TELUS marks 20th anniversary of TELUS Days of Giving

Posted in Commentary with tags on May 1, 2025 by itnerd

Today, TELUS announced its 20th annual TELUS Days of Giving kicks off on May 1, uniting TELUS team members, retirees, and partners around the world to volunteer and give back in their local communities. Throughout the month of May, TELUS team members, retirees, families, and partners around the world will participate in thousands of volunteer activities for TELUS Days of Giving. This global movement, which began as a single day of service two decades ago, now encompasses a diverse range of initiatives including environmental cleanups, food bank support, youth mentorship, and technology-focused efforts like device recycling. TELUS Days of Giving not only addresses immediate community needs but also fosters a year-round culture of volunteerism. This signature program runs from May 1-31 and last year alone, 83,000 volunteers gave back in 33 countries, contributing to 1.5 million volunteer hours in 2024, for the second consecutive year, more than any other company in the world. 

With recent studies highlighting that one in five Canadians now rely on charitable services to meet essential needs, and more than half of charities unable to keep pace with current demand, TELUS’ longstanding commitment to giving back has never been more vital. 

To learn more about TELUS’ commitment to creating positive change in communities where team members live, work, and serve, and to join in building a friendlier future for all, visit telus.com/purpose.

Leave a comment »

CIRA XDR brings cutting-edge cybersecurity technology to Canadian organizations

Posted in Commentary with tags on May 1, 2025 by itnerd

As the cybersecurity landscape continues to evolve, organizations require more sophisticated tools to protect themselves. CIRA, the national non-profit that protects over eight million Canadians with its cybersecurity products, is responding to this challenge by launching a new enterprise-grade service, CIRA XDR, that leverages an open-source codebase to protect organizations in Canada for which other solutions may be out of reach.

CIRA XDR is an affordable, professional-grade extended detection and response solution tailored specifically for Canadian organizations. Cybersecurity tools can generate overwhelming amounts of data leading to alert fatigue, long manual investigations and ad hoc mitigations from security teams. The struggle to keep up with the volume of “noise” produced by these traditional tools can hamper the ability to detect genuine threats. CIRA XDR leverages advanced analytics to reduce false positives, providing organizations with an easy and fast single-pane-of-glass view of potential threats with built-in automated response capabilities. The service can be integrated across multiple security domains—such as endpoints, identities, cloud applications, email and data stores.

Hosted in Canada by the team managing Canada’s internet top-level domain .CA, XDR ensures organizations’ data remains in the country. CIRA puts control back into the hands of Canadian organizations to manage threats and mitigate risks, all while contributing to the community making Canada’s cybersecurity posture stronger.

Key features

  • CIRA XDR equips organizations with optional endpoint client software for log collection, threat detection and active response intervention.
  • For organizations struggling to scale XDR solutions that require on-premise software or hardware appliance deployments, CIRA’s service runs with a lightweight agent and 100 per cent cloud data management and storage systems.
  • XDR provides Canadian cloud-hosted SIEM & SOAR services for a robust, secure and scalable infrastructure with worry-free external management.
  • XDR is pre-integrated into hundreds of security and application stacks to allow for rapid visibility and action across all IT infrastructure.

For more information about the service, visit cira.ca/xdr and learn more about CIRA Cybersecurity services by clicking on this link.

Leave a comment »

Atlassian Williams Racing Partners With Airia

Posted in Commentary with tags on May 1, 2025 by itnerd

Ahead of this weekend’s 2025 FIA Formula 1 Miami Grand Prix, Atlassian Williams Racing is pleased to announce a new multi-year partnership with Airia, an innovative enterprise platform that enables organisations to orchestrate, deploy and manage AI solutions securely and at scale.

Atlanta-headquartered Airia will become Official AI Orchestration Partner to Atlassian Williams Racing, the iconic British-based F1 team with nine Constructors’ World Championships and seven Drivers’ Championships. 

The partnership brings together two innovation-led companies driven by precision, performance and cutting-edge technology. Williams will use the Airia platform to safely connect teams across the organisation to AI capabilities, enabling faster access to knowledge and insights in pursuit of future World Championship success. It will also allow the team to build intelligent workflows and automate complex tasks, improving decision-making across technical and operational groups with robust security and governance guardrails in place.

Airia has chosen Atlassian Williams Racing for its first partnership in Formula 1, joining forces with one of the sport’s most iconic names to expand its reach across global markets. The partnership reflects Airia’s commitment to real-time decision-making, speed and reliability under pressure – values central to success both on and off track. In addition to Williams’ position as an icon of the sport, Airia was also attracted by the team’s dedication to inspiring the next generation through initiatives like F1 Academy and its pioneering schools outreach programme which will bring 10,000 children to the team’s Grove HQ this year free of charge to learn about STEM careers.

Airia’s branding will debut this weekend at the Miami Grand Prix, appearing on the front wing endplates and halos of the FW47 race cars driven by Alex Albon and Carlos Sainz, as well as on the side of the F1 Academy car driven by emerging US star Lia Block. Reflecting Airia’s passion for education, the company also plans to integrate into the team’s STEM programme. 

Airia becomes the third major technology company to partner with Williams in 2025, reinforcing the team’s long-standing position as a pioneering innovator in the world’s most technologically-advanced sport. Atlassian became the team’s title partner in January, followed by Brillio in March, strengthening the team’s growing roster of world-class partners.

Leave a comment »

Guest Post: When Wellness and Security Apps Betray Your Trust

Posted in Commentary with tags on May 1, 2025 by itnerd

By Aras Nazarovas

Apps designed to protect our peace of mind are increasingly becoming sources of anxiety. Take 7 Minute Chi – Meditate & Move, a meditation app marketed to reduce stress, and Robo Spam Text & Call Blocker, an iOS tool meant to shield users from robocalls and phishing. Both promised safety – one for mental well-being, the other for digital security. Instead, they exposed sensitive user data through security failures, revealing a worrying truth: the apps we trust to guard our privacy are often the weakest links in our digital lives.

The Irony of Leaky Safe Spaces

The 7 Minute Chi breach laid bare the personal details of over 100,000 users-names, emails, and app secrets like API keys and Facebook credentials – due to a misconfigured Firebase database. This is a betrayal. Users sought calm and focus, only to have their data potentially weaponized for phishing or identity theft. 

Also, Robo Spam Text & Call Blocker, downloaded 93,000 times, leaked 339,000 reported spam numbers, customer support tickets with real names and emails, and critical app secrets. Criminals now know which numbers users block and which keywords to avoid, and this enables them to craft scams that slip past filters.

These leaks aren’t accidents but symptoms of systemic negligence. Firebase misconfigurations, which leave databases publicly accessible, and hardcoded secrets embedded in app code are shockingly common. Our research shows 71% of 156,080 sampled iOS apps leak at least one secret, with an average of 5.2 per app. When developers cut corners, apps designed to protect become tools for exploitation.

The Human Cost of Broken Promises

For users, the fallout is deeply personal. Just imagine receiving a phishing email that references your meditation habits, perhaps even mentioning the specific app you use or the routines you follow – details you thought were private. 

Or picture answering a spam call that not only gets past your trusted blocker, but uses language and tactics tailored to your reported preferences and blocked keywords, making the scam far more convincing. 

In both cases, the sense of violation is profound: information you shared in the pursuit of calm or safety is now being used to target and manipulate you, turning trusted digital spaces into sources of new anxiety.

A Failure of Accountability

Neither Apple’s App Store reviews nor developer due diligence prevented these breaches. 7 Minute Chi’s Firebase instance sat exposed for weeks, while Robo Spam Text & Call Blocker’s parent company, Brantley Media Group, has a history of leaks, including an AI app that exposed users’ intimate stories. Yet, Apple’s ecosystem, often perceived as a “walled garden,” lacks mechanisms to scan for hardcoded secrets or enforce secure cloud configurations.

What’s Next?

To restore trust, the industry must prioritize:

  • Expand app store reviews to include backend security checks: Apple and other platform owners should incorporate automated scans for misconfigured databases, hardcoded credentials, and other backend vulnerabilities before approving apps.
  • Developers must follow secure coding standards, conduct regular code reviews, and leverage automated security testing tools to catch vulnerabilities early.
  • Provide real-time privacy visualizations and alerts: empower users with dashboards or notifications that reveal how their data is used, and immediately alert them to potential leaks or suspicious activity.
  • Offer post-breach support and transparency, and quickly notify users in the event of a breach, provide guidance on protective actions, as well as offer services such as personal data scans to help users recover.
  • Regularly update and patch apps

As the lead researcher on these investigations, I urge users to demand better. Change passwords exposed in breaches, limit data shared with apps, vet apps before installing them, as much as you can, and pressure platforms to enforce stricter standards. Until then, the very tools marketed to protect us will continue to leave us exposed.

ABOUT THE EXPERT

Aras Nazarovas is an Information Security Researcher at Cybernews, a research-driven online publication. Aras specializes in cybersecurity and threat analysis. He investigates online services, malicious campaigns, and hardware security while compiling data on the most prevalent cybersecurity threats. Aras along with the Cybernews research team have uncovered significant online privacy and security issues impacting organizations and platforms such as NASA, Google Play, App Store, and PayPal. The Cybernews research team conducts over 7,000 investigations and publishes more than 600 studies annually, helping consumers and businesses better understand and mitigate data security risks.

Leave a comment »

Mobile Klinik to offer Limited Lifetime Warranty for CPO devices and up to 61% in savings! 

Posted in Commentary with tags on April 30, 2025 by itnerd

With the ongoing turbulence in the economy, value matters more than ever for Canadian consumers. Mobile Klinik is now making it easier to save without compromising quality. Starting May 1, every Certified Pre-owned (CPO) phone purchased from Mobile Klinik, and activated on TELUS or Koodo, will now include a Limited Lifetime Warranty. 

Disclaimer: “Limited” refers to coverage that is contingent on the device remaining repairable and actively used on the TELUS or Koodo network. The warranty is tied to the device IMEI, not the original purchaser, and does not cover loss, theft, or damage beyond economic repair. If the device cannot be repaired or parts are unavailable, a trade-in top-up credit may apply. Terms and conditions apply

That means buying a CPO Samsung S24 FE for just $379 (vs. $1,100 new)   — a whopping 61% discount with available credits — now includes peace of mind for as long as you keep your plan. That’s $721 in savings and no more “what if it breaks?”

For iPhone users, a CPO iPhone 16 is now $596 (vs. $1,315 new)   — a 42% discount.

Disclaimer: Pricing is based on TELUS new device MSRP vs CPO MK price with applicable activation and sustainability credits. Prices as of April 2025 and subject to change

The cost-of-living crunch is real, and this warranty now makes buying a CPO device not just a smarter purchase, but a safer one.

Leave a comment »

Flashpoint Hits 400,000 Milestone with 400K Vulnerability Disclosures

Posted in Commentary with tags on April 30, 2025 by itnerd

 Flashpoint just announced that it has hit 400,000 vulnerability disclosures making it the world’s most comprehensive, timely, and actionable source of independently curated vulnerability intelligence.

The blog is here: https://flashpoint.io/blog/flashpoints-vulndb-milestone-intelligence-innovations/.

The milestone is a testament to Flashpoint’s long-term commitment for providing independently curated vulnerability intelligence without the limitations, delays, and coverage gaps of public programs such as the Common Vulnerabilities and Exposures (CVE) and the National Vulnerability Database (NVD) programs.

Leave a comment »

UK Grocery Retailer Co-op Shuts Down IT Systems After Hack Attempt

Posted in Commentary with tags on April 30, 2025 by itnerd

Reports have surfaced that UK supermarket chain Co-op, which owns 2,000 grocery stores, shut down parts of its IT system after discovering an attempted hack only days after fellow retailer Marks & Spencer faced a serious cyber incident. Details about that incident can be found here.

Javvad Malik, lead security awareness advocate at cybersecurity company KnowBe4, commented:

“The recent cybersecurity incident at The Co-op, following closely on the heels of a similar event at Marks & Spencer, underscores the growing cybersecurity challenges facing the retail sector. The Co-op’s swift response in restricting access to certain systems demonstrates a commendable prioritization of cybersecurity.

“This incident highlights the critical role of technology in modern retail operations and its potential vulnerabilities. As retailers increasingly rely on digital systems for everything from inventory management to customer service, they inadvertently expand their attack surface, making them attractive targets for cybercriminals. No single system should be considered to be non business critical. All systems are reliant on one another and when one goes down or is compromised, it can have a knock on effect on others. 

“The fact that other major retailers like Morrisons and WH Smith have faced similar challenges points to a broader trend of escalating cyber threats in the sector. This pattern emphasizes the need for a more proactive and comprehensive approach to cybersecurity across the retail industry. Which is why it’s important that retailers view cybersecurity not only as an IT concern, but as a fundamental part of business. This involves not only investing in technical defenses but also fostering a culture of cybersecurity awareness throughout the organization where everyone plays their role in keeping the organization secure.” 

Kudos to this grocery chain for taking swift action in this case. I would love for them to share their playbook in terms of incident detection and response as I am sure many other organizations could learn from them.

Leave a comment »

Charleston County, SC School District notifies 20,000+ people of data breach

Posted in Commentary with tags on April 30, 2025 by itnerd

The Charleston County, SC School District yesterday confirmed it notified 20,653 people about a July 2024 data breach. The district has not publicly disclosed what personal data was compromised, but it is suspected that Social Security numbers and/or other info that could be used for identity fraud were compromised. Ransomware gang RansomHub claimed responsibility for the breach in August 2024.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“RansomHub is a prominent cybercriminal gang that runs a ransomware-as-a-service business in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub started claiming attacks on its data leak site in February 2024. Since then, it’s claimed 136 confirmed ransomware attacks, compromising 6.5 million records. The group claimed another 631 unconfirmed attacks that haven’t been acknowledged by the targeted organizations.”

“In 2024, Comparitech researchers logged 75 confirmed ransomware attacks on US schools and colleges, compromising more than 2.8 million records. The average ransom is $876,000.”

“Ransomware attacks on schools and colleges disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data. Schools that refuse to pay face extended downtime, lose data, and put students and faculty at increased risk of fraud.”

Other than healthcare, the education sector is low hanging fruit for threat actors. Both sectors need to be focused on so that this wave of ransomware attacks start to head in a more positive direction.

Leave a comment »

StarTree Unveils AI-Native Real-Time Analytics and Launches Bring Your Own Kubernetes (BYOK)

Posted in Commentary with tags on April 30, 2025 by itnerd

 StarTree today announced two new powerful AI-native innovations to its real-time data platform for enterprise workloads: Model Context Protocol (MCP) support and vector embedding model hosting. These capabilities enable StarTree to power agent-facing applications, real-time Retrieval-Augmented Generation (RAG), and conversational querying at the speed, freshness, and scale enterprise AI systems demand.

AI is only as powerful as the information architecture behind it. Just as the cloud forced a fundamental redesign of enterprise data systems—AI is now triggering a similarly profound shift. As agentic systems emerge, traditional data architectures—designed for internal users who accept slow queries and stale data—can no longer keep up. Agentic AI demands sub-second query speeds, real-time context awareness, and the ability to support swarms of autonomous agents working in parallel. This marks a fundamental shift in the role of data platforms—from static storage to dynamic engines that can aid agents in completing tasks.

StarTree has long delivered on this promise, powering millions of low-latency queries per second on the freshest data available. But new capabilities were needed to extend this foundation and fully unlock the next generation of AI-native applications. New features launching include:

  • Model Context Protocol (MCP) support: MCP is a standardized way for AI applications to connect with and interact with external data sources and tools. It allows Large Language Models (LLMs) to access real-time insights in StarTree in order to take actions beyond their built-in knowledge. Availability: June 2025
  • Vector Auto Embedding: Simplifies and accelerates the vector embedding generation and ingestion for real-time RAG use cases based on Amazon Bedrock. Availability: Fall 2025

The StarTree platform now supports:

  • Agent-Facing Applications – By supporting the emerging Model Context Protocol (MCP), StarTree allows AI agents to dynamically analyze live, structured enterprise data. With StarTree’s high-concurrency architecture, enterprises can support millions of autonomous agents making micro-decisions in real time—whether optimizing delivery routes, adjusting pricing, or preventing service disruptions.
  • Conversational Querying – MCP simplifies and standardizes the integration between LLMs and databases, making natural language to SQL (NL2SQL) far easier and less brittle to deploy. Enterprises can now empower users to ask questions via voice or text and receive instant answers—like a ride-hailing driver asking, “How much money have I made today?” followed by, “What about this month?” and “Where and when am I making the most money?”—with each question building on the last. This kind of seamless, conversational flow requires not just language understanding, but a data platform that can deliver real-time responses with context.
  • Real-Time RAG – StarTree’s new vector auto embedding enables pluggable vector embedding models to streamline the continuous flow of data from source to embedding creation to ingestion. This simplifies the deployment of Retrieval-Augmented Generation pipelines, making it easier to build and scale AI-driven use cases like financial market monitoring and system observability—without complex, stitched-together workflows.

StarTree Expands Deployment Flexibility with Bring Your Own Kubernetes (BYOK)

StarTree also announced the general availability of Bring Your Own Kubernetes (BYOK), a new deployment option that gives organizations full control over StarTree’s high-performance analytics infrastructure within their own Kubernetes environments, whether in the cloud, on-premises, or in hybrid architectures.

With BYOK, enterprises can maintain full governance and control over their infrastructure while still taking advantage of StarTree’s real-time performance and ease of use. This model is ideal for regulated industries such as financial services and healthcare, where strict data residency, compliance, and security policies often prohibit the use of traditional SaaS models. It also delivers a cost-effective solution for organizations with stable, predictable workloads, offering savings on compute and egress fees.

BYOK joins StarTree’s existing deployment options, which include fully managed SaaS and Bring Your Own Cloud (BYOC), giving customers the flexibility to choose the model that best fits their operational and regulatory requirements. Availability: now in private preview

Real-Time Analytics Summit 2025: Coming May 14

StarTree will showcase many of these new innovations during the Real-Time Analytics Summit 2025, a virtual event taking place on May 14. The event will feature speakers from Uber, Netflix, AWS, and more, exploring the future of AI-driven analytics, data infrastructure, and emerging use cases across industries. Attendees will gain valuable insights into how real-time analytics is driving digital transformation across industries, from finance and e-commerce to gaming, cybersecurity, and beyond.

Leave a comment »

World Password Day | The most commonly used passwords of 2025 revealed

Posted in Commentary with tags on April 30, 2025 by itnerd

Cybernews researchers analyzed 19B passwords and discovered how people create them: their favorite animals, pop culture terms, celebrities, cities, food, names, swearwords, and more.

Researchers analyzed 19,030,305,929 passwords, of which only 1,143,815,266 (6%) were identified as unique.

Researchers developed custom wordlists covering diverse themes to better understand password composition.

Key findings:

  • Most people use 8–10 character passwords (42%), with eight being the most popular.
  • Almost a third (27%) of the passwords analyzed consist of only lowercase letters and digits.
  • Almost 20% of unique passwords mixed case letters and numbers, but had no special characters.
  • Passwords composed of profane or offensive words might seem rare, but they’re very common in practice.
  • Despite years of being called out, default and “lazy” passwords like “password”, “admin”, and “123456” are still a common pattern.
  • Researchers found “1234” in almost 4% of all passwords – over 727 million passwords use this sequence.
  • 338 million passwords use the “123456” combination.
  • Only 6% of passwords are unique, leaving other users highly vulnerable to dictionary attacks. 
  • Ana is the most popular name, used in almost 1%, or 178.8M passwords.
  • The positive wordlist is dominated by words like love (87M), sun (34M), dream (6.1M), joy (6.9M), and freedom (2M)​.
  • Some of the most frequently used pop culture terms in passwords include Mario (9.6M), Joker (3.1M), Batman (3.9M), Thor (6.2M), and, surprisingly, Elsa (2.9M) from Disney’s “Frozen”.
  • Swear words are also very common in passwords. The top entry, ass (165M).
  • Users often craft their passwords using fuck (16M), shit (6.5M), dick (3.2M), and bitch (3.2M).
  • The most popular city for passwords is Rome (13M), while 9.8M passwords include lion, and 7.8M – fox.
  • Summer (3.8M) is the most popular season, and users prefer Monday (0.8M) the most to protect their accounts.
  • May (28M) appears in lots of passwords but also in many other words used to create passwords.
  • The second most popular month was April (5.2M).
  • Over 36M passwords included tea, 10.7M – apple, 4.9M – rice, 3.6M – orange.
  • Google holds the door for 25.9M accounts, followed by Facebook (18.7M), and Kia (12.7M).
  • Many believe that hackers will be repelled by boss (10M), hunter (6.6M), cook (4.2M) and other professions.
  • Soccer (4M) is a more popular account safeguard than football (3.4M).
  • Carolina (1.9M), Dakota (1.2M), and Texas (1.1M) are the three most popular US states that will not keep hackers away.
  • Almost 24M users believe “god” will make their password secure, and 20M rely on “hell”.

The list of the top 10 most common passwords in 2025 can be found here. 

Leave a comment »

« Older Entries
Newer Entries »