BlueCat appoints Peter Brennan as Chief Revenue Officer

Posted in Commentary with tags on February 26, 2025 by itnerd

BlueCat Networks has announced Peter Brennan as its new Chief Revenue Officer (CRO).

Brennan, who joined the company in January, is responsible for driving revenue growth and providing leadership for field teams, including sales, technical, channel, and alliances. Previously, he was the CEO for Scality, Inc., a leader in software-defined storage and data management, and the worldwide CRO for Scality, Grp.

Earlier in his career, Brennan achieved record growth over two decades in executive roles at Hewlett Packard Enterprise and VMware.

In October, BlueCat announced it was acquiring LiveAction, Inc., a global provider of network observability and intelligence solutions. Adding LiveAction’s industry-leading network performance monitoring, packet capture, and forensics offerings has strengthened BlueCat’s mission-critical DNS, DHCP, and IP address management (together known as DDI) and network infrastructure management solutions. Audax Private Equity is a strategic growth investor in BlueCat Networks.

Leave a comment »

Business Disruption, AI-Assisted Attacks, Insider Threats and Accelerated Intrusions on Multiple Fronts Define the New Cyberthreat Landscape says Palo Alto Networks

Posted in Commentary with tags on February 26, 2025 by itnerd

Palo Alto Networks Unit 42 released its 2025 Global Incident Response Report, revealing that 86% of major cyber incidents in 2024 resulted in operational downtime, reputational damage or financial loss.

The report (based on 500 major cyber incidents that Unit 42 responded to across 38 countries and every major industry) highlights a new trend: financially motivated attackers have shifted their focus to deliberate operational disruption, prioritizing sabotage – destroying systems, locking customers out and causing prolonged downtime – to maximize impact and pressure organizations into paying extortion demands.

The 2025 Global Incident Response Report highlights several trends:

  • Cyberattacks Are Moving Faster than Ever
  • The Rise of Insider Threats 
  • Multipronged Attacks Are the New Norm
  • Phishing Makes a Comeback
  • Cloud Attacks Are Increasing
  • AI Is Accelerating the Attack Lifecycle 

The speed, sophistication and scale of attacks have reached unprecedented levels with AI-assisted threats and multipronged intrusions, underscoring that organizations faced an increasingly volatile threat landscape in 2024.

To see the results from this year’s report, please visit the accompanying blog as well as the full report.

Leave a comment »

Bridgetown Research raises $19M from Lightspeed and Accel to deploy AI business research agents

Posted in Commentary with tags on February 26, 2025 by itnerd

Strategic business decisions have traditionally been expensive and slow for a fundamental reason: they don’t happen enough. This means companies lack both historical data to learn from and experts who have seen enough similar cases. Bridgetown Research is changing that. Today, the AI decision science startup announced $19 million in Series A funding led by Lightspeed and Accel, with participation from a leading research university.

Bridgetown Research has developed AI agents that autonomously execute research. Most notable amongst these agents are voice bots trained to recruit and interview industry experts, gathering primary data that can be analyzed alongside alternative data sourced from their partners. 

Founded by Harsh Sahai, who previously led machine learning teams at Amazon before leading strategy engagements at McKinsey & Co., Bridgetown Research was born from a simple observation: the majority of business analyses are a permutation of a small number of automatable tasks. The founding team, comprising former professionals from McKinsey, Bain, Amazon, and leading tech startups, brings together extensive experience across strategy consulting and technology.

While many AI solutions focus on searching and summarizing information using LLMs, real world business decisions require much more than synthesising the open web. They need proprietary data such as primary data from experts and customer surveys, along with frameworks to understand markets, what Harsh Sahai calls “ontologies”. Moreover, outputs need to be repeatable and auditable for a business to use them to make decisions with tens of millions of dollars at stake. Bridgetown Research is the only player using agents to gather primary data and systematically find patterns in it to generate original insights. 

Bridgetown Research started with a focus on private equity deal screening diligence. Multiple top-tier PE & VC firms already use Bridgetown Research for deal screening and deeper commercial diligence. They’re able to screen their pipeline much faster with initial analysis taking 24 hours instead of weeks without Bridgetown enabling teams to focus on actual decision making instead of research and analysis. For other customers Bridgetown has enabled voice of customer conversations that cover hundreds of respondents in parallel, and within days. 

As global markets become increasingly complex, the demand for efficient and effective decision-making tools continues to rise. With this funding round, Bridgetown Research plans to invest further in training its AI agents to perform a broader set of analyses across a broader range of domains, and deepening industry partnerships to enhance access to domain-specific intelligence.

Leave a comment »

The World Is Losing Its Mind Over The Bug Related To Trump On Apple Devices

Posted in Commentary with tags on February 26, 2025 by itnerd

Yesterday it came to light that there’s a bug on iOS devices where if you use the dictation function, and say the word “Trump” as in Donald Trump, it prints the word “Racist”. Now I did test this and I could reproduce this. But I could get other words to appear. But it really doesn’t matter at this point as the planet is hung up on the “Trump” and “Racist” connection. And all the usual nonsense that you would expect to happen is happening.

Scott Stephenson, Founder and CEO of Deepgram had this comment:

“AI is only as smart as the data it’s trained on. Voice recognition should be about understanding, not assuming. This is a reminder that companies need to constantly refine their models to avoid bizarre and potentially harmful mix-ups. The goal isn’t just accuracy, it’s trust.”

“Voice AI is exploding because, let’s face it, talking is faster than typing. But speed means nothing without precision. If AI can’t truly understand what we’re saying – accents, slang, emotions – then it’s just noise. The next wave of innovation is about making AI listen smarter, not just faster.”

On one hand, I am surprised that this wasn’t caught in QA. But on the other hand, I am not surprised because how far do you go to test a speech to text engine like this one? You can’t test every single word or name out there. Thus you can expect something like this to happen again. And chances are there’s nothing nefarious going on.

Leave a comment »

Guest Post: Is Cyber a Frog in the AI-Native Pot? 

Posted in Commentary with tags on February 26, 2025 by itnerd

By Tom Tovar, CEO of Appdome

Everyone knows the story of a frog placed in a pot of cold water. As the water heats up, the frog remains still until it’s too late. Today, the cyber function faces the same challenge as the frog, as the rest of the enterprise transitions to AI Native.

What is AI Native? 

“AI Native” refers to organizations, teams, or functions that fully integrate artificial intelligence into core operations. Rather than treating AI as an add-on, these entities leverage AI as a foundational element of their business, execution, delivery, and decision-making. They operate with AI at their core, embedding it into every process for speed, automation, improved efficiency, and to reduce dependencies on human capital, and other resources.

The Enterprise-Wide Shift Towards AI Native 

Across industries, enterprises are now shifting to an AI-Native approach. In 2025, key parts of the enterprise are moving beyond experimentation to complete restructuring. Departments, workflows, decision-making, and strategic planning are being reshaped around AI-driven automation and analysis for productivity. Key areas include:

  1. Software Development and Engineering: AI-powered coding assistants accelerate development, improve software quality, and streamline DevOps with automated testing and CI/CD processes. 
  2. Marketing: AI-driven platforms analyze consumer behavior, enabling hyper-personalized campaigns and optimized ad spend. 
  3. Customer Support & Experience: AI chatbots can handle customer service at scale, reducing dependence on humans.
  4. Fraud & Risk Management: AI enhances for fraud detection and risk modeling, quickly identifying anomalies and mitigating financial risks.
  5. Supply Chain and Logistics: AI predictive analytics optimize inventory while automating procurement and delivery. 
  6. HR and Talent Management: AI streamlines recruitment, identifies top talent faster, and enhances workforce management.

The goal is clear: faster decision-making, increased efficiency, and minimized human error while maximizing value. 

Cybersecurity Must Adapt…or Get Boiled Alive

Currently, cybersecurity teams focus on addressing the risks of AI adoption rather than embedding AI into their own cyber operations. This misalignment threatens their role as enterprises adopt AI-Native models at an accelerated pace. Without becoming AI-Native, the water will get too hot too fast. Cyber teams are falling behind as AI-Native organizations accelerate.  

Why Cybersecurity Must Go AI-Native Now

Cybersecurity must go beyond AI-enhanced tools. Here are the top 5 reasons why the cyber teams need to go AI-Native:

  1. AI-Driven Threats Require AI-Driven Defense

Cybercriminals leapt into the AI boom to create highly sophisticated attacks, from deepfake-powered facial recognition bypasses to large-scale social engineering attacks at scale and autonomous malware evading detection. To counter these threats, organizations need an AI-Native defense that adapts, responds, and mitigates attacks in real time..

  • Maintain Control of the Defense Lifecycle 

An AI-Native approach automates the entire defense lifecycle, including defense delivery, compliance, threat identification, and incident response, as well as guiding end users through resolving an attack. Gone are the days when the cyber function and the security operation center (SOC) could rely on AI for threat detection, but still depend on manual processes to resolve threats. With AI-Native cybersecurity, teams can control automatically every aspect of defense, eliminating delays caused by dependencies on multiple departments and manual actions. 

  • Improve Decision-Making & Incident Response

Security leaders rely on multiple data sources, logs, and reports. AI-driven analytics provide deep insights and early warnings on emerging threats, along with benchmark comparisons and dynamic risk analysis. An AI-Native approach accelerates decision-making in incident response, automating defenses in real time before escalation.

  • Eliminate Dependence on Other Departments

Many security teams are constrained by IT, engineering, and operations for critical tasks like threat modeling, infrastructure changes, and security tool integrations. With AI-Native defense, the cyber function can automate defense delivery independently of external teams. Now security teams can automate defense enforcement, reducing delays while accelerating security measures. 

  • Guarantee Business Protection and Revenue Security

As AI drives efficiency across enterprise functions, cybersecurity teams must keep up with rapid innovation. New applications, capabilities, revenue sources, threats, and vulnerabilities are evolving faster than ever. AI-Native security delivers continuous fraud prevention, automated security updates, and preemptive threat mitigation. With AI-Native, cyber and fraud defenses can be deployed instantly and ensure continuous defense.

Cyber’s Top Priority for 2025: Become AI Native.  

Looking forward, CISOs and cybersecurity teams can no longer afford to see AI merely as a tool but must embrace AI as their foundation. Just as other enterprise functions use AI for speed, efficiency, and agility, cybersecurity must do the same – eliminating manual tasks, handoffs and learning curves.

With AI-Native, cyber teams use technology platforms to automate the entire defense lifecycle, ensuring readiness, reducing bottlenecks, and ensuring that security, ant-fraud and bot defense are delivered continuously. The future of cybersecurity isn’t just AI-aided — it’s AI-Native. Don’t be the cyber frog in the pot. The time to act is now.

Leave a comment »

Microsoft 365 Targeted by Massive Botnet in Password Spraying Attacks

Posted in Commentary with tags on February 26, 2025 by itnerd

Researchers have discovered botnet of over 130,000 compromised devices that is launching password spraying attacks against Microsoft 365 accounts. Most if not all of which are service accounts. Details can be found here:

https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/

Darren James, Senior Product Manager at Specops Software, commented:

“This is certainly an interesting and often overlooked attack vector, password spraying of service accounts rather than users.

Service Accounts are regularly used to run business critical systems, their passwords are rarely changed, don’t have any type of 2FA applied and they usually have some elevated privilege depending on their function. Meaning they are a good target for attack.

We often see service accounts on our breached password and duplicate password reports when customers run our free tool Specops Password Auditor. These passwords are usually set by the IT admin who is installing the service and then never changed again, and it’s fairly common that the passwords set on these accounts aren’t strong or may have been used on other accounts in the past.

When we are discussing the results of the report, admins are always worried about making changes to service accounts as that might cause disruption to a business critical solution, but as this latest attack highlights, that approach does leave companies at risk.

Businesses should look to enforce very strong and long passwords on service accounts wherever possible, scan these accounts continuously for breached passwords, enforce the use of password vaults and randomly generated passwords for these types of accounts, or if possible, move to using a managed service account that allows the system to set, and regularly change, the passwords of service accounts without human intervention.”

Now would be a good time to change any Microsoft 365 service accounts passwords. Because the only reason why this attack is out there, is because it is likely meeting with some amount of success.

Leave a comment »

CHIPS Act At Risk Because Of DOGE

Posted in Commentary with tags , on February 26, 2025 by itnerd

The CHIPS Act (Creating Helpful Incentives to Produce Semiconductors Act) is likely to be severely impacted by DOGE, notes the author of this post CHIPS Act dies because employees are fired – NIST CHIPS people are probationary on SemiWiki, an open forum for semiconductor professionals.

The CHIPS Act was passed to advance US silicon supply chain security, R&D and stability. The post cites informed sources as reporting that the National Institute of Standards and Technology (NIST) is preparing to cut 497 people, including 74 postdocs, 57% of CHIPS staff focused on incentives, and 67% of CHIPS staff focused on R&D. The post also notes that President Trump has also not yet announced a nominee to head up NIST.

Willy Leichter, CMO, AppSOC, offers perspective:

  “As the Trump administration continues to indiscriminately hack its way through federal agencies, the latest victim appears to be NIST, reportedly losing at least 500 staff. Using the logic of “last in, first out,” DOGE is ignoring the merits of employee roles or projects, and simply terminating anyone they can easily dump. The other mandate seems to be to kill any initiative of the Biden administration, regardless the context or value. On the chopping block are the new AI Safety Institute, tasked with ensuring safety of AI models and systems, and the Chips for America program intended to protect sensitive chips technology from foreign (largely Chinese) theft. This comes on top of dismantling public/provide collaboration with the Cyber Safety Review Boards.

  “NIST provides a critical backbone for all cybersecurity with essential resources such as the National Vulnerability Database. The agency is small by federal standards with only 3,400 employees. Cutting 500 jobs is about 15% of the total workforce – an enormous cut, at a time when cyber risks are accelerating and direct attacks on U.S. critical infrastructure and government systems have never been higher. AI is also a massive security wild card, and destroying important government safety checks could be devastating. The net effect will be to demoralize a critical and highly respected agency, embolden our adversaries to ratchet up their attacks, and put all of us at a direct financial and security risk.”

This is another short sighted and frankly stupid move by Trump and Elon Musk that will only result in the USA being hurt in the process. You have to wonder when these two will figure that out. I’m guessing that they will only when it’s way too late.

Leave a comment »

DISA Global Solutions Gets Pwned…. 3+ Million Affected

Posted in Commentary with tags on February 26, 2025 by itnerd

DISA Global Solutions, a provider of workplace compliance management and employee screening solutions, reported that it suffered a data breach that affects more than 3.3 million people. They have posted a data breach notification here as well.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt had this comment:

“Two dimensions of this cyber incident are notable. The first is that SSNs were exfiltrated for individuals and these are easily monetized by threat actors. Storing SSNs for any purpose should require a higher level of security and using SSN to identify digital consumers is an obsolete data management practice. 

“The second dimension is the root cause of the breach is not provided so it is not clear what steps DISA took to reduce the probability of this happening again. Cyber incidents occur in all enterprises so missing an opportunity to make adjustments to controls and processes based on the learnings applied from previous breaches is an indication of cyber resilience and a positive indicator. In this case, there is no indication of cyber resilience.” 

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, adds this:

“This incident not only highlights the sophistication of cyber adversaries but also exposes the vulnerabilities in the cyber defenses of an establishment that prides itself on efficiency and compliance. It’s a sector that is inherently trusted with some of the most private aspects of individuals’ lives, from social security numbers to medical history. The fact that DISA, with its expansive list of high-profile clients including a significant portion of the Fortune 500 companies, fell victim to such an exploit illustrates a concerning underestimation of the capabilities of modern cyber threats.”

“Moreover, the delay in detecting and reporting the breach raises pressing questions about the ongoing monitoring and incident response strategies employed by DISA. Regulatory implications aside, the slow acknowledgment and mitigation could erode the very trust DISA seeks to build with its partners and the individuals it screens.”

“Providing identity theft protection services post-breach, while necessary, is merely a reactive measure. It is imperative for organizations, especially those like DISA that handle vast amounts of personal data, to adopt a more proactive stance on cybersecurity. This includes continuous monitoring, employing advanced threat detection technologies, and fostering a culture of security awareness throughout the organisation.”

“As the investigation unfolds, it will be crucial for DISA and its stakeholders to thoroughly understand how the attackers circumvented their defences and to implement robust measures to prevent future incidents.”

The hacks and leaking of personal information never seem to be ending. You have to wonder when companies will learn that they need to invest the time, effort and money to not be one of my stories about a company getting pwned.

Leave a comment »

Clicks brings its award-winning iPhone keyboard case to Google, Motorola and Samsung smartphones

Posted in Commentary with tags on February 26, 2025 by itnerd

Clicks Technology today announced the first three Clicks Keyboards for Android smartphones. Building on the popularity of Clicks for iPhone introduced last year, Clicks extends a premium typing experience, more screen real estate and keyboard shortcuts to owners of Google Pixel, Motorola Razr and Samsung Galaxy smartphones. Available for pre-order today, Clicks for Android smartphones will start shipping beginning in April.

Clicks supercharges the Samsung Galaxy with a premium typing experience engineered for speed and accuracy. Maximize every bit of the S25’s 6.2” display by moving the virtual keyboard off screen. Put Samsung AI at your fingertips with keyboard shortcuts. Compatible with Samsung Galaxy S25. Available in two colors: Pinot (red) and Onyx (black).

Expanding the audience for Clicks

With over 100,000 keyboards sold in more than 100 countries, Clicks is changing the way people use their smartphones.

Adding a Clicks Keyboard to a Pixel, Razr or Galaxy smartphone combines the benefits of buttons with the power of Android in a seamless experience.

  • Premium Typing Experience. Type with speed and confidence with ergonomically designed keys that provide satisfying tactile feedback.
  • 50% More Screen. By moving the keyboard off the display Clicks frees up screen space for apps and content.
  • Keyboard Shortcuts. Launch your favourite apps and navigate Android.
  • Gemini Key. Launch AI features at the push of a button.
  • Keyboard Backlight. Backlit keys make typing in low light a breeze.
  • Clicks App. Customize and personalize your typing experience.
  • Charge Your Phone as Normal. Clicks connects through USB-C so there’s no battery to charge or bluetooth connection to pair.
  • Easy on and off. Add a compact, lightweight keyboard when needed, or leave it on all the time.
  • Protection & personality. Clicks protects your phone and grabs attention wherever you go.

Launch Pricing and Availability

  • Google Pixel 9 and Pixel 9 Pro: Pre-orders begin February 25 at an introductory price of USD $99, available until March 21. After this date, the price increases to USD $139. Orders will begin shipping at the end of April.
  • Motorola Razr+ and Razr (2024): Reservations open February 25 for USD $49 to secure a special launch price of USD $99 until March 21. After March 21, pre-orders remain available for USD $49, but the final price increases to USD $139. Shipping starts in late May.
  • Samsung Galaxy S25: Reservations open starting February 25 for USD $49 to lock in a limited-time USD $99 launch price until March 21. After this period, pre-orders remain open for USD $49, with the final price increasing to USD $139. Shipping begins in June.

Order Clicks for Android exclusively at Clicks.tech

Leave a comment »

New KnowBe4 Report Reveals the Hidden Power of Information Sharing in Shaping an Organization’s Security Culture

Posted in Commentary with tags on February 26, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced the release of research report “Cybersecurity Information Sharing as an Element of Sustainable Security Culture”, authored by Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4, and Dr. William Seymour, Lecturer in Cybersecurity at King’s College London. The report examines how people consume and share cybersecurity information, revealing the role that workplace training plays in fostering information sharing among colleagues.

Many employees already engage with cyber-related information in their personal lives, and when they proactively share it, it reflects a mature security mindset. A well-established security culture encourages good habits, mutual support, and a clear awareness of risks. By examining how cybersecurity news spreads, organizations can gain valuable insights to strengthen defenses and minimize human risk.

The report found that, on average, 57% of people surveyed received cybersecurity-related training, with 73% in the UK, 60% in the U.S., 55% in Germany and only 38% in France. Workplace training influenced information sharing, as 24% of those trained went on to share insights with colleagues and were more likely to remember phishing-related content.

Other key findings: 

  • 95% of people have read or watched cybersecurity content at least once. 
  • 77% have had cybersecurity information shared with them and 25% have actively shared cybersecurity information with others. 
  • 22% of employees find cybersecurity information from websites and 21% find it from employers. 
  • Generally, employers were an important source of cybersecurity information across all age groups, whereas social media was an important channel for the 18-29 year age group. 

Ultimately, ‘the more you care, the more you (want to) share’. When employees are properly engaged with cyber risks, the more likely they are to openly communicate with others about this topic and create a stronger security culture in the workplace. Understanding how employees consume and share cybersecurity news is essential for building a stronger security culture.

The full report, “Cybersecurity Information Sharing as an Element of Sustainable Security Culture”, is available to download here.

Leave a comment »

« Older Entries
Newer Entries »