IDC Report Brings To Light The Power Of AI In Relation To Document Technology

Posted in Commentary with tags on March 26, 2025 by itnerd

There’s a recent report from IDC, commissioned by Foxit, titled, “Adding the Power of AI to Document Technology.” This IDC analyst brief is newsworthy for several compelling reasons – it’s relevant, timely, and packed with actionable insight:

Relevance

  • AI is a top priority for IT leaders in 2025, second only to security and compliance. The report speaks directly to the current mindset of tech decision-makers and outlines how AI is already impacting daily operations.

Timeliness

  • The report is based on fresh data from mid- and late-2024 IDC surveys, showing how organizations are actively budgeting for AI tools right now.
  • It captures the current wave of GenAI implementation in practical terms – moving the conversation beyond hype to actual deployment and ROI.

Immediately Actionable Advice

  • The brief goes deep into specific use cases by department (e.g., Legal, Finance, HR, IT Ops), offering real examples of how AI copilots and assistants are transforming manual work into streamlined, insight-rich processes.
  • It advises organizations on key considerations when selecting AI-powered content solutions – including cost predictability, security safeguards, and how to evaluate ROI with measurable metrics like throughput and cycle time.
  • It emphasizes the importance of trusted technology partnerships, especially for SMBs, giving practical direction to resource-constrained IT leaders.

The report can be found here: https://www.foxit.com/landingpage/2025/idc-analyst-brief-power-ai/

Leave a comment »

A threat actor named “RedCurl” has created ransomware to encrypt Hyper-V servers

Posted in Commentary with tags on March 26, 2025 by itnerd

A threat actor named ‘RedCurl,’ known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. This is what Bitdefender had to say:

This research, conducted by Bitdefender Labs, presents the first documented analysis of a ransomware campaign attributed to the RedCurl group (also known as Earth Kapre or Red Wolf). RedCurl has historically maintained a low profile, relying heavily on Living-off-the-Land (LOTL) techniques for corporate cyber espionage and data exfiltration. This shift to ransomware marks a significant evolution in their tactics.

This new ransomware, which we have named QWCrypt based on a self-reference ‘qwc’ found within the executable, is previously undocumented and distinct from known ransomware families.

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, commented:

“While targeting Microsoft Hyper-V servers is nothing new (example: https://cybercx.com/blog/akira-ransomware/), this indicates an increased focus on Hyper-V and virtualization platforms in general. It’s actually far easier to bring down an organization using an enterprise virtualization platform than one with hundreds of disparate, separately located on-premise servers. If I get on your VM host server, now, with one compromise, I can more easily control and manipulate the whole kingdom. I can more easily encrypt entire servers. I can more easily exfiltrate large amounts of sensitive data. I can more easily corrupt backup services. It’s not good. But the question you need to ask is how the bad guy got to your VM host servers in the first place? Was it social engineering? Was it unpatched software or firmware? Was it stolen logon credentials or bypassed phishable MFA? Because those are the most likely reasons and if you don’t figure those out your environment is not going to be safe no matter what else you do.”

Leave a comment »

Samsung Featured in Amazon’s Big Spring Sale

Posted in Commentary with tags on March 26, 2025 by itnerd

Amazon’s Big Spring Sale is happening March 25–31, offering Prime Day-style deals with no membership required. It’s a great time for shoppers to score serious savings on top tech—and Samsung has some standout offers. Here are a few highlights:

Samsung Galaxy S25 5G – Now $998.99 (Was $1,198.99)

A powerful newly launched AI-driven smartphone packed with premium features.

o   6.2″ AMOLED Display, 50MP camera, Cross App, Night Video mode

o   Available in ICY Blue, 128GB storage

Samsung Galaxy S25 Ultra – Now $1,617.99 (Was $1,918.99)

A top-tier flagship phone designed for ultimate performance and creativity.

o   6.9″ AMOLED Display, 200MP camera, S-Pen, Cross App, Night Video mode

Samsung Galaxy Tab S10+ – Now $999.99 (Was $1,349.99)

o   A premium tablet built for power users—perfect for professionals, creatives, or anyone looking for a high-performance device for work and play.

Samsung Galaxy Watch7 – Now $317.99 (Was $407.99)

A stylish and functional smartwatch with advanced health and fitness tracking.

o   40mm, BioActive Sensor, Sleep Coaching, Bluetooth connectivity

o   Available in Forest Green

Samsung Galaxy Watch Ultra LTE – Now $728.99 (Was $879.99)

A premium smartwatch designed for durability and peak performance.

o   Titanium Gray, LTE connectivity, rugged and stylish design.

Samsung Galaxy Book5 Pro – Now $1,799.99 (Was $2,049.99)

A high-performance AI-powered laptop designed for work and play.

o   14″ Touch AMOLED Display, Intel U7H processor

o   16GB RAM, 512GB storage

o   Copilot+ AI features for enhanced productivity

Leave a comment »

KnowBe4 Earns Prestigious 2025 USA TODAY Top Workplaces Award

Posted in Commentary with tags on March 26, 2025 by itnerd

KnowBe4 is proud to announce that it has earned the prestigious 2025 USA TODAY Top Workplaces award.

The award honors organizations with 150 or more employees that have created exceptional, people-first cultures. This year, more than 42,000 organizations were invited to participate. The winners are recognized for their commitment to fostering a workplace environment that values employee listening and engagement. USA TODAY showcased the winners online and at the National Awards Summit in Las Vegas.

The winners are determined by authentic employee feedback captured through a confidential survey conducted by Energage, the HR research and technology company behind the Top Workplaces program since 2006. The results are calculated based on employee responses to statements about Workplace Experience Themes, which are proven indicators of high performance.

To view open positions at KnowBe4, please visit www.knowbe4.com/careers.

Leave a comment »

SafeBreach Launches Enhanced MSSP Program for Advanced Security Validation

Posted in Commentary with tags on March 26, 2025 by itnerd

 SafeBreach today announced the launch of its enhanced Managed Security Service Provider (MSSP) program, an expanded element of the company’s successful “Elevate” partner initiative that was unveiled in 2024. The new MSSP program is specifically designed to support service providers who host, manage, or resell SafeBreach’s continuous security validation solutions, enabling them to deliver greater value to their clients while accelerating their own business growth.

Following the recent launch of the SafeBreach exposure validation platform in February, this new MSSP program represents the company’s continued commitment to empowering partners with the tools, resources, and support needed to address the evolving cybersecurity challenges that organizations face today.

The enhanced MSSP program builds on the strengths of SafeBreach’s previous partner framework, incorporating industry best practices to enhance growth, scalability, and reliability. The program provides a clear framework for partners to establish consistent client engagement expectations, ensuring successful deployment and ongoing management of SafeBreach’s security validation solutions.

SafeBreach empowers partners to accelerate business growth by expanding their client services portfolio with advanced, continuous security validation. Through scalable and automated simulations, partners can help their clients better understand, detect, and defend against cyber threats.

Key benefits of the enhanced MSSP program include:

  • Comprehensive Solution Portfolio: Partners can offer clients continuous security validation through SafeBreach’s Validate and Propagate solutions, providing a more holistic view of cyber risk
  • Seamless Technology Integration: The SafeBreach ecosystem integrates into existing client technology stacks, giving partners confidence in compatibility and enhancing client satisfaction
  • Accelerated Sales Cycles: By streamlining security vendor evaluations, SafeBreach enables clients to make faster, more informed product decisions
  • Increased Revenue Opportunities: Partners can assess clients’ security postures and offer targeted recommendations, such as optimizing existing licenses or identifying opportunities for new security solutions

With traditional, point-in-time security control validation tactics like penetration testing and red teaming proving insufficient, organizations increasingly need comprehensive and continuous views of security performance combined with prioritized remediation of gaps. The SafeBreach exposure validation platform addresses this need with an innovative combination of breach and attack simulation (BAS) and attack path validation that provides enterprises with deeper insight into threat exposure and a more holistic view of cyber risk.

Through this enhanced MSSP program, SafeBreach partners can now more effectively help their clients combat the ongoing challenges of an evolving threat landscape. “The updates to the SafeBreach MSSP program and strategy build on the strengths of our previous program to position our partners as trusted advisors,” added Wilkinson. “As a result, they can better help their clients select, validate, and implement a comprehensive security validation platform.”

For more information on the Elevate MSSP program, visit https://www.safebreach.com/partners/

Leave a comment »

Atlantis AIO Automates Credential Stuffing Attacks Across 140+ Platforms

Posted in Commentary with tags on March 26, 2025 by itnerd

Researchers have uncovered a powerful weapon in the cybercriminal arsenal dubbed Atlantis AIO that enables attackers to test millions of stolen credentials in rapid succession. It also provides pre-configured modules to automate the targeting of specific services from email providers.

You can go into the weeds on this here: https://abnormalsecurity.com/blog/atlantis-aio-credential-stuffing-140-platforms

Darren James, Senior Product Manager at Specops Software, commented:

“Threat actors who use these tools are looking for username and password pairs that work on any of these targeted systems. They rely on the fact that many people re-use these credentials across multiple websites.

Consumer credentials are useful for specific account takeover, but usernames that are from the affected persons work account are often prized highly, as these accounts can be used to steal data or blackmail an entire organization rather than a single individual.

Organizations can protect themselves by using tools that continuously monitor business accounts for breached passwords, and Digital Risk Protection systems that look for these credential pairs, and can either warn you about your “risky” users or even force the user to change that compromised password.

The risk of having a password becoming compromised has increased over time with advice from various organization’s being that password expiry dates should be removed. This advice, however, always comes with a caveat that the user’s password must be changed if it becomes compromised. However, without the additional tools I mentioned above, this is extremely difficult to detect until it’s too late.”

This is a perfect example as to why password hygiene matters. By having good password hygiene, you make yourself less of a target. Thus you should spend a weekend or two looking at all your passwords and making them as complex and unique as possible. Other tips on good password hygiene can be found here.

Leave a comment »

How do American screen times compare to the rest of the world?

Posted in Commentary with tags on March 26, 2025 by itnerd

Have you ever wondered whether your (or your kids’)  screen time is above average? On Wednesday, Comparitech researchers will be publishing a study looking at the screen times of Americans compared to the rest of the world. The report also looks at the data of what kind of media people are using their screens for. 

Key findings include: 

  • The average American spends almost 7 hours looking at a screen each day.
  • Worldwide, the average user spends 2 hours and 52 minutes looking at their computer screens and 3 hours and 46 minutes looking at their mobiles.
  • Americans are above average for their desktop screen consumption (3 hours and 18 minutes) but are just below average for their mobile consumption 3 hours and 22 minutes).
  • Worldwide, the average person spends 2 hours and 21 minutes on social media each day. Americans consume less than this, averaging 2 hours and 9 minutes per day.

You can read the full research here.

Leave a comment »

Valimail Launches Industry-First BIMI Simulator

Posted in Commentary with tags on March 25, 2025 by itnerd

Valimail today announced the launch of its BIMI Simulator, a comprehensive suite of tools designed to empower brands to visualize and optimize their email presence through Brand Indicators for Message Identification (BIMI). This first-of-its-kind platform allows users to see what their email could look like with BIMI, understand the potential brand impression opportunity by implementing BIMI, and be inspired by what other companies and competitors are doing with their logos.

Valimail has been at the forefront of BIMI since 2018 as part of the AuthIndicators Working Group, the founding group of BIMI, and has been instrumental in the development of industry standards enabling brands to deliver their logos alongside email messages to billions of inboxes worldwide, increasing customer engagement with those messages and boosting brand trust. More recently, Valimail was a key partner in introducing a new capability to enhance BIMI with Common Mark Certificate (CMC), which provides greater flexibility and more affordable pathways for brands of all sizes that either do not have the right product trademark or do not have a trademark at all, looking to enhance their email marketing efforts while ensuring the security of their email communications. 

According to Wombatmail, BIMI adoption has seen a growth of 28.4% between January 2024 and January 2025, measured by the number of domains with BIMI logo records published in the top ten million domains. BIMI drives significant marketing advantages, including increased brand visibility, higher user engagement, and a consistent brand experience. In addition a recent Yahoo Mail study found that BIMI implementation can increase email engagement up to 10%. Furthermore, BIMI provides a cost-effective channel for brand visibility, offering low-cost brand impressions compared to traditional advertising methods. 

With major email providers like Google, Apple, and Yahoo! supporting BIMI verification standards, Valimail’s BIMI Simulator empowers brands to make the case for implementing BIMI, by visualizing its impact to improve brand awareness and protect against impersonation. This provides a comprehensive view and practical application of BIMI, available in a downloadable report, which includes:

BIMI Simulator: A tool that allows teams to simulate and visualize how the company’s logo will be displayed to recipients of BIMI-compliant email providers.

BIMI Audience Insights Report: A tool that allows businesses to visualize the breakdown of outbound mail that the organization sent to mailboxes that support BIMI in the past 30 days.

BIMI Inspiration: A comprehensive catalog of public BIMI records and logos of leading brands using BIMI, fostering inspiration and competitive insights.

One critical component of BIMI implementation is achieving Domain-based Message Authentication, Reporting, and Conformance (DMARC) at enforcement, an email security protocol that helps companies protect against email spoofing by verifying email senders and protecting domain owners from unauthorized use. By adding BIMI to DMARC, companies transform email authentication from a technical requirement into a visible brand asset, driving organizations to prioritize and achieve DMARC enforcement to unlock the full potential of BIMI.

All BIMI Simulator features are complimentary enhancements available to current Valimail customers using Monitor, Enforce, and Amplify. Valimail will showcase these new features in an upcoming webinar on Wednesday, March 26; register to join here

Leave a comment »

Troy Hunt Says A Phishing Attack Led To Threat Actors Stealing The Email Addresses Of 16K Subscribers

Posted in Commentary with tags on March 25, 2025 by itnerd

Have I Been Pwned’s creator Troy Hunt has disclosed that phishers compromised his Mailchimp account exfiltrating the mailing list for his blog and exposing the email addresses of 16,000 subscribers. He posted the details here:

https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

It’s never a good day when the guy who lets you know if you’ve been pwned or not gets pwned. Anyway, Erich Kron, security awareness advocate at KnowBe4, commented:

“This is an example of how even a seasoned professional can fall victim to a well done phishing attack. Social engineering is largely getting the right message to the right person at the right time, and that combination can lead to unfortunate situations such as this. This is one reason we should avoid shaming users who have made a mistake and potentially clicked on a link or performed some other action. Organizations should work toward a security culture that celebrates reporting and a way to receive guidance on something that may seem odd or out of place, without worrying about being made to feel bad about an inquiry.

Fortunately, in this case there was not a lot of information available, and Mr. Hunt deserves kudos for speaking about it publicly, admitting his error and using this to help educate others.”

This should highlight the fact that we are all vulnerable to phishing, social engineering, or any multitude of attacks. Thus every one of us needs to be on guard to ensure that everything that one can do to avoid being a victim is being done.

Leave a comment »

Guest Post: Why It’s a Bad Idea to Share Secrets, Even Via the Safest Apps

Posted in Commentary with tags on March 25, 2025 by itnerd

The Trump Administration discussed a secret military operation on Signal, inadvertently adding Jeffrey Goldberg, the editor-in-chief of The Atlantic, to the thread. Until the bombs started dropping in Yemen, Goldberg couldn’t believe what he was reading.

Even if Goldberg hadn’t been included in the chat, it remains a terrible idea to discuss matters of national security via any app, no matter how secure it is considered. This point, while likely to ruffle some feathers in the political arena, should also serve as a stark reminder that nothing you do online is truly anonymous.

Here’s what you should consider before confiding your secrets to technology

1. You are more interesting than you think.

      It’s a common misconception that regular citizens like you and me are of no interest to hackers. However, a threat actor could exploit your device to gain access to your employer. By exploiting the data on your phone, a hacker could steal your identity and potentially cripple the entire organization.

      2. Don’t blindly trust what technology companies tell you.

        Encrypted chat apps Signal and WhatsApp are publicly debating which one is more secure. Meredith Whittaker, the president of Signal, appears to be particularly annoyed by WhatsApp’s Will Cathcart, who suggests there are hardly any differences between WhatsApp and Signal.

        While Signal is generally considered a more trustworthy choice by the security community — and it’s worth noting that WhatsApp is owned by Meta — I still recommend exercising caution when using either app.

        Recall how in 2021, Proton, another security-focused company, provided the IP address of a French activist to law enforcement due to legal obligations. Many remain upset about this incident, but it also serves as a reminder, as Proton’s Andy Yen noted, that “the Internet is generally not anonymous.”

        3. Governments are increasingly asking for a backdoor.

          The “good guys,” meaning law enforcement, want to have a key to your communication just in case it can be instrumental in some criminal case. Governments have long argued that end-to-end encrypted communication is an obstacle when trying to solve high-profile human trafficking, drug trafficking, and child exploitation cases, among others.

          In some countries, the “good guys” might actually succeed in having those backdoors installed. While such amendments are theoretically intended to target only criminals, they set a very dangerous precedent. This is because governments often view protesters, dissidents, and political opponents as threats to national security or even sovereignty, effectively treating them as criminals.

          4. Your phone might get stolen.

            Are you the only one who knows your phone’s passcode? Is it a random sequence of numbers or something more meaningful, like someone’s birthday? Imagine what would happen if Goldberg’s phone were stolen. While it’s not child’s play to unlock it, it can be cracked through brute force.

            Even though Signal offers encryption, the recent leak of military plans emphasizes the need for caution, even on trusted platforms. It’s crucial for every user, including government officials, to double-check contact identities, use additional layers like two-factor authentication, and be mindful of what’s shared. No tool is foolproof, and the failure to implement proper security measures shows that awareness and caution are just as important as the technology in use.

            ABOUT THE EXPERT 

            Jurgita Lapienytė is the Editor-in-Chief at Cybernews, where she leads a team of journalists and security experts dedicated to uncovering cyber threats through research, testing, and data-driven reporting. With a career spanning over 15 years, she has reported on major global events, including the 2008 financial crisis and the 2015 Paris terror attacks, and has driven transparency through investigative journalism. A passionate advocate for cybersecurity awareness and women in tech, Jurgita has interviewed leading cybersecurity figures and amplifies underrepresented voices in the industry. Recognized as the Cybersecurity Journalist of the Year and featured in Top Cyber News Magazine’s 40 Under 40 in Cybersecurity, she is a thought leader shaping the conversation around cybersecurity.

            Leave a comment »

            « Older Entries
            Newer Entries »