Archive for June, 2025

« Older Entries
Newer Entries »

Surveillance camera statistics: which are the most surveilled cities?

Posted in Commentary with tags on June 25, 2025 by itnerd

Comparitech researchers have released a study determining the most surveilled cities in the world. The research looks at the number of CCTV cameras per city and per population to discover which cities are the most watched. The study also outlines the ten most populated cities and their camera counts, the surveillance stats in US cities, and the correlation between CCTV cameras and crime count. 

Key findings include: 

  • Hyderabad, Indore, Bangalore, Lahore, Seoul, Moscow, Kabul, Singapore, Saint Petersburg, and Baghdad are the top 10 most surveilled cities outside of China (based on the number of cameras per 1,000 people)
  • A worrying number of cities are connecting private CCTV cameras to police networks, which is significantly increasing the number of “public” cameras across cities
  • At the end of 2021, over one billion surveillance cameras were estimated to have been installed worldwide, according to IHS Markit’s latest report.
  • 700 million cameras form the SkyNet project in China
  • We found little correlation between the number of public CCTV cameras and crime or safety

You can see more details here: https://www.comparitech.com/vpn-privacy/the-worlds-most-surveilled-cities/

Leave a comment »

1 in 2 Employees Have Excessive Privileged Access—CloudEagle.ai Survey Warns of Escalating Insider Risk due to AI and SaaS Sprawl

Posted in Commentary with tags on June 25, 2025 by itnerd

A new report from CloudEagle.ai, the AI-powered SaaS management and governance platform, reveals that 60% of enterprise SaaS and AI applications now operate outside IT’s visibility. This surge in “invisible IT” is fueling a crisis in identity governance, leading to increased breaches, audit failures, and compliance risk across enterprises.

A survey of 1,000 enterprise CIOs and CISOs reveals a critical shift: most breaches originate internally, driven by excessive permissions, stale accounts, and fragmented identity governance. Manual onboarding, infrequent access reviews, and siloed deprovisioning only worsen the risk. 70% of CIOs flagged unsanctioned AI tools as a top data concern, and 48% of former employees still have app access months after leaving.

Key findings from the report show the scale of access sprawl:

  • 1 in 2 employees have excessive privileges
  • Only 15% have implemented Just-In-Time (JIT) access across departments
  • 50% admit privilege creep is common, yet only 5% enforce least-privilege policies

The report urges enterprises to be proactive and embrace AI-powered identity governance. For years, IT teams were underfunded and lacked executive visibility to drive meaningful change. That’s now shifting, as identity governance is increasingly recognized as a core security function, these teams are gaining the budget, authority, and urgency traditionally reserved for security operations, enabling them to govern and secure the rise of AI and SaaS.

  • Implement context-aware, zero-trust access controls
  • Hire a Chief Identity Officer (CIDO) to unify governance across all teams
  • Auto-provision/deprovision apps based on real-time usage
  • Enforce JIT access for high-risk roles to eliminate standing privileges
  • Run continuous, behavioral AI-based access reviews


Link to the report – https://www.cloudeagle.ai/iga-report

Leave a comment »

Future-Proofing Ontario: Seizing AI’s Economic Potential

Posted in Commentary with tags on June 25, 2025 by itnerd

Artificial intelligence (AI) is transforming global economies, with the potential to add $187 billion annually to the Canadian economy by 2030. Yet, despite this promise, Ontario businesses and workers’ slow AI adoption risks undermining Canada’s competitiveness.

To address this gap, the Ontario Chamber of Commerce (OCC), in collaboration with Microsoft Canada, has released Future-Proofing Ontario: Empowering Businesses with AI Skills — a policy primer that explores AI’s economic potential, identifies barriers to adoption, and presents scalable initiatives to build an AI-fluent workforce and business ecosystem.

Although AI holds immense promise for driving productivity and innovation, its adoption remains low: only six per cent of Canadian businesses report using AI tools, and just 31 per cent of Canadians trust generative AI. The primer calls for urgent, sustained action to equip Ontario’s workforce with the skills and confidence needed to responsibly harness AI and unleash inclusive economic growth.
inclusive economic growth.
Key recommendations include:

  • Lead by Example: Governments must model responsible, transparent AI use to build public trust, implement service delivery and set the tone for industry adoption.
  • All Hands-on-Tech: Deepen collaboration across government, academia, and industry to accelerate innovation and skills development.
  • Start Small, Win Big: Invest in accessible, low-risk, and high-impact reskilling programs tailored to the needs of small and medium-sized enterprises (SMEs).
  • Smart Incentives, Smarter Businesses: Draw on best practices from global leaders such as Singapore to support digital transformation for SMEs.
  • From Sandbox to Spotlight: Expand successful pilot projects into province-wide programs for long-term, sustainable growth.

Visit www.occ.ca for more.

Leave a comment »

BREAKING: iCloud Has Taken A Dirt Nap [UPDATE: Fixed]

Posted in Commentary with tags on June 24, 2025 by itnerd

Apple fanboys are likely freaking out right now as iCloud appears to be down for many based on DownDetector:

Apple’s system status page confirms this with the following services being impacted:

  • iCloud Mail
  • iCloud Web Apps
  • iCloud Storage Upgrades
  • iWork for iCloud
  • Photos

Whatever is going on, it wasn’t the only outage that Apple had today. There was a separate outage issue that impacted Apple’s business users, with Apple Business Essentials, Apple Business Manager, and Apple School Manager being taken out. Clearly Apple isn’t having a good day today and I hope that this outage is resolved quickly. Because hell hath no fury like a scorned Apple Fanboy.

UPDATE: This now appears to be fixed.

Leave a comment »

An Unnamed Canadian Telco Was Pwned By Chinese Hackers

Posted in Commentary with tags , on June 24, 2025 by itnerd

The Canadian Centre for Cyber Security and the FBI in the U.S. have put out statements that both state that a unnamed Canadian telco has apparently been pwned by Chinese hackers:

The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.

Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025. The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network.

In separate investigations, the Cyber Centre has found overlaps with malicious indicators associated with Salt Typhoon, reported by our partners and through industry reporting, which suggests that this targeting is broader than just the telecommunications sector. Targeting of Canadian devices may allow the threat actors to collect information from the victim’s internal network, or use the victim’s device to enable the compromise  of further victims. In some cases, we assess that the threat actors’ activities were very likely limited to network reconnaissance .

While our understanding of this activity continues to evolve, we assess that PRC cyber actors will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years. To monitor and mitigate this threat, we encourage Canadian organizations to consult the guidance linked below on hardening networks, security considerations for edge devices, and additional cyber threat information pertaining to the PRC.

So in short, China is has hacked this Canadian telco to snoop on traffic since February 2025. I assume that includes things like text messages and calls, not to mention unencrypted data. That’s not good to say the least. Now I for one would like to know which telco got pwned. And I also would like to know what that telco, along with every other telco in Canada is going to do to ensure that this stops here. Canadians deserve to know that their telcos are doing everything possible to keep their communications safe. So how about it Bell, Rogers, TELUS and Quebecor? Will you do your part to reassure Canadians that this stops here?

Leave a comment »

Covenant Health network hack claimed by Qilin

Posted in Commentary with tags on June 24, 2025 by itnerd

Ransomware gang Qilin today took credit for a May 2025 cyber-attack against Covenant Health in Massachusetts. Qilin has claimed to have stolen confidential files and has posted images of what it says are documents stolen from the network to prove its claim. 

Paul Bischoff, Consumer Privacy Advocate at Comparitech,provided the following comment: 

“Qilin is a ransomware gang that began claiming responsibility for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.”

“Qilin has claimed responsibility for 38 confirmed ransomware attacks in 2025 to date, plus 261 unconfirmed claims that haven’t been acknowledged by the targeted organizations.”

“Ransomware attacks on US hospitals, clinics, and other care providers can cripple critical systems and endanger the health, privacy, and security of patients. Hospitals must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.”

Qilin has been very busy as they’ve claimed responsibility for a number of high profile attacks. This illustrates that you have to have your house in order to stop this gang and others like Qilin from making your life miserable.

Leave a comment »

Saviynt Appoints Palo Alto Networks, Citrix Exec Steve Blacklock as Channel Chief

Posted in Commentary with tags on June 24, 2025 by itnerd

Saviynt today announced the appointment of Steve Blacklock as its Senior Vice President of Global Partners and Channel Chief. As Saviynt continues to invest as a partner first company, Blacklock will lead all aspects of Saviynt’s global partner organization, deepening strategic alliances, driving GTM through the partner and Saviynt sales teams, and spearheading development of new strategic partnerships that will drive transformational growth. 

Blacklock brings more than 30 years of experience in global alliances and business development across the technology sector, with a proven track record of forging high-impact partnerships that drive transformational outcomes. He joins Saviynt from Palo Alto Networks, where he served as Vice President of North American Partner Sales. During his tenure, he led go-to-market initiatives across GSIs, MSSPs, cloud providers, and value-added resellers, helping expand the company’s footprint through a robust partner ecosystem.

Prior to Palo Alto Networks, Blacklock held several executive leadership roles, including Vice President of Strategic Alliances at Icertis, where he led partnerships with Microsoft and SAP; Vice President of Global Strategic Alliances at Citrix, where he was pivotal in the company’s shift to cloud services and subscription models; and various senior roles at Cisco, including managing the billion-dollar HP partnership and as a part of the executive team that launched the VCE joint venture with EMC and VMware. Blacklock holds a degree in Electrical and Computer Engineering from Queen’s University in Kingston, Ontario, and currently resides in Pleasanton, California.

Leave a comment »

16 billion passwords leaked – how much is recycled data? 

Posted in Commentary with tags on June 24, 2025 by itnerd

After researchers recently uncovered a (seemingly) unprecedented aggregation of roughly 16 billion username–password pairs. However, there’s been some debate around how much of this is recycled data versus new. Similar to the Rockyou2024 password list and ALIENTXTBASE data dump, Specops Software analysts found that this 16 billion passwords leak isn’t as concerning as initial headlines suggested. Having said that, this is still a noteworthy password list and organizations should remain wary of the risk of breached credentials.  

This analysis looks at how this list was discovered, provides an investigation of how many of these credentials are actually new, and offers best practices for how organizations should respond. 

The full report can be found at this link: https://specopssoft.com/blog/16-billion-passwords-leaked/

Leave a comment »

Abstract Security Launches LakeVilla: Scalable, Searchable, and Cost-Efficient Cold Storage for Security Telemetry

Posted in Commentary with tags on June 24, 2025 by itnerd

Abstract Security, the leader in streaming-first security data operations, today announced the release of LakeVilla, a cloud-native cold storage solution built for long-term security telemetry retention that delivers compliance-ready, highly accessible storage at a fraction of SIEM costs—without compromising on performance or accessibility.

Fully integrated into the Abstract Security Platform, LakeVilla enables organizations to retain and replay years of security data—instantly searchable and seamlessly usable across detection, investigation, and compliance workflows. LakeVilla provides: 

  • Instant Searchability Without Rehydration: Data is always query-ready—no rehydration, no delays, no hidden fees. 
  • Replay on Demand for Deeper Insights: Replay archived data through live workflows to uncover missed threats and refine detection. 
  • Cost Savings at Enterprise Scale: Reduce storage costs by sending only frequently accessed, high-touch data to analytics engines—while routing the rest to LakeVilla for affordable, always-available retention. 
  • Seamless Integration with Abstract Pipelines: Removes redundant ingestion steps and ensures seamless data flow from real-time detection to long-term storage. 
  • Cloud-Native Flexibility and Vendor-Neutral Design: Supports AWS, Azure, and GCP cloud object storage—giving organizations the flexibility to store data where they already operate with built-in flexibility to migrate without hassle and avoid vendor lock-in. 

Why have a Lake House When You Can Have a Lake Villa! 

While data lake architectures are often bloated, costly, and slow to access, Abstract Security’s LakeVilla is different: purpose-built for security, optimized for speed, and seamlessly integrated with the tools teams already use. It’s not just a storage location—it’s an operational asset. 

Availability 

LakeVilla is available now for all Abstract Security customers in both hosted and private cloud deployments. To learn more, check out the LakeVilla blog. 

Leave a comment »

Galaxy Book4 Edge: The Next Chapter in Galaxy Book Series 

Posted in Commentary with tags on June 24, 2025 by itnerd

The Galaxy Book4 Edge received some great spec updates in the latest version of the Galaxy Book Edge Series, and it sets a new performance benchmark for Windows laptops. Built on the Snapdragon X Elite series platform and optimized for AI workloads, it brings meaningful improvements in speed, battery efficiency, and intelligence over previous models. 

This isn’t just a spec refresh. It’s a major evolution in the Galaxy Book lineup, designed to take advantage of what’s next in mobile computing. 

Here are three key features of the Galaxy Book4 Edge: 

  • Effortless performance, when and where you need it: With up to 4.2GHz boost clock, 12 high-performance cores, and a dedicated NPU delivering 45 trillion operations per second, this platform enables responsive multitasking and fast on-device AI processing. That means faster performance without reliance on cloud computing and better power efficiency under heavy workloads. 
  • All-day battery and next-gen connectivity: Up to 27 hours of video playback, Wi-Fi 7 support, and a fanless thermal design ensure sustained performance in a compact, ultra-slim chassis. The result is silent, mobile productivity with fewer interruptions and greater thermal stability. 
  • High-resolution AMOLED touchscreen displays: The 14-inch and 16-inch models feature 3K Dynamic AMOLED 2X touchscreens with anti-reflective coating and Vision Booster. This combination delivers vivid visuals, sharp contrast, and adaptive brightness that adjusts to ambient light for improved usability and reduced eye strain. 
  • Designed for Security and Seamless Productivity: Like all Galaxy Book devices, the Book4 Edge is protected by Samsung Knox, a defense-grade security platform built into the hardware and software. Knox helps safeguard sensitive data from the moment the device powers on—giving peace of mind for professionals and everyday users alike. 

The Galaxy Book4 Edge retains the polished design and ecosystem compatibility that defines the Galaxy Book line, while accommodating increased AI integration. Beyond that, we have additional products designed to help maximize workflows and productivity within the Galaxy Book5 series. From the Galaxy Book5 360 for the versatility of a convertible laptop to the Galaxy Book5 Pro for advanced B2B needs, Samsung’s broader computing lineup is built for seamless integration within the Galaxy ecosystem. 

These devices are available now at Samsung.com/ca, with the GB4 Edge starting at 1,349.99 CAD. 

Leave a comment »

« Older Entries
Newer Entries »