkU #bsides #assurance #cybersecurity

7

Cloud compliance for visual assessment tools: Your CISO isn't blocking the deal. They're previewing every question procurement will ask you six months from now. Canadian digital health companies sometimes frame CISO scrutiny as a friction point. It's more accurate to treat it as early procurement intelligence. If your compliance architecture can't withstand the CISO's vendor questionnaire, it won't withstand procurement either. For cloud-hosted visual assessment tools specifically, three layers matter in the Canadian context. 👉 Data residency: Provincial health privacy legislation is not uniform. Ontario's PHIPA, Alberta's HIA, and BC's PIPA (etc) each carry different requirements around where patient data is stored and who can access it. If you're using AWS or Azure, your data region must match the province you're operating in. This is a pre-contract requirement, not an IT configuration to sort out after the pilot starts. 👉 SaMD classification: If your software uses AI or computer vision to produce an assessment output (wound healing percentage, fall risk score, gait pattern analysis), it's likely classified as Software as a Medical Device under Health Canada's framework. A Class II or higher licence may be required before clinical deployment. "Clinical decision support" framing can reduce regulatory burden in some cases, but the line is narrower than many founders expect, and Health Canada's guidance on AI-enabled devices is evolving. Important: Follow your own regulatory affairs dept or consultant's recommendations as they know your business best. 👉 Contractual liability. Hospital legal teams will push indemnification clauses and minimum cyber insurance thresholds onto the vendor. Knowing your exposure before the first legal review changes the commercial conversation and the timeline. The CISO is a gatekeeper. They're also giving you a roadmap. Build the compliance architecture before the pilot, and the rest of the process moves faster. Questions about how this applies to your specific tool? Reach out directly to chat. 🙂

7

1 Comment

Canadian SMBs face $250K+ breach costs and rising regulation. Antivirus is not enough. Use MDR, dark‑web scans, MFA, and Zero Trust controls strengthen your defences.

3

Edmonton police are the first in the world to test Axon's body-worn facial recognition cameras in public, and they're doing it without waiting for the privacy commissioner to review their impact assessment. https://lnkd.in/gMfNjVk6

13

2 Comments

A new AboutDFIR.com security bulletin is live! 160,000 Impacted by Valsoft Data Breach  Canada-based vertical market software (VMS) firm Valsoft Corporation (dba AllTrust) is notifying over 160,000 people that their personal information was compromised in a data breach. The incident, discovered on February 14, involved unauthorized access to a non-production network of AllTrust subsidiary Aspire USA. “Aspire’s internal security team identified an in-progress file transfer which they were able to interrupt mid-transfer,” the company says in a notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office.    Update to How CISA Shares Cyber-Related Alerts and Notifications  Starting May 12, CISA is changing how we announce cybersecurity updates and the release of […]

2

Guardrails were never governance. They were duct tape. Enterprise AI has outgrown them. When AI systems were just chatbots, output filtering and prompt sanitization were enough. That era is over. Today's enterprise AI is agentic. It calls APIs. It orchestrates other agents. It takes actions inside your systems — autonomously. The attack surface is no longer just the model output. It's the entire operational lifecycle. In my view, organizations still treating guardrails as their primary AI control mechanism are running a governance deficit they haven't fully priced yet. What's actually needed is a formal control layer — one that governs tool use, API permissions, agent-to-agent interactions, and decision authority at every stage of execution. This maps directly to NIST AI RMF GOVERN and MANAGE functions — structured accountability, not reactive patching. Action Layer: Audit your current AI controls against agentic behavior — not just model outputs. Map every tool, API, and orchestration path your AI systems touch, then ask whether each one has an explicit permission boundary and audit trail. If your AI governance framework was designed before your AI became autonomous, is it still a governance framework — or just documentation? https://lnkd.in/en4wW7RA

3

4 Comments

🚨 CRITICAL SharePoint Zero-Day Alert: CVE-2025-53770 Under Active Exploitation in Canada The Canadian Cyber Centre just issued an urgent update on a critical SharePoint Server vulnerability that's being actively exploited. This affects ALL on-premises SharePoint versions - and there's no patch yet. 🔍 What Makes This Dangerous CVE-2025-53770 exploits untrusted data deserialization, allowing attackers to execute remote code on unpatched SharePoint servers. The vulnerability only impacts on-premises installations - SharePoint Online users are safe. Key exploitation indicators to hunt for immediately: 🎯 Malicious file: spinstall0.aspx in C:\PROGRA\~1\COMMON\~1\MICROS\~1\WEBSER\~1\16\TEMPLATE\LAYOUTS\ 🎯 Suspicious POST requests to /\_layouts/15/ToolPane.aspx with SignOut.aspx referer 🎯 Network activity from IPs: 107.191.58\[.\]76, 104.238.159\[.\]149, 96.9.125\[.\]147 🛠️ Immediate Defense Actions Without a patch available, focus on these Microsoft-recommended mitigations: Enable AMSI integration on all SharePoint servers Deploy Microsoft Defender Antivirus across your SharePoint infrastructure If AMSI can't be enabled, disconnect servers from internet access Implement Defender for Endpoint for post-exploit detection Monitor continuously for the three compromise file hashes listed in the advisory ⚡ The threat actors have been active since July 17th. If you find ANY indicators, take affected servers offline immediately and hunt for lateral movement. 📢 How are your teams responding to this zero-day? What additional detection measures are you implementing while waiting for the patch? https://lnkd.in/dyXdipnn #ThreatIntelligence #SharePoint #ZeroDay #CyberThreat #InfoSec #IncidentResponse #SecurityOperations #Microsoft #RCE #CriticalVulnerability

1

Setting up a Virtual Machine (VM) environment is a fundamental skill for any aspiring cybersecurity professional. Whether you're looking to test malware safely or simulate complex networks, it all starts here. Join the Conestoga Cybersecurity Association this Wednesday for a hands-on walkthrough on setting up and configuring your very own VM Lab! 📍 Where: Conestoga College, Waterloo Campus - Room 1G05 📅 When: Wednesday, Feb 11th | 6:30 PM – 8:00 PM 💻 Note: This is a BYOD (Bring Your Own Device) workshop. Action Item: You must download the required software before arriving. Watch the tutorial here for instructions: https://lnkd.in/eJVfEsa5 See you there! 🛡️ #CyberSecurity #ConestogaCollege #VirtualMachines #TechWorkshop #StudentSuccess #InfoSec

4