New KnowBe4 Report Reveals the Hidden Power of Information Sharing in Shaping an Organization’s Security Culture

Posted in Commentary with tags on February 26, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced the release of research report “Cybersecurity Information Sharing as an Element of Sustainable Security Culture”, authored by Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4, and Dr. William Seymour, Lecturer in Cybersecurity at King’s College London. The report examines how people consume and share cybersecurity information, revealing the role that workplace training plays in fostering information sharing among colleagues.

Many employees already engage with cyber-related information in their personal lives, and when they proactively share it, it reflects a mature security mindset. A well-established security culture encourages good habits, mutual support, and a clear awareness of risks. By examining how cybersecurity news spreads, organizations can gain valuable insights to strengthen defenses and minimize human risk.

The report found that, on average, 57% of people surveyed received cybersecurity-related training, with 73% in the UK, 60% in the U.S., 55% in Germany and only 38% in France. Workplace training influenced information sharing, as 24% of those trained went on to share insights with colleagues and were more likely to remember phishing-related content.

Other key findings: 

  • 95% of people have read or watched cybersecurity content at least once. 
  • 77% have had cybersecurity information shared with them and 25% have actively shared cybersecurity information with others. 
  • 22% of employees find cybersecurity information from websites and 21% find it from employers. 
  • Generally, employers were an important source of cybersecurity information across all age groups, whereas social media was an important channel for the 18-29 year age group. 

Ultimately, ‘the more you care, the more you (want to) share’. When employees are properly engaged with cyber risks, the more likely they are to openly communicate with others about this topic and create a stronger security culture in the workplace. Understanding how employees consume and share cybersecurity news is essential for building a stronger security culture.

The full report, “Cybersecurity Information Sharing as an Element of Sustainable Security Culture”, is available to download here.

Leave a comment »

Appdome Preempts DeepSeek Attacks on Mobile Devices

Posted in Commentary with tags on February 26, 2025 by itnerd

Appdome has announced that new dynamic defense plugins are available on its AI-Native Defense platform to detect and defend against DeepSeek AI attacks on Android & iOS devices. The new plugins allow enterprises to safeguard mobile enterprise apps, harden remote access and protect mobile work from DeepSeek spyware. 

The new plugins use behavioral analytics to detect unusual file access, data extraction, user monitoring, and unusual network traffic to external AI servers performed by DeepSeek. Like all Appdome defenses, the new dynamic defense plugins targeting DeepSeek attacks are available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.

DeepSeek, a free, AI-powered chatbot mobile app, has grown in popularity quickly. It has also created a huge risk for enterprises and governments using mobile devices and apps in the workforce. For example, reports have surfaced that DeepSeek can be used as spyware to harvest and send user data to China without the user’s knowledge. Likewise, users can unknowingly or accidentally post sensitive information to DeepSeek, creating data leakage risks for corporate data and sensitive documents. 

Recognizing the severity of the threat posed by DeepSeek, some enterprises have banned the use of DeepSeek for work purposes. Likewise, several government agencies, including in the United States and South Korea have introduced legislation to ban the use of DeepSeek on mobile devices used for government purposes. However, these bans are without teeth because – without Appdome – there is no way to detect DeepSeek on a mobile device, particularly a BYOD mobile device in an enterprise setting. And there’s no way to detect if DeepSeek is being used as spyware or if users share sensitive data via DeepSeek.

Appdome’s new Detect DeepSeek Attack plugins are particularly powerful in enterprise use cases such as mobile apps for work, enterprise apps, and Bring Your Own Device (BYOD) mobile strategies. When deployed in an enterprise app, the defense will detect an active DeepSeek session on the device and offer enterprises and B2B mobile app makers multiple enforcement options to mitigate the DeepSeek risk. Appdome’s new DeepSeek detection can be deployed stand alone or in combination with other defenses to detect DeepSeek being used as spyware and when employees post content to DeepSeek.

In published cases, DeepSeek exposed users to unauthorized data collection, weak encryption practices, and potential surveillance by state-linked entities. Security analyses reveal that DeepSeek transmits user data without proper encryption, employs outdated cryptographic algorithms, and lacks robust anti-tampering protections, making it vulnerable to reverse engineering. Beyond these published risks, attackers can expedite the runtime analysis of potential victim apps by feeding DeepSeek with memory dumps, encrypted files, and server responses directly on the device. This could also enable runtime memory extraction, allowing attackers to scan active memory for cryptographic keys, authentication tokens, and decrypted session data, compromising financial transactions and authentication flows. 

Additionally, DeepSeek may facilitate dynamic code injection by identifying unprotected vectors, enabling attackers to bypass security controls like root detection and anti-debugging, manipulate app behavior, and intercept sensitive interactions without persistent malware. The creators of DeepSeek have set guardrails designed to prevent using the AI model for malicious purposes, however, during the analysis of this model multiple “jailbreaks” were found that allow circumventing security restrictions. 

Learn more about Appdome AI-Native defense for DeepSeek AI threats.

Leave a comment »

Promise Robotics expands Homebuilding Factory-a-Service with a new factory in Calgary, Alberta

Posted in Commentary with tags on February 25, 2025 by itnerd

Promise Robotics, an AI company turning off-the-shelf industrial robots into autonomous production systems for home construction, announced its plans to expand deployment of its production lines at a new 60,000-square-foot existing warehouse located in Calgary, Alberta, Canada. To begin operation in the summer of 2025, the facility will be able to produce up to 1,000,000 square feet of housing annually. The expansion represents the latest advancements in automation and robotics in the homebuilding industry, harnessing Promise Robotics’ AI brain and robotic tooling to address housing shortages in Canada and the United States. 

Promise Robotics is transforming how homes are built in a traditional industry that hasn’t seen disruptive innovation for decades and is experiencing a massive lag in productivity at a time when we need to produce more homes to meet the demand. Built by builders for builders, the company is enabling the homebuilding industry with its “Homebuilding Factory-as-a-Service (FaaS)” platform to boost production capacity and deliver homes faster with significantly fewer resources.  

The new state-of-the-art robotic system in Calgary builds on the success of Promise Robotics’ Factory-as-a-Service facility in Edmonton and is creating more opportunities for the industry to build homes faster and more efficiently. Through automation and robotics, home builders can integrate fragmented processes and transform their blueprints into production-ready designs with AI-powered robots that produce homes from single-family to multi-story apartments. Along with making the process more efficient, homes are built locally – using local materials, localized supply chains, and local labour- to ensure communities are supported at the point of construction, including the added benefit of solving for the skilled labour shortages across North America.  

Promise Robotics’ production systems can be rapidly deployed at an existing warehouse or temporary structure offsite or onsite to provide builders with a one-stop production solution from blueprint to assembly. On top of rapid deployment, Promise Robotics’ proprietary solution can be easily redeployed to support rapid home production and fluctuating demand, maximizing housing supply across developing communities no matter the type of build. Promise Robotics manages the entire automation lifecycle within factories as a service, freeing customers to focus on homebuilding and growing the business — something that hasn’t been available before. With this announcement comes Promise Robotics’ continued investment in Alberta.

Promise Robotics’ production systems can be rapidly deployed at an existing warehouse or temporary structure offsite or onsite to provide builders with a one-stop production solution from blueprint to assembly. On top of rapid deployment, Promise Robotics’ proprietary solution can be easily redeployed to support rapid home production and fluctuating demand, maximizing housing supply across developing communities no matter the type of build. Promise Robotics manages the entire automation lifecycle within their factories as a service, freeing customers to focus on homebuilding and growing the business — something that hasn’t been available before. 

Through robotics and automation, Promise Robotics gives Canada’s homebuilding industry the opportunity to be leaders in addressing the global housing shortage, while unlocking new opportunities for job creation and upskilling a new generation of talent. The new Calgary facility will officially start production in Summer 2025.  

Leave a comment »

OVHcloud unveils Fast Forward AI Accelerator Finalists and new AMD led workshops

Posted in Commentary with tags on February 25, 2025 by itnerd

 OVHcloud today announces the finalists of its Fast Forward AI Accelerator. To further support its ecosystem, OVHcloud recently launched its first accelerator program solely dedicated to AI startups. With the new Fast Forward AI Accelerator, OVHcloud is offering AI Startups the resources they need to accelerate their growth and increase their value, leveraging new AMD led workshops providing participating startups unique value.

OVHcloud is offering select AI startups throughout the world a 3-month program comprised of free cloud credits that complement the regular Startup Program Cloud credits, AI technology deep-dives, various workshops including AMD led workshops, as well as mentoring and engagements with VCs and corporates from OVHcloud’s unique data sovereign ecosystem.

Over a dozen finalists based in Europe, Canada and India are already benefiting from OVHcloud’s unique differentiators through a trusted cloud that is sustainable by design with the best performance/price ratio. OVHcloud is pleased to unveil the focus areas and names of the selected finalists for this first AI Accelerator cohort:

  • AI research and associated tools are represented by Applied Brain Research Inc. that delivers state-of-the-art AI chip solutions, Hopsworks AB who develops an AI lakehouse platform designed for data and AI and Multiverse Computing that compresses LLMs such as Llama2 through its CompactifAI tool,
  • In the burgeoning field of GenAI, Hello Ebbot AB provides a GenAI automation platform for customer service while Jumbo Mana creates conversational avatars for reliable and engaging services,
  • In healthcare, myUpchar provides access to a host of medical information through its platform while PraxySante’s AI suite helps to free up time and improve patient monitoring,
  • SaaS providers are well represented with Beink Dream that offers a visual collaboration SaaS platform, Catch GmbH that streamlines hiring and automates some tasks though AI,Lector.ai GmbH is an intelligent document processing platform, Uncia is a platform that aids IT departments create, organize and maintain documentation and YouScan provides a social media listening and analytics platform. Lastly, Webcapsule offers a platform that simplifies infrastructure management, secure deployments and accelerates cloud transitions,

The selected finalists will benefit from the opportunity to accelerate their use of OVHcloud’s GPUs and complete set of AI Solutions that include the ability to prepare data, train and deploy AI models. The startups’ go-to-market will also benefit from OVHcloud’s ecosystem thanks to business access and funding opportunities.

AMD workshops

Amongst the many benefits, startup participants of this first cohort will take advantage of workshops hosted by AMD. Through these AMD delivered sessions, participants will noticeably get up to speed on how MLOps streamlines AI workflows, ensuring scalable and efficient deployments. Focusing on best practices, the workshop will help in managing machine learning pipelines and showcasing how AMD’s hardware and software, including advanced Instinct™ GPUs and ROCm open software, can optimize AI solutions

In a second workshop, AI strategies & Best Practices for Startups, AMD will help startups define AI strategies, implement best practices and leverage AI for growth and competitive advantage.

AI Action Summit 2025

OVHcloud participated in the Artificial Intelligence Action Summit in Paris, France, on February 10-11th, 2025. During this event, the Group hosted various live AI and Data talks, focusing on AI solutions, accelerators, and the startup ecosystem to discuss the future of AI. Ten AI startups presented their groundbreaking solutions at Station F, including Jumbo Mana’s demo of its Agentic AI for passenger flow management.

Leave a comment »

Foxit Supercharges AI Assistant with Multi-Document Analysis on iOS & Android

Posted in Commentary with tags on February 25, 2025 by itnerd

Foxit today announced the addition of multi-document analysis to its AI Assistant feature within its mobile apps for iOS and Android. This new and unique capability enhances the AI Assistant’s functionality, enabling users to analyze multiple documents simultaneously directly from their mobile devices.

The introduction of multi-document analysis caters to the evolving needs of professionals who require efficient tools to manage and process large volumes of information. The new feature is designed to simplify workflows by allowing users to:

  • Summarize Multiple Documents at Once: Create concise summaries for all uploaded documents, saving time by avoiding the need to review each individually.
  • Ask Questions Across Files: Get answers that draw insights from multiple documents simultaneously, ideal for comparing contracts, reports, or research materials.
  • Extract Key Information: Pinpoint critical data, such as deadlines or figures, or find patterns and trends from across multiple files in seconds.

Whether you’re a legal professional reviewing case files, a researcher analyzing studies, or a business leader comparing proposals, the AI Assistant’s Multi-Document Analysis feature ensures greater productivity and smarter decision-making anytime and anywhere.

The multi-document analysis feature is now available in the latest update to Foxit’s PDF Reader and PDF Editor mobile apps for iOS and Android.

For more information about Foxit’s AI solutions, please visit https://www.foxit.com/ai-pdf/.

Leave a comment »

Legit Security Brings Business Context to AppSec Issues Prioritization and Remediation 

Posted in Commentary with tags on February 25, 2025 by itnerd

Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today announced the launch of Legit context. By providing full context around both the application and the development environment, Legit’s ASPM platform empowers CISOs and their team to find, fix, and prevent the application vulnerabilities driving the greatest business risk.

The release of Legit context follows on the January 2025 release of root cause remediation, which enables customers to take one practical remediation step to address multiple AppSec issues.

Connecting the Dots to Drive Prioritization Based on True Business Impact

Developers and security teams spend significant time attempting to triage and fix vulnerabilities, but often lack insights into their business impact and exploitability. For instance, is a vulnerability a major problem simply because it has a high CVSS score, or are there additional factors, such as Internet exposure, presence of sensitive data, GenAI use, or external services, impacting risk? In other cases, issues can breach compliance or be part of mission-critical APIs. Organizations often miss true business-critical risk, and spend time escalating the wrong risk, which increases the strain on development teams, is costly, and slows down innovation.

Legit context provides organizations with the full picture by building an application catalog with context, such as use of sensitive data (e.g., PII, PHI), APIs, Internet exposure, GenAI use, compliance implications, and the overall role of the application for the business. As a result, security and development teams gain the insights they need to confidently prioritize – and deprioritize – remediation efforts. And all insights are delivered automatically by our AI-native, deep code-to-cloud analysis.

Key features and benefits include:

  • Auto context detection: Analyze the context of an application to determine the overall business impact 
  • Deep code-to-cloud scanning: Understand the full picture by bringing together hard-to-connect data points, such as Internet exposure, API exposure, cloud deployment, handling of sensitive data, use of AI/LLMs, and revenue and business impact of the application
  • Application bill-of-materials: Generate a complete and continuously updating inventory of APIs, data stores, external services, AI models, services, and more application components that drive security impact. Export and manage them in a centralized tool and enrich existing CMDBs and application catalogs 
  • Vulnerability risk scoring and prioritization: Focus on vulnerabilities with the greatest business impact, and access all data to customize workflows and prioritization decisions 

In addition to the new context capabilities, Legit also announced:

  • Application API discovery: Benefit from a central place to see and manage all APIs and identify any changes that may create application risk. Legit can identify all APIs used by an application, plus analyze security issues such as authentication and authorization, Internet exposure, and additional controls

With Legit’s new capabilities, organizations gain a complete view of application risk, the context to both prioritize and remediate, and the ability to orchestrate DevSecOps processes to prevent issues in the future. For more information, visit the Legit blog.

Leave a comment »

Tamnoon report reveals critical cloud security alerts take 128 days to resolve, highlighting remediation crisis

Posted in Commentary with tags on February 25, 2025 by itnerd

Tamnoon has released its “State of Cloud Remediation” report, analyzing over 4.76 million CNAPP alerts across major enterprises. As major breaches continue, from AT&T’s exposure of 110 million records to the massive AWS attack affecting 230 million cloud environments, the report reveals a weakness: critical cloud security alerts take an average of 128 days to resolve—87 days longer than high-severity ones—exposing organizations to extended periods of vulnerability.

While cloud adoption accelerates, security teams struggle to keep pace. Misconfigurations account for 53.53% of all security alerts, and IAM/identity issues—central to recent breaches at Snowflake customers—remain open for an average of 260 days. The report shows that high-severity alerts make up one-third (33.7%) of all findings asCNAPPs intentionally push many borderline-critical issues into the high-severity queue, creating an unsustainable backlog.

You can read the report here.

Leave a comment »

Flashpoint Offers OSINT Strategies for Executive Security

Posted in Commentary with tags on February 25, 2025 by itnerd

Protecting today’s corporate executive has become more complex and unpredictable than ever.  In today’s evolving security landscape, executives are facing an unprecedented convergence of digital and physical threats. Doxxing, swatting, misinformation, and geopolitical targeting are no longer isolated risks.

To help security teams stay ahead, Flashpoint just released The Complete Guide to OSINT for Executive Protection—a 20-page comprehensive resource for security professionals, executive protection teams, and corporate risk leaders. This guide was purpose-built to help these teams and leaders harness OSINT to strengthen protection strategies. It offers practical strategies and real-world insights on leveraging Open-Source Intelligence (OSINT) to:

  • Identify and assess the full range of modern executive threats
  • Implement proactive security measures based on best practices and real world examples to mitigate risks
  • Leverage AI-driven OSINT tools for real-time threat analysis

A blog post on this is here.

Leave a comment »

AppSOC Recognized as a Representative Vendor in the 2025 Gartner Market Guide for AI Trust, Risk and Security Management

Posted in Commentary with tags on February 25, 2025 by itnerd

AppSOC has announced its inclusion as a Representative Vendor in the Gartner Market Guide for AI TRiSM (Trust, Risk, and Security Management).* In our view, AppSOC was recognized for including operational governance and runtime controls using tools such as posture management, AI discovery, Red Teaming, model testing, and AI supply chain security. We believe this recognition underscores AppSOC’s commitment to providing comprehensive solutions for managing AI’s complex risks and operational integrity.

AppSOC’s AI security capabilities include:

  • AI Discovery: identifying AI projects, models, and risks,
  • AI Model Testing: automating Red Teaming to pinpoint weaknesses,
  • AI Security Posture Management: hardening AI platforms against misconfigurations, malware, and access risks,
  • AI Runtime Enforcement: preventing AI tools from leaking sensitive data through attacks or misuse.

* Gartner, Market Guide for AI Trust, Risk and Security Management, Avivah LitanMax Goss, 18 February 2025

AppSOC is an innovative Silicon Valley security provider, leading the way in AI governance and application security. AppSOC enables AI initiatives with enhanced visibility, robust guardrails and runtime defense, while protecting the entire AI stack from code to cloud to data. Founded by industry veterans, AppSOC brings unparalleled expertise in AI, cloud application security, data protection, and risk management. For more information, please visit www.appsoc.com.

Leave a comment »

Sonos Offers 25% Discounts For Existing Owners…. Is This Desperation?

Posted in Commentary with tags on February 24, 2025 by itnerd

The last year or so has been challenging for premium audio gear Sonos. And that’s putting it lightly. You can read my write up about their issues from last year to get a sense of how bad things are. Or you can read this write up from The Verge to get an additional persecutive. Despite their troubles, news has come out via email and their very troubled app that existing owners can get up to 25% discounts on new Sonos gear from February 23 to March 2. You do have to get it via the app or at their website. I should also note that it seems to exclude certain products such as the Arc, Arc Ultra, and select speaker sets.

Now why would Sonos do this? My guess is that their issues have caused not only new sales to fall, but I have read in places like Reddit for example that owners of their gear are abandoning Sonos for the completion. Bluesound and Audio Pro for example. Thus this might be an attempt by Sonos to stop the bleeding. I’ll be watching this with interest to see how it is received by owners of Sonos gear, and if they take advantage of of this.

Leave a comment »

« Older Entries
Newer Entries »