Bell expands fraud-fighting efforts with new Suspicious Call Detection feature

Posted in Commentary with tags on April 30, 2025 by itnerd

As part of Bell’s ongoing work to protect customers and fight fraud, Bell is introducing a new feature called Suspicious Call Detection – a free tool that automatically labels potentially fraudulent or spam calls to help customers better screen incoming calls.

Using artificial intelligence (AI) and machine learning (ML) analytics, the feature displays labels like “Likely Fraud” or “Possible Spam” on suspicious calls, giving customers more control over which calls they choose to answer. It’s available now across Bell’s mobility brands and plans, including Virgin Plus and Lucky Mobile, and will automatically begin working without any action required from customers. The tool will also get smarter over time as it continues to learn from evolving call patterns and threats.

Suspicious Call Detection builds on Bell’s existing call-blocking technology, which proactively stops known fraudulent calls from ever reaching customers. Since first piloting this technology in 2020 and officially launching it in 2021, Bell has blocked more than 6.6 billion unwanted calls. With this new feature, and they’re going a step further by helping customers recognize suspicious calls that can’t be definitively blocked.

Bell has created a dedicated support page for customers with more information on how the feature works: Bell.ca/calldetection

Leave a comment »

The CCTS Mid-Year Report Is Out

Posted in Commentary with tags on April 30, 2025 by itnerd

The Commission for Complaints for Telecom-television Services (CCTS) released its Mid-Year Report today, highlighting its continuing high rate of successfully resolving complaints received from Canadian phone, TV and internet customers, despite seeing a 12% year-over-year increase in the number of complaints.

Surprisingly, TELUS accounts for the highest number of CCTS complaints, with 19.7% of all CCTS complaints during the reporting period. Rogers accounts for 18.7% of all complaints accepted, followed by Bell at 16.7%. Shaw Communications, acquired by Rogers in April 2023, is one of the five most complained-about providers for the first time in the last five years with 9.6% of complaints received, driven by an increase in complaints about set-top box rental equipment and contract issues. Fido rounds out the top five at 6.8% of complaints.

The most common billing issues are incorrect charges on monthly bills, not receiving promised credits or refunds, and unexpected increases to monthly bills for phone, TV and internet services.

Canadians complained most often about their wireless service, representing 50% of all issues raised during the reporting period. Internet service accounts for 26% of all issues. TV issues represent 15% of all issues raised. During the reporting period, TV issues increased by 49%.

Canadians should take some time to read this report as it will highlight the issues that your telco has so that you can make decisions about which telco they should be be with.

Leave a comment »

Ticket Reseller Exposed Over 500,000 Customer Records

Posted in Commentary with tags on April 30, 2025 by itnerd

VPNmentor just published a report about a data breach discovered by cybersecurity researcher Jeremiah Fowler, who uncovered over 520,000 exposed records contained in 200 GB of data belonging to TicketToCash customers, a tickets resale platform.

The exposed information includes concert and event tickets containing PII such as names, email addresses, physical addresses, partial credit card numbers and some more. If this kind of data falls on the wrong hands it could be used for phishing, identity theft, or even ticket duplication and resale.

You can find the full report here: https://www.vpnmentor.com/news/report-tickettocash-breach/

UPDATE: Erich Kron, security awareness advocate at KnowBe4, commented:

“The good news, if there is good news with over half a million people’s data being exposed, is that this was not discovered because it had been leaked on the dark web or by cybercriminals. We are fortunate this was discovered by an ethical security researcher and not a bad actor. It is still possible that a copy of this data has been stolen with nobody knowing, so it is still important that potential victims treat this situation as if the information was stolen, and that they be on alert for social engineering attacks and potential identity theft.

“TicketToCash should immediately start reviewing access logs and trying to determine if the exposed data was indeed stolen, or just at risk. They should also review and update their policies and procedures related to data security and credential management, to avoid issues like this in the future.”

Leave a comment »

Appdome Tackles Mobile Bots Head On

Posted in Commentary with tags on April 30, 2025 by itnerd

Appdome today announced at RSAC 2025 that its AI-Native MobileBOT™ Defense solution now offers the most comprehensive mobile bot defense profile on the market. Capable of evaluating 400+ attack vectors in Android & iOS apps, OSs, devices, user interfaces and networks, Appdome’s new MobileBOT™ defense profile allows network security teams to not only stop brute force bot and credential stuffing attacks but also stop hyper targeted, spear phishing, account takeover (ATO), KYC fraud, on-device fraud (ODF), and deepfake threats in real time across account creation, login, password reset, payment and other critical API endpoints.

AI Has Changed Bot Defense Forever
Modern bot attacks aren’t contained to brute force bot and credential stuffing attacks launched from bot farms, automated scripts and similar attack vectors. Today, bot attacks can also include hyper-targeted ATO attacks that use AI-generated deepfake images, face cloning, liveness spoofing, and mobile Trojans to bypass biometric checks of specific users. These attacks can also be combined with client-side malware to intercept OTPs, complete Captcha challenges, hijack sessions, and exploit sensitive app flows like login, payment, and password reset. Some bot attacks weaponize the mobile app itself—evading traditional anti-bot defenses and putting user trust, compliance, and revenue at risk.

AI-Native Bot Defense is the Future
Appdome’s AI-Native MobileBOT™ Defense redefines mobile bot protection by providing multi-layered defense built for Android & iOS environments. While legacy bot defense SDKs aren’t protected in the app, use vulnerable cookies or JWTs to identify apps, and monitor only a few basic threat indicators such as emulators and jailbreak/root, Appdome’s MobileBOT™ Defense provides application-level rate limiting to eliminate the risk of weaponized and zombie applications, immutable application fingerprinting using secured client certificates to stop brute force attacks, and provides deep session risk, evaluating up to 400 configurable attack vectors in a single bot defense profile. With Appdome MobileBOT™ Defense, network security teams can stop brute force attacks and scan the mobile environment for any sign of deepfakes, social engineering scams, voice cloning, trojan attacks, vishing, remote access trojans (RATs), mobile device takeovers, and more before allowing a connection.

Tailored Profiles Stop Targeted ATO Attacks
Using a single MobileBOT™ Defense Profile, mobile brands and enterprises can evaluate up to 400+ attack vectors before allowing connections to any API, endpoint, or host. More importantly, network security teams can create separate defense profiles to address the specific threats applicable to each API. For example, network security professionals can evaluate different threats in each bot defense profile for:

  • Sign Up & Onboarding APIs – Detect the presence of fake users and devices signing up to your service including fake taps, clicks, swipes, gestures as well as fake location and devices.
  • Sign In & Password Reset APIs – Detect the presence of spyware such as keyloggers, overlay attacks, and activity monitoring, as well as ATO risk from deepfakes, ATS Malware and more.
  • Payment APIs – Detect the presence of data harvesting and trojan malware, MiTM attacks, session hijacks, OS compromises, vishing, social engineering scams and more.

Layered Defense to Stop All Mobile Bot Attacks
Appdome’s MobileBOT™ Defense solution is the only anti-bot solution purpose built for mobile applications, mobile environments and mobile businesses. Every feature of MobileBOT Defense is designed to address the unique computing environment, threat vectors and operating requirements of the mobile channel. Here are just some of the key elements of MobileBOT Defense by Appdome:

  • App-Level Rate Limiting – Leverages the compute on the mobile device to throttle API requests coming from “noisy,” malware controlled or zombie mobile apps.
  • Application Fingerprinting – MTLS Pre-Check authenticates the real app during the TLS handshake, allowing network security teams to deny API requests from bot farms, bot scripts and fake applications.
  • Extended Bot Defense Profiles – Evaluate session risk across up to 400+ separate threat vectors in mobile devices, OS, applications, user interface and networks to stop targeted ATOs, KYC Fraud and On-Device Fraud on a per API basis.
  • Pin to Host – Uses Appdome’s secure certificate pinning to validate the authenticity of servers your application is connecting to per API.
  • Dynamic API Updates – Remotely update protected hosts and endpoints without a new app release.
  • Zero-Trust and Dynamic Threat Evaluation – Allows network security professionals to control when threat evaluations are performed.
  • Hardened Implementation in Apps – Delivers tamper-proof anti-bot implementation in Android & iOS apps, free of spoofing, interception and compromise.
  • All Mobile App Compatibility – Works seamlessly with any Android or iOS app.
  • No-SDK, No Server Delivery – Eliminates integration work and infrastructure overhead, accelerating deployment and eliminating engineering work.
  • All Web Application Firewall Compatibility – Compatible with all industry standard WAFs; no change outs required.

With the MobileBOT release, Appdome now offers full flexibility for mixing and matching where and how to enforce mobile app protections. Mobile businesses can enforce these protections at the client app level, network layer, or a combination of both. Whether stopping brute force bots or user-level targeted fraud, Appdome’s layered defense model ensures optimal protection and performance.

Appdome’s MobileBOT Defense requires no SDKs, no servers, and no changes to existing WAF infrastructure, bypassing the limitations, complexity and cost of traditional anti-bot products. By working with any WAF, businesses can preserve and extend their WAF investments and, with client-side rate limiting, can dramatically lower data processing costs.

Appdome is demonstrating the AI-Native MobileBOT Defense solution and the full Appdome AI-Native Platform at RSAC in San Francisco April 28th  to May 1st at booth South-0948.

Appdome also will be discussing the importance of mobile bot defense and a mobile bot solution jointly developed with Fastly at RSAC at the Fastly booth located at South-1255. Daniel Bechtel, Appdome director of enablement engineering, will co-present with Fastly on Monday at 6 pm, Tuesday at 3:30 pm, Wednesday at 10:30 am and Thursday at 10 am.

To learn more about AI-powered bot protection for mobile apps, you can request a personalized demo at https://www.appdome.com/mobile-antibot-detection-defense/ .

Leave a comment »

Zoho Adds Advanced AI Capabilities to Zoho Creator

Posted in Commentary with tags on April 30, 2025 by itnerd

 Zoho Corporation, a global technology company, today announces the addition of 10 new services and features within Zoho Creator, the company’s low code application development platform. This news aligns with Zoho’s pledge to invest solely in AI capabilities that drive real-time, practical, and secure benefits to business users.

Zoho Creator’s new AI development partner, CoCreator, facilitates faster, simpler, and more intelligent app building with the use of voice and written prompts, process flows and business specification documents. Powered by Zia, Zoho’s AI assistant, CoCreator drives shorter go-to-market timeframes and democratizes app creation for users at diverse skill levels—all without requiring add-ons to a customer’s existing subscription.

Zia has been a bridge across the company’s full product suite, including Creator, since its launch in 2015. As artificial intelligence finds greater utilization in a business’s day-to-day operations, Zoho’s full ownership of its tech stack and deep AI integration provides customers with a higher level of contextual AI across all company workflows than competitors, allowing for a tool that understands your data and anticipates how it can be utilized. 

Creator’s new features are available today for all users, and include:  

  • Idea-to-App GenerationLeverage capabilities of ZohoAI or OpenAI to develop full-fledged applications including contextual integrations, automations, permission sets and insightful dashboards. By using text or voice prompts, process flow diagrams, or systems documentations like software requirement specifications (SRS), Creator will provide domain-specific suggestions, ideas for relevant fields, and modules tailored to a customer’s business.
  • Component generation using AIContextual component development enhances existing applications with prompt-based form generation. In addition, Zia proactively recommends contextual fields within an existing form, a feature missing in most similar low-code app development tools.
  • Code generation and optimizationWith Zia’s prompter, various developer personas can use prompts to automatically generate contextual code blocks tailored to application requirements and structure. This feature can also be used to optimize and annotate existing code blocks for ideal performance.
  • Data cleansing and modellingQuickly transform unstructured data from various file types and databases into customized apps, aided by advanced AI-based data prep capabilities that remove inconsistencies and bring logical structure to detail.
  • AI SkillsEnables businesses to build apps with specialized skills that can interpret natural language instructions, analyze business context, and coordinate a chain of actions (powered by Deluge and specialized AI models) to intelligently automate everyday processes. Feature currently available in Early Access only, set to launch in General Availability in June 2025.
  • Deploy a custom AI modelwith context-specific data to meet specific requirements, with support for custom models for OCR, prediction, and object detection.

Zoho Artificial Intelligence Differentiation

Zoho is committed to designing and incorporating artificial intelligence guided by the principles of customer privacy and value. Our generic AI models across contextual, assistive, and agentic AI, are not trained on consumer data and do not retain customer information. Zoho builds AI tools with usefulness in mind, striking a balance between providing AI technology that assists workers while right-sizing models that don’t require burdening consumers with additional costs.

Leave a comment »

Could the Spain and Portugal blackout have been a cyber-attack? 

Posted in Commentary with tags on April 29, 2025 by itnerd

‘Cyber-attack’ was the phrase on many people’s minds when large parts of Spain and Portugal were recently plunged into a blackout. Authorities are investigating the root cause, with early reports suggesting a technical malfunction caused by a ‘rare atmospheric phenomenon’. However, there has been speculation (yet to be ruled out) that a cyberattack could be to blame.

Specops Software today published a blog diving into the possibility that the widespread power outage across the Iberian Peninsula could be due to a cyber-attack. 

Questions asked include: 

  1. Why was a cyber-attack initially suspected in the blackout in Spain and Portugal?
  2. Why would hackers target a country’s energy grid?
  3. What are the signs of a cyber-attack on a power grid?
  4. Could weak passwords play a role in power grid attacks?
  5. Cyber-attack or cautionary tale?

For full details please see the analysis at this link: https://specopssoft.com/blog/spain-portugal-blackout-cyber-attack

Leave a comment »

Saviynt Launches the Most Comprehensive AI-Powered Identity Security Posture Management Solution

Posted in Commentary with tags on April 29, 2025 by itnerd

 Saviynt today announced the launch of its AI-powered Identity Security Posture Management (ISPM) as part of its converged Identity Cloud platform. Saviynt’s ISPM provides actionable insights into an organization’s identity and access posture, offering an intelligent starting point to prioritizing and remediating risks.

Many organizations have sought this level of identity insight, but a viable solution has previously been unavailable. Saviynt will showcase its market-transforming ISPM April 29 – May 1 at RSA Conference 2025 inside the Moscone Center in San Francisco. Interested organizations should come to Booth #N-5163 to see the solution and better understand how it elevates their identity security posture.

While Identity Governance and Administration (IGA) is a well-known foundational element of any strong identity security program, comprehensive visibility across identity and access risks, governance control effectiveness, and identity data hygiene is crucial for reducing the attack surface area, yet is missing in organizations today. Unlike other solutions that focus solely on access or credential management, Saviynt ISPM delivers a converged solution addressing the full spectrum of identity security challenges, from preventing breaches to maintaining compliance.

Built on Zero Trust principles, Saviynt’s ISPM incorporates all identity, access, activity, policies, configurations, events, and security signals into an AI-powered, enterprise-grade identity security data lake. Saviynt’s ISPM enables organizations to:

  • Discover and inventory all identities (human and non-human), access, and resources: This can be done across an organization’s environment, on-premises and cloud.
  • Enhance and improve data hygiene: Leverage auto-generated, clear and accurate role and entitlement descriptions, ownership discovery of orphan and service account, clean up duplicate identities and much more to improve quality of identity data.
  • Boost effectiveness of governance controls: Eliminate rubber stamping entirely as well as reducing access certifications time up to 90%, reduce onboarding cost by more than 60-70%, and cut down access request time by up to 80% by measuring and baselining an organization’s governance processes.
  • Reduce audit findings with improved preparedness and evidence collection: Maintain continuous compliance with self-service capabilities and timeline views that highlight any and every identity change, access assignments, and governance history.
  • Empower business users by unlocking the power of identity data with Savi Copilot: Quickly create dashboards that drill down into the data needed to easily identify problematic trends or generate reports showing program effectiveness without the need of technical resources or business intelligence (BI) tools.
  • Bringing Application Owners to the Center of Identity Management: Engage application owners by providing them with clear insights into access, control (Separation of Duty), risk, and usage data for their applications. Meaningful involvement of application owners remains a critical gap in most identity management programs today and ISPM addresses it completely and holistically.

Saviynt’s ISPM helps with risk prioritization and remediation and in turn reduces the identity attack surface. Self-serviceability and evidence collection with timeline views empower organizations with improved audit preparedness.

Saviynt’s ISPM is now generally available. To learn more, please visit the website and blog.

Leave a comment »

Quorum Cyber recognized as a Microsoft Security Excellence Awards winner for Security MSSP of the Year

Posted in Commentary with tags on April 29, 2025 by itnerd

 Quorum Cyber today announced it won the Security MSSP of the Year award in the Microsoft Security Excellence Awards 2025 presented by the Microsoft Intelligent Security Association (MISA). The company’s innovation and achievements over the past 12 months have elevated and distinguished it within the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their security products and services with Microsoft Security technology.

Award winners demonstrated excellence across the security landscape during the past 12 months. 

At the sixth annual Microsoft Security Excellence Awards on April 28, Microsoft announced award winners in 9 categories honoring partner trailblazers, customer and technology champions, and changemakers. This is the sixth year awards were given. Quorum Cyber won the Security MSSP of the Year award. 

Established as an association to bring together Microsoft leaders, ISVs, and MSSPs, MISA focuses on collaborating to combat security threats and create a safer environment for all. Its mission is to provide intelligent, industry-leading security solutions that work together to help protect organizations at the speed and scale of AI in an ever-increasing threat landscape. Together with Microsoft stakeholders, MISA members voted on the Microsoft Security Excellence Awards, recognizing their peers’ efforts towards enhancing security.  

Leave a comment »

Konica Minolta and Square 9 Softworks Launch Exclusive Partnership to Drive Growth Through BlueIrisIQ

Posted in Commentary with tags on April 29, 2025 by itnerd

Konica Minolta Business Solutions today announced the expansion of its longstanding relationship with Square 9 Softworks into an exclusive partnership. This announcement comes on the heels of launching BlueIrisIQ, a newly created business unit designed to spearhead market growth in the content and information management segment. Square 9 is a leading provider of AI-powered information management and workflow automation solutions. This enhanced agreement marks a major milestone, positioning Konica Minolta as the sole North American distributor of Square 9’s award-winning offerings, a strategic move designed to deliver end-to-end service and support across both direct and dealer channels.

The expanded partnership reinforces Konica Minolta’s leadership in intelligent automation and scales the capabilities of BlueIrisIQ through a unified, enterprise-ready model. Together, the two organizations have created a streamlined structure that centralizes service delivery, accelerates implementation and strengthens post-sales support, all while fueling national market power and momentum.

As part of the enhanced partnership, Konica Minolta has introduced a dedicated team of Square 9-certified engineers to support sales, deployment and ongoing service. Customers also gain access to an exclusive support hotline offering direct communication with solution experts for faster resolutions and technical guidance.

By combining Square 9’s advanced automation tools with Konica Minolta’s dedicated delivery engine, the companies will lead the charge in AI-driven automation, revolutionizing the accessibility and affordability of intelligent information. By significantly reducing the cost of data extraction and removing barriers to entry, this partnership opens the door to markets that were once out of reach due to complexity or budget constraints.

Square 9’s reputation as an industry leader is rooted in its rapid deployment, user-friendly design and award-winning customer support, all of which are now embedded into Konica Minolta’s BlueIrisIQ service model. The result is a turnkey solution for customers looking to outsource operational pain points and drive digital transformation.

Learn more about BlueIrisIQ and its service offerings here.

Leave a comment »

KnowBe4 Appoints Bryan Palma as President and CEO

Posted in Commentary with tags on April 29, 2025 by itnerd

KnowBe4 announced that cybersecurity industry veteran Bryan Palma has been appointed president and chief executive officer of KnowBe4, effective May 5. KnowBe4’s founder and current chief executive officer Stu Sjouwerman has transitioned to the role of executive chairman.

Palma is a highly regarded technology executive with over twenty-five years of experience and a proven track record of scaling global technology enterprises by driving profitable growth, improving customer experience, and delivering operational agility. Most recently, he was the chief executive officer of Trellix, a multi-billion dollar cybersecurity market leader formed through the merger of FireEye and McAfee Enterprise. Prior to joining Trellix, he guided some of the world’s leading organizations through pivotal technology and business transformations including Cisco, Boeing, EDS, PepsiCo, and the US Secret Service. Palma earned a masters of business administration from Duke University’s Fuqua School of Business, masters of education from the University of Maryland, and bachelor of arts from the University of Richmond. Palma serves on the President’s National Security Telecommunications Advisory Committee and the CloudBees board of directors.

Executive chairman, Stu Sjouwerman founded KnowBe4 over fifteen years ago and over the last two decades has led the company through multiple rounds of venture capital funding, executed key strategic acquisitions, successfully led a public offering, and grew KnowBe4 to serve over 70,000 customers.

For more information on KnowBe4, visit www.knowbe4.com.

Leave a comment »

« Older Entries
Newer Entries »